By the way… long story short.
Green network migrated from 192.168.1.0/24 to 10.99.10.0/24. Few devices to reconfigure…
- an AD server
- a firewall
- 4 clients into DHCP
- 3 MFP
- two switches and an AP
allowing me to create a Blue interface for another subnet (192.168.1.0/24 of course) used for small network of a server (who had the same ip address of the AD) and a couple of clients; thanks to VNC, i was able to allow remote connection without leaving the desk. Pretty nice. Adding some firewall rules allow printing from the Blue network to MFP on Green; another useful feature.
OpenVPN Roadwarrior went to anther TUN subnet (10.99.254.0/26) and I created user-based ACL for different network segment. All subnets and segments for IT man, whole Green for the owner, RDP for specific hosts for a couple of remote users.
Research done for this case were quite useful in another couple of cases on USG device by Zyxel.
DNAT has been applied to L2TP connection, allow any device (which is always outside green interface) from 192.168.1.0/24 to connect to any device 192.168.1.0 mapped on 192.168.9.0/24.