Connection Site to site Ipsec VPN
Accepted Solution
-
Hello @Thierry2Zyxel does not block ICMP through the VPN tunnel by default, it could be blocked due to your routing policy or security policy, please check if there is any log about it.Moreover, you may refer to this articleJames0
Master MemberAll Replies
-
HelloThanks for your answerNo i have no special Policy rule that can block ICMP0
-
Hello @Thierry2Is it only ICMP traffic that does not respond?Very common is that the destination does not respond to ping. Often Windows servers do filter the ping. Or the local routing table of the ping destination might have conflicting routing rules.Please observe Monitor -> VPN Monitor -> IPsec when pinging and see if the packet is entering the tunnel ("Inbound bytes" should be counting up). If the packet enters the tunnel, check if it leaves the tunnel on the other site ("Outbound bytes" should be counting up) and if the ping reply is hitting the LAN interface again. You can use packet captures to verify that.James0
Categories
- 8K All Categories
- 1.6K Nebula
- 60 Nebula Ideas
- 54 Nebula Status and Incidents
- 4.4K Security
- 222 Security Ideas
- 963 Switch
- 45 Switch Ideas
- 865 WirelessLAN
- 20 WLAN Ideas
- 5.2K Consumer Product
- 138 Service & License
- 268 News and Release
- 53 Security Advisories
- 12 Education Center
- 573 FAQ
- 273 Nebula FAQ
- 132 Security FAQ
- 73 Switch FAQ
- 72 WirelessLAN FAQ
- 7 Consumer Product FAQ
- Documents
- 34 Nebula Monthly Express
- 71 About Community
- 44 Security Highlight
