USG1100, don't work Connectivity check on VTI
Options
Master Member
We have VTI between USG1100 & USG20W-VPN.
Net 172.24.0.0/30.
172.24.0.1 - USG1100 (v4.62)
172.24.0.2 - USG20W-VPN (v.4.63)
I configurated Connectivity check on both side, with ping other device.
Than VPN is don't connect, USG20W-VPN show that VTI & IpsecVPN is disconnected.
On USG1100 VTI & IpsecVPN in connected state, but in trunk VTI in dead state.
Why does USG1100 don't disconnect connection?
Net 172.24.0.0/30.
172.24.0.1 - USG1100 (v4.62)
172.24.0.2 - USG20W-VPN (v.4.63)
I configurated Connectivity check on both side, with ping other device.
Than VPN is don't connect, USG20W-VPN show that VTI & IpsecVPN is disconnected.
On USG1100 VTI & IpsecVPN in connected state, but in trunk VTI in dead state.
Why does USG1100 don't disconnect connection?
0
All Replies
-
Hi@alexey,By default, ESP is allowed in the security policy rule "From WAN to ZyWALL".You can check if ESP is dropped by any manually added/edited security policy rule.Go to CONFIGURATION > Security Policy > Policy Control and filter rules by:From: anyTo: ZyWALLCheck if the service ESP is allowed in the rule "From WAN To ZyWALL, source: the wan IP of the remote site".For example, on USG1100, check if ESP is allowed in the rule "From WAN To ZyWALL, source: the wan IP of USG20W-VPN".
0
Guru Member
Categories
- All Categories
- 439 Beta Program
- 2.7K Nebula
- 191 Nebula Ideas
- 121 Nebula Status and Incidents
- 6.2K Security
- 468 USG FLEX H Series
- 308 Security Ideas
- 1.6K Switch
- 82 Switch Ideas
- 1.3K Wireless
- 44 Wireless Ideas
- 6.8K Consumer Product
- 281 Service & License
- 440 News and Release
- 88 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 93 Security Highlight
