VPN passthrough for

Nivi
Nivi Posts: 2
First Comment
edited April 2021 in Security
Hello,  i am  not so good with VPN

How to make this configuration:

We are using an USG 60 firewall, now an external company must make an VPN to their own VPN router
they are using VPN and ask me to open ports 500, 4500, 10004, 3306, 15000

So I thought to make a firewall rule:  all coming from their IP  (XX.XX.XX.XX)  can go to 192.168.15.19.


But is not working, what to do???




Comments

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,361  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited October 2018
    Hi @Nivi
    You can find some of VPN introduction by wikipedia.

    For establishing VPN tunnel, both of sites must configure as the same VPN gateway(Phase 1) and VPN Connection(Phase 2) setting.
    You can check VPN setting on USG by: Configuration > VPN > IPSec VPN.

    As your scenario, you must to know what’s the VPN proposal will send from remote site first.

  • Nivi
    Nivi Posts: 2
    First Comment
    OK thank you for your answer.

    I don't want to know anything about their VPN .  

    It just have tell the USG firewall for sending ALL incoming packets from their address XX.XX.XX.XX  to 192.168.15.19  so they can make a VPN connection  to their router. 
    Is this called passthrough?

    I hope someone can tell me how to make this working.

    Regards, Nivi
  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,361  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @Nivi  

    I have misunderstood your scenario.

    As your topology, you would like to forwarding the traffic to internal VPN router(192.168.15.19)

    After checked your port forwarding and firewall rule are correct for this scenario.

     

    For debugging this issue, you can capture the packets on LAN interface and also filter the address as VPN router(192.168.15.19) for few seconds.

    It can make sure if the traffic has forwarded to internal VPN router successfully or not.

    Maintenance > Diagnostic > Packet capture


Security Highlight