route L2TP ipsec on ipsec site to site
Hi all,
I am facing a strange issue,
site a
zywall 110
config
site to site vpn to site b ( site a and site b communicate correctly )
l2tp ipsec vpn user with preshared ( let's call this site c) site c and site a can communciate correctly
i cannot route site c to site b
but route are correctly config
i need some suggestions please
thanks
I am facing a strange issue,
site a
zywall 110
config
site to site vpn to site b ( site a and site b communicate correctly )
l2tp ipsec vpn user with preshared ( let's call this site c) site c and site a can communciate correctly
i cannot route site c to site b
but route are correctly config
i need some suggestions please
thanks
0
Comments
-
Hi,
You need to add a policy route, from VPN client IP address to site b, before the policy route for VPN client IP address to any.
0 -
thanks for ur reply,
but i just faced a new issue.. tha package is correctly routed, but it doesnt come back0 -
If you mean the packet not back from site b.
Then add a policy route in site b,
From site b to VPN client IP address, into the site-to-site tunnel.
0 -
yep but it's already set0
-
l2tp -> zywall 110 -> aws
package go to zywall 110 and forwaarded correctly to aws.
aws vpn correctly work with zywall 110 lan but not with l2tp
route table and security group of aws accept the subnet of l2tp users0 -
additional question:
is it normal that l2tp release ip address for vpn user with subnet 255.255.255.255 ??
there's no route back in this way0 -
UPDATE
site a (zywall lan) can connect correctly in ssh to site b (aws)
site c (l2tp user) can connect correctly in ssh to site a (zywall lan-centos machine)
BUT when site c try to connect in ssh to site b fails.
on site a zywall log, the package is correctly forwarded from l2tp ip address to aws ip address
on the aws machine, the log show an incoming connection from l2tp ip address port 22, but it seems stucking in SYN_RECV
someone any idea ?
thanks0 -
To check the l2tp to aws issue.
You can use CLI to trace the request packets & reply packets,
# packet-trace interface vtix extension-filter host <ip address of AWS instance>
Then access the AWS instance from L2TP client. And check the result show on the CLI.
0 -
#You can use CLI to trace the request packets & reply packets
Traceroute from l2tp doesn't reach the instance and all the hop fall down. The same if I try traceroute from the instance
#Then access the AWS instance from L2TP client. And check the result show on the CLI.
I cannot access the instance from l2tp via SSH..only through web aws.
Or maybe I don't understand exactly what u mean with "Then access the AWS instance from L2TP client. And check the result show on the CLI.
"0 -
I have to solve this issue in a couple of hours please0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.5K Security
- 216 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 243 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight