VPN tunnel between two USG20's with pass-through internet access for some public IP's

Hi community,

We are connecting two site, #1 (in Australia) and #2 (in Denmark) using two USG20-VPN devices, one in each end. We need to connect the two offices in a way that site #1 is integrated with site #2 and so #1 can access the internet using the public ip address of #2 in some circumstances. Also, the Australian site should NOT be visible to LAN devices on the Danish LAN, but the Danish SHOULD be visible to the Australian site. Site #1 is on a dynamic public IP. Site #2 is on fixed public IP.

Specifically, we are trying to achieve the following objectives:

All LAN ip addresses in site 2 must be visible and accessible to LAN ip addresses from site 1 (must have feature)


All LAN ip addresses in site 1 should NOT be visible or accessible to LAN ip addresses from site 2 (Would like to have feature)


All internet traffic originating from Site 1 bound for Danish public IP addresses must be routed through site 2 and get the WAN ip of site 2 (preferred feature)


All internet traffic from site 1 must get the public IP address of the site 2 WAN interface regardless of destination (secondary option if the preferred feature cannot be achieved)

Is someone able to link provide the configuration steps to achieve the above, or link to an article that describes the steps? We have not been able to find them. We have managed to establish a VPN tunnel but struggle to get any traffic bound for the internet routed through site #2 and out on the internet. Rather than explaining what we must have done wrong, i'm hopeful that someone can inform us how to do it right :)

Thanks in advance



Accepted Solution

All Replies

Sign In to comment.