SPI:0x0 SEQ:0x0 No rule found, Dropping packet in ZyXEL

Re: SPI:0x0 SEQ:0x0 No rule found, Dropping packet

Tue, 23 Jun 2009 05:39:46 EDT

anon : Thanks Brano for your answer.

The only policy routes (in addition to USG default WAN TRUNK routes) we have added are:
(fields: Incoming, Source, Destination, Service, Next-hop, Snat)

lan1 LAN1_SUBNET RemoteLAN_SUBNET  any RemoteNetwork  none
lan1 LAN1_SUBNET Remote2LAN_SUBNET any Remote2Network none

Address definitions are:

LAN1_SUBNET	       INTERFACE SUBNET	lan1-10.22.19.0/24
RemoteLAN_SUBNET	SUBNET	              10.22.15.0/24
Remote2LAN_SUBNET	SUBNET	              10.22.10.0/24

Should I make another rule for "Zywall to remote lan"? Looks like LAN1_SUBNET is only for packets coming into Zywall LAN interface, but not from Zywall itself?

BR,

Santtu

Re: SPI:0x0 SEQ:0x0 No rule found, Dropping packet

Wed, 17 Jun 2009 10:18:44 EDT

Brano : It depends how are your routes setup on USG.
Post a screenshot.

SPI:0x0 SEQ:0x0 No rule found, Dropping packet

Wed, 17 Jun 2009 03:50:26 EDT

anon : Hi guys,

We have IPSec VPN tunnel between two offices, the remote office has ZW5 and our office new USG-100. Our office does not have any servers etc. and we are using resources of remote office (AD, file server, DNS). I am wondering what kind of rule is missing because we get constant errors to USG-100 logs:

error IPSec SPI:0x0 SEQ:0x0 No rule found, Dropping packet 10.22.19.1:33496 10.22.15.10:53 IPsec

The 10.22.19.1 is USG-100 LAN address, and 10.22.15.10 is DNS server of remote office. It looks like USG-100 is blocking all DNS queries to remote office when the query originates from USG-100 itself. However, DNS works when queries originate from our computers in LAN.

We have policy route definition:

lan1 LAN1_SUBNET RemoteLAN_SUBNET any RemoteNetwork none

and when I tried to create similar policy route but replacing incoming interface lan1 with "Zywall", that did not help.

Any ideas or tips?

Thanks,

Santtu