Sébastien  Freshman Member

About

Username
Sébastien
Joined
Visits
29
Last Active
Roles
Member
Points
43
Posts
24
Badges
4

Comments

  • Yes ! Thank you @jasailafan for the link that is exactly what I was looking for ! :-) Have a nice day ! Seb
  • Hi Vic, Very clear answers, thanks ! :) Regards, Sebastien
  • Hi Zyxel_Charlie, Sorry for the delay, time is going to fast ! And thank you for trying to resolve this case. My configuration seems correct, please have a look. NetBIOS broadcast works because I can capture the packets with Wireshark as you can see in the screen capture in my first post. And I get something very similar…
  • Why is there an option which is called "NetBIOS broadcast over SSL VPN tunnel" then ? The wireshark packet capture (see my first post) shows that I can get the destination IP so the broadcast works, am I wrong on that point ? I would understand if I got not response or an error but yes the name is well resolved. I've read…
  • @Zyxel_Charlie, I agree with you but this is just a workaround to this issue. I don't want to use fixed IPs to avoid conflicts and your solution impose me to do that. There are a lot of machines sharing the content over the LAN which should be reached by their respective name without the use of a DNS just as it works…
  • Hi Jeremylin, Thank you for your answer. This thread doesn't answer my question but yes it is the same exact problem but in my case it's about SSL VPN not IPSec. NetBIOS broadcast is enabled and the destination machine is well resolved (see the packets captured by wireshark). On premise I can reach the machine by its name…
  • Hi Emily, Thanks a lot for your answer. You're right, I get an answer when trying to reach the share : The big question now is why it works with the IP address and not with the computer name as it is resolved correctly. Maybe a Windows issue. Thanks again, Sébastien PS. : I configured this USG to have a similar topology to…
  • When trying to troubleshoot this issue I found something interesting related to the configuration I made on this USG Flex 100. Wan IP address is part of the 192.168.1.0/24 subnet, fixed IP 192.168.1.200 (provider box). As Wan IP address is part of the same subnet as lan1 predefined in the router, I switched all the ports…
  • Hello Lukas, what do the logs say on the USG ? This is where you should begin your investigation because problems could look the same but be very different. Could you post the logs when you try to connect the tunnel ? There is also a trick to allow Windows client to connect to an IPSec tunnel behind a NAT-T, please look…
  • Ok understood ! Even if my certificate is issued by my CA or any other CA, the device will issue a new certificate for each website visited and therefore this certificate will not be trusted by my CA because it was issued by the device. Thanks for your help !
  • So no way to use a certifiate issued by my own CA ? Using the default certificate requires to deploy the USG's CA to all computers on the network, and browsers like Firefox or Chrome have their own trusted CAs lists... As I said previously, having a certificate issued by my own domain CA will help because my CA is trusted…
  • Thank you PeterUK that was the answer, I have created a Policy Route from L2TP Zone to SNAT on the outgoing interface and bingo Internet is there. Works perfectly for my smartphone beside SSL VPN. =)
  • Yes it is ! I found the solution : I set up the local policy to an IP object, type HOST, value 0.0.0.0. My L2TP is now working for local network, but no access to Internet when VPN conencted despite the security rules allow traffic between the IP Sec zone and any other zones. So a ping to 10.0.0.0/24 subnet is OK but not…
  • Thanks for your reply. Yes it is behind a NAT and your article is interesting. If I read it correctly the local policy for phase 2 should be the WAN public IP, not the USG40 WAN IP. This is a problem for my scenario because the public IP is dynamic. To bypass this, I create a FQDN object pointing to my VSDL router but I…
  • Perfect, thank you ! :-)
Avatar

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click on this button!