adm — Zyxel Community

Comments

ok thanks everyone i solved it i was forgetting to add a static route not only security group and vpc

in route L2TP ipsec on ipsec site to site Comment by adm February 2019
UPDATE my exact points are: - I don't want to create a tunnel, but a site to site only vpn type. In this way i cannot create VTI cause i don't have any tunnel - I am completly sure that the type of site to site work, cause till 2 weeks ago before moving office it was configured like this and it worked ( but i didn't…

in route L2TP ipsec on ipsec site to site Comment by adm February 2019
oh, so this mean that manual config cannot work ? and i cannot manually create a vti ? and after i upload it everything will work ?

in route L2TP ipsec on ipsec site to site Comment by adm February 2019
and i don't have vti configured

in route L2TP ipsec on ipsec site to site Comment by adm February 2019
wait wait wait... ahaha After a little investigation i think that we are talking about scenario 3 without bgp. So, the customer gateway config it has been completly totally manuly. but anyway i don't have a solution yet please..suggestion ?

in route L2TP ipsec on ipsec site to site Comment by adm February 2019
oh wow almost the same config :) anyway i don't have vpn interface, is it possible ?

in route L2TP ipsec on ipsec site to site Comment by adm February 2019
thanks for details guys anyway this # packet-trace interface vti(x) extension-filter host <ip address of AWS instance> return 0 packets capture x packetsreceived by filter 0 packats dropped by kernel i am really confused, it seems really hard to find the solution

in route L2TP ipsec on ipsec site to site Comment by adm February 2019
#additional question: is it normal that l2tp release ip address for vpn user with subnet 255.255.255.255 ?? there's no route back in this way Can I better understand this please??

in route L2TP ipsec on ipsec site to site Comment by adm February 2019
I have to solve this issue in a couple of hours please

in route L2TP ipsec on ipsec site to site Comment by adm February 2019
#You can use CLI to trace the request packets & reply packets Traceroute from l2tp doesn't reach the instance and all the hop fall down. The same if I try traceroute from the instance #Then access the AWS instance from L2TP client. And check the result show on the CLI. I cannot access the instance from l2tp via SSH..only…

in route L2TP ipsec on ipsec site to site Comment by adm February 2019
UPDATE site a (zywall lan) can connect correctly in ssh to site b (aws) site c (l2tp user) can connect correctly in ssh to site a (zywall lan-centos machine) BUT when site c try to connect in ssh to site b fails. on site a zywall log, the package is correctly forwarded from l2tp ip address to aws ip address on the aws…

in route L2TP ipsec on ipsec site to site Comment by adm February 2019
additional question: is it normal that l2tp release ip address for vpn user with subnet 255.255.255.255 ?? there's no route back in this way

in route L2TP ipsec on ipsec site to site Comment by adm February 2019
l2tp -> zywall 110 -> aws package go to zywall 110 and forwaarded correctly to aws. aws vpn correctly work with zywall 110 lan but not with l2tp route table and security group of aws accept the subnet of l2tp users

in route L2TP ipsec on ipsec site to site Comment by adm February 2019
yep but it's already set

in route L2TP ipsec on ipsec site to site Comment by adm February 2019
thanks for ur reply, but i just faced a new issue.. tha package is correctly routed, but it doesnt come back

in route L2TP ipsec on ipsec site to site Comment by adm February 2019

More Comments