USG 110 - Problem in VPN / NAT scenario
Hello zyxel community,
we have a site-to-site IPSec VPN Tunnel from our USG110 to a Fortigate Firewall of an
application provider. No overlapping subnets . The tunnel connection is being
built up successfully.
At the same time we use a Windows RAS Server behind our firewall, for client VPN connections of mobile users via L2TP/IPSec. Therfore we have a NAT and firewall rule, to forward incoming requests to the RAS Server. Everything working there.
Unfortunately it seems, that no traffic is going through the site-to-site tunnel. After some analysis of the network traffic with zyxel tools and wireshark it looks like,
that requests from our LAN site are correctly going into the site-to-site VPN,
the responses are coming back through the tunnel, but are directed to the RAS
server specified in the NAT rule, rather than to the internal IP of the original request.
Any ideas what's going on here and how to fix it would be greatly appreciated!
Kind regards, Gert
Categories
- All Categories
- 384 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 80 Nebula Status and Incidents
- 5.1K Security
- 77 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 209 Service & License
- 335 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 898 Nebula FAQ
- 415 Security FAQ
- 234 Switch FAQ
- 205 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 62 Security Highlight