Connection Site to site Ipsec VPN
Options
Accepted Solution
-
Hello @Thierry2Zyxel does not block ICMP through the VPN tunnel by default, it could be blocked due to your routing policy or security policy, please check if there is any log about it.Moreover, you may refer to this articleJames0
All Replies
-
Hello @Thierry2Zyxel does not block ICMP through the VPN tunnel by default, it could be blocked due to your routing policy or security policy, please check if there is any log about it.Moreover, you may refer to this articleJames0
-
HelloThanks for your answerNo i have no special Policy rule that can block ICMP0
-
Hello @Thierry2Is it only ICMP traffic that does not respond?Very common is that the destination does not respond to ping. Often Windows servers do filter the ping. Or the local routing table of the ping destination might have conflicting routing rules.Please observe Monitor -> VPN Monitor -> IPsec when pinging and see if the packet is entering the tunnel ("Inbound bytes" should be counting up). If the packet enters the tunnel, check if it leaves the tunnel on the other site ("Outbound bytes" should be counting up) and if the ping reply is hitting the LAN interface again. You can use packet captures to verify that.James0
Categories
- All Categories
- 385 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 80 Nebula Status and Incidents
- 5.1K Security
- 75 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 908 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 211 Service & License
- 335 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 886 Nebula FAQ
- 415 Security FAQ
- 228 Switch FAQ
- 200 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 63 Security Highlight