Ping request gose in on OPT the reply out VLAN443

PeterUK
PeterUK Posts: 2,655  Guru Member
First Anniversary 10 Comments Friend Collector First Answer
edited April 2021 in Security

ZyWALL 110 on V4.33(AAAA.0)ITS-WK30-r89425

I have a BQM that pings my IP every second

https://www.thinkbroadband.com/broadband/monitoring/quality

This does not happen on every reboot with OPT and VLAN443 to metric 0

Ping in to opt

ping out VLAN443

If I stop the BQM for 2mins and start it up again its still wrong

Workaround is to set to SYSTEM_DEFAULT_WAN_TRUNK then back to my vlan443andopt trunk.

«1

Comments

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,431  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @PeterUK

    We found out that device local out traffic might be affected by policy route or Trunk in this scenario. we are checking internally.Keep you updated.

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,431  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @PeterUK

    In this case, you can add the following policy route to avoid local out traffic have effect by Trunk.

    1) incoming=zywall, src=opt interface IP, dst=any, next hop type =interface, interface=OPT

    2) incoming=zywall, src=vlan443 interface IP, dst=any, next hop type =interface, interface=vlan443

  • PeterUK
    PeterUK Posts: 2,655  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited September 2019

    I have only just found this out but them rules stop L2TP VPN from working.

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,431  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @PeterUK

    In this case, is it normal if you type cli “Router> show ip route” at that time?

    I would like to check that if it is just only Web GUI display issue or not.

  • PeterUK
    PeterUK Posts: 2,655  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer

    For anyone using routeing rules with incoming to zywall to get the L2TP VPN working you need to make the the following rule at the top:



  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,431  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    It can be solved by adding policy route. We will evaluate and enhance it to avoid local out traffic being affected by wan trunk.

  • eifelrudi
    eifelrudi Posts: 11  Freshman Member
    First Anniversary First Comment

    Hi,

    i have exact this problem.

    i have tried to add the route as described. But i am not able to choose "any" Service and Source-port L2TP-UDP. i can only choose the service L2TP-UDP - is that right?

    Additional - what is behind L2TPVPNWAN - the Wan-IP?

    i have tried so ...

    ist hat right, or what is my mistake?

  • eifelrudi
    eifelrudi Posts: 11  Freshman Member
    First Anniversary First Comment

    Hi,

    adding my post - my problem is that l2tp vpn from android client disconnects after 2 minutes.

    hope i am right in this post...


  • PeterUK
    PeterUK Posts: 2,655  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer

    I think Dienst is service you need to click show advanced settings to show the source port.


Security Highlight