From the logs it sure looks like your router config has:
- PORT FORWARDING of UDP ports 500 and 4500
- FIREWALL rule allowing UDP ports 500 and 4500

its also possible that IPSec (protocol 50) is involved, off the top of my head I can't recall if that is also configured in port forwarding and firewall.

actions · 2012-Dec-14 1:06 pm ·

Brano
I hate Vogons
MVM
join:2002-06-25
Burlington, ON

Brano

MVM

2012-Dec-14 4:17 pm

What is said above, check you default FW rules, they have IKE,IPSec services included, remove them.

actions · 2012-Dec-14 4:17 pm ·

kasper501
join:2011-08-24

1 edit

kasper501

Member

2012-Dec-14 4:57 pm

I don't have anything being forwarded, so I'm confused as where to look for those "IKE,IPSec services".

Ive included a screen shot of my "Default_Allow_WAN_To_ZyWALL" Service Group rules. Can I provide any other informatin?

actions · 2012-Dec-14 4:57 pm ·

kasper501

kasper501

Member

2012-Dec-14 7:15 pm

Arghgh....I've been fighting with this all day. I kind of lost it after my ATT MicroCell began getting kicked off the network. Emailed Zyxel for support to see whether they might be able to provide some insight, but at this point I setup my Netgear WND4000 again and everything is fkn working. /arghgh, want to smash!

actions · 2012-Dec-14 7:15 pm ·

Brano
I hate Vogons
MVM
join:2002-06-25
Burlington, ON

Brano

MVM

2012-Dec-14 8:54 pm

Check your PM

actions · 2012-Dec-14 8:54 pm ·

bbarrera
MVM
join:2000-10-23
Sacramento, CA

bbarrera to kasper501

MVM

2012-Dec-15 12:44 am

to kasper501

NATT is your problem, remove it from the Default_Allow_WAN_To_ZyWALL rule.

actions · 2012-Dec-15 12:44 am ·

kasper501
join:2011-08-24

kasper501

Member

2012-Dec-15 12:56 am

Thanks, guys!!!!

I'll try tomorrow.

actions · 2012-Dec-15 12:56 am ·

bbarrera
MVM
join:2000-10-23
Sacramento, CA

bbarrera

MVM

2012-Dec-15 9:41 am

NATT is NAT Traversal and its UDP port 4500, which you can see from the logs is involved with your VPN client getting caught in the firewall.

actions · 2012-Dec-15 9:41 am ·

kasper501
join:2011-08-24

1 edit

kasper501

Member

2012-Dec-15 12:04 pm

BBARRERA...Thanks so much. Thank you, everyone, for your assistance!!! Its finally working, I'm no longer getting disconnected from my work vpn client. I've been connected for over an hour now. Its sites like this that make the internet so awesome.

I do have one more question....not sure if I should start another post, its related to my AT&T microcell. I dont have cell coverage in my house so I need the microcell to get a cell connection. My MicroCell has been dropping connection too since I setup the new router. I was thinking of using the DMZ port; is this how I should configure the default DMZ rules to allow the following ports to pass through?

123/UDP: NTP timing (NTP traffic)
443/TCP: Https over TLS/SSL for provisioning and management traffic
4500/UDP: IPSec NAT Traversal (for all signaling, data, voice traffic)
500/UDP: IPSec Phase 1 prior to NAT detection (after NAT detection, 4500/UDP is used)
4500/UDP: After NAT detection, 4500/UDP is used

actions · 2012-Dec-15 12:04 pm ·

bbarrera
MVM
join:2000-10-23
Sacramento, CA

bbarrera

MVM

2012-Dec-17 12:03 am

If you have only 1 public IP, I can't think of any advantage in setting up DMZ. Just forward those ports to your microcell and then likely have problems with your work laptop VPN.

actions · 2012-Dec-17 12:03 am ·

imanon
@comcast.net

imanon to kasper501

Anon

2012-Dec-17 2:28 pm

to kasper501

Microcell does not require a DMZ, since you've already taken NATT and IKE out of the default rule that normally forces those inbound to the Zywall, you'll be good.

Microcell needs to make a VPN tunnel to AT&T's datacenter, almost identical to how your machine makes a VPN tunnel to your office.

actions · 2012-Dec-17 2:28 pm ·

Forums → Equipment Support → Hardware By Brand → ZyXEL	« I can VPN to my office but I can not ping any machines • Optimizing Skype traffic on USG 50 »
This is a sub-selection from Another USG 50 newb...Cisco VPN Client getting dropped