Zyxel_CharlieModerator, Zyxel Offical AgentPosts: 996 mod
@adm Regarding to this case, Can you private message the result of packet-trace on site A?(Just screenshot it) we need to trace the packet via console on site A, so type the command as below. # packet-trace interface vti(x) extension-filter host <ip address of AWS instance> Next, let l2tp client access AWS interface, and then just private message the result to me (screenshot it)
Secondly, it is normal that L2TP client get the IP address with netmask 255.255.255.255 Charlie
Hi, Here my topology, L2TP/IPSec client(172.24.28.20) --- USG60 --- site2site VPN --- AWS VPC --- EC2 instance(10.0.1.105)
And my VPN client can access the EC2 server in AWS VPC through the VPN interface(vti0). So if you doing a ping test, you should get the client IP address to EC2 private IP address on the vti interface. If not, then you need to check the routing settings on VPN client and ZyWALL.
You can PM me the screenshot of policy route & static route settings page. If you need help to check if any mis-config.
My VPC is create with scenario 3. The EC2 instance (10.0.1.105) is locate in private subnet. And connect a VPN back to USG60 at my office. The VPN which AWS VPC support is route-based IPSec VPN. So that need to configure vpn interface to link with AWS VPC.
No matter static or dynamic, you can download the configuration of VPN connection from AWS console. Then modify it and upload to ZyWALL to apply. It's very easy then configure one by one from GUI of ZyWALL.
Comments
is it normal that l2tp release ip address for vpn user with subnet 255.255.255.255 ??
there's no route back in this way
Can I better understand this please??
Regarding to this case,
Can you private message the result of packet-trace on site A?(Just screenshot it)
we need to trace the packet via console on site A, so type the command as below.
# packet-trace interface vti(x) extension-filter host <ip address of AWS instance>
Next, let l2tp client access AWS interface, and then just private message the result to me (screenshot it)
Secondly, it is normal that L2TP client get the IP address with netmask 255.255.255.255
Charlie
anyway
this
# packet-trace interface vti(x) extension-filter host <ip address of AWS instance>
return
0 packets capture
x packetsreceived by filter
0 packats dropped by kernel
i am really confused, it seems really hard to find the solution
Here my topology,
L2TP/IPSec client(172.24.28.20) --- USG60 --- site2site VPN --- AWS VPC --- EC2 instance(10.0.1.105)
And my VPN client can access the EC2 server in AWS VPC through the VPN interface(vti0).
So if you doing a ping test, you should get the client IP address to EC2 private IP address on the vti interface.
If not, then you need to check the routing settings on VPN client and ZyWALL.
You can PM me the screenshot of policy route & static route settings page.
If you need help to check if any mis-config.
anyway i don't have vpn interface, is it possible ?
what's the scenario of your VPC ?
https://docs.aws.amazon.com/en_us/vpc/latest/userguide/VPC_Scenarios.html
My VPC is create with scenario 3. The EC2 instance (10.0.1.105) is locate in private subnet.
And connect a VPN back to USG60 at my office.
The VPN which AWS VPC support is route-based IPSec VPN.
So that need to configure vpn interface to link with AWS VPC.
You can refer the configuration guide in this post to create the routed-based VPN.
https://businessforum.zyxel.com/discussion/comment/6173#Comment_6173
After a little investigation i think that we are talking about scenario 3 without bgp.
So, the customer gateway config it has been completly totally manuly.
but anyway i don't have a solution yet
please..suggestion ?
Then modify it and upload to ZyWALL to apply. It's very easy then configure one by one from GUI of ZyWALL.
and i cannot manually create a vti ?
and after i upload it everything will work ?