UDP port 4500 sometime get blocked when allowed over bridge
VPN300
V5.37(ABFC.2)
This dose not happen all the but have confirmed it by packet capture on VPN300 I see UDP 4500 on LAG0 and not out LAG1 over the bridge when it is allowed fix is to reboot the VPN300
Here is a cut down of the network setup
All Replies
-
Dear @PeterUK
We observed VPN disconnection log messages. Regarding the topology, could you please provide details on the VPN300's site-to-site VPN connection with which destination device? Thanks.
See how you've made an impact in Zyxel Community this year!
0 -
It seems there is an intermittent issue on the VPN300 with firmware version V5.37(ABFC.2). Confirming through packet capture, UDP 4500 is observed on LAG0 but not on LAG1 over the bridge, and this problem is resolved by rebooting the VPN300. If this issue persists, it may require further investigation or contacting the device's support for potential firmware updates or resolutions. Sports accessories and equipment
1 -
Yes that is correct @Nicholas185
So the connection goes like this for site to site:
VPN300 Ge4 DHCP to > Nighthawk M2 Mobile Router EE ISP in IP passthrough > in on my virgin media throughout VPN300 bridge setup > to FLEX200 DHCP WAN on SFP
the VPN300 as a bridge allows all traffic its reason is to BWM for all USG downstream from it
0 -
Hi @PeterUK
OK, thank you for your update. Let's check it.
See how you've made an impact in Zyxel Community this year!
0 -
10 days uptime it happened again
Would the team like to check the LAG0 in LAG1 out as to why port 4500 is not being forwarded as I will leave it in this state should it not fix its self for checking thanks.
Small update test I did but the problem is ongoing I did a UDP scan for 4500
and that goes through so its very odd why the true VPN connection for 4500 is being blocked
0 -
Hello Peter,
May we know if there have been any ADP blocked messages, such as UDP flooding or others?
See how you've made an impact in Zyxel Community this year!
0 -
I don't see any ADP blocked messages and I tried disabling ADP but didn't fix the issue
Currently its in a loop at some point my EE 4G will change IP out CGNAT so that might cause it to start working?
capture before getting to LAG0
0 -
shows in session view
0 -
and my 4G IP changed to 31.94.60.122 with the VPN up and running fine.
some type of problem that the LAG bridge stops forwarding port 4500
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 149 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 263 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight