Vpn ipsec - client to site with USG20 - tunnel is up but can't ping subnet site

Antonio967
Antonio967 Posts: 11  Freshman Member
First Comment Fourth Anniversary
edited April 2021 in Security
Good morning,
I have configured a vpn ipsec client to site on USG20, on my pc I have installed ZyWall ipsec vpn client (IKE V1), the tunnel opens but I cannot ping the subnet.

Thanks for the help.

All Replies

  • Jeremylin
    Jeremylin Posts: 166  Master Member
    First Answer First Comment Third Anniversary
    Try to disable server's firewall(under Zwall).
    Do the IP address of Ipsec VPN client overlap with IP of server?
  • Antonio967
    Antonio967 Posts: 11  Freshman Member
    First Comment Fourth Anniversary
    Thank you Jeremylin!!!


    By deactivating the Windows Firewall I reach the remote subnet.
    In the Windows Firewall I had opened ports 500 and 4500 but obviously something was wrong, would you know how to configure it correctly so that you don't have to disable it?

    Thanks for the help!!!
  • Alex00
    Alex00 Posts: 1  Freshman Member
    First Comment
    Why did you open ports 500 and 4500. These ports are used for vpn reasons. Your vpn is operating between your firewall and the remote pc (or laptop). There is no reason to open these ports. What di you want to do exactly? Remote desktop for example?
  • Jeremylin
    Jeremylin Posts: 166  Master Member
    First Answer First Comment Third Anniversary
    I also curious why you want to open the ports you mentioned.
    Anyways, go to windows firewall with advanced security to customize profile.
    As your reference
    https://www.howtogeek.com/howto/windows-vista/allow-pings-icmp-echo-request-through-your-windows-vista-firewall/
  • Antonio967
    Antonio967 Posts: 11  Freshman Member
    First Comment Fourth Anniversary
    Thanks Jeremylin and Alex00,

    i have to access shared folders on a PC but also in remote desktop it would be convenient for me.
    I thought ports 500 and 4500 were the reason I didn't reach the internal network, but you are right, they actually have no reason to be opened in the windows firewall.
    Unfortunately, however, since yesterday even with windows firewall disabled I don't ping and I don't reach the subnet, I haven't made any changes, I simply don't reach the subnet anymore ...
    Tunnel open, windows firewall off but I don't reach the subnet...

    Thanks for the help!

  • Jeremylin
    Jeremylin Posts: 166  Master Member
    First Answer First Comment Third Anniversary
    Change PC(under Zwall) with disabled firewall and test it again.
    Make sure the  IP of server's firewall(under Zwall) is not the same as PC's.



Security Highlight