can't access to remote ZW when ipsec VPN is down
Hello everyone.
Have some ipsec lan with some ZW USG 1100 & USG 1000
ipsec lan like 172.20.0.0/24 etc
ipsec build on failover vpn by 2 providers
1st 192.168.0.0/24
2nd 172.21.0.0/16
Remote ZWs has 2 providers interfaces, like 172.21.x.100 & 192.168.x.100 & local 172.20.x.1
On remote ZW add 2 Policy Route
all from local lan via vpn gw & from ZW to ipsec lan via vpn gw
when ipsec vpn is up, i can access to remote ZW by ipsec ip and providers ip.
when ipsec vpn is down, i have no access to ZW by providers ip.
How can i make to have access to remote ZW when vpn is down?
Have some ipsec lan with some ZW USG 1100 & USG 1000
ipsec lan like 172.20.0.0/24 etc
ipsec build on failover vpn by 2 providers
1st 192.168.0.0/24
2nd 172.21.0.0/16
Remote ZWs has 2 providers interfaces, like 172.21.x.100 & 192.168.x.100 & local 172.20.x.1
On remote ZW add 2 Policy Route
all from local lan via vpn gw & from ZW to ipsec lan via vpn gw
when ipsec vpn is up, i can access to remote ZW by ipsec ip and providers ip.
when ipsec vpn is down, i have no access to ZW by providers ip.
How can i make to have access to remote ZW when vpn is down?
0
All Replies
-
Hello alexey,
As your description,
I think the access session is blocked by firewall, so let client can access zywall by creating rule on firewall. Please follow an example as below.
Go to WWW >change the server port to 11111 and press apply
Go to the service create the new service
Go to policy control> create the rule wan->zywall and select "wantozywall" service which I created on service field.
At last, press your wan ip with port number"11111"
Charlie0 -
Thanks for help, but this is not firewall.
I experiment with route and found, if i disable policy route ZW to ipsec via vpn gw, i can access to remote ZW without ipsec vpn.
Strange, i remember that i add this for ZW can write syslog to server in ipsec zone. Without rule, it can do it now.
How can i see that remote ZWs transfer traffic between themselves via ipsec vpn?0 -
Hello alexey,
You can check the VPN traffic on monitor page.
Go to Monitor>VPN monitor>IPSec, check Inbound and outbound, and if you want to know does any traffic was transfer, just press refresh and see the statistic of Inbound and outbound.
Charlie
0
Categories
- All Categories
- 347 Beta Program
- 2.1K Nebula
- 114 Nebula Ideas
- 77 Nebula Status and Incidents
- 5K Security
- 44 USG FLEX H Series
- 246 Security Ideas
- 1.2K Switch
- 64 Switch Ideas
- 901 WirelessLAN
- 33 WLAN Ideas
- 5.8K Consumer Product
- 204 Service & License
- 326 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.8K FAQ
- 831 Nebula FAQ
- 401 Security FAQ
- 219 Switch FAQ
- 190 WirelessLAN FAQ
- 45 Consumer Product FAQ
- 136 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 71 About Community
- 61 Security Highlight