I can VPN to my Win7 machine but I cannot ping anything on my home network (the machines are not on a domain).
As per the info from Brano, I setup my LAN_L2TP on a different subnet than the lan1, lan2 and wlan but I wonder how my Win7 machine knows how to use the VPN tunnel when I try to access any of my machines on my lan1 (192.168.11.0/24) or wlan (50.59.1.1/24). (I did setup the routing rule and the firewall rules as per the doc above. I even try to set all the firewall rules to "any" just in case that was the problem).
Note: I changed the subnet of lan1 to 192.168.11.0/24 in case there was a conflict with my Comcast modem.
Once your VPN is successfully connected, then the rest is just matter of routing and firewalling.
1) Make sure you have firewall open from VPN LAN to home LAN(s) and vice versa. 2) Make sure you have appropriate policy routes in place to route your VPN traffic to LAN and vice versa. 3) Make sure that LAN PCs don't have any local firewalls (i.e. Windows firewall) blocking your connections.
Couple of things I forgot to mention: a - In you info, you are blocking the intra zone
I am not blocking the intra zones since I want the VPN users to access the whole network. Here is what I have
Note: I am using IPSec_VPN for the VPN Zone
b - your info shows L2TP as a service wen building the tunnel:
L2TP does not exist in my configuration but L2TP_UDP does
Now regarding your answers: 1) Make sure you have firewall open from VPN LAN to home LAN(s) and vice versa. I think I did configure it as per your info but since I was not going anywhere I also try to set every rules to “any” so nothing gets blocked (remember that my VPN zone is IPSec_VPN). Would the following work (this is the default config):
2) Make sure you have appropriate policy routes in place to route your VPN traffic to LAN and vice versa. Here is what I have
3) Make sure that LAN PCs don't have any local firewalls (i.e. Windows firewall) blocking your connections. I turned off the Windows firewalls to make sure that was not the problem
One thing that I discovered (bear with me as I am new to this USG 20w product) is that when I am in the office (not connected through VPN but on the WLAN), I can ping any other computers on the wireless network but I cannot ping the wired computer on lan1 (I even have a laptop which is on the wireless network and the wired network > I can ping the wireless IP address (i.e. 10.59.1.33) but not the wired IP (192.168.1.33). This seems to indicate that intrazones are blocked (including the VPN one). I want everybody in the office been able to access all the machines regardless if they are on lan1, lan2, wlan or vpn.
I am assuming that it must be a routing issue because two clients connected through VPN cannot ping each other (the IPSec_VPN zone is not blocking Intra-zone). Can anybody see something incorrect in my settings?
Note: my issue related to the wireless clients not been able to ping the servers on lan1 was due to a firewall entry missing
·
