IKEv2 client access problem with traffic flow
I set up a client access VPN following http://onesecurity.zyxel.com/img/uploads/Next-Gen_IKEv2_VPN_Server_Role_CR.pdf
Client is Win 10 with Allways on VPN using IKEv2 in ForceTunnel mode
I can establish a connection, ICMP packets passing the tunnel, arrive at a test host in the internal network, sent back to the USG40, arrive there but will not be sent back to the tunnel.
I used package capturing an can see that ICMP echo reply packets arrive at the firewall, but there are no ESP packets leaving the firewall at the WAN port.
policy routing is not active
I checked 'dynamic vpn routes' -> ok
I checked 'policy control rules' -> ok (no match on default rule for blocked packets)
I disabled 'policy control' -> no success
packet capture on lan1 and wan1 shows
- ESP packet from Win 10 client on wan1
- ICMP echo request to test host on lan1
- ICMP echo reply from test host on lan1
- NO ESP packet to Win 10 client on wan1
Any idea what's wrong?
thanks in advance