{"id":180,"date":"2017-06-29T22:39:00","date_gmt":"2017-06-29T22:39:00","guid":{"rendered":"https:\/\/www.mainmind.com\/blog\/?p=180"},"modified":"2020-07-27T11:15:25","modified_gmt":"2020-07-27T11:15:25","slug":"vpn-zyxel-usg-no-rule-found-dropping-packet","status":"publish","type":"post","link":"https:\/\/www.mainmind.com\/blog\/vpn-zyxel-usg-no-rule-found-dropping-packet\/","title":{"rendered":"VPN Zyxel USG: No rule found, dropping packet"},"content":{"rendered":"<p>Existen diversos escenarios para la configuraci&oacute;n de VPN entre dos dispositivos, en este caso aparece en un equipo Zyxel USG el error:<\/p>\n<pre class=\"brush:plain;auto-links:false;toolbar:false\" contenteditable=\"false\">error &nbsp; &nbsp; &nbsp;IPSec &nbsp; &nbsp; &nbsp;SPI:0x6c2b84d9 (1814791385) SEQ:0x0001 (4200) No rule found, Dropping packet &nbsp; &nbsp; &nbsp;ipsec <\/pre>\n<p>Donde \u00abno se ha tocado nada\u00bb pero se ha desconectado el tunel o bien solo aparece como activo en una de las partes y en la otra no (cosas de l&oacute;gica inform&aacute;tica). En estos casos es mejor no dar por sentado ning&uacute;n razonamiento y comprobar la comunicaci&oacute;n entre ambas partes.<\/p>\n<p>El error se&ntilde;alado indica, en este caso, que un equipo intermedio tiene habilitado alg&uacute;n tipo de NAT o NAPT o no permite el tr&aacute;fico de un protocolo (ESP, en este caso por ser IPSec) se puede solucionar habilitando la funcionalidad VPN Passthrought si la tiene o estableciendo un DMZ hacia la IP del firewall final, por ejemplo.<\/p>\n<p>&nbsp;<\/p>\n<p><img decoding=\"async\" src=\"\/blog\/wp-content\/uploads\/\/2017\/SPI_ESP_ZYXEL.jpg\" alt=\"\" \/><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Existen diversos escenarios para la configuraci&oacute;n de VPN entre dos dispositivos, en este caso aparece en un equipo Zyxel USG el error: error &nbsp; &nbsp; &nbsp;IPSec &nbsp; &nbsp; &nbsp;SPI:0x6c2b84d9 (1814791385) SEQ:0x0001 (4200) No rule found, Dropping packet &nbsp; &nbsp; &nbsp;ipsec Donde \u00abno se ha tocado nada\u00bb pero se ha desconectado el tunel o bien solo [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[399,400,401,259,398,51],"class_list":["post-180","post","type-post","status-publish","format-standard","hentry","category-firewall","tag-drop","tag-packet","tag-rules","tag-usg","tag-vpn","tag-zyxel"],"_links":{"self":[{"href":"https:\/\/www.mainmind.com\/blog\/wp-json\/wp\/v2\/posts\/180","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mainmind.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mainmind.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mainmind.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mainmind.com\/blog\/wp-json\/wp\/v2\/comments?post=180"}],"version-history":[{"count":0,"href":"https:\/\/www.mainmind.com\/blog\/wp-json\/wp\/v2\/posts\/180\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.mainmind.com\/blog\/wp-json\/wp\/v2\/media?parent=180"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mainmind.com\/blog\/wp-json\/wp\/v2\/categories?post=180"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mainmind.com\/blog\/wp-json\/wp\/v2\/tags?post=180"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}