L2TP over IPSec Client (iOS, Windows, Android)

faye83
faye83 Posts: 6  Freshman Member
First Comment
in Security

Hello all
via wizard i configured the vpn in subject.
I can connect I can see in the zyxel monitoring my vpn session with the Mac, but unfortunately I can't access or ping the local resources.

USG50 FLEX

WAN 192.168.1.200/255.255.255.0

L2TP IP Address Pool RANGE, 192.168.1.30-192.168.1.35

LAN1 IP 10.10.10.33

Can someone please help me?

Thanks

Regards

F.

All Replies

  • Zyxel_Melen
    Zyxel_Melen Posts: 3,038  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Hi @faye83,

    Seems like your WAN and L2TP subnet are in the same subnet range. To avoid conflict, could you try to change the L2TP IP subnet first?

    Zyxel Melen


  • faye83
    faye83 Posts: 6  Freshman Member
    First Comment

    Hi Melen

    Thank you for your help.
    I changed L2TP IP subnet to 192.168.100.30-192.168.100.35 but I still have the same problem: I can't access or ping my nas. I thought maybe a Policy Route is needed but I don't know how to do it.

    Regards

    F.

  • faye83
    faye83 Posts: 6  Freshman Member
    First Comment

    Melen I have one more piece of information: I can ping (and web login) the firewall port on the internal network 10.10.10.xxx (LAN1) but not the nas which is in the same network 10.10.10.yyyy

  • Zyxel_Melen
    Zyxel_Melen Posts: 3,038  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Hi @faye83,

    This could be two reasons:

    1. The firewall security policy doesn't allow VPN traffic to the LAN. Below is an example that allows VPN traffic.
      image.png
    2. The device doesn't allow ping. You need to check the NAS firewall rule.
    Zyxel Melen


  • faye83
    faye83 Posts: 6  Freshman Member
    First Comment

    Hi Melen,

    In the local network I can ping the nas but with the vpn connection the ping and smb connection doesn't go. What do you suggest?

    Thanks

    Regards

    F.

  • valerio_vanni
    valerio_vanni Posts: 153  Master Member
    5 Answers First Comment Friend Collector Third Anniversary

    And other hosts on LAN1? Can you reach them? A printer or some other device.

    Do you find some entry in log "access denied"?

    What are your rules (in comparison to those posted by Zyxel Melen)?

  • Zyxel_Melen
    Zyxel_Melen Posts: 3,038  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Hi @faye83,

    Since I'm unsure of your NAS firewall rules, it might allow ping with the same LAN and deny from other subnets. So, you need to check the NAS firewall rule.

    Also, please check your firewall logs to see if there are any blocking logs. If so, please set security policy rules to allow the VPN traffic.

    Zyxel Melen


  • faye83
    faye83 Posts: 6  Freshman Member
    First Comment

    Hello all
    thank you very much for your help!
    The problem was the nas firewall blocking the connections.
    Now works.
    Kind regards
    Regards
    F.

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)