USG1100, don't work Connectivity check on VTI
Master Member
We have VTI between USG1100 & USG20W-VPN.
Net 172.24.0.0/30.
172.24.0.1 - USG1100 (v4.62)
172.24.0.2 - USG20W-VPN (v.4.63)
I configurated Connectivity check on both side, with ping other device.
Than VPN is don't connect, USG20W-VPN show that VTI & IpsecVPN is disconnected.
On USG1100 VTI & IpsecVPN in connected state, but in trunk VTI in dead state.
Why does USG1100 don't disconnect connection?
Net 172.24.0.0/30.
172.24.0.1 - USG1100 (v4.62)
172.24.0.2 - USG20W-VPN (v.4.63)
I configurated Connectivity check on both side, with ping other device.
Than VPN is don't connect, USG20W-VPN show that VTI & IpsecVPN is disconnected.
On USG1100 VTI & IpsecVPN in connected state, but in trunk VTI in dead state.
Why does USG1100 don't disconnect connection?
0
All Replies
-
Hi@alexey,By default, ESP is allowed in the security policy rule "From WAN to ZyWALL".You can check if ESP is dropped by any manually added/edited security policy rule.Go to CONFIGURATION > Security Policy > Policy Control and filter rules by:From: anyTo: ZyWALLCheck if the service ESP is allowed in the rule "From WAN To ZyWALL, source: the wan IP of the remote site".For example, on USG1100, check if ESP is allowed in the rule "From WAN To ZyWALL, source: the wan IP of USG20W-VPN".
See how you've made an impact in Zyxel Community this year!
https://bit.ly/Your2024Moments_Community0
Zyxel Employee
Categories
- All Categories
- 415 Beta Program
- 2.5K Nebula
- 152 Nebula Ideas
- 101 Nebula Status and Incidents
- 5.8K Security
- 296 USG FLEX H Series
- 281 Security Ideas
- 1.5K Switch
- 77 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.5K Consumer Product
- 254 Service & License
- 396 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 87 About Community
- 76 Security Highlight
