5310 questions

6470 answers

10422 comments

6457 members

0 votes
148 views 5 comments
by
Hi,

I mounted a an IPSEC tunnel between a RUT950 and a Zyxel USG. The tunnel seems to work fine, but I think there is some kind of routing problem...

Zyxrl USG network: 192.168.3.0/24

RUT950 network:192.168.5.0/24

The computer 192.168.3.121 must comunicate with the computer 192.168.5.10

Ping OK between computer 192.168.3.121 and RUT950 router 192.168.5.1 via the IPSEC tunnel

Ping OK between RUT950 router 192.168.5.1  and computer 192.168.3.121 via the IPSEC tunnel

Ping OK between Zyxrl USG router 192.168.3.1 and RUT950 router 192.168.5.1 via the IPSEC tunnel

Ping OK between RUT950 router 192.168.5.1 and Zyxrl USG router 192.168.3.1 via the IPSEC tunnel

Ping OK between router RUT950 192.168.5.1 and computer 192.168.5.10

But Ping does not work between computers 192.168.3.121 and 192.168.5.10

Using a Tracert  we can see that from the computer 192.168.3.121 we get to the router RUT950 192.168.5.1

I think there is a return routing missing from 192.168.5.10 to the network 192.168.3.0/24 when using the IPSEC VPN on the RUT950...

Can anyone help me out with this? how can I fix it?

Hope you can help me,

Thanks,

Fred

1 Answer

0 votes
by

Hello, 

Regarding your problem could you try making static route?? 

You can try to run this command to CLI and check if it helps: route add -net 192.168.3.0 netmask 255.255.255.0 gw 192.168.5.1 
Also are you using the latest firmware for the RUT950 device? 

Hope it helps

Regards,
Jerome

by

Thanks for your help.

Ok, I added the command :

The ping from the RUT950 (gateway) 192.168.5.1 still works towards 192.168.3.121

But the device 192.168.5.10(or any other device) on the RUT950 LAN does not work towards 192.168.3.121

by
I think there is something wrong with the other router. Could you check the settings or route on the Zyxel router if the 192.168.3.0 is accepted. Or ping the LAN device of the RUT950 router if it is reachable on the other side.

If still not try making a static route on the other side. 192.168.5.0 255.255.255.0 and gateway is 192.168.3.1

Check what ipsec version is the other router running also.

Hope it helps

Regards,

Jerome
by

The routing in zyxel is configure :

Ping OK between computer 192.168.3.121 and RUT950 router 192.168.5.1 via the IPSEC tunnel

Ping OK between RUT950 router 192.168.5.1  and computer 192.168.3.121 via the IPSEC tunnel

Ping OK between Zyxrl USG router 192.168.3.1 and RUT950 router 192.168.5.1 via the IPSEC tunnel

Ping OK between RUT950 router 192.168.5.1 and Zyxrl USG router 192.168.3.1 via the IPSEC tunnel

Ping OK between router RUT950 192.168.5.1 and computer 192.168.5.10

But Ping does not work between computers 192.168.3.121 and 192.168.5.10

I think the traffic from 192.168.5.10 does go through the ipsec vpn tunnel ..

by
On the USG did you set a routing policy to allow for traffic and firewall rule as well?

Zyxel is very explicit in that requirement.
Also windows firewall may not allow for NAT traversal and the rule must also be set for this other network.
by

Bonjour la programmation a été reverifier par zyxel es-ce que ce paramètre peux bloquer traffic ?