VPN passthrough for

Nivi Posts: 2
edited April 2021 in Security
Hello,  i am  not so good with VPN

How to make this configuration:

We are using an USG 60 firewall, now an external company must make an VPN to their own VPN router
they are using VPN and ask me to open ports 500, 4500, 10004, 3306, 15000

So I thought to make a firewall rule:  all coming from their IP  (XX.XX.XX.XX)  can go to

But is not working, what to do???


  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,101  Zyxel Employee
    edited October 2018
    Hi @Nivi
    You can find some of VPN introduction by wikipedia.

    For establishing VPN tunnel, both of sites must configure as the same VPN gateway(Phase 1) and VPN Connection(Phase 2) setting.
    You can check VPN setting on USG by: Configuration > VPN > IPSec VPN.

    As your scenario, you must to know what’s the VPN proposal will send from remote site first.

  • Nivi
    Nivi Posts: 2
    OK thank you for your answer.

    I don't want to know anything about their VPN .  

    It just have tell the USG firewall for sending ALL incoming packets from their address XX.XX.XX.XX  to  so they can make a VPN connection  to their router. 
    Is this called passthrough?

    I hope someone can tell me how to make this working.

    Regards, Nivi
  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,101  Zyxel Employee

    Hi @Nivi  

    I have misunderstood your scenario.

    As your topology, you would like to forwarding the traffic to internal VPN router(

    After checked your port forwarding and firewall rule are correct for this scenario.


    For debugging this issue, you can capture the packets on LAN interface and also filter the address as VPN router( for few seconds.

    It can make sure if the traffic has forwarded to internal VPN router successfully or not.

    Maintenance > Diagnostic > Packet capture

Security Highlight