[SOLVED] - USG20-VPN BEHIND A FRITZBOX! 7590

Max_Tor · February 2021

Hello!
I've a FritzBox 7590 as a modem router with direct access to internet. The network is 192.168.188.0.
I've created a static route to 192.168.99.0 with gateway 192.168.188.200.
I've a Zyxel USG20-VPN connected to a LAN port of a Frizbox mesh repeater 2100, with static IP 192.168.188.200.
The network configured on the USG is 192.168.99.0, and there are 3 PC that actually can navigate to the internet network.

Now, the problems are:

192.168.188.200 (USG20 WAN) is not found (no ping, and no HTTPS page)
192.168.99.x (for example 171) are not reachable by remote desktop (PCs in the 192.168.99.x are reachable by RDP)

Where is the problem?

Thanks

TM

PeterUK · February 2021

Can you disable the firewall on the USG and see if its reachable.

go to network > interface > trunk tab show advanced settings uncheck default SNAT

make a routing rule network > routing
incoming = interface
member = lan1
next hop
type = interface
interface = WAN1
source network address translation = none

In advance for routing check “Use IPv4 Policy Route to Overwrite Direct Route”

edit are you on firmware V4.62 ?

edit2 after testing here there seems to be a problem with static route for my setup with Zywall 110 and USG60 which I will post my own problem after some testing.

you might need another rule
incoming = interface
member = wan1
next hop
type = interface
interface = lan1
source network address translation = none

Zyxel_Jeff · February 2021

Hi @Max_Tor

You can enter Web-GUI Object > Service > Service Group

And at "Default_Allow_WAN_To_ZyWALL" tab to add PING service.

Image: https://us.v-cdn.net/6029482/uploads/editor/pn/23filrseqi1d.png

Image: https://us.v-cdn.net/6029482/uploads/editor/ts/a5dqmrlvq6ek.png

Go to Configuration > System > WWW > Service Control > Enable HTTPS

Image: https://us.v-cdn.net/6029482/uploads/editor/gx/zzied1f0fks5.png

You can refer to this link to setup port forwarding for internal RDP service.

How to setup port forwarding to my internal RDP PC?

Max_Tor · February 2021

Ok, thank you!!
Today I'll try!

Max_Tor · February 2021

Hello!
I've tried everything you suggested... but anything works!

No ping answer and is no possibile to reach admin configuration page at all...

I've also upgrade to the last firmware available

Zyxel_Tobias · February 2021

Hi @Max_Tor

I think a call to our support team is the best.

Please let me know if I allow to use your E-Mail address, I´ll convert this then into a ticket and let someone locally (let me know your country) contact you to check it out by a Remote Session i.e. Teamviewer.

Thanks.

Kind Regards,

Tobias

Max_Tor · February 2021

Yes you can use my email address. I'm in Italy, but I can be contacted from anywhere... speking in english.

Thanks

Zyxel_Tobias · February 2021

Hi @Max_Tor

Thank you very much. We will follow up with you.
Please also check your PM.

Kind Regards,

Tobias

PeterUK · February 2021

By default you SNAT from your WAN IP on the USG you need to make a rule to not SNAT your LAN traffic for static routes to work that on your FRITZBOX then you can make firewall rules from WAN to LAN.

Max_Tor · February 2021

Hello to everybody!
Today, thanks to Lukas, Zyxel Support technician, we have solved my issue.
There was a rule that forwarded all traffic of every service to a internal LAN of the USG.

Deleted that rule and configured some NAT rule to forward traffic and some policy rules to control connection on specified service/port everything work!

NAT rule:

Image: https://us.v-cdn.net/6029482/uploads/editor/8i/c7arxn5dwncm.jpg

Policy rule:

Image: https://us.v-cdn.net/6029482/uploads/editor/wf/lqkkdytrk8hk.jpg

We've also configured a standard SSL connection.

[SOLVED] - USG20-VPN BEHIND A FRITZBOX! 7590

All Replies

Categories

Security Highlight

Security Help Center