Routing between two networks via VPN. Where is the behavior?

There is a LAN with a router Bintec-Elmeg be.ip Plus (is this German beastwhich works well with the local ALL-IP business connection from Deutsche Telekom). The LAN network is 192.168.5.0/24.

You must associate a VPN with a branch in Russia. Set-up in Russia, I can control only partially, i.e. to "throw away all nafig and to put the right hardware" option there.

After long dances with a tambourine and dances managed to configure a VPN tunnel IPSec IKEv1, which correctly bound my be.ip Plus with Zyxel USG 300 is not side in Russia. ZyXEL this has an address of 10.10.10.1, and it is through one intermediate hop, rutic to grids 192.168.1.0/24, 2.0/24, 3.0/24. I'm on their side of the tunnel rose accordingly 10.10.10.5 and prescribed routing to 192.168.1-3.0/24 through the tunnel.

But then it's a full neponyatka rooted Tolley, Tolley pervolume, which between the already 3 pieces. From my network I can ping the 10.10.10.0/24. From Russia pinged all my network (192.168.5.0/24), but I myself can't reach I need 192.168.1-3.0/24. And yet there is such an anomaly: if from Russia to ping any device on my network and at the same time to run from device, ping back, he suddenly appears.

Please help me, dear network guru. Already 2 days with this problem I suffer ;(
March 12th 20 at 08:01
1 answer
March 12th 20 at 08:03
Solution
And yet there is such an anomaly: if from Russia to ping any device on my network and run from device, ping back, he suddenly appears.


The symptoms are very similar to the problem with the tunnel or with stateful firewall, look this way.
Yes. The problem was with the configuration of the Phase-2 profiles (on ZyXEL in the Policy you can specify only one network). Divided into three profile went. - constance0 commented on March 12th 20 at 08:06

Find more questions by tags ZyXELNetwork equipmentSystem administrationVPN