How to route router (fw) traffic via LAN IP to IPsec VPN.

Options
berkal
berkal Posts: 3  Freshman Member
First Comment

Hello, I have a IPsec tunnel between Zyxel USG Flex 100 and Fortigate 301E, everything works fine but one thing. I need to send Zyxel syslogs to device at Fortigate network. When I try to ping in zyxel console the device the ping fails. When I specify Zyxel's LAN1 IP as a source it works. So in default the zyxel uses WAN IP for the ping (and syslog) and not LAN IP. I have set up policy route and security policy and nothing works.

All Replies

  • Zyxel_Tina
    Zyxel_Tina Posts: 66  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Switch 5 Answers First Comment

    Hi @berkal,

    Based on your requirement, the problem is with USG self-generated traffic routing through the IPSec tunnel to Fortigate 301E - specifically, making the USG console able to ping the Fortigate network.

    To better assist you, could you please provide screenshots of the policy route and security policy configurations you've configured? This will help us identify why the current setup isn't working as expected.

    image.png image.png image.png

    Zyxel Tina

  • berkal
    berkal Posts: 3  Freshman Member
    First Comment

    I finally solved it already. Thank you for trying to help.

    Policy route just did not work. Only thing that worked is static route to fortigate subnet and nexthop LAN1.