Site-to-Site VPN - no traffic passing through tunnel
Hi Everyone
I'd like ask for advice how to troubleshoot my issue with Site-to-site IPSec VPN.
My setup
IPS Bridge fixed IP -- Zyxel USG 110 <- Site-to-Site IPSec VPN -> Zyxel Flex 200 -- ISP Bridge fixed IP
I set up VPN following documentation (this is not first IVP I've done on Zyxel), but I cannot manage to be working properly.
VPC creates tunnel between endpoints, but there's no traffic passing through the tunnel. I reviewed Security Policies, Routing, but all seem to be correct.
I VPN Monitor on USG110 I noticed that it shows that the connection is established, outbound traffic shows some data sent, but there is zero inbound traffic. I cannot check Monitor on the other router now.
Can you guys advise how to proceed in troubleshooting it?
I'd like ask for advice how to troubleshoot my issue with Site-to-site IPSec VPN.
My setup
IPS Bridge fixed IP -- Zyxel USG 110 <- Site-to-Site IPSec VPN -> Zyxel Flex 200 -- ISP Bridge fixed IP
I set up VPN following documentation (this is not first IVP I've done on Zyxel), but I cannot manage to be working properly.
VPC creates tunnel between endpoints, but there's no traffic passing through the tunnel. I reviewed Security Policies, Routing, but all seem to be correct.
I VPN Monitor on USG110 I noticed that it shows that the connection is established, outbound traffic shows some data sent, but there is zero inbound traffic. I cannot check Monitor on the other router now.
Can you guys advise how to proceed in troubleshooting it?
0
Comments
-
It has been 10 years since I last was involved in setting up VPN using ZyXEL equipment, so I may not know exactly what is needed to make VPN work these days. You say that there is no inbound traffic, zero packets coming from the other end of the connection. Could it be that the other end of the connection is where the problem can be found, that some of the communication is blocked, meaning that it is stopped from being sent to you? Do you manage the other end of the VPN connection, or is it set up by someone else?0
-
Check your logs for blocked traffic.
You might need to allow the following:
from WAN to ZyWALL
service ESP, IKE, L2TP-UDP and NATT
0 -
I reset the device and set it up like new. And my Site2site VPN starts working. Previously I take the device from other link and just change WAN IP, but it turns out that it was behind NAT before. So I assume that the fact that initial VPN tunnel configuration was done on the link behind NAT caused it was not working after the device was moved.
Thank you all for your help.2
Freshman Member
Guru Member
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight
