Configure NAT and Policy
baumgaertnerc
Posts: 2
in Security
I would like to Connect from the Client_HoOf to the RDS-Server. The USG40 get the Internet from the FritzBox. The USG40 is connected with IPSec to the Company
I create a NAT and a Policy. When i try to connect to the RDS-Server with the IP 192.168.199.2 i get the ACCESS BLOCK shown in the Picture. Whats wrong in my Config? Need more information?
Thanks Christian
I create a NAT and a Policy. When i try to connect to the RDS-Server with the IP 192.168.199.2 i get the ACCESS BLOCK shown in the Picture. Whats wrong in my Config? Need more information?
Thanks Christian
0
All Replies
-
You should not need the NAT rule as you be going down IPSec tunnel so if the tunnel is setup correctly you go to 10.0.0.20 from 192.168.199.30
The gateway for 192.168.199.30 should be 192.168.199.2 really your PC should be conncted to the USG40W then it to the FritzBox for internet.....
So is the USG connected the FritzBox LAN? are you using the WAN port on the USG for this?
Edit: with the NAT rule try it with firewall disabled on USG
1 -
Hey, the Gateway for 192.168.199.30 is 192.168.199.1, the IP of the FritzBox. Yes the USG is connected to the FritzBox LAN with the WAN Port on the USG.
I think the SecurityPolicy is wrong. We have the same constellation with a firewall from a german manufacturer an there works this fine.0 -
Hello @baumgaertnercIf you do a traceroute or tracert from your PC to the RDS Server, then how far does it get?Perhaps you could run it and post it here, to show if the traceroute gets to the far end of the IPSEC tunnel or not.- I think that it would help in finding out if your issue is at the USG40 or Zywall 310 end or not.Similarly, If you ping the RDS-Server, then which item responds?- do you get a destination unreachable reply from somewhere?I hope that this is helpful.KInd regards,Tony
0 -
Hi @ baumgaertnerc
Please check if USG40W has a policy route for 192.168.199.30 to 10.0.0.20, to VPN tunnel to ZyWALL310.
You may also need set a policy route on Zywall310 for 10.0.0.20 to 192.168.199.30, to VPN tunnel to USG40W.
On both devices need to set up policy route rule.
1
Categories
- All Categories
- 347 Beta Program
- 2.1K Nebula
- 114 Nebula Ideas
- 77 Nebula Status and Incidents
- 5K Security
- 44 USG FLEX H Series
- 246 Security Ideas
- 1.2K Switch
- 65 Switch Ideas
- 901 WirelessLAN
- 33 WLAN Ideas
- 5.8K Consumer Product
- 204 Service & License
- 326 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.8K FAQ
- 831 Nebula FAQ
- 401 Security FAQ
- 219 Switch FAQ
- 190 WirelessLAN FAQ
- 45 Consumer Product FAQ
- 136 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 71 About Community
- 61 Security Highlight