Comments
-
For me, this was the solution at the time. But maybe you have a different problem.
-
Of course. Create a rule from the WAN interface to Zywall. Source is the WAN IP of the remote end of the tunnel and destination is any. Service is any and Action is allow.
-
Kevin and his team have found the error: A deny firewall rule on the Zywall was blocking the remote ESP packets. An Allow rule from the remote site's WAN IP to the Zywall address object solved the problem. Thanks again Kevin for your help!!!
-
Hello Kevin Thanks for the offer! Let me first check all other possibilities clean (ISP router etc). I'll be happy to get back to you once this is done. martin
-
Thanks for your answers! I have the following 2 policies which I think allow packets from and to the LAN from the tunnel: LAN1 contains the subnet 192.168.37.0/24, ipsec_vpn the tunnel I am trying to get running.
-
So the WAN interface of both firewalls have a Public IP. LAN on the Zyxel side is 192.168.37.0/24, on the Fortigate side 10.254.254.0/24. Here are the logs when I start the tunnel manually: Excitingly, shortly after, I see this entry in the log, where the Source is the Public IP of the Fortigate, and the Destination is the…
