USG1100, don't work Connectivity check on VTI
Options
Master Member
We have VTI between USG1100 & USG20W-VPN.
Net 172.24.0.0/30.
172.24.0.1 - USG1100 (v4.62)
172.24.0.2 - USG20W-VPN (v.4.63)
I configurated Connectivity check on both side, with ping other device.
Than VPN is don't connect, USG20W-VPN show that VTI & IpsecVPN is disconnected.
On USG1100 VTI & IpsecVPN in connected state, but in trunk VTI in dead state.
Why does USG1100 don't disconnect connection?
Net 172.24.0.0/30.
172.24.0.1 - USG1100 (v4.62)
172.24.0.2 - USG20W-VPN (v.4.63)
I configurated Connectivity check on both side, with ping other device.
Than VPN is don't connect, USG20W-VPN show that VTI & IpsecVPN is disconnected.
On USG1100 VTI & IpsecVPN in connected state, but in trunk VTI in dead state.
Why does USG1100 don't disconnect connection?
0
All Replies
-
Hi@alexey,By default, ESP is allowed in the security policy rule "From WAN to ZyWALL".You can check if ESP is dropped by any manually added/edited security policy rule.Go to CONFIGURATION > Security Policy > Policy Control and filter rules by:From: anyTo: ZyWALLCheck if the service ESP is allowed in the rule "From WAN To ZyWALL, source: the wan IP of the remote site".For example, on USG1100, check if ESP is allowed in the rule "From WAN To ZyWALL, source: the wan IP of USG20W-VPN".
0
Zyxel Employee
Categories
- All Categories
- 441 Beta Program
- 2.9K Nebula
- 208 Nebula Ideas
- 127 Nebula Status and Incidents
- 6.4K Security
- 532 USG FLEX H Series
- 333 Security Ideas
- 1.7K Switch
- 84 Switch Ideas
- 1.3K Wireless
- 51 Wireless Ideas
- 6.9K Consumer Product
- 293 Service & License
- 461 News and Release
- 90 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.7K FAQ
- 34 Documents
- 86 About Community
- 99 Security Highlight
