VPN and routing between branches

Hi, I have established a VPN between two ZyWALL 5 routers in two different places. Both are connected to the DSL Internet connection with fixed IP address.

My configuration looks like this:

Branch A

- ZyWALL WAN IP- xxx.xxx.xxx.86

- Key Management - IKE

- Local IP Address - 192.168.0.1 - 192.168.0.253

- Remote IP Address - 192.168.10.1 - 192.168.10.253

- Encap. - Tunnel

- IPSec Algorithm - ESP DES SHA1

- Secure Gateway Address - xx.xx.xxx.146

- Authentication Method - Pre-Shared Key

- My IP Address - 0.0.0.0

Branch B

- ZyWALL WAN IP- xxx.xxx.xxx.86

- Key Management - IKE

- Local IP Address - 192.168.10.1 - 192.168.10.253

- Remote IP Address - 192.168.0.1 - 192.168.0.253

- Encap. - Tunnel

- IPSec Algorithm - ESP DES SHA1

- Secure Gateway Address - xx.xx.xxx.86

- Authentication Method - Pre-Shared Key

- My IP Address - 0.0.0.0

I can see that the tunnel between branches is established with success, but cannot reach (i.e. ping) hosts from A to B and opposite.

Why is that?

For any help thanks in advance With best regards Mike

Reply to
Michal Z.
Loading thread data ...

-Hi,

-I have established a VPN between two ZyWALL 5 routers in two different

-places. Both are connected to the DSL Internet connection with fixed IP

-address.

-

-My configuration looks like this:

-

-Branch A

-- ZyWALL WAN IP- xxx.xxx.xxx.86

-- Key Management - IKE

-- Local IP Address - 192.168.0.1 - 192.168.0.253

-- Remote IP Address - 192.168.10.1 - 192.168.10.253

-- Encap. - Tunnel

-- IPSec Algorithm - ESP DES SHA1

-- Secure Gateway Address - xx.xx.xxx.146

-- Authentication Method - Pre-Shared Key

-- My IP Address - 0.0.0.0

-

-Branch B

-- ZyWALL WAN IP- xxx.xxx.xxx.86

-- Key Management - IKE

-- Local IP Address - 192.168.10.1 - 192.168.10.253

-- Remote IP Address - 192.168.0.1 - 192.168.0.253

-- Encap. - Tunnel

-- IPSec Algorithm - ESP DES SHA1

-- Secure Gateway Address - xx.xx.xxx.86

-- Authentication Method - Pre-Shared Key

-- My IP Address - 0.0.0.0

-

Was it a typo, or do you really have .86 as the address of the Wan and gateway on Branch B? If the latter, then make the WAN IP .146 for starters.

When I setup a Zywall, I used the remote IP subnet, not range ie 192.168.10.0 and 255.255.255.0 I also used MD5 not SHA1.... hth

-Rob robatwork at mail dot com

Reply to
Rob S

Hi, I manged tis problem and suceed! It was the matter of upgrading firmwares.

In fact I made a mistake in WAN IP in Branch B

Best regards Mike

Reply to
Michal Z.

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.