VPN1000 not passing UDP packets, but will pass TCP packets on same port (Port 53)

GreasyMonkey
GreasyMonkey Posts: 3  Freshman Member
First Comment Fifth Anniversary
My VPN1000 will not pass UDP packets across the NAT, but will do so for TCP, for the same IP Addresses, using Port 53 (both Public & Private IP's are identical)

The NAT entry in question has a defined Service Group, consisting of UDP Port 53, UDP Ports 1024-65535, TCP Port 53 & TCP Ports 1024-65535.

TCP Packets pass perfectly well (seen on wireshark at the exit of the test switch [Zyxel GS1900-10HP] on the upstream side, and on the incoming interface of the VPN1000), however the UDP Ports are seen at the exit of the test switch on the upstream side, but are not seen at all on the incoming interface of the VPN1000).

This problem has been present across multiple versions of VPN1000 and GS1900-10HP software versions.

I NEED the UDP to be functioning for DNS Name-Server which is behind the VPN1000.

Please advise how to enable the passing of UDP on Ports 53, 1024-65535 for the VPN1000?



Accepted Solution

  • GreasyMonkey
    GreasyMonkey Posts: 3  Freshman Member
    First Comment Fifth Anniversary
    Answer ✓
    Have finally got it working - UDP packet length cannot be longer than 1464 (testing with IPERF2, across a mobile network), otherwise there will be fragmentation, but no indications, just nothing in Wireshark logs or other indications.

All Replies

  • GreasyMonkey
    GreasyMonkey Posts: 3  Freshman Member
    First Comment Fifth Anniversary
    Answer ✓
    Have finally got it working - UDP packet length cannot be longer than 1464 (testing with IPERF2, across a mobile network), otherwise there will be fragmentation, but no indications, just nothing in Wireshark logs or other indications.

Security Highlight