WAN to LAN routing without NAT

ChrisGer

Hi Community,

i currently have many question marks in routing from the ISP firewall through a ZYWALL behind it. ?

Here is a basic overview of the infrastructure.

My situation

The USG60W has no NAT on WAN1 and the networks, that are connected to the ISP FW (DMZ) are configured by static routeing sconfig on the firewalls as required. This is working well, if the user is behind the ZyWALL in the Office-LAN (left site of the infrastructure picture.

My Problem

If the User is connected trough SSL-VPN (ISP Firewall) the outgoing packet to the ZyWALL is visible at the ISP firewall (correct outgoing interface) but it " disappears" at the ZyWALL and does not reach the destination behind the ZyWALL.

Any idea what happend ? I am very grateful for tips and suggestions for solutions.

Regards

Christian

Ian31

Do you configure the firewall rule to allow the VPN clients IP address to access LAN of USG60W ?

ChrisGer

https://businessforum.zyxel.com/discussion/comment/9568#Comment_9568

Hi lan31,

the VPN tunnel access has all required destinations included (any) but the traffic stoped at USG WAN port ?

A mistake factor occurred to me yesterday - if i send http/s requests, the firewall can stop this traffic, cause http/s is by default for external access to a USG. ?

At wireshark

WAN1 to ZYWALL show the requests from the ISP Firewall

LAN1 show me no package

FW Rule WAN to LAN any/any/LOG is also empty ?

Regards

Christian

Ian31

Any web authentication rules there ?

How about the simple ping to LAN server ?