can't access to remote ZW when ipsec VPN is down

alexey
alexey Posts: 188  Master Member
First Anniversary 10 Comments Friend Collector
edited April 2021 in Security
Hello everyone.
Have some ipsec lan with some ZW USG 1100 & USG 1000
ipsec lan like 172.20.0.0/24 etc 
ipsec build on failover vpn by 2 providers
1st 192.168.0.0/24  
2nd 172.21.0.0/16
Remote ZWs has 2 providers interfaces, like 172.21.x.100 & 192.168.x.100 & local 172.20.x.1
On remote ZW add 2 Policy Route
all from local lan via vpn gw & from ZW to ipsec lan via vpn gw
when ipsec vpn is up, i can access to remote ZW by ipsec ip and providers ip.
when ipsec vpn is down, i have no access to ZW by providers ip.
How can i make to have access to remote ZW when vpn is down?

All Replies

  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    Hello alexey,
    As your description,
    I think the access session is blocked by firewall, so let client can access zywall by creating rule on firewall. Please follow an example as below.
    Go to WWW >change the server port to 11111 and press apply

    Go to the service create the new service

    Go to policy control> create the rule wan->zywall and select "wantozywall" service which I created on service field.

    At last, press your wan ip with port number"11111"

    Charlie
  • alexey
    alexey Posts: 188  Master Member
    First Anniversary 10 Comments Friend Collector
    edited December 2017
    Thanks for help, but this is not firewall.
    I experiment with route and found, if i disable policy route ZW to ipsec via vpn gw, i can access to remote ZW without ipsec vpn.
    Strange, i remember that i add this for ZW can write syslog to server in ipsec zone. Without rule, it can do it now. 
    How can i see that remote ZWs transfer traffic between themselves via ipsec vpn? 
  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    Hello alexey,
    You can check the VPN traffic on monitor page.
    Go to Monitor>VPN monitor>IPSec, check Inbound and outbound, and if you want to know does any traffic was transfer, just press refresh and see the statistic of Inbound and outbound.

    Charlie

Security Highlight