0

I've played around with a certificate based VPN (normally I don't do hardware) we've manged to setup the connection and the tunnel between the routers is working correctly. We now need the last step. There's no connection to the computers on the other end. What could we have forgotten? (we're testing with two standard configured Win7 machines)

EDIT: Just to clarify the tunnel is working I can ping the router on the other end. I can't access the computers on the other side of that router and vice versa. (It's also possible to access the remotemangement console of the remote router on the LAN IP)

Rune FS
  • 139
  • 1
  • 8

1 Answers1

1

I have used ZyWALL a few years ago. It was very simple... The only things required were activating the VPN module, specifying local and remote address ranges, and specifying a key. I used SSH Sentinel to connect to the remote private network.

If you use SSH Sentinel, you may have to click on Acquire virtual IP (or something like that) to be assigned an IP from the range of the remote private network (due to the settings of said private network).

It might be a useless question but can those two machines connect to each other?

Edit - make absolutely sure your subnet mapping is correct - example:

ZyWALL A - Local:
  Address Type  = subnet
  IP Addr Start = 192.168.10.0

ZyWALL A - Remote:
  Address Type = subnet
  IP Start     = 192.168.20.0

ZyWALL B - Local:
  Address Type = subnet
  IP Start     = 192.168.20.0

ZyWALL B - Remote:
  Address Type = subnet
  IP Start     = 192.168.10.0

This will map the subnets so the computers can see each other. Of course, you NEED to configure your local computers properly - the network configuration of the remote computer should be done in a way, that if you brought said computer over to the local network, it would be accessible.

So configure your network masks, firewalls and routers on servers and client computers so they can communicate.

ZyWALL configuration is so extremely simple that even a basic user should be able to configure it properly. The rest of the network is usually the problem, not the ZyWALL config.

Amy West
  • 56
  • 4
  • THe two routers are connected (as proven by a ping on the lan IP of the remote) – Rune FS Feb 04 '11 at 22:46
  • I mean do the computers on the private network protected by the ZyWALL see each other? If you've set your VPN right, it is very likely problem with your private network. – Amy West Feb 04 '11 at 23:33
  • The problem is that my computers do not see each other, The VPN is working but being newb when it comes to configuring VPNs I got no clue what to check :) – Rune FS Feb 04 '11 at 23:38
  • Make sure you have allowed ICMP protocol in your firewall and try pinging the other comps. For testing it is best to disable the firewalls altogether for a while if you are not sure why it is not working. Also make sure your IP masks are configured properly. What do you use as VPN client? – Amy West Feb 05 '11 at 00:00
  • As pr. my update I have no problems establishing the tunnel. I have a problem accessing the computer on the other side of the tunnel. There's no VPN client since it's a hardware based VPN tunnel – Rune FS Feb 05 '11 at 12:53
  • My questions are still valid, though. You need to map your subnets between the two devices!!! You have pinged the gateway - all the problems I've wrote about can still exist... Edited the post to add further info. – Amy West Feb 05 '11 at 13:16
  • The routing on each computer has to be correct - it's normal to either use the ZyWall with the VPN as the default gateway both sides so that will handle routing automatically, or if the default gateway is another device, add routes to that instead of to each computer. Routes being (remote subnet via ZyWall). Also Windows 7 firewall is likely to be involved and dropping traffic, also any anti-virus software with firewalling on the computers, e.g. McAfee, Norton, etc. might be blocking the connections. – TessellatingHeckler Jun 21 '11 at 18:20