Site to site bug or limitation

PeterUK

Zywall 110 V4.70(AAAA.0)ITS-WK46-r102519

VPN300  V5.20(ABFC.0)

So was playing around as packet loss bug is being looked into if I could route internet traffic down a site to site tunnel this is my setup with OPT on the Zywall 110 for the internet:

added some routing rules...

...and 192.168.255.50 send ping 1.1.1.1 to gateway 192.168.255.49 on VPN300 send down the tunnel to Zywall 110 out OPT reply comes back...and thats it will not NAT and send down tunnel bit disappointing if its a limitation...or is it a bug?

zyman2008

Hi @PeterUK,

From the tunnel configuration on ZyWALL 110.
Only traffic from 192.168.138.0/28 to 192.168.255.48/28 will go into the tunnel.

Do you add a return route on ZyWALL 110 for any to 192.168.255.48/28 into the tunnel ?

WJS

"Interface type" have different meanings.
Have you change the "OPT" interface type to "external"？

PeterUK

WJS said:

"Interface type" have different meanings.
Have you change the "OPT" interface type to "external"？

Yes it set to external the reply just does not NAT back down the site to site tunnel

Zyxel_Kevin

Hi @PeterUK,

Greeting Forum.

Could you kindly provide all configuraion file via Private Message (include the device "Doing NAT")?

On the other hands,For your inquiry.Route-based VPN would more flexible .Could you try route-based VPN?

Kevin

zyman2008

Hi @PeterUK,

From the tunnel configuration on ZyWALL 110.
Only traffic from 192.168.138.0/28 to 192.168.255.48/28 will go into the tunnel.

Do you add a return route on ZyWALL 110 for any to 192.168.255.48/28 into the tunnel ?

PeterUK

Thanks both this is solved thanks to zyman2008

On the Zywall 110 I changed the Local policy to a object “all” 0.0.0.0 – 255.255.255.255 this was not enough to solve so on the VPN300 I changed remote policy to “all” and it works.