| reply to vadar0079
Re: Zywall IPSec VPN Client to Zywall 5 connection Hi. The built of the channel is a matter of agreements of parameters among the peers.
After this:
1. are remote and local overlapping?
2. is local corrisponding to real lan you want to reach from remote?
3. do you allow vpn to lan in the firewall settings?
4. do targets have some firewall stopping incoming traffic?
. . . and so on. |
|
| 1. are remote and local overlapping? No
2. is local corrisponding to real lan you want to reach from remote? Yes
3. do you allow vpn to lan in the firewall settings? Yes Ports 500 and 4500 (Ingress and Egress)
4. do targets have some firewall stopping incoming traffic?
No
Even the Xamp Authorization works like a champ. |
|
2 edits | Okay, found the problem. I did not have rules set for the VPN/LAN and LAN/VPN settings. When I added all services to these I can see the remote LAN devices. I am not comfortable leaving everything open. What services/ports should I leave open if I just want to VNC into my server on the remote LAN? |
|
jdmtPremium
join:2002-05-06
Seattle, WA | Leaving these services open should be fine, since only VPN authenticated clients would be able to traverse over the VPN --> LAN connection. You could limit scope of the rule to specific hosts on either end if you wanted to lock it down a little. I do this with my ZyWALL to ZyWALL VPNs, permitting access to server resources only for VPN connected devices.
By the way, how exactly did you configure the VPN client? I'm trying to get this to work and the documentation is somewhat thin! |
|
| I referenced the Zywall 5 Support Notes v4.03 (Sept 2007). I also looked at documentation for the GreenBow IPSec VPN client which is very similar to Zywall's. They have a configuration guide for the Zywall 5. Just Google for it... |
|
|
|
jdmtPremium
join:2002-05-06
Seattle, WA | In case you're interested, the ZyXEL VPN client is actually OEM'd from Green Bow. Not sure if there is any ZyXEL value add... |
|
