Site to site bug or limitation

PeterUK
PeterUK Posts: 2,704  Guru Member
First Anniversary 10 Comments Friend Collector First Answer
edited February 2022 in Security


Zywall 110 V4.70(AAAA.0)ITS-WK46-r102519

VPN300  V5.20(ABFC.0)

So was playing around as packet loss bug is being looked into if I could route internet traffic down a site to site tunnel this is my setup with OPT on the Zywall 110 for the internet:

added some routing rules...


...and 192.168.255.50 send ping 1.1.1.1 to gateway 192.168.255.49 on VPN300 send down the tunnel to Zywall 110 out OPT reply comes back...and thats it will not NAT and send down tunnel bit disappointing if its a limitation...or is it a bug?

Accepted Solution

  • zyman2008
    zyman2008 Posts: 199  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited March 2022 Answer ✓
    Hi @PeterUK,

    From the tunnel configuration on ZyWALL 110.
    Only traffic from 192.168.138.0/28 to 192.168.255.48/28 will go into the tunnel.

    Do you add a return route on ZyWALL 110 for any to 192.168.255.48/28 into the tunnel ?

All Replies

  • WJS
    WJS Posts: 127  Ally Member
    First Anniversary 10 Comments Friend Collector First Answer
    "Interface type" have different meanings.
    Have you change the "OPT" interface type to "external"?

  • PeterUK
    PeterUK Posts: 2,704  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    WJS said:
    "Interface type" have different meanings.
    Have you change the "OPT" interface type to "external"?
    Yes it set to external the reply just does not NAT back down the site to site tunnel
  • Zyxel_Kevin
    Zyxel_Kevin Posts: 753  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Greeting Forum.
    Could you kindly provide all configuraion file via Private Message (include the device "Doing NAT")?
    On the other hands,For your inquiry.Route-based VPN would more flexible .Could you try route-based VPN?
    Kevin

  • zyman2008
    zyman2008 Posts: 199  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited March 2022 Answer ✓
    Hi @PeterUK,

    From the tunnel configuration on ZyWALL 110.
    Only traffic from 192.168.138.0/28 to 192.168.255.48/28 will go into the tunnel.

    Do you add a return route on ZyWALL 110 for any to 192.168.255.48/28 into the tunnel ?
  • PeterUK
    PeterUK Posts: 2,704  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer

    Thanks both this is solved thanks to zyman2008

    On the Zywall 110 I changed the Local policy to a object “all” 0.0.0.0 – 255.255.255.255 this was not enough to solve so on the VPN300 I changed remote policy to “all” and it works.


Security Highlight