Ping request gose in on OPT the reply out VLAN443

PeterUK
PeterUK Posts: 3,500  Guru Member
100 Answers 2500 Comments Friend Collector Seventh Anniversary
edited April 2021 in Security

ZyWALL 110 on V4.33(AAAA.0)ITS-WK30-r89425

I have a BQM that pings my IP every second

https://www.thinkbroadband.com/broadband/monitoring/quality

This does not happen on every reboot with OPT and VLAN443 to metric 0

Ping in to opt

ping opt.png

ping out VLAN443

ping vlan443.png

If I stop the BQM for 2mins and start it up again its still wrong

Workaround is to set to SYSTEM_DEFAULT_WAN_TRUNK then back to my vlan443andopt trunk.

«1

Comments

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,518  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments

    Hi @PeterUK

    We found out that device local out traffic might be affected by policy route or Trunk in this scenario. we are checking internally.Keep you updated.

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,518  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments

    Hi @PeterUK

    In this case, you can add the following policy route to avoid local out traffic have effect by Trunk.

    1) incoming=zywall, src=opt interface IP, dst=any, next hop type =interface, interface=OPT

    2) incoming=zywall, src=vlan443 interface IP, dst=any, next hop type =interface, interface=vlan443

  • PeterUK
    PeterUK Posts: 3,500  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited September 2019

    I have only just found this out but them rules stop L2TP VPN from working.

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,518  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments

    Hi @PeterUK

    In this case, is it normal if you type cli “Router> show ip route” at that time?

    I would like to check that if it is just only Web GUI display issue or not.

  • PeterUK
    PeterUK Posts: 3,500  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    https://businessforum.zyxel.com/discussion/comment/9706#Comment_9706

    I'm guessing this is for the “Packet flow explore for main route unknown”

    https://businessforum.zyxel.com/discussion/3101/packet-flow-explore-for-main-route-unknown#latest

  • PeterUK
    PeterUK Posts: 3,500  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    For anyone using routeing rules with incoming to zywall to get the L2TP VPN working you need to make the the following rule at the top:



  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,518  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    It can be solved by adding policy route. We will evaluate and enhance it to avoid local out traffic being affected by wan trunk.

  • eifelrudi
    eifelrudi Posts: 11  Freshman Member
    First Comment First Anniversary

    Hi,

    i have exact this problem.

    i have tried to add the route as described. But i am not able to choose "any" Service and Source-port L2TP-UDP. i can only choose the service L2TP-UDP - is that right?

    Additional - what is behind L2TPVPNWAN - the Wan-IP?

    i have tried so ...

    image.png

    ist hat right, or what is my mistake?

  • eifelrudi
    eifelrudi Posts: 11  Freshman Member
    First Comment First Anniversary

    Hi,

    adding my post - my problem is that l2tp vpn from android client disconnects after 2 minutes.

    hope i am right in this post...

    image.png


  • PeterUK
    PeterUK Posts: 3,500  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    I think Dienst is service you need to click show advanced settings to show the source port.

    source.png


Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)