VPN passthrough for

Nivi · September 2018

Hello, i am not so good with VPN

How to make this configuration:

We are using an USG 60 firewall, now an external company must make an VPN to their own VPN router
they are using VPN and ask me to open ports 500, 4500, 10004, 3306, 15000

So I thought to make a firewall rule: all coming from their IP (XX.XX.XX.XX) can go to 192.168.15.19.

But is not working, what to do???

Image: https://us.v-cdn.net/6029482/uploads/editor/cq/w4bws8pap6py.jpg

Zyxel_Stanley · October 2018

Hi @Nivi

You can find some of VPN introduction by wikipedia.

For establishing VPN tunnel, both of sites must configure as the same VPN gateway(Phase 1) and VPN Connection(Phase 2) setting.

You can check VPN setting on USG by: Configuration > VPN > IPSec VPN.

As your scenario, you must to know what’s the VPN proposal will send from remote site first.

Nivi · October 2018

OK thank you for your answer.

I don't want to know anything about their VPN .

It just have tell the USG firewall for sending ALL incoming packets from their address XX.XX.XX.XX to 192.168.15.19 so they can make a VPN connection to their router.
Is this called passthrough?

I hope someone can tell me how to make this working.

Regards, Nivi

Zyxel_Stanley · October 2018

Hi @Nivi

I have misunderstood your scenario.

As your topology, you would like to forwarding the traffic to internal VPN router(192.168.15.19)

After checked your port forwarding and firewall rule are correct for this scenario.

For debugging this issue, you can capture the packets on LAN interface and also filter the address as VPN router(192.168.15.19) for few seconds.

It can make sure if the traffic has forwarded to internal VPN router successfully or not.

Maintenance > Diagnostic > Packet capture

VPN passthrough for

Welcome!

Comments

Welcome!

Welcome!

Quick Links

Categories

Security Help Center