We need to build a Site-to-Site VPN between to USGs / Zywalls, but one USG is behind a Fritzbox. The Fritzbox needs to be in routing mode, I can not change it to bridge mode.
What needs to be done to ensure VPN traffic goes to my USG?
You can try to setup the USG is an exposed host on the Fritzbox. This way the USG is not behind the NAT of the Fritzbox, but accessable straight away from the internet.
- Go to the interface of your FRITZ!Box by entering http://fritz.box/ in your webbrowser.
- Click Internet in the FRITZ!Box user interface.
- Click Permit Access in the Internet menu.
- Click on the Port Forwarding tab.
- Click New Port Forwarding.
- Select Exposed host from the drop-down list Port forwarding enabled for.
- Select the network device (e.g., a computer) that you would like to set up the exposed host for:
- If the network device's IP address is dynamically assigned by the FRITZ!Box's DHCP server, select the name of the network device from the drop-down list to computer.
- If the network device has a static IP address:
- Select Enter the IP address manually from the drop-down list to computer.
- Enter the IP address of the network device.
NOTE! Incoming connections to destination ports for which you configured separate port sharing rules in the FRITZ!Box are not forwarded to the exposed host. Instead, they are forwarded to the computer you specified in the separate port sharing rule.
- Click OK to save the settings.