Site2Site VPN and IKEv2 VPN - No Route to Remote Site
Freshman Member
Hello,
I have a problem with my ATP.
There are 2 different VPNs:
- Site2Site (HQ<->EXT): 172.16.0.0/16 (HQ) to 172.17.0.0/16 (External Site)
- IKEv2 for clients (HQ): Range 192.168.10.10 to 192.168.10.100
The S2S connection to the external site (EXT) works without problems when I use it in the HQ, i.e. without an additional VPN.
The IKEv2 clients (HQ) can also connect to the HQ and access the corresponding services.
However, the problem is that the IKEv2 clients (HQ) cannot access services running on the external site (EXT). It seems that the IKEv2 clients cannot access the S2S VPN.
Nothing blocked can be seen in the firewall.
I think there is still a route missing that is needed for the IKEv2 clients.
Can anyone help me with what I am doing wrong here or what is still missing?
Thank you very much!
All Replies
-
looks like you need routeing rules
HQ
incoming tunnel VPN of IKEv2 for clients
destination 172.17.0.0/16
next hop VPN Tunnel Site2Site
External Site
incoming any
destination 192.168.10.10 to 192.168.10.100
next hop VPN Tunnel Site2Site
0 -
Thank you for your answer.
I have tried it with the 2 routes, but unfortunately it still doesn't work.
(changed the IKEv2 IP Range to 192.168.112.10-100)HQ:
Ext:
0 -
You may also need policy rules on each to allow the traffic
check your logs for blocked traffic
0
Guru Member
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 142 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 235 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 246 Service & License
- 387 News and Release
- 82 Security Advisories
- 28 Education Center
- 9 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight
