Connection Site to site Ipsec VPN

Thierry2

Hello everybody

I have a site to site Ipsec VPN connection between 2 Zywall 110
How can I activate ICMP trough this tunnel ?
I have the same Problem on many site 2 site with Zyxel Firewall.

Thanks

Zyxel_James

Hello @Thierry2

Zyxel does not block ICMP through the VPN tunnel by default, it could be blocked due to your routing policy or security policy, please check if there is any log about it.

Moreover, you may refer to this article

https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=012472&lang=EN

James

Zyxel_James

Hello @Thierry2

Zyxel does not block ICMP through the VPN tunnel by default, it could be blocked due to your routing policy or security policy, please check if there is any log about it.

Moreover, you may refer to this article

https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=012472&lang=EN

James

Thierry2

Hello

Thanks for your answer

No i have no special Policy rule that can block ICMP

Zyxel_James

Hello @Thierry2

Is it only ICMP traffic that does not respond?

Very common is that the destination does not respond to ping. Often Windows servers do filter the ping. Or the local routing table of the ping destination might have conflicting routing rules.

Please observe Monitor -> VPN Monitor -> IPsec when pinging and see if the packet is entering the tunnel ("Inbound bytes" should be counting up). If the packet enters the tunnel, check if it leaves the tunnel on the other site ("Outbound bytes" should be counting up) and if the ping reply is hitting the LAN interface again. You can use packet captures to verify that.

James