- This topic is empty.
May 21, 2014 at 10:13 pm #43949getoutMember
WAN ETH00 Public IP
LAN ETH01 192.168.1.1/24
VPN00 Server 192.168.240.1/30
Static Route 172.16.0.0/24 GW VPN00
WAN ETH00 Public IP
LAN ETH01 172.16.1.1/24
VPN00 Client 192.168.240.2/30
Static Route 192.168.1.0/24 GW VPN00
VPN is established. I can ping 192.168.240.2 and 172.16.1.1 from Site 1 and I can even login to ZS on 172.16.1.1 from Site 1 but I can’t ping any of the hosts behind 172.16.1.1. I can ping hosts behind the LAN from the ZS Utilities in the same Site but not from the external Site. If I setup Virtual Server port forwarding to hosts 172.16.1.X:80 I can connect to their web server from Site 1.
I have added Firewall rules in Input, Forward and Output tables to allow all protocols on any interface from or to any IP at both Site 1 and Site 2 ZS but no good?
I have disabled all Firewall Chains in the GUI on both machines but no good. I also used the Shell on Site 1 to stop the iptables service completely (I don’t have shell access to ZS Site 2 so I only disabled all the Chains in the GUI ). I tried to ping hosts on 192.168.1.X from Site 2 ZS Utilities but it could still only ping the 192.168.1.1 IP nothing else.
I have tried putting the LAN interfaces behind NAT and without NAT but no good.
Why can’t I get past the LAN IP from external site? Surely disabling all the Firewall chains eliminates the Firewall as the issue? I can ping the first IP of the Static route so it should be working and if I configure Virtual Servers I can connect with Hosts over the VPN so the Static Route must be working. I can ping the Hosts on the LAN from the ZS box on the same LAN so ICMP is working but not from the external Site?May 22, 2014 at 12:09 pm #53331getoutMember
I had the Static Route configured on the VPN interface not on the IP number. Changed that and everything routes correctly now!!
- You must be logged in to reply to this topic.