Site-to-site VPN and L2TP VPN access
Hello,
We actually have a site-to-site VPN between us and a customer site.
This customer would like to access the datas (on our infrastructure) and on the printer (on the customer site).
Then, we actually have a site-to-site VPN between us (ZyWall310) and the customer site (USG20).
We created a l2tp vpn that goes directly to the customer site. But, can i give access to datas through the l2tp connexion and ghrough the site-to-site vpn ? You can have a graphical explanation in attachement.
Thanks a lot for your help.
Best regards
0
Accepted Solution
-
Hi @virtuOs,
Can you allow 192.168.10.0/24 subnet to be pinged from 192.168.149.0/24 subnet by creating the rule on USG310?
(Configuration > Security Policy > Policy Control > Add )
If that doesn't solve your issue, can you provide me temporary admin account both for USG20 and USG310 by private message for this case?1
All Replies
-
Laptop should now where DATAS is and how to reach it (route).
Then there should be firewall rules from USG20 for allowing traffic.
FInally Zywall 310 should know that L2TP exists and how to reach it (route) also with rules for allowing only traffic you need.
Otherwise, DATAS should know how to reach printer on USG20 site and L2TP should be realized between Zywall and Laptop.0 -
Hi,
Ok. Then i just need to create a route that redirect the traffic from customer site to the site-to-site ?
How can i do that ?
Thank in advance for your help0 -
Can you try with the laptop no connected to the VPN USG20?
Likely just some routeing rules and firewall rules thats needed check your logs.
0 -
The laptop need to be connected... Otherwise, it can't working.... Sorry, i think i didn't understand....0
-
Hi @virtuOS,
If you set up your IPSec and L2TP VPNs already, you will just need Policy routes as following;
1- For Customer Site;
Suppose that DATA Server is under 192.168.30.0/24 subnet.
We create a Policy Route For L2TP VPN.
2- On your site;
When L2TP tunnel users initiate a session, it needs to respond with following Policy route;
Best regards.0 -
Hi @Zyxel_Can,
Thanks a lot for your help.
I try what you said but i receive an errorerrorIPSecSPI: 0x0 (0) SEQ: 0x0 (0) No rule found, Dropping ICMP(8:0) packet [count=2]
I searched on the forum and i found that : Usg 50 3.30(BDS.9) cannot connect using VPN L2TP IPSEC — Zyxel Community
This operation is perhaps not allowed on the ZywallUSG20 ? What do you think ?
Thank a lot for your help0 -
Hi @virtuOS,
In USG20 I created following policy:
In Server’s gateway I created the following Policy Rule:
If you created VPNs(L2TP and IPSec VPN Site to Site) already all you need is to apply these two policy rule.Can you also try to upgrade ZyWALL USG20’s firmware to latest version ?
0 -
Hi @Zyxel_Can,
Thanks a lot for your help. I configured all like you say but it don't work.
I receive the same log : SPI: 0x0 (0) SEQ: 0x0 (0) No rule found, Dropping ICMP(8:0) packet [count=2]
Here my config :
On the USG20 :FELIX_SUBNET : Lan of the Zywall310
The firmware :
On the 310 :
P2_LAN_FBSA = Lan 1 on the Zywall310
FLV_L2TP_SUBNET = 192.168.149.0/24 (L2TP subnet of the USG20)
Do you think i do something wrong ?
Thank in advance for your help
0 -
Hi @Zyxel_Can,
Thanks a lot for your help.
I tried changing the Next-Hop vpn Tunnel but i receive the same error :
I don't understand why... Did you have an idea ?
Best regards0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.5K Security
- 216 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 243 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight