VPN1000 not passing UDP packets, but will pass TCP packets on same port (Port 53)
GreasyMonkey
Posts: 3 Freshman Member
in Security
My VPN1000 will not pass UDP packets across the NAT, but will do so for TCP, for the same IP Addresses, using Port 53 (both Public & Private IP's are identical)
The NAT entry in question has a defined Service Group, consisting of UDP Port 53, UDP Ports 1024-65535, TCP Port 53 & TCP Ports 1024-65535.
TCP Packets pass perfectly well (seen on wireshark at the exit of the test switch [Zyxel GS1900-10HP] on the upstream side, and on the incoming interface of the VPN1000), however the UDP Ports are seen at the exit of the test switch on the upstream side, but are not seen at all on the incoming interface of the VPN1000).
This problem has been present across multiple versions of VPN1000 and GS1900-10HP software versions.
I NEED the UDP to be functioning for DNS Name-Server which is behind the VPN1000.
Please advise how to enable the passing of UDP on Ports 53, 1024-65535 for the VPN1000?
0
Accepted Solution
-
Have finally got it working - UDP packet length cannot be longer than 1464 (testing with IPERF2, across a mobile network), otherwise there will be fragmentation, but no indications, just nothing in Wireshark logs or other indications.
1
All Replies
-
Have finally got it working - UDP packet length cannot be longer than 1464 (testing with IPERF2, across a mobile network), otherwise there will be fragmentation, but no indications, just nothing in Wireshark logs or other indications.
1
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 148 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight