humschti

Comments

For me, this was the solution at the time. But maybe you have a different problem.

in Zyxel ATP500 ipsec: no inbound packets Comment by humschti March 2023
Of course. Create a rule from the WAN interface to Zywall. Source is the WAN IP of the remote end of the tunnel and destination is any. Service is any and Action is allow.

in Zyxel ATP500 ipsec: no inbound packets Comment by humschti March 2023
Kevin and his team have found the error: A deny firewall rule on the Zywall was blocking the remote ESP packets. An Allow rule from the remote site's WAN IP to the Zywall address object solved the problem. Thanks again Kevin for your help!!!

in Zyxel ATP500 ipsec: no inbound packets Comment by humschti November 2022
Hello Kevin Thanks for the offer! Let me first check all other possibilities clean (ISP router etc). I'll be happy to get back to you once this is done. martin

in Zyxel ATP500 ipsec: no inbound packets Comment by humschti November 2022
Thanks for your answers! I have the following 2 policies which I think allow packets from and to the LAN from the tunnel: LAN1 contains the subnet 192.168.37.0/24, ipsec_vpn the tunnel I am trying to get running.

in Zyxel ATP500 ipsec: no inbound packets Comment by humschti November 2022
So the WAN interface of both firewalls have a Public IP. LAN on the Zyxel side is 192.168.37.0/24, on the Fortigate side 10.254.254.0/24. Here are the logs when I start the tunnel manually: Excitingly, shortly after, I see this entry in the log, where the Source is the Public IP of the Fortigate, and the Destination is the…

in Zyxel ATP500 ipsec: no inbound packets Comment by humschti November 2022