Connection Site to site Ipsec VPN

Options
Thierry2
Thierry2 Posts: 2 image  Freshman Member
First Comment Second Anniversary
in Security

Hello everybody

I have a site to site Ipsec VPN connection between 2 Zywall 110
How can I activate ICMP trough this tunnel ?
I have the same Problem on many site 2 site with Zyxel Firewall.

Thanks






Accepted Solution

All Replies

  • Zyxel_James
    Zyxel_James Posts: 788 image  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate 100 Answers
    Answer ✓
    Hello @Thierry2
    Zyxel does not block ICMP through the VPN tunnel by default, it could be blocked due to your routing policy or security policy, please check if there is any log about it.
    Moreover, you may refer to this article

    James
  • Thierry2
    Thierry2 Posts: 2 image  Freshman Member
    First Comment Second Anniversary
    Hello
    Thanks for your answer
    No i have no special Policy rule that can block ICMP
  • Zyxel_James
    Zyxel_James Posts: 788 image  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate 100 Answers
    Hello @Thierry2
    Is it only ICMP traffic that does not respond?
    Very common is that the destination does not respond to ping. Often Windows servers do filter the ping. Or the local routing table of the ping destination might have conflicting routing rules.
    Please observe Monitor -> VPN Monitor -> IPsec when pinging and see if the packet is entering the tunnel ("Inbound bytes" should be counting up). If the packet enters the tunnel, check if it leaves the tunnel on the other site ("Outbound bytes" should be counting up) and if the ping reply is hitting the LAN interface again. You can use packet captures to verify that.

    James

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)