IPSec VPNs not passing traffic after upgrading firmware to latest version.
Freshman Member
We are running multiple IPSec VPN connections using USG110 (firmware version 4.73) and USG40W (firmware version 4.73) routers. We recently went through and performed firmware updates due to vulnerability concerns. After applying the updates we have noticed that VPN traffic is not passing properly. No configuration was changed for the VPNs and after going through logs, we are seeing that there are instances of the traffic being blocked by the default security policy rule. The proper rules are in place IPSec_VPN_Outgoing and IPSec_VPN_to_Device. Traffic appears to be bypassing the security policies and getting blocked by the default rule with the following message "Match default rule, DNAT Packet, DROP". Could the firmware be causing the issue? I've seen no problems with how the VPNs are configured and even went through Zyxel documentation to verify.
All Replies
-
Hi @SINC
Thanks for your inquiry. What is your current firmware version? Is it V4.73P2 firmware? Could you share a screenshot for the blocked message "Match default rule, DNAT Packet, DROP" with us?
Besides, please check whether the security policy "WAN_to_Device" allows IKE,NATT,AH,ESP VPN related traffics.
Thanks.
Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP! https://bit.ly/2024_Survey_Community
0
Zyxel Employee
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight
