USG20 will not respond to windows server

Options
Graham
Graham Posts: 1  Freshman Member
edited April 2021 in Security
I have a USG20 set up for Site to Site VPN. At site 1 there is a windows server 2012. The USG will not respond to the server. It will respond to the other computers on the network. So if i am on the server and I ping the router, i am able to see the packet on the interface using wireshark. I am not getting a reply. Capturing the data on the USG20 I can see the ping arrive and then nothing. 
If I ping from any other computer in the office I get replies back. When I look at the captured data I can see the ping coming into the USG and the reply being sent out again. 
So every computer on the network has internet access through the USG20 but for some reason the Windows Server does not as the USG20 seems to be ignoring all traffic from it. 
The server can ping any other computer on the network and get replies no bother. 
The Server is set up with a Static Ip address outside the DHCP (USG20) scope


Comments

  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    Options
    Hello Graham,
    In the VPN case, the ping service should be fine between computer and USG. 
    For analysis the case, please share the topology with IP to  me(just draw and share it).
    Secondly, I want to know if the ping service did not respond to server, which PC(IP) receive it?
    Thirdly, is there any routing rule in your configuration? (please pm me you configuration for checking.)
    Charlie
  • dispiritedleague
    Options

    @ snow rider Check IP Configuration: Verify that the IP configuration (including subnet masks and default gateway) on the Windows Server is correct and matches the network configuration of the USG20 and other devices on the network.

    Inspect NAT Policies: If the USG20 is performing NAT (Network Address Translation), check the NAT policies to ensure that traffic from the server is being correctly translated and forwarded to the destination.

    Review Security Policies: Review any security policies or access control lists (ACLs) that may be applied on the USG20 or the Windows Server. Make sure there are no rules blocking traffic between the two devices.

    Test Connectivity with Different Protocols: Try to ping the USG20 from the Windows Server using other protocols (e.g., TCP) and see if you get a response. This can help determine if the issue is specific to ICMP traffic.

    Update Firmware/Software: Ensure that both the USG20 and the Windows Server are running the latest firmware/software versions. Sometimes, issues like this can be resolved by updating to the latest versions.

Security Highlight