Hi,
I have to connect a Site-to-Site IPSec VPN between an USG20 and an USG50, which are both behind ISP modem/routers. I can't put the ISP modem/routers in bridge to keep the home phones working...
I set the DMZ IP in the modem/router as the USG WAN1 IP, this way all inbound traffic is forwarded to WAN1 USG. NAT behind NAT works for RDP for example, when I use the WAN1 IP as original IP and client computer IP as mapped IP. I have to create policy route for each NAT rule to make it working. So the NAT is working well in both USG now, the problem is that the public IPs are not owned by the USGs but by the ISP modems...
In the IPSec VPN GW, if I set the public IP in "My Address" it don't works. I suspect that this is the reason of the problem because all is set as usual but the connection fails. There is no error in the log, only that : IKE ISAKMP SA [VPN_GW] is disconnected 1.2.3.4:500 9.8.7.6:500
IKE_LOG 259 2014-02-23 15:22:38 info IKE The cookie pair is : 0xc8f***********7 / 0x0000000000000000.
Do I have to create policy routes for IKE, ESP or what ever from ZYWALL or Tunnel to élocal public IP to force the IPSec trafic ?
If you have any idea to make it works.
Thank you in advance for your help, best regards,
PS : Excuse my bad English...
↧