VPN tunnel established but no traffic - Zywall USG 50 to Palo Alto
Options
I've setup an IPSec VPN gateway and connection from my USG 50 to a Palo Alto 3220 firewall. My USG 50 is connected to my home internet router so my WAN IP is a non-routable address assigned via DHCP (10.0.0.244). The tunnel comes up fine and stays connected but I can't reach the networks on the other side of the Palo. I tried to setup both a Policy Route and a Static Route but traffic still will not reach the other side. When I try run a traceroute to one of the remote networks directly from the CLI of the USG 50 it goes to my internet gateway at 10.0.0.1 instead of over the tunnel. It looks like my firewall rules are fine as all traffic is permitted from LAN to any destination, and all traffic is allow from IPSec_VPN to any destination except ZyWALL. Any suggestions?
0
All Replies
-
To clarify the issue is on firewall or routing, try to disable firewall on both USG 50 and Palo Alto 3220, then check the traffic again. As I know, you don't need to add any policy route on USG 50 for site to site vpn.
0
Master Member
Categories
- All Categories
- 397 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 78 Nebula Status and Incidents
- 5.1K Security
- 52 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 211 Service & License
- 332 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 880 Nebula FAQ
- 415 Security FAQ
- 221 Switch FAQ
- 195 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 63 Security Highlight
