Help with TZ300 L2TP VPN clients unreachable
That_avant_dude
Newbie ✭
Hello,
Hoping someone can help me.
I have a TZ300 and set up L2TP VPN with the KB article. My client machine connects successfully and gets an IP outside my LAN subnet.
I have my local clients on LAN are on X0 port and the VPN comes on my WAN which is X1 port. From the diagnostics I can ping the VPN client's IP but none of the hosts on my LAN network can ping the VPN client's IP. When I look at packet monitor I can see the ping request and the outcome is "CONSUMED". Looking at the firewall rules from LAN to VPN I see TX traffic but no RX
I'm at a loss as to what I'm missing and why I can't ping my VPN client's IP
Any thoughts or help?
Thank you
Hoping someone can help me.
I have a TZ300 and set up L2TP VPN with the KB article. My client machine connects successfully and gets an IP outside my LAN subnet.
I have my local clients on LAN are on X0 port and the VPN comes on my WAN which is X1 port. From the diagnostics I can ping the VPN client's IP but none of the hosts on my LAN network can ping the VPN client's IP. When I look at packet monitor I can see the ping request and the outcome is "CONSUMED". Looking at the firewall rules from LAN to VPN I see TX traffic but no RX
I'm at a loss as to what I'm missing and why I can't ping my VPN client's IP
Any thoughts or help?
Thank you
Category: Entry Level Firewalls
0
Answers
First, let suggest that outside "testing" this is not something you would want to do...
However,
Make sure you have an ACLs to allow ICMP from LAN-->VPN and VPN-->LAN
Also make sure that you have the clients firewall allows ICMP
I tried SSH into the X1 WAN interface and I can ping the client
I tried to SSH into the X0 LAN interface and I cannot ping the client. If that means anything