FLEX100H: Traffic from Zywall not go through Policy-based IPsec VPN
Hi,
I have two sites connected by Policy-based IPsec VPN (created with wizzard) as:
Site1 Site2
-Zyxel1 ←Policy-Based IPsec VPM→ -Zyxel2
-Server1 -Server2
A VPN is working, traffic flow between Server1 and Server2.
However, I could not access Server2, from Zyxel1. There is no response to:Zyxel1> cmd ping Server2, and I could not find any events in Log related to this. Same is valid for accessing Server1 from Zyxel2. Note that I can access Server1 from Zyxel1 (Zyxel1>cmd ping Server1) and Server2 from Zyxel2
Any idea how to configure to resolve this?
All Replies
-
What subnet2 are the servers on and Zyxel 1 and 2 ?
what is setup for remote and local Policy for the site to site?
0 -
Hi,
servers are on separate subnets: S1 on 192.168.2.0/24, S2 on 192.168.64.0/24
Remote an local polica are as follows:
0 -
what are the VPN settings
0 -
Site 1:
Site2:
VPN status
0 -
Looks like you need more policy rules from LAN to Ipsec_VPN try that
0 -
Add on both sites:
no success. On Site1 this rulle then pick trafic instead of LAN_outgoing (LAN to any (exclude Sywall).
However traffic from Zywall stil not flow. Note, that nothing could be found in Events/Log related to cmd ping from Zyxel.
0 -
Testing here with FLEX200H and USG60W seems to work fine only problem I have was USG60W needed a routing rule to next hop VPN tunnel but the FLEX200H needed no such rule not that you can do that for tunnels at this time as the new uOS handle traffic set by remote Policy to use the VPN tunnel.
You can try disable routing rules and see if that helps?
Check both ends don't have each others subnets
0 -
Hi Peter, not sure which routing rules? I do not have any rules under Routing| Policy Route:
0 -
Ok do you have192.168.64.0/24 on site 1 or 192.168.2.0/24 on site 2 ? as that would be a problem.
0 -
Site1: 192.168.2.0
Site2:192.168.64.0
Sorry the screnshot few post above was from Site2.
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 146 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight