Issue with VPN Connecting to Internal Devices from WAN Failover to LAN1

Options
2»

All Replies

  • dcgtechnologies
    dcgtechnologies Posts: 56 image  Ally Member
    First Comment Friend Collector Seventh Anniversary
    edited August 2022
    PeterUK said:

    So that will be L2TP over IPSec? Can you check the setting in the made VPN for windows has “use default gateway on remote network” checked.

    Control Panel\Network and Internet\Network Connections


    I think you are misunderstanding my issue. The client connects just fine and has no issues. I am not able to access resources on the internal lan once the authentication / connection is established. The logs show connection is fine the traffic is being blocked hence what my first post stated.
  • PeterUK
    PeterUK Posts: 4,264 image  Guru Member
    250 Answers 2500 Comments Friend Collector Eighth Anniversary

    Yes client can connect fine but if the option is not checked then it will not work.

    Also check a zone is set for the VPN on zywall


  • PeterUK
    PeterUK Posts: 4,264 image  Guru Member
    250 Answers 2500 Comments Friend Collector Eighth Anniversary
    dcgtechnologies said:
    The error in logs is below:

    Match default rule, DNAT Packet, DROP [count=2] - 166.x.x.x 192.x.x.x - Access Block 

    For the above to do with a VPN problem the Source IP would have to be set for the VPN subnet normally a VPN subnet you set for the connecting client would be 192.168.x.x   
  • PeterUK
    PeterUK Posts: 4,264 image  Guru Member
    250 Answers 2500 Comments Friend Collector Eighth Anniversary
    Another thing is if you enable for routing
    "Use IPv4 Policy Route to Overwrite Direct Route"
  • dcgtechnologies
    dcgtechnologies Posts: 56 image  Ally Member
    First Comment Friend Collector Seventh Anniversary
    PeterUK said:

    Yes client can connect fine but if the option is not checked then it will not work.

    Also check a zone is set for the VPN on zywall


    What are the parameters for the zone that needs to be set? Thank you.
  • dcgtechnologies
    dcgtechnologies Posts: 56 image  Ally Member
    First Comment Friend Collector Seventh Anniversary
    PeterUK said:
    dcgtechnologies said:
    The error in logs is below:

    Match default rule, DNAT Packet, DROP [count=2] - 166.x.x.x 192.x.x.x - Access Block 

    For the above to do with a VPN problem the Source IP would have to be set for the VPN subnet normally a VPN subnet you set for the connecting client would be 192.168.x.x   
    Yes that is correct as I am pulling a different ip address on the 192.168.7.x as an example. Thank you.
  • dcgtechnologies
    dcgtechnologies Posts: 56 image  Ally Member
    First Comment Friend Collector Seventh Anniversary
    edited August 2022 Answer ✓
    So I fixed it. It turns out under "VPN Connection". The checkbox next to "Use Policy Route to control dynamic IPSec rules" was checked. I unchecked it and everything started working as usual. That was causing all the traffic to be blocked. Thank you for help and sorry for the confusion.
  • PeterUK
    PeterUK Posts: 4,264 image  Guru Member
    250 Answers 2500 Comments Friend Collector Eighth Anniversary
    dcgtechnologies said:
    What are the parameters for the zone that needs to be set? Thank you.
    It be set in the VPN setting for Phase 2

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)