Accessing shared folders over IPSec Site to site VPN
I have 1 ATP200 and 1 USG flex 100 connected with a wizard-created IPSec site-to-site VPN. Both devices show the VPN as connected with a green globe.but we cannt access or ping to each other from office 1 to office 2 or office 2 to office 1.
we tried \\192.xx.xx\folder and \\pcname\folder and nothing and ping does not work either!
we have been trying for 1 week and nothing helped. thank you
Purpose:1 pc from office 1 has the shared folders that people from office 2 need to acces!
usg flex 100 is connected tot the router(ex: 84.212.36.16) and that is where he gets internet from (lan2) .
i did put DMZ on USG so there will be no firewall rules blocking VPN and i did alsaw open ports (portforwarding):
• UDP 500 ‘Port based Rule’ (IKE)
• UDP 4500 ‘Port based Rule’ (NAT traversal)
Office 1: Router ->> USG100 ->>> PC(shared folders) (Public IP: 84.212.36.16)
Office 2: Router ->> ATP200 ->>> computers (Public IP: 215.62.33.11)
===================================
Office 1 (USG flex 100):
===================================
Public IP router: (ex: 84.212.36.16)
WAN (DHCP) : 10.0.0.25
LAN2 STATIC: 192.168.2.1 / 255.255.255.0
PC with the shared folders IP: 192.168.2.33
===================================
Office 2 (ATP200):
===================================
Public IP router: (ex: 215.62.33.11)
WAN1 (DHCP) : 192.168.3.4 LAN1
STATIC: 192.168.1.1 / 255.255.255.0
=================================
Office 1 IPSec Site to Site: VPN GW
VPN IPSec site to site connection:
Office 2 IPSec Site to Site: VPN GW / VPN Connection:
Services:
I have tested to add more ports to services to make it work but nothing happend1 i have alsaw not added any policy rule!!
thank you and sorry long explanation.
Accepted Solution
-
Add the follow routing rules at the top of then list
office2
incoming LAN1
destination subnet 192.168.2.0 / 255.255.255.0
next hop
type VPN Tunnel
IPSec_VPN
office1
incoming LAN2
destination subnet 192.168.1.0 / 255.255.255.0
next hop
type VPN Tunnel
IPSec_VPN
0
Guru Member
All Replies
-
Have you tested the shared folder on the same network?
Windows firewall might be blocking it
test by
\\192.168.2.33
1 -
thank you for your respond. ☺️
the computers in office 1 can acces the shared folders and we turned off the windows defender/firewall off from both sites/offices.0 -
I am pretty sure you need to create a policy rule to allow the packets to travel from LAN on one side over to the connection link. I don't remember the exact details, but I believe you need to add the policy rules on both sides, allowing NetBIOS traffic to go through the VPN connection.
0 -
thank you for your replay, do you have any example how to do that since i am still a beginner learning zyxel routers. thank you verry much
0 -
@Davidcloude2023
Try to enable NetBIOS broadacst over IPSec on both devices and you should be able to access the shared folder are the remote site by IP address without extra policy routes. Here are some examples.
https://community.zyxel.com/en/discussion/comment/33694#Comment_33694
https://community.zyxel.com/en/discussion/comment/16067#Comment_160670 -
Site to site is connected and Enabling NetBIOS broadcast on both devices. still not able to ping or acces shared folders . any idea's for policy control or routing rules that should be added.
thank you0 -
By default windows will not allow another subnet to access a shared folder there are two ways around this but as to have disable the windows firewall this is likely but the problem.
You need and firewall rule on Office 2
from LAN1
to IPSec_VPN
You need and firewall rule on Office 1
from IPSec_VPN
to LAN2
1 -
this is what i get when try to ping from office1 to office2:
C:\Users\user1>ping 192.168.1.33 (local ip of office2 computer)Pinging 192.168.1.33 with 32 bytes of data:
Response from 192.168.2.1: The target host is not reachable.
Response from 192.168.2.1: The target host is not reachable.
Response from 192.168.2.1: The target host is not reachable.
Response from 192.168.2.1: The target host is not reachable.Ping stats for 192.168.1.33:
Packets: sent = 4, received = 4, lost = 0
(0% loss).
No logs in logs panel
when i ping from office2 to office1 ping 192.168.2.33
i get this in logs:Security Policy Control
priority:1, from LAN1 to IPSec_VPN, ICMP Type:8, service others, ICMP Type:8, ACCEPT
192.168.1.33
192.168.2.33
ACCESS FORWARD
0 -
To ping from office1 to office2 you need
firewall rule on Office 2
from IPSec_VPN
to LAN1
firewall rule on Office 1
from LAN2
to IPSec_VPN
I don't get why you can't ping from office2 to office1
do you get logs in office 1?
1 -
Add the follow routing rules at the top of then list
office2
incoming LAN1
destination subnet 192.168.2.0 / 255.255.255.0
next hop
type VPN Tunnel
IPSec_VPN
office1
incoming LAN2
destination subnet 192.168.1.0 / 255.255.255.0
next hop
type VPN Tunnel
IPSec_VPN
0
Freshman Member
Master Member
Categories
- All Categories
- 384 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 80 Nebula Status and Incidents
- 5.1K Security
- 79 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 909 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 209 Service & License
- 335 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 898 Nebula FAQ
- 415 Security FAQ
- 234 Switch FAQ
- 205 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 62 Security Highlight
