SSH sentinel and ZYWALL70 VPN Connection

Archived from groups: comp.security.firewalls (More info?)

On Wed, 23 Jun 2004 16:32:42 +0300, "Hatzigiannakis Nikos"
<ypai@aigaio.gr> wrote:
>
>Trying to establish a VPN connection from my home laptop to my company's
>Internel LAN secured with a ZYXEL ZYWALL 70 firewall.
>
>From my home computer I try to make a connection with SSH sentinel 1.4. The
>connection seems to be OK, because I get I message "VPN connection
>successfully established". But when I go to the explorer and type an IP
>address of one of the computers in the network I can't get a connection.
>What is going wrong?
>

What happens when you do a traceroute to that IP address?

Archived from groups: comp.security.firewalls (More info?)

On Wed, 23 Jun 2004 19:56:20 +0300, "Nikos Hatzigiannakis"
<nikos@khy.gr> wrote:
>
>The traceroute indicates that all the traffic goes to the default ISP
>gateway and not to the VPN tunnel
>

Well, that's a pretty good indication that SSH Sentinel is not
properly configured. Did you follow the instructions on the ZyXEL Tech
Support note I posted some time ago?

Archived from groups: comp.security.firewalls (More info?)

On Wed, 23 Jun 2004 20:51:17 +0300, "Nikos Hatzigiannakis"
<nikos@khy.gr> wrote:
>
>I did everything the support note says.
>
>I can not figure out how can I troubleshoot the problem since I get the "VPN
>connection successfully established" and have no error messages in the
>ZYWALL log.
>

Try this and see what happens:

http://www.zyxel.com/support/suppo [...] /ipsec.htm

Archived from groups: comp.security.firewalls (More info?)

Sorry, I didn't see the other replies before I posted my last one
about pinging the remote side.

What IP addressing scheme are you using on both ends?
With this setup, if you're using the same addresssing scheme
e.g. 192.168.0.x on both sides, you will be able to create a
tunnel, but not be able to share anything or take any other action.

Brad





On Wed, 23 Jun 2004 20:51:17 +0300, "Nikos Hatzigiannakis"
<nikos@khy.gr> wrote:

>I did everything the support note says.
>
>I can not figure out how can I troubleshoot the problem since I get the "VPN
>connection successfully established" and have no error messages in the
>ZYWALL log.
>
>
>
>Should I configure any firewall rules in the ZYWALL ?
>
> Is there any other indication that the VPN tunnel is working (except the
>try and error method)?
>
>
>
>Any further help will be mostly appreciated
>

Archived from groups: comp.security.firewalls (More info?)

Currently I'm testing the same VPN configuration, it means Zyxel
ZYWALL 70 + SSH Sentinel, and I'm fighting a bit in order to make the
connection working. As Mr. Nikos the tunnel it's build up succesfully
in 2 remote client under test (first WIN XP Pro and second WIN 98).
But with WIN XP Pro I can partially access the network resouces,
instead with WIN 98 I cannot ping and obviously I cannot use any
remote network resources.

> On Wed, 23 Jun 2004 16:32:42 +0300, "Hatzigiannakis Nikos"
> <ypai@aigaio.gr> wrote:
>
> >Trying to establish a VPN connection from my home laptop to my company's
> >Internel LAN secured with a ZYXEL ZYWALL 70 firewall.
> >
> >From my home computer I try to make a connection with SSH sentinel 1.4. The
> >connection seems to be OK, because I get I message "VPN connection
> >successfully established". But when I go to the explorer and type an IP
> >address of one of the computers in the network I can't get a connection.
> >What is going wrong?
> >

Archived from groups: comp.security.firewalls (More info?)

On 23 Jun 2004 23:56:40 -0700, nonusarlo@virgilio.it (Sciawatt) wrote:
>
>Currently I'm testing the same VPN configuration, it means Zyxel
>ZYWALL 70 + SSH Sentinel, and I'm fighting a bit in order to make the
>connection working. As Mr. Nikos the tunnel it's build up succesfully
>in 2 remote client under test (first WIN XP Pro and second WIN 98).
>But with WIN XP Pro I can partially access the network resouces,
>instead with WIN 98 I cannot ping and obviously I cannot use any
>remote network resources.
>

Are you running the latest firmware on the ZyWALL 70, released on June
9th?

In any case, if the SSH Sentinel isn't atracting traffic to its
virtual interface, to me that suggests something's wrong on the SSH
Sentinel side. No guarantees, though...