Hi
We've bought a USG110 a few week ago and I've been trying to get IPSec IKEv2 VPN going for a few remote users. I've been following the guide in the "ZyWALL USG Series - Application Notes" (available here: ftp://ftp.zyxel.com/USG110/application_note/USG110_2.pdf)
Scenario 5, page 25, describes the necessary configuration of the USG and Windows 7.
I have no problem following the guide and I'm able to connect from a Windows 7 client. It completes both phase 1 and phase 2 authentication and I'm able to access services within the local subnet (LAN1_SUBNET as chosen as the local policy in the "VPN Connection"-configuration) but I'm not able to access any services on the internet.
As I understand, when configuring a IPSec VPN connection in Windows 7, it will act as a full tunnel, not a split tunnel. Isn't that correct? If so, on the client all traffic should be routed to the VPN-tunnel, right? However, the only traffic showing up in the USG logs is traffic to the local subnet. If I, from the client, try to ping, for example www.google.com the name resolution works but the pings does not. When examining the logs on the USG, the only thing I can find, related to my attempt to ping www.google.com, is the dns-request for www.google.com, no ICMP request.
This, I think, would indicate that there is a routing problem.
In the "VPN Connection"-configuration the "Use Policy Route to control dynamic IPSec rules" is cleared but I have tried to enable it and configure policy routes according to several other posts in this forum. But no luck there either. Still not a single packet destined for the internet.
Does anyone have a clue what I'm doing wrong?
I'm not very used to the zyxel-way of things... Unfortunately I'm more of a cisco-guy...
↧