dathing89  Freshman Member

What we do, from scratch: Using vpn wizard on both side, and modifying "Peer Id Type" from "dns" to "any" in gateway settings... That's all !!!

Ok… all running well now… I did a mistake: where you see 192.168.11.x it was 192.168.10.x, like in "company" LAN… sorry for wasting your time and many thanks for your help !!!

Sorry, read 192.168.11.0 instead of 192.168.20.0. Thx

Hello, juste to be sure, a picture of our organization: We can ping, localy, on each side, other devices. We can not ping devices on other site. but we can see on "Company" monitor/vpn inboud traffic (few bytes). Here de policy, this is quite the same on each side: USG Flex on the "Branch" is in the DMZ of the provider…

"Can you ping the LAN address of remote router?" No. "Do you have some other device to ping? A PC can have local firewall." Yes, on each side i've got many device i can ping localy. PeterUK, What do you mean by "You need to allow from VPN zone to LAN/DMZ and from LAN/DMZ to VPN zone" ? Where i have to do it ? policy…

I see IPSec_VPN_Outgoing and IPSec_VPN_to_Device in the previous message (picture 1) in policy control I've got it on both side

Thank's for your reply. "You need to allow from VPN zone to LAN/DMZ and from LAN/DMZ to VPN zone" It's not created by the wizard ? "note pinging a PC needs it firewall to allow inbound ICMP" I can ping them locally The monitor show only Outbound Bytes from FLEX 50 (not 100 sorry) Thank's again. L.

Hello, Many thank's for your help ! We try to "mount" an ipsec VPN between 2 site over Starlink. This provider use CGNAT router, so 500 and 4500 port are not allowed. But we discover that Starlink provide IPV6 IP without NAT… Is it possible to create an IPV6 tunnel with IPV4 Lan on each side ? Many thank's again L.