How to route router (fw) traffic via LAN IP to IPsec VPN.
Freshman Member
Hello, I have a IPsec tunnel between Zyxel USG Flex 100 and Fortigate 301E, everything works fine but one thing. I need to send Zyxel syslogs to device at Fortigate network. When I try to ping in zyxel console the device the ping fails. When I specify Zyxel's LAN1 IP as a source it works. So in default the zyxel uses WAN IP for the ping (and syslog) and not LAN IP. I have set up policy route and security policy and nothing works.
All Replies
-
Hi @berkal,
Based on your requirement, the problem is with USG self-generated traffic routing through the IPSec tunnel to Fortigate 301E - specifically, making the USG console able to ping the Fortigate network.
To better assist you, could you please provide screenshots of the policy route and security policy configurations you've configured? This will help us identify why the current setup isn't working as expected.
Zyxel Tina
0 -
I finally solved it already. Thank you for trying to help.
Policy route just did not work. Only thing that worked is static route to fortigate subnet and nexthop LAN1.0
Zyxel Employee
Categories
- All Categories
- 435 Beta Program
- 2.7K Nebula
- 176 Nebula Ideas
- 117 Nebula Status and Incidents
- 6.1K Security
- 425 USG FLEX H Series
- 298 Security Ideas
- 1.6K Switch
- 78 Switch Ideas
- 1.2K Wireless
- 44 Wireless Ideas
- 6.7K Consumer Product
- 274 Service & License
- 419 News and Release
- 88 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 89 Security Highlight
