What firewall rules are needed to allow L2TP over IPSEC from Windows 11
Hi
I have a USG60 configured to allow VPN connections from Windows 11 via WAN2. All is fine until I enable the Security Policy Control, i.e. I turn on the firewall. What firewall rules are needed to allow the VPN to connect.
*I did have to create a pair of routing policies to allow me to browse the local LAN and internet which I've attached below.
Thanks
All Replies
-
WAN to Zywall
UDP 500
UDP 4500
UDP 1701
protocol 50
VPN zone Ipsec_VPN to Zywall
UDP 500
UDP 4500
UDP 1701
protocol 50
0 -
Hi
Partial success. The VPN now connects, but no traffic can pass through. I'm guessing I need another rule to allow traffic to pass. I've tried the following.
0 -
So you should be able to ping the LAN over the VPN?
Are you looking for the VPN to do internet? Or just to LAN?
Disable them routing rules and make these.
For LAN
incoming VPN tunnel
destination LAN subnet
next hop auto
For internet over the VPN below the rule above you need
incoming VPN tunnel
next hop WAN
0 -
Hi
I'm not able to ping the Zyxel in the current config, or any IP on the LAN.
I'll have a go of your suggestions above.
0 -
just to add
For LAN
incoming VPN tunnel
destination LAN subnet
SNAT none
0 -
Hi
It didn't work. I still can't ping the Zyxel or anything on the LAN.
I've attached the policy below.
0 -
Can you go to maintenance > diagnostic > network tools > PING IPv4 to a device on your LAN if no ping its a firewall on that device thats blocking it
Also check the zone of the VPN settings is the right one
and is the IP pool of the VPN not in use by other interfaces?
0 -
For some reason, when I post the result of the ping, it gets blocked, but not if I post a picture of it.
0 -
0
-
0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.5K Security
- 216 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 243 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight