VPN passthrough for

Nivi

Hello,  i am  not so good with VPN

How to make this configuration:

We are using an USG 60 firewall, now an external company must make an VPN to their own VPN router
they are using VPN and ask me to open ports 500, 4500, 10004, 3306, 15000

So I thought to make a firewall rule:  all coming from their IP  (XX.XX.XX.XX)  can go to 192.168.15.19.


But is not working, what to do???

Zyxel_Stanley

Hi @Nivi

You can find some of VPN introduction by wikipedia.

For establishing VPN tunnel, both of sites must configure as the same VPN gateway(Phase 1) and VPN Connection(Phase 2) setting.

You can check VPN setting on USG by: Configuration > VPN > IPSec VPN.

As your scenario, you must to know what’s the VPN proposal will send from remote site first.

Nivi

OK thank you for your answer.

I don't want to know anything about their VPN .  

It just have tell the USG firewall for sending ALL incoming packets from their address XX.XX.XX.XX  to 192.168.15.19  so they can make a VPN connection  to their router. 
Is this called passthrough?

I hope someone can tell me how to make this working.

Regards, Nivi

Zyxel_Stanley

Hi @Nivi  

I have misunderstood your scenario.

As your topology, you would like to forwarding the traffic to internal VPN router(192.168.15.19)

After checked your port forwarding and firewall rule are correct for this scenario.

 

For debugging this issue, you can capture the packets on LAN interface and also filter the address as VPN router(192.168.15.19) for few seconds.

It can make sure if the traffic has forwarded to internal VPN router successfully or not.

Maintenance > Diagnostic > Packet capture