Comments
-
finally I found the problem (a faulty virtual-server entry in the config): ip virtual-server XXXXXXX interface dmz source-ip any original-ip A.B.C.D map-to server01 map-type port protocol any original-port 4158 mapped-port 4158 nat-1-1-map original-ip A.B.C.D is the IP address of the WAN interface and it was mapped to the…
-
Hi Warwick thanks a lot. I did a lot of debug work.I can follow the ICMP packets from VPN Client, to the tunnel, to the test host. From the test host back to the FW and into the VPN tunnel. Then I would expect to see ESP packets on the wan interface going back to the VPN client. I can see IKE packets between the VPN Client…
-
additional information: Win 10 (A) <-vpn-> USG40 <--> Test host (B) ping from A to B ipsec debug log shows Found forward, flow 24903: 192.168.101.11:1->10.0.1.21:2048, flag: 0x00143401 Found forward, flow 24930: 10.0.1.21:1->192.168.101.11:2048, flag: 0x00343404 ping from B to A ipsec debug log shows Found forward, flow…
