VPN - Ping Troubleshooting
My L2TP VPN is up and running fine, I can connect to everything I need on the host network (192.168.1.0). I use a LAN Messenger that cannot see the client network 192.168.20.0.
I can ping from my client 192.168.20.220 to the host network without issues, but not the other way.
I do notice that my client shows a gateway of 0.0.0.0
Accepted Solution
-
I have finnaly narrowed down the issue, the LAN Messenger we use will not function with NAT/SNAT.
I added the route policy back in and my RDP session work fine again. No dropped messages in the log files.
Thank you for your support.
1
All Replies
-
Hi @Jeff_ATS
Welcome to the Zyxel community. We're here to assist you with the issue you're experiencing. To better understand your situation, could you kindly provide us with the following information:
- Is your main problem that L2TP VPN clients are unable to access the LAN domain 192.168.20.X?
- What are the IP ranges for LAN1, LAN2 (or other VLANs), and L2TP IP?
- Please share screenshots of the policy route, security policy, and L2TP VPN settings with us. Examples are shown below:
Policy Route
Security Policy: the below are IPsec related policies
L2TP VPN settings:
Thank you in advance for your cooperation. We look forward to assisting you further.
Don't miss this great chance to upgrade your Nebula org. for free! https://bit.ly/4g2pS9L
0 -
The L2TP VPN is working perfectly. It allows remotes users to RDP to local servers and map network drives.
- I use a LAN Mesenger application that I am trying to get working trough the VPN. Again , the LAN Messenger would be a nice to be working, the VPN is doing wjat I want it to do.
From a client (192.168.20.221) , I can ping anything on the host LAN (192.168.1.0) but from the host side, I cannot ping the 192.168.20.220 - 192.168.20.235 range.
The
0 -
Hi @Jeff_ATS
Thank you for your update. Could you please check whether the firewall settings on your Windows PC are disabled? Thanks.
Don't miss this great chance to upgrade your Nebula org. for free! https://bit.ly/4g2pS9L
0 -
Thank you for your help. The VPN is working fine, but I have a need to be able to ping from both directions
0 -
I think you might need to rethink your network layout? most of the problem will be that 192.168.1.199 has gateway 192.168.1.1 if this was 192.168.1.251 then it will likely work. So 192.168.1.199 VPN to 192.168.1.251……unless this is some type of Asymmetrical Route which are hard to get hard
if you disable the flex firewall does it work?
0 -
Hello @Jeff_ATS
Many thanks for sharing the detailed information with us. It could be a routing-related issue from L2TP client to the internal lan host. Could you provide a remote Web-GUI link to us for further checking purposes? We will send an e-mail to you later, please check your e-mail inbox. Thanks.
Don't miss this great chance to upgrade your Nebula org. for free! https://bit.ly/4g2pS9L
0 -
Hello @Jeff_ATS
Ok, thanks for your update. We have noticed that there is a policy route that could impact the L2TP client's SNAT behavior, as shown below:
Could you please remove this policy route and try again? You can use our Wizard to create an L2TP VPN connection via expert mode this time, as shown below:
Thanks.
Don't miss this great chance to upgrade your Nebula org. for free! https://bit.ly/4g2pS9L
0 -
I did as outlined above and I am now able to use my LAN Messenger, however, the ability to RDP from the clients no longer works. May be I can add a route specific to my three RDP servers (192.168.1.00, 192.168.1.99 and 192.168.1.151) they would need to be reacahble from 192.168.20.220 - 192.168.20.235)
0 -
Hi @Jeff_ATS
We noticed that you are still using EZMODE_VPN_L2TP. Please inactivate it and activate RemoteAccess_L2TP_Wiz to see if LAN Messenger and RDP sessions work for you.
If it still doesn't work, please go to Monitor > View Log to check if there are any blocked messages or matched default rule drop messages for the IP range 192.168.20.220 - 192.168.20.235 that might be preventing access to internal LAN hosts(192.168.1.99, 192.168.1.151). Thanks.
Don't miss this great chance to upgrade your Nebula org. for free! https://bit.ly/4g2pS9L
0 -
I have finnaly narrowed down the issue, the LAN Messenger we use will not function with NAT/SNAT.
I added the route policy back in and my RDP session work fine again. No dropped messages in the log files.
Thank you for your support.
1
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.5K Security
- 216 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 243 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight