ZyXEL → Ok, am using W2K VPN client and 3DES, it works but

Ok,
Sentinel is off, W2K VPN client is on. 3DES enabled, download speed of mozilla went from about 150-170KB (varied) to 114-120KB with 3DES enabled using the Windows 2000 VPN client (note I was getting 12-14KB downloads of the same item with sentinel). Now 114-120KB is acceptable and I guess it's hard to do much better than 3DES. However a new problem has occurred. I used the rules in the Zywall application note, and it works great, however I cannot access the LAN from my now tunneled PC (I can't access the Zywall setup, however a wired PC is able to access it and can confirm the tunnel is operational).

Has anyone ever had trouble accessing the local network from a tunneled connection? Aside from not getting local traffic, I'm leaning to permit unencrypted traffic (for local, which would mean WEP only). By the way, the Zywall is great, wish I understood why Sentinel sorta hurt my performance so bad.

I am a bit confused what you mean by "...cannot access the LAN ..."

Is the client also behind NAT? Are the local and remote private networks on different subnets?

The client and server (the server is the Zywall 10W) are both on the lan, client at 192.168.1.33 server at 192.168.1.1 any attempt to get to the router for web service for example, telnet, whatever fails, also attempts to get to other computers on the LAN also fail (anything within the 192.168.1.x address space). However, no problem going out on the net. I'm not sure if it would be appropriate to try to make an IP rule and permit unencrypted local traffic (to 192.168.1.x) or if there are other zynos router commands/modifiers to permit local routing. I'm a neophyte with respect to VPN, and am doing my best to understand what's going on.

The router seems to be setup as; Wireless LAN (W2K Client) TO/FROM Zywall TO/FROM WAN my goal is;
Wireless LAN (W2K Client) TO/FROM Zywall TO/FROM WAN/LAN

I think this may be related to the Zywall "ipsec route lan on" command and how it processes. Is anyone familiar with this command, will it try to route ALL ipsec traffic to the WAN? If so, perhaps I can create a filter on the W2K client which excludes from the tunnel 192.168.1.x traffic, then route it only WEP encrypted for local functionality.
[text was edited by author 2003-02-22 16:13:47]

[text was edited by author 2003-02-22 16:14:45]

Without seeing your configuration, it sounds like you encrypt everything in the 192.168.1.1/24 address space.

So basically what happens is that the ZyWALL tries to talk with the other hosts on your lan with encrypted traffic.
Unless you use IPSec clients on those to, you wont be able to connect to them.

Rizal

Ahh that may make sense. I'm very new at this, I'll look the configuration over tonight a bit.... I'm thinking maybe a rule that exclused 192.168.1.x traffic from the tunnel, then permitting unencrypted traffic on the LAN (though it really wouldn't be unencrypted because it's wireless and would be WEP. Maybe I'll even write zyxel and inquire about the route command, perhaps it's sending all traffic from the tunnel out to the net and 192.168.1.x doesn't route well on the WAN side).

With my testing of a WLAN VPN setup using the ZyXEL instructions I can access the Z10W on 192.168.1.1, but no other LAN hosts, so it looks like Rizal is correct (as usual ).

said by bigsy:

---

so it looks like Rizal is correct (as usual ).

---

;P

Rizal

Looking at his avatar tag, I would say, its better to be lucky than good ;-P