This topic contains 0 replies, has 0 voices, and was last updated by 
-
Posts
-
Site 1
WAN ETH00 Public IP
LAN ETH01 192.168.1.1/24
VPN00 Server 192.168.240.1/30
Static Route 172.16.0.0/24 GW VPN00Site 2
WAN ETH00 Public IP
LAN ETH01 172.16.1.1/24
VPN00 Client 192.168.240.2/30
Static Route 192.168.1.0/24 GW VPN00VPN is established. I can ping 192.168.240.2 and 172.16.1.1 from Site 1 and I can even login to ZS on 172.16.1.1 from Site 1 but I can’t ping any of the hosts behind 172.16.1.1. I can ping hosts behind the LAN from the ZS Utilities in the same Site but not from the external Site. If I setup Virtual Server port forwarding to hosts 172.16.1.X:80 I can connect to their web server from Site 1.
I have added Firewall rules in Input, Forward and Output tables to allow all protocols on any interface from or to any IP at both Site 1 and Site 2 ZS but no good?
I have disabled all Firewall Chains in the GUI on both machines but no good. I also used the Shell on Site 1 to stop the iptables service completely (I don’t have shell access to ZS Site 2 so I only disabled all the Chains in the GUI ). I tried to ping hosts on 192.168.1.X from Site 2 ZS Utilities but it could still only ping the 192.168.1.1 IP nothing else.
I have tried putting the LAN interfaces behind NAT and without NAT but no good.
Why can’t I get past the LAN IP from external site? Surely disabling all the Firewall chains eliminates the Firewall as the issue? I can ping the first IP of the Static route so it should be working and if I configure Virtual Servers I can connect with Hosts over the VPN so the Static Route must be working. I can ping the Hosts on the LAN from the ZS box on the same LAN so ICMP is working but not from the external Site?
Solved:
I had the Static Route configured on the VPN interface not on the IP number. Changed that and everything routes correctly now!!
You must be logged in to reply to this topic.