USG 110 - Problem in VPN / NAT scenario

gwoo Posts: 1

Hello zyxel community,

we have a site-to-site IPSec VPN Tunnel from our USG110 to a Fortigate Firewall of an
application provider. No overlapping subnets . The tunnel connection is being
built up successfully.

At the same time we use a Windows RAS Server behind our firewall, for client VPN connections of mobile users via L2TP/IPSec. Therfore we have a NAT and firewall rule, to forward incoming requests to the RAS Server. Everything working there.

Unfortunately it seems, that no traffic is going through the site-to-site tunnel. After some analysis of the network traffic with zyxel tools and wireshark it looks like,
that requests from our LAN site are correctly going into the site-to-site VPN,
the responses are coming back through the tunnel, but are directed to the RAS
server specified in the NAT rule, rather than to the internal IP of the original request.

Any ideas what's going on here and how to fix it would be greatly appreciated!

Kind regards, Gert

Security Highlight