Zywall usg50 Site to site dropping packages?

MagnusBorgen
MagnusBorgen Posts: 6
First Comment
edited April 2021 in Security
hi, setup is as follow:
at server-room site nr1 there is a usg50 with a site to site ipsec vpn  in server-mode.
there are three other sites with Edge-router poe5, all with different ip-ranges connected to the same VPN, and traffic is working. We can altso access system through ports that we have specified in fw. 
BUT when i try to connect a Cisco RV206P to the same vpn we cannot access the server on port 8081:
error - ipsec -  SPI: 0x0 (0) SEQ: 0x0 (0) No rule found, Dropping TCP packet
- 93.124.xxx.xxx:8082 - 77.16.xx.xxx:25955 - ipsec

If i disconnect the cisco traffic goes as normal again and all is working. 

Suggestions?
I am unsure why the destination is 25955... 

All Replies

  • Alfonso
    Alfonso Posts: 257  Master Member
    First Anniversary Friend Collector First Answer First Comment
    Hi @MagnusBorgen

    It is difficult to imagine your architecture without a graphical draw.
    I am not sure where the Cisco is connected, and where are the unreachable servers.

    You specify port 8081, but the logs show port 8082,  ...

    I am sure that I and other users want to help you, but we need a bit more information. 

    Regards
  • Zyxel_Emily
    Zyxel_Emily Posts: 1,280  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @MagnusBorgen,

     

    As Alfonso said, please share the topology with us and how USG50, Cisco RV206P and other devices (server) are placed in the site to site VPN scenario.

    If possible, send the configuration file of USG50 to me via private message and indicate which rule in VPN connection is unstable.


Security Highlight