stephan  Freshman Member


Last Active


I already posted a comprehensive explaination here: tl;dr: It was a FW routing issue. You said that printers did respond. Do they have the same gateway like PCs? Yes. Their gateway is are their respective USG60s. I cannot tell if it's your case,…
  • Thank you for putting me on the right track. I think I am done (will check in detail later). Allow me to elaborate: A local firewall can define a subset of addresses inside its rules.And many rules in "Windows firewall", by default, have as default scope "Local subnet". I understand now. This was not the issue. Win10…
The devices do respond to ping from the same net.So the issue is not on the device. Sorry if I was not clear enough on that. I will edit my post to reflect that. Edited the post to be more clear that pings within networks to target machines work. But through VPN they don't. I can only ping the edges of the net (the 2…
Hi Jeff. Sorry for the exceptionally late reply. Unfortunately, our business needed my elsewhere for a while. I did spot the access blocked triggered by the default rule in the logs. I did create a policy LAN1 to any, but pings are still not going through. But they are also not showing up as blocked anymore. Here is…
  • I'll try that tomorrow at the latest and report back with findings.
  • A Ping from HQ to branch indeed works. But pings from branch to HQ don't: Pings in HQ:C:\Users\hq-pc>ping<br><br>Ping wird ausgeführt für mit 32 Bytes Daten:<br>Antwort von Bytes=32 Zeit=16ms TTL=61<br>Antwort von Bytes=32 Zeit=18ms TTL=61<br>Antwort von…
  • Sorry if I was confusing. Last time I was at the branch office and tried to ping a server in the HQ network, which didn't work.The machine I tried to ping was a Linux server that should respond to pings and does so when pinged from the HQ network. I will try pinging a machine from HQ to branch now and get back to you with…
  • &#13;I sent the cfgs to your account via PN.Any Idea in what direction I can start debugging troubleshoot in the meantime? /edit: sry for my wording with debugging. This is most probably NOT a bug. Updated the post with more accurate language.
  • On Branch side, LAN1 subnet is only referenced in the VPN connection and the policy route I mentioned above. On HQ side, LAN1 subnet has more references besides that: * A policy route directing traffic from on of our WAN IPs to our mail server (though LAN1 subnet doesn't appear explicitly in the settings there?) * A policy…
  • Hi Stanlley, I had problems using firefox and chrome opening the console. Java plugins don't seem to be supported anymore. I used putty to connect and this seemed to work. After entering the commands there and rebooting, clients can now connect. If you can please, can you comment on if the internal vpn objects I created…
  • I forgot to add: with the above settings clients in the Wifis can not connect to VPN regardless on if they try to connect to IP of port 1 or port 4.
  • Hey guys! Thanks. I ended up going V4.13 -> V4.20 -> V4.32.Configuration was kept, so no issues there. I now try to set up VPN from internal ports, since this should be supported now per I'll see if I can figure it…
  • @Zyxel_Cooldia Thank you again for you swift reply! We will wait for the next FW upgrade and then try to solve this issue this way :) Can I mark this as solved anywhere?
  • Thanks for that! Tough to find out with just the user manual. @Zyxel_Cooldia would the USG 100 or the USG 310 support L2TP IPSec over internal intefaces? Will V4.32 be released for the USG 60? Do you have a rough estimate on when V4.32 will be released?
  • Hey @Zyxel_Cooldia Here our topology. We can connect to VPN if the connection originates from the internet. We also want to connect to VPN when connected to one of the Wifis. The VLANs are handled on our Netgear switches if that makes any difference. Wifi clients get a successfull resolution from to the WAN…