vpn client and nat server

antonellobellisarioantonellobellisario Member Posts: 16
edited March 31, 2020 10:22AM in Troubleshooting
hello, i have a problem that i can't configure usg40 for smart home working.

I have a usg40 with public ip which is connected to a DNS server (2 internal network cards) wan side 192.168.250.xx, and the clients nested in lan 192.168.200.xx.
I would like to join domain with home pc then open vpn and get the same ip address released

I state that I tried to do a similar configuration with a DNS server that was not nattava and joined domain quietly.
am I wrong something on nat server ??


Best Answers

  • Zyxel_JerryZyxel_Jerry Zyxel Official Agent Posts: 275  mod
    Accepted Answer

    Hi @antonellobellisario

    Welcome to Zyxel community

    Is this your topology below?

    IPSec VPN client need to join the AD domain and get the IP address the same as subnet 192.168.200.X?


    antonellobellisario
  • Zyxel_JerryZyxel_Jerry Zyxel Official Agent Posts: 275  mod
    Accepted Answer

    Hi @antonellobellisario ,

    If in the AD server, each USER is divided into groups,

    Then on USG settings, it just need to add one ext-group users into the rule.

    For example:

    There are three Sites group: HQ,Branch1 and Branch2, these sites belongs to the "Company" group,

    There are five users under each sites (HQ-Jack,Tom; Branch1- John, Marry; Branch2- Jessica)

    In this scenario, we only have to add one ext-group user on USG, that is the group "Company"

    If there is no "Company"group, then it need to add three ext-group user in this scenario,

    it need to add HQ group, Branch1 group and Branch2 group.

    If there is no "Company" and the "Sites" group, then it need to add five ext-group user.

    To make more easy setting on USG, it need to have a nice organize user into group on AD server.

    antonellobellisario
  • Zyxel_JerryZyxel_Jerry Zyxel Official Agent Posts: 275  mod
    Accepted Answer

    Hi @antonellobellisario

    Those question/problems users shared here are valuable to us. And the experience sharing also can help other people when deploying their devices. Even sometimes you can get experienced feedback from different field experts. So we can just leave our discussions in the forum thread.

    If you have any personal information to share with us, feel free to share the information in private message directly.

    antonellobellisario
«1

All Replies

Sign In to comment.