Issue with VPN Connecting to Internal Devices from WAN Failover to LAN1

2»

All Replies

  • dcgtechnologies
    dcgtechnologies Posts: 24  Freshman Member
    First Comment Friend Collector Sixth Anniversary
    edited August 2022
    PeterUK said:

    So that will be L2TP over IPSec? Can you check the setting in the made VPN for windows has “use default gateway on remote network” checked.

    Control Panel\Network and Internet\Network Connections


    I think you are misunderstanding my issue. The client connects just fine and has no issues. I am not able to access resources on the internal lan once the authentication / connection is established. The logs show connection is fine the traffic is being blocked hence what my first post stated.
  • PeterUK
    PeterUK Posts: 3,739  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    Yes client can connect fine but if the option is not checked then it will not work.

    Also check a zone is set for the VPN on zywall


  • PeterUK
    PeterUK Posts: 3,739  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    dcgtechnologies said:
    The error in logs is below:

    Match default rule, DNAT Packet, DROP [count=2] - 166.x.x.x 192.x.x.x - Access Block 

    For the above to do with a VPN problem the Source IP would have to be set for the VPN subnet normally a VPN subnet you set for the connecting client would be 192.168.x.x   
  • PeterUK
    PeterUK Posts: 3,739  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    Another thing is if you enable for routing
    "Use IPv4 Policy Route to Overwrite Direct Route"
  • dcgtechnologies
    dcgtechnologies Posts: 24  Freshman Member
    First Comment Friend Collector Sixth Anniversary
    PeterUK said:

    Yes client can connect fine but if the option is not checked then it will not work.

    Also check a zone is set for the VPN on zywall


    What are the parameters for the zone that needs to be set? Thank you.
  • dcgtechnologies
    dcgtechnologies Posts: 24  Freshman Member
    First Comment Friend Collector Sixth Anniversary
    PeterUK said:
    dcgtechnologies said:
    The error in logs is below:

    Match default rule, DNAT Packet, DROP [count=2] - 166.x.x.x 192.x.x.x - Access Block 

    For the above to do with a VPN problem the Source IP would have to be set for the VPN subnet normally a VPN subnet you set for the connecting client would be 192.168.x.x   
    Yes that is correct as I am pulling a different ip address on the 192.168.7.x as an example. Thank you.
  • dcgtechnologies
    dcgtechnologies Posts: 24  Freshman Member
    First Comment Friend Collector Sixth Anniversary
    edited August 2022 Answer ✓
    So I fixed it. It turns out under "VPN Connection". The checkbox next to "Use Policy Route to control dynamic IPSec rules" was checked. I unchecked it and everything started working as usual. That was causing all the traffic to be blocked. Thank you for help and sorry for the confusion.
  • PeterUK
    PeterUK Posts: 3,739  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    dcgtechnologies said:
    What are the parameters for the zone that needs to be set? Thank you.
    It be set in the VPN setting for Phase 2

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)