Improve company productivity with a Business Account.Sign Up


Configure Zyxel Firewall to get VPN working. Is it as tricky as i think ?

Posted on 2015-01-29
Medium Priority
Last Modified: 2015-05-14

we have a customer that is using a zyxel-firewall behind a small router (AVM Fritzbox). Now he wants to use vpn behind the zyxel-firewall.
The problem is, that he uses 192.168.1.x as subnet and also some remote-vpn-user uses this subnet too. So i try to explain the situation:

Remote user -> Remote Router ( -> Internet -> WAN-IP Office -> Router FRitzbox -> Zyxel -> Draytek VPN Server -> Fileserver (

This would be the wanted situation. The remoteuser wants to be able to use the shares of the Fileserver. We are not be able to change the subnet of the remote-net nor the subnet of the office.

What have i to do, to get this "construction" working ? which IP should have the draytek... I am not very familiar with the zyxel-Firewall and only a bit with static routes etc... So please, explain it for dummies :-)

We don´t want to use pptp (because of security). I would prefer ipsec.

Thanks for thinking about it !

Question by:loosain
  • 3
  • 3
LVL 102

Expert Comment

ID: 40577306
Remote user -> Remote Router ( -> Internet -> WAN-IP Office -> Router FRitzbox -> Zyxel -> Draytek VPN Server -> Fileserver (

This is not going to work. The remote user needs to change subnet ( or some such). VPN cannot resolve same subnets.

Can the office change?  It might not be that hard.

Author Comment

ID: 40583627
It is hard, because the customer have many excel-sheets combined. Some of them with unc-path, some with ip...
So this would be a problem.

But maybe it is a solution to give this server a second ip-adress. The remote-users only want to access one server. So if i give them the ip-adress 192.168.50.x, the clients could access the server over e.g.

is there any problem i don´t see at the moment ?
LVL 102

Expert Comment

ID: 40583667
If you can give the server a second IP it might work, but then you would have to route in the server.
KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.


Author Comment

ID: 40583675
What do you mean with "route in the server" ?
I could access the server by \\\share
The server should answer, shouldn´t it ?
LVL 102

Accepted Solution

John earned 2000 total points
ID: 40583701
The server will (should) answer on the new IP with no problem. If it can also talk to the .1 traffic you should be fine. Try it and see how it works.

Author Closing Comment

ID: 40778109
Maybe this will be the solution, but we are going to change the IP-net...

Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

584 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question