Best Of
Re: L2TP over IPSEC parameters for Windows 10 native client
Hi @valerio_vanni,
First, the configuration on your USG the phase 1 mode should be "Main" mode not "Aggressive mode".
Second, the Windows native L2TP/IPSec client using 3DES/SHA1/DH2 encryption by default.
https://learn.microsoft.com/en-us/troubleshoot/windows-client/windows-security/default-encryption-settings-for-l2tp-ipsec-vpn-client
If you want to change the encryption setting.
1. You need to use powershell command to create VPN connection,
Add-VpnConnection -Name "L2TPoverIPSecVPN" -ServerAddress <VPN_WAN_IP> -TunnelType "L2tp"
Set-VpnConnectionIPsecConfiguration -ConnectionName "L2TPoverIPSecVPN" -AuthenticationTransformConstants SHA196 -CipherTransformConstants AES128 -EncryptionMethod AES128 -IntegrityCheckMethod SHA1 -PfsGroup None -DHGroup Group2 -PassThru -Force
First, the configuration on your USG the phase 1 mode should be "Main" mode not "Aggressive mode".
Second, the Windows native L2TP/IPSec client using 3DES/SHA1/DH2 encryption by default.
https://learn.microsoft.com/en-us/troubleshoot/windows-client/windows-security/default-encryption-settings-for-l2tp-ipsec-vpn-client
If you want to change the encryption setting.
1. You need to use powershell command to create VPN connection,
Add-VpnConnection -Name "L2TPoverIPSecVPN" -ServerAddress <VPN_WAN_IP> -TunnelType "L2tp"
Set-VpnConnectionIPsecConfiguration -ConnectionName "L2TPoverIPSecVPN" -AuthenticationTransformConstants SHA196 -CipherTransformConstants AES128 -EncryptionMethod AES128 -IntegrityCheckMethod SHA1 -PfsGroup None -DHGroup Group2 -PassThru -Force
2. Then, on desktop screen, click on the Network icon in the bottom right hand corner. Right click and select "Open Network & Internet Settings".
3. Under the Advanced network settings section. Click "Change adapter options".
4. Select the VPN connection created. Right click and "select Properties". To edit the pre-share key and authentication method.
3. Under the Advanced network settings section. Click "Change adapter options".
4. Select the VPN connection created. Right click and "select Properties". To edit the pre-share key and authentication method.
Re: NR7101 Module Firmware Upgrade Fail
Bob_C said:Hi Magaggie,
Could you please contact Zyxel support team?
This case might need some remote troubleshooting sessions, and I think it'd be better to handle this case by ticket.
Please provide the NR7101's serial number while reporting the issue to the support team.
Contact Support | Zyxel Networks
You may refer to the System Info card (on the Home page) for the serial number.
Regards,
Bob
Hi Bob,
I actually tried doing this, but when I entered the modem SN, I was told that the device had been purchased through a provider (guessing telephone / internet company) and that I should contact them for support.
Unfortunately for me, I purchased the modem new (unused) but second-hand, through a website like craigslist (second-hand stuff) from a private individual, so in this case I don't really have anywhere else to turn to for help.
Magaggie
1
Re: NAS326 access problem due to services stopping automatically
Do you have a router above the NAS? If you do not have a router above NAS, it would not be safety.
If you have a router above NAS, you can set NAT for the device to access the service from WAN.
If you have a router above NAS, you can set NAT for the device to access the service from WAN.
Re: Attempt to login to USG100, Chrome reports ERR_SSL_VERSION_OR_CIPHER_MISMATCH
We have failover USG100's in place, they are very handy and used purely for firewall purposes. No use of VPN, Ant-Virus, Content Filter, etc with this model so we feel quite comfortable to continue to have this hardware in place. We will change hardware when we have the need however thank you for writing that once re: change hardware, we have our own requirements.mMontana said:I'll write once and never more in this topic: change that hardware as soon as possible. I'm still using USG20W and I have a spare USG100 for "safeboat" use but currently is not something that I suggest to customers to use, they are way too old for performances and security. It's like using a 10 year old tyre on a daily driver. Maybe you'll never hit the "right" pothole for make the tyre explode, or you're never gonna drive fast enough to tear it apart. But when it will happen, it won't be nice at all.
Re: NR7101 Module Firmware Upgrade Fail
You are correct. I found the option there!SELBERG said:Now i remember, @ backup restore it's possible to do a factory reset.
Magaggie
1
Re: NR7101 Firmware V1.00(ABUV.7)C0
Thanks for sharing the new version. In my location no 5G yet, but with 4G i have very nice speeds. On ABUV6 i had same download speed, but 50-60Mbps upload speed on same bands (B3,B7,B1,B20). Now i have double upload on ABUV7 with R11A07 module. 
Re: NR7101 randomly disconnect during the day
Have you tried the latest V7 firmware? I was getting random modem drops on V6 but V7 seems fine.
Noddy
1