IPSecVPN - Cannot ping remote IP range
Freshman Member
I have a Zyxel 1100 at SiteA and a USG 220 at SiteB.
I used the wizards to congifure my site to site IPSecVPN and it's working in that it came up immediately on both sides.
My problem is I cannot ping any IP addresses on either side. I can't even ping the Zyxels on each side.
Both devices are new and I have not cluttered the things with guesses at fixes, but I feel like I'm missing something simple like a policy or a check mark somewhere.
I did not add any additional security policies. I just let the wizards do everything, and that's where I am now. I am unable to ping IP addresses behind each firewall.
Can someone tell me please what I missed?
Thank you
Accepted Solution
-
So, this is working now. What did I do you may ask? Nothing!
I built out the IPSec VPN connections in each firewall and it did not work.
I posted here.
I went in this AM, deleted my two IPSec VPN connections (one out of each firewall) and then added them back.
It's working as expected now.
0
All Replies
-
Posted reply in error
0 -
Devices need to allow ICMP inbound on there firewall for one.
you maybe need a routing rule above any other rules like LAN1 next hop WAN with a rule above LAN1 destination subnet of IPs over the tunnel and next hop VPN tunnel
security policies like LAN1 to VPN zine and VPN zone to LAN1
1 -
@CRP0499 three major mistakes may cause the traffic not to go through the tunnel.
Please refer to this article for further troubleshooting first, thanks.
0 -
Thank you James. I do believe I understand the article. What I would like clarity on is I have TWO IPSec VPN tunnels in the 1100. The first tunnel I set up is working as expected. Traffic is flowing and pings are passing.
When I set up the second tunnel, I cannot ping across it.
My trace route shows my pings first hop as the first vpn tunnel, so, I'm thinking I need routes to tell traffic where to go.
With just one VPN tunnel, things work great. When I add the second vpn tunnel, that's where things begin to break down.
0 -
So, this is working now. What did I do you may ask? Nothing!
I built out the IPSec VPN connections in each firewall and it did not work.
I posted here.
I went in this AM, deleted my two IPSec VPN connections (one out of each firewall) and then added them back.
It's working as expected now.
0 -
Do you have different IP subnet on different sites such that you don't have 192.168.1.0/24 on on another site or enabled interface which such a subnet?
0
Guru Member
Zyxel Employee
Categories
- All Categories
- 397 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 81 Nebula Status and Incidents
- 5.1K Security
- 91 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 918 WirelessLAN
- 35 WLAN Ideas
- 5.9K Consumer Product
- 211 Service & License
- 337 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2K FAQ
- 920 Nebula FAQ
- 422 Security FAQ
- 237 Switch FAQ
- 208 WirelessLAN FAQ
- 47 Consumer Product FAQ
- 139 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 62 Security Highlight
