Ping timeout problem

PeterUK
PeterUK Posts: 3,158  Guru Member
Community MVP 2500 Comments Sixth Anniversary 100 Answers
edited September 8 in USG FLEX H Series

USG FLEX 200H V1.21(ABWV.0)ITS-24WK35-0813-240800592

So after moving to the FLEX200H there are some problems I'm seeing not sure I can simplify this one it part of the fail over system now with Flex200H instead of Zywall 110.
https://community.zyxel.com/en/discussion/comment/51334/#Comment_51334

/ vrf "main" interface vlan "VLAN443" ipv4 address "192.168.44.1/28"
/ vrf "main" interface vlan "VLAN443" ipv4 address "192.168.44.4/28"

There are three ping rules to 192.168.44.4 to the Flex200H from VPN300

Screenshot 2024-09-08 140507.png

So when its working for one of these rules ping from 192.168.44.5 from VPN300 to 192.168.44.4 of FLEX200H which then does NAT of the ICMP to 192.168.254.33 and routing rule to SNAT from 192.168.44.1 static route 192.168.254.32/29 to 192.168.44.5 which the VPN300 sends down the tunnel to my FLEX200 for a reply which then replies back to FLEX200H and then reply back to VPN300.

Screenshot 2024-09-08 140654.png

With FLEX200H timeout for ICMP set to 5 seconds I I'm getting a lot of time outs where by the VPN300 would send a ping to 192.168.44.4 and FLEX200H would not do its thing but as a workaround if I set timeout for ICMP set to 1 second the problem mostly goes away.

Screenshot 2024-09-08 144419.png

My guess is due to the way ping is indirectly getting a reply that the FLEX200H still waits 5 seconds so when another ping happens to 192.168.44.4 its dropped.

Screenshot 2024-09-08 142835.png

All Replies

  • PeterUK
    PeterUK Posts: 3,158  Guru Member
    Community MVP 2500 Comments Sixth Anniversary 100 Answers

    PM sent to Judy to look at

  • PeterUK
    PeterUK Posts: 3,158  Guru Member
    Community MVP 2500 Comments Sixth Anniversary 100 Answers

    What I get From VPN300 when FLEX200H timeout for ICMP set to 5 seconds

    1
    
2024-09-16 11:35:42
    
notice
    
Connectivity Check
    
Policy Route 37 status is set to ACTIVE by connectivity-check


    
7
    
2024-09-16 11:35:41
    
notice
    
Connectivity Check
    
Policy Route 37 status is set to INACTIVE by connectivity-check



    
8
    
2024-09-16 11:35:41
    
alert
    
Connectivity Check
    
The link status of policy 37 is inactive.



    
9
    
2024-09-16 11:35:40
    
notice
    
Connectivity Check
    
Policy Route 36 status is set to ACTIVE by connectivity-check


    
10
    
2024-09-16 11:35:40
    
notice
    
Connectivity Check
    
Policy Route 35 status is set to ACTIVE by connectivity-check



    
12
    
2024-09-16 11:35:39
    
notice
    
Connectivity Check
    
Policy Route 36 status is set to INACTIVE by connectivity-check


    
14
    
2024-09-16 11:35:38
    
alert
    
Connectivity Check
    
The link status of policy 36 is inactive.


    
15
    
2024-09-16 11:35:38
    
notice
    
Connectivity Check
    
Policy Route 35 status is set to INACTIVE by connectivity-check



    
16
    
2024-09-16 11:35:38
    
alert
    
Connectivity Check
    
The link status of policy 35 is inactive.



    
20
    
2024-09-16 11:35:27
    
notice
    
Connectivity Check
    
Policy Route 36 status is set to ACTIVE by connectivity-check


    
22
    
2024-09-16 11:35:26
    
notice
    
Connectivity Check
    
Policy Route 36 status is set to INACTIVE by connectivity-check



    
23
    
2024-09-16 11:35:26
    
alert
    
Connectivity Check
    
The link status of policy 36 is inactive.


    
32
    
2024-09-16 11:35:09
    
notice
    
Connectivity Check
    
Policy Route 37 status is set to ACTIVE by connectivity-check



    
34
    
2024-09-16 11:35:08
    
notice
    
Connectivity Check
    
Policy Route 37 status is set to INACTIVE by connectivity-check


    
35
    
2024-09-16 11:35:08
    
alert
    
Connectivity Check
    
The link status of policy 37 is inactive.



    
36
    
2024-09-16 11:35:06
    
notice
    
Connectivity Check
    
Policy Route 35 status is set to ACTIVE by connectivity-check


    
38
    
2024-09-16 11:35:05
    
notice
    
Connectivity Check
    
Policy Route 35 status is set to INACTIVE by connectivity-check



    
39
    
2024-09-16 11:35:05
    
alert
    
Connectivity Check
    
The link status of policy 35 is inactive.


    
40
    
2024-09-16 11:35:00
    
notice
    
Connectivity Check
    
Policy Route 36 status is set to ACTIVE by connectivity-check

    
42
    
2024-09-16 11:34:59
    
notice
    
Connectivity Check
    
Policy Route 36 status is set to INACTIVE by connectivity-check


    
43
    
2024-09-16 11:34:59
    
alert
    
Connectivity Check
    
The link status of policy 36 is inactive.

    
44
    
2024-09-16 11:34:56
    
notice
    
Connectivity Check
    
Policy Route 37 status is set to ACTIVE by connectivity-check

    
46
    
2024-09-16 11:34:56
    
notice
    
Connectivity Check
    
Policy Route 37 status is set to INACTIVE by connectivity-check


    
47
    
2024-09-16 11:34:56
    
alert
    
Connectivity Check
    
The link status of policy 37 is inactive.


    
48
    
2024-09-16 11:34:54
    
notice
    
Connectivity Check
    
Policy Route 35 status is set to ACTIVE by connectivity-check

    
50
    
2024-09-16 11:34:53
    
notice
    
Connectivity Check
    
Policy Route 35 status is set to INACTIVE by connectivity-check 

    
51
    
2024-09-16 11:34:53
    
alert
    
Connectivity Check
    
The link status of policy 35 is inactive.

  • Zyxel_Judy
    Zyxel_Judy Posts: 1,358  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Second Anniversary Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Engineer Level 1 - Nebula

    Hi @PeterUK,

    We have a few points to discuss with you. Please check your private message.

    Untitled Image

    Don't miss this great chance to upgrade your Nebula org. for free!https://bit.ly/4g2pS9L

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)