Ping VPN to LAN
Good morning,
I have 2 NAS: one in the company and one in my house.
I would like to make a remote backup from the company NAS to the home NAS.
On the NAS at home, I was able to set up the VPN.
Not on the company.
That’s why I wanted to create a rule in Security Policy specifying that the NAS in the company could see and reach the NAS at home.
So, in Source I put company NAS IP address and in Destination I put home NAS VPN IP address.
But it doesn’t seem to work.
What did I do wrong?
Thanks.
So, in Source I put company NAS IP address and in Destination I put home NAS VPN IP address.
But it doesn’t seem to work.
What did I do wrong?
Thanks.
0
All Replies
-
Brand of the NAS devices?
Which technology of VPN are you using?
Am I correct assuming that you have a Zyxel Firewall into the company?0 -
.0
-
In my personal opinion, the "remote" one (the one not behind the firewall) should call the firewall, not the NAS, acting like an L2TP client.Firewall (unless instructed differently) is "eating" traffic on port 500, 1701, 4500 (if necessary) and asking to nebula "what i'm gonna do with this connection?".Then the "remote" NAS will be a part of the L2TP Address pool, and unless configured differently, a security policy should allow the access to the "local" NAS.This is only one way to approach the result you want to achieve.0
-
mMontana said:In my personal opinion, the "remote" one (the one not behind the firewall) should call the firewall, not the NAS, acting like an L2TP client.Firewall (unless instructed differently) is "eating" traffic on port 500, 1701, 4500 (if necessary) and asking to nebula "what i'm gonna do with this connection?".Then the "remote" NAS will be a part of the L2TP Address pool, and unless configured differently, a security policy should allow the access to the "local" NAS.This is only one way to approach the result you want to achieve.
How would you do it?
0 -
Hi @Pas7o
Your scenario is initialing L2TP IPSec VPN Tunnel from your company Intranet to your NAS which behind at home gateway.
So your home NAS is a L2TP VPN server.
You have to create port forwarding rule on your home gateway.
And also, go to create Security Policy rule to allow L2TP service port to your NAS IP address.
I'm not sure what's L2TP VPN port is working on your NAS. In this example, UDP 500,4500,1701 are the standard ports of L2TP over IPSec.
Note:- #1 Since L2TP server is behind NAT router, so you have to enable "NAT Traversal" function on your NAS and client.
- #2 The port forwarding rule will effect L2TP service on Nebula Gateway. If you can use the other public IP address for NAS L2TP service, then it could prevent this situation.
0 -
Zyxel_Stanley said:Hi @Pas7o
Your scenario is initialing L2TP IPSec VPN Tunnel from your company Intranet to your NAS which behind at home gateway.
So your home NAS is a L2TP VPN server.
You have to create port forwarding rule on your home gateway.
And also, go to create Security Policy rule to allow L2TP service port to your NAS IP address.
I'm not sure what's L2TP VPN port is working on your NAS. In this example, UDP 500,4500,1701 are the standard ports of L2TP over IPSec.
Note:- #1 Since L2TP server is behind NAT router, so you have to enable "NAT Traversal" function on your NAS and client.
- #2 The port forwarding rule will effect L2TP service on Nebula Gateway. If you can use the other public IP address for NAS L2TP service, then it could prevent this situation.
I thought it was easier.
Because my home NAS is under VPN.
I can't setup the VPN in my company NAS otherwise it would have been much easier.
I thought it was enough to create a rule in Security Policy, so that devices under VPN also be reached from LAN interfaces.
Because now, only devices under VPN can reach devices in LAN interfaces. I wont viceversa.
0 -
On QNAP it's impossible set "NAT Traversal". There isn't this option When I set VPN.
I can enable "NAT Traversal" only on Synology.0 -
mMontana said:Pas7o said:Ok but to do this, you have to create a rule in Security Policy.
How would you do it?
If you don't explicitly tell me what "this" means to you (which solution are you referring) I cannot think and write down an adequate (for me) security policy
I setup the VPN on my PC and I can ping devices in LAN interface 192.168.1.X
But a device in LAN interface 192.168.1.X can't ping a device under VPN
Because, for now only devices under VPN can reach devices in LAN interfaces. I wont viceversa.0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.5K Security
- 216 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 243 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight