IP camera through vpn site-to-site dynamic client usg60

MagnusBorgen
MagnusBorgen Posts: 6  Freshman Member
First Comment
edited April 2021 in Security
hi, i am struggeling to get the buildt in camera discovery tools to find the cameraes. I can ping from both sides, find via ip scanner, access via web gui, but i cannot find cameraes through Milestone. OR the producers "discovery tool"..  Any ideas?

All Replies

  • Ian31
    Ian31 Posts: 174  Master Member
    5 Answers First Comment Friend Collector Sixth Anniversary
    Usually, the discovery protocol is layer 2 (broadcast or multicast) protocol which cannot pass through layer 3 VPN.
  • MagnusBorgen
    MagnusBorgen Posts: 6  Freshman Member
    First Comment
    Auch, ideas to solve this? 

    If i try to add camera manually in the SW it still doesnt fint it, can this be same reason?
  • MagnusBorgen
    MagnusBorgen Posts: 6  Freshman Member
    First Comment
    edited October 2018
    Activating GRE might solve this?

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,376  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    edited October 2018

    USG does not support multicast on GRE tunnel or site to site VPN tunnel. 
    USG supports IGMP proxy over IPSec VTI.
    You need to check what the discovery protocol for camera discovery tool is. 

  • MagnusBorgen
    MagnusBorgen Posts: 6  Freshman Member
    First Comment
    Adding GRE might solve this?

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,376  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments

    Hi @MagnusBorgen,

     

    USG supports IGMP proxy over IPSec VTI, so you can configure VTI instead of using GRE tunnel or site to site VPN tunnel.

    Here is the FAQ for your reference.

    How can I configure IPSec site-to-site VPN by using VTI on the USG ?

  • warwickt
    warwickt Posts: 111  Ally Member
    5 Answers First Comment Friend Collector Third Anniversary
    Hi Magnus, just a late post on VTI I saw here.

    Should you be still looking for information, I'd suggest SEARCHING this forum. (no need to post them here) 

    I have added to several threads on VTI with USG's..

    It works great.

    The zyxel doco offered is a trite light me thinks... ... however you can apply your current USG knowledge on this.

    Sadly bonjour and some discovery function don't seem to work as they are not implemented for general use like this ..

    HOWEVER you can manipulate application ports with ssh to cause some discovery across your addition LANs on your VTI VPN network. (i.e  iTunes & Apple TV, printers and so on across the VTI VPN tunnels) 

    You'll need to ensure VTI basics such as "identity", and NEXT HOP routes  to correct VTIx's .. else it wont go so well.

    Attention also to VPN Gateway (id, content , peer etc etc)...

    Also for any L2TP VPN connections the once connected can also access hosts across you internal VTI)s) network (s) ..

    Make sure that Security policies are set up to allow access to all the USGs you have to you can access them also through the VTI tunnels.. 

    All our hosts / IP devices are accessible via DNS as well. This CAN operate within the VTI network... 

    works great!

    Warwick
    Hong Kong 

Security Highlight