Site to Site VPN connection established, but no traffic
Hi there, my case is as follows,
Company has static IP, Zyxel USG50 (+ branch with static IP and USG60, sito to site working reliably)
Home: I bought LTE7240-M403 and used a discarded USG50 to make a network at home to connect my company Lan. I studied the previous configuration between company and it's branch and was able to connect the IPsec VPN link between home and company, but no traffic. I then switched configurations with LTE7240 (Switched from IP Passthrough to Router mode) and made new VPN connections with the quick wizard and again the tunnel was created but no traffic. I have checked and double-checked the routing and firewall policies, but no banana. Firewall rules allow traffic from Ipsec tunnels to Any(but zywall) and another for zywall. Routing is from lan1 , source: local-ip-range/24, destination: remote-ip-range/24, next hop is the correct tunnel.
Home: 10.10.13.1| Dyn Out Fixed IP|10.10.15.1
Home Lan========= USG50 ==== LTE7240 ===== (Internet) ===== USG50 ==== Co Lan
10.10.14.0/24 10.10.14.1| 10.10.13.2 10.10.15.0/24
If I have the tunnel up, then I don't have to worry about the settings on LTE7240 (Currently without firewall), right?
What am I missing here? No NAT rules defined, in my understanding I don't need any(The site to site tunnel to branch works without)
#Biz_Jan_2020
0
All Replies
-
The subnet at the inside of the LTE7240 is not shorter than 24 bits?
0 -
Thank you for the reply,
The subnet is 24 bits in the LTE7240. (10.10.13.1, mask 255.255.255.0) I guess if it would be shorter then the traffic could be sent to LTE router instead of the tunnel? Is that what you were thinking?
0 -
I did manage to find an error in the order of the route policies on the home USG50. Now I can ping Company's router and one device on the network that is not that picky about pings. (Receipt printer) However pinging from company's computer (Windows or Linux) will not go through to home network. Also attempts to connect to http servers at company fails.0
-
Update: I have tried to make a VPN tunnel between home (USG50) and the branch (USG60) and everything works. I can probable live with that, since there are vacant IP numbers available for the branch also.(*)But even when I delete all the entries from both USG50 (home and company) and build new tunnel from scratch - doesn't work. I can only ping the company network and can connect to USG50 control panel from home - but I cannot ssh nor http to the company web server. All connection efforts from company to home is lost. ping, http, ssh... They all work from the branch office.(*) I still have to learn the routing and firewall mechanism, that will redirect http requests from one IP to the tunnel and to the server I have at home, any helpers?Web request branch router home router home serverhttp://192.34.IP.XXX ----> USG 60 ---> VPN Tunnel ---> USG50 --> local:10.10.14.90
-
Hi @Garrett,
If you have the problem or question on USG50, I recommend you to post it on ZyWALL USG Series of Zyxel Biz Forum for better assistance.
https://businessforum.zyxel.com/categories/security-zywall-usg-series
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 147 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight