Alfonso  Master Member

Hi @MasProject From my point of view, a VPN is usually complex and it does not work at once. There are so many ways to configure a VPN I recommend watching the following video: Zyxel NSG Series - Building up a Site-to-Site VPN to a Non-Nebula Peer Regards

Hi @FrankIversen You are describing an IDP (Intrusion Detection and Prevention). Zyxel has their own solution https://www.zyxel.com/products_services/Security-Service-Intrusion-Detection-and-Prevention/introduction Unfortunately, it looks your device is not compatible…

Hi @Cava In your scenario, the VPN must be established via the public ip address, so the following configuration must be done on the fiber router: - Static NAT: Source: Public IP address on the fiber router Destination: 192.168.1X (WAN USG110) Port: 500 UDP, 4500 UDP And the IP protocols: ESP (Ip protocol 50) and AH (ip…

Hi @dbarchitectes L2TP IPSec on Windows 10 problems are known. Quick solution is to execute, and reboot the pc REG ADD HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f But I suggest to read the following links:…

Hi @ezekiel74 We are on tenterhooks regarding on your VPN. Please let us know if you get it. Best regards

Hi @ezekiel74 "No proposal chosen" : your combination of your encryption, hash and dh group is different on both devices. As I do not have an iphone, I do not know ipsec iphone capabilities. But I suppose that the following configuration should work: Encryption: AES Hash: SHA1 DH: 2 I hope you will get it :)

Do you have a config backup? If you do, I suppose you can reset if, and then upload the backup config (after removing admin password).

Hi @Ian31 and @alexey Otherwise to solve this issue is creating tunnel (for example tunnel GRE) and IPSEC Let's suppose site A as HUP VPN, and site B and C as remote sites. Two site-to-site IPSec VPNs: Site A <--> Site B Site A <--> Site C Flows between Site B and C could be done via a tunnel GRE between an interface on…

Hi @NoCoZ Temporary solution: The access points are isolated because there is no a cable from Zyxel POE switch to Netgear switch. Plug an ethernet cable to connect both switches. Regards

Hi @alexey I am not sure if I understood well your network architecture. Please, let me ask some questions: Is site A (USG1100) a vpn hub? If site A is vpn hub, all flows between sites B, C and D go via site A. For example, a flow from site B to site C would be as follows: Site B -- (vpn to Site A) -- Site A -- (vpn to…

HI @Tushar I suppose the log is: "abnormal TCP flag attack detected, Drop" This issue occurs when the device receives packets with: (1) ALL TCP flags bit are set at same time. (2) SYN, FIN bits are set at same time. (3) SYN, RST bits are set at same time. (4) FIN, RST bits are set at same time. (5) Only FIN bit is set. (6)…

Yes, i usually use my own vpn. My mobile is configured to use my vpn server, and once is connected all flows go via the VPN, so the showed public ip address is the vpn server. Regards 

Hi @ezekiel74 I recommend to you l2tp over ipsec. Most android & ios phone and windows pc can be configured to establish this kind of vpn without installing any new app/software. Here it is a link which shows how to do it:…

Other brands are announcing new products with WPA capabilities: https://www.netgear.com/home/products/networking/wifi-routers/RAX120.aspx I hope Zyxel will surprise us with news about WPA3.

Hi @ezekiel74 According to your scenario: While the vpn is up, the showed ip address of your mobile/laptop should be 153.23.24.58. But once the vpn. is down ... your ip address will be 81.20.139.26. So if I understood you well, you want to configure a nomad IPSec VPN server on the USG60, be cause you want to show "always"…