WAN to LAN routing without NAT
Hi Community,
i currently have many question marks in routing from the ISP firewall through a ZYWALL behind it. ?
Here is a basic overview of the infrastructure.
My situation
The USG60W has no NAT on WAN1 and the networks, that are connected to the ISP FW (DMZ) are configured by static routeing sconfig on the firewalls as required. This is working well, if the user is behind the ZyWALL in the Office-LAN (left site of the infrastructure picture.
My Problem
If the User is connected trough SSL-VPN (ISP Firewall) the outgoing packet to the ZyWALL is visible at the ISP firewall (correct outgoing interface) but it " disappears" at the ZyWALL and does not reach the destination behind the ZyWALL.
Any idea what happend ? I am very grateful for tips and suggestions for solutions.
Regards
Christian
All Replies
-
Do you configure the firewall rule to allow the VPN clients IP address to access LAN of USG60W ?
0 -
Hi lan31,
the VPN tunnel access has all required destinations included (any) but the traffic stoped at USG WAN port ?
A mistake factor occurred to me yesterday - if i send http/s requests, the firewall can stop this traffic, cause http/s is by default for external access to a USG. ?
At wireshark
WAN1 to ZYWALL show the requests from the ISP Firewall
LAN1 show me no package
FW Rule WAN to LAN any/any/LOG is also empty ?
Regards
Christian
0 -
Any web authentication rules there ?
How about the simple ping to LAN server ?
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 149 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 263 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight