0

This is concerning 3 firewalls and 2 VPN connections and routing.

Main site A has local address range 192.168.101.0/24
Remote site B has local address range 192.168.102.0/24
Remote site C has local address range 192.168.100.0/24

To be clear, site A has a VPN to site B and another VPN to site C.

A can access site B and C, no issues.
B can access site A but not C
C can access site A but not B

I can make a VPN from site B to site C but that is not what I am after.

I am located at site C and want to access the FW on site B.

All firewall are Zywall USG series. VPN is IPSec.

I know this involves routes at the very least. Any help would be very much appreciated.

Drifter104
  • 3,693
  • 2
  • 22
  • 39
Heðin A. Johansen
  • 23
  • 1
  • 4

1 Answers1

0

You can do this but it's generally easier to use a second tunnel.

In basic terms to accomplish this you need the following:

  • Route for the site B subnet on the site C firewall, same gateway address as used to reach site A.
  • Route for the site C subnet on the site B firewall, same gateway address as used to reach site A.
  • Outbound firewall rules on site B using using the VPN interface, allowing access to the site C subnet. This is only needed if restricting outbound traffic.
  • Outbound firewall rules on site C using using the VPN interface, allowing access to the site B subnet. This is only needed if restricting outbound traffic.
  • A rule on firewall A allowing access subnet B to C.
  • A rule on firewall C allowing access subnet C to B.
Tim Brigham
  • 15,465
  • 7
  • 72
  • 113