Issue with VPN Connecting to Internal Devices from WAN Failover to LAN1

2»

All Replies

  • dcgtechnologies
    dcgtechnologies Posts: 24  Freshman Member
    First Anniversary 10 Comments Friend Collector
    edited August 2022
    PeterUK said:

    So that will be L2TP over IPSec? Can you check the setting in the made VPN for windows has “use default gateway on remote network” checked.

    Control Panel\Network and Internet\Network Connections


    I think you are misunderstanding my issue. The client connects just fine and has no issues. I am not able to access resources on the internal lan once the authentication / connection is established. The logs show connection is fine the traffic is being blocked hence what my first post stated.
  • PeterUK
    PeterUK Posts: 2,651  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer

    Yes client can connect fine but if the option is not checked then it will not work.

    Also check a zone is set for the VPN on zywall


  • PeterUK
    PeterUK Posts: 2,651  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    The error in logs is below:

    Match default rule, DNAT Packet, DROP [count=2] - 166.x.x.x 192.x.x.x - Access Block 

    For the above to do with a VPN problem the Source IP would have to be set for the VPN subnet normally a VPN subnet you set for the connecting client would be 192.168.x.x   
  • PeterUK
    PeterUK Posts: 2,651  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Another thing is if you enable for routing
    "Use IPv4 Policy Route to Overwrite Direct Route"
  • dcgtechnologies
    dcgtechnologies Posts: 24  Freshman Member
    First Anniversary 10 Comments Friend Collector
    PeterUK said:

    Yes client can connect fine but if the option is not checked then it will not work.

    Also check a zone is set for the VPN on zywall


    What are the parameters for the zone that needs to be set? Thank you.
  • dcgtechnologies
    dcgtechnologies Posts: 24  Freshman Member
    First Anniversary 10 Comments Friend Collector
    PeterUK said:
    The error in logs is below:

    Match default rule, DNAT Packet, DROP [count=2] - 166.x.x.x 192.x.x.x - Access Block 

    For the above to do with a VPN problem the Source IP would have to be set for the VPN subnet normally a VPN subnet you set for the connecting client would be 192.168.x.x   
    Yes that is correct as I am pulling a different ip address on the 192.168.7.x as an example. Thank you.
  • dcgtechnologies
    dcgtechnologies Posts: 24  Freshman Member
    First Anniversary 10 Comments Friend Collector
    edited August 2022 Answer ✓
    So I fixed it. It turns out under "VPN Connection". The checkbox next to "Use Policy Route to control dynamic IPSec rules" was checked. I unchecked it and everything started working as usual. That was causing all the traffic to be blocked. Thank you for help and sorry for the confusion.
  • PeterUK
    PeterUK Posts: 2,651  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    What are the parameters for the zone that needs to be set? Thank you.
    It be set in the VPN setting for Phase 2

Security Highlight