VPN - Zyxel Community

How to Resolve RADIUS Authentication Issues over route based VPN on FLEX H Series
Question: Why is my FLEX H series device unable to reach the RADIUS server over route based VPN Topology: FLEX H series <Site to Site VPN> Peer Gateway - Radius server Answer: For local out traffic, FLEX H used the VTI address as inquiry source address Below are steps to troubleshoot and resolve the issue: * Ensure the…
How to Resolve VPN Connection Issues with Flex H Series and RADIUS Server
How can I resolve VPN connection issues with the ZyWALL FLEX 200H and RADIUS server? A common issue with the ZyWALL FLEX 200H, especially when performing RADIUS authentication via VPN, is the device's inability to communicate with the RADIUS server on the other end of the VPN tunnel. LAN clients can communicate just fine,…
How to Resolve VPN Connection Issues with Flex H Series and RADIUS Server
How can I resolve VPN connection issues with the ZyWALL FLEX 200H and RADIUS server? A common issue with the ZyWALL FLEX 200H, especially when performing RADIUS authentication via VPN, is the device's inability to communicate with the RADIUS server on the other end of the VPN tunnel. LAN clients can communicate just fine,…
How to Resolve VPN Connection Issues with Flex H Series and RADIUS Server
How can I resolve VPN connection issues with the ZyWALL FLEX 200H and RADIUS server? A common issue with the ZyWALL FLEX 200H, especially when performing RADIUS authentication via VPN, is the device's inability to communicate with the RADIUS server on the other end of the VPN tunnel. LAN clients can communicate just fine,…
[USG FLEX H]How to Set Up 2FA with Google Authenticator for Remote Access VPN and SSL VPN
Google Authenticator is a highly secure method for receiving verification codes for two-factor authentication (2FA). It generates a new code every 30 seconds, ensuring that each code remains valid for only a brief period. Additionally, Google Authenticator is free to download, easy to use, and functions without requiring…
Why can't I establish a site-to-site VPN using a PPPoE connection on the USG Flex H?
Question : Why can't I establish a site-to-site VPN using a PPPoE connection on the USG Flex H? Answer : The user may encounter an issue where they cannot establish a site-to-site VPN connection using a PPPoE connection. The possible reason could be that the user has set the wrong WAN interface of My Address such as ge1…
How can I ensure DNS queries from H series firewall could route through the VPN to peer site?
The DNS query packets initialed firewall(local out) to remote VPN gateway via VPN tunnel, you need to use a Route-Based VPN and additional policy route rule. Since the Route-Based VPN will auto generate a Virtual Tunnel Interface automatically. Then you can create additional policy or static route to by pass the traffic.
How can I establish an SSL VPN connection with the USG Flex H models using SecuExtender?
Scenario : This article will guide you on how to configure an SSL VPN connection with the SecuExtender VPN client. Answer : The following verification steps were performed using the USG Flex 200HP with V1.30P1 and the SecuExtender VPN client with V7.7.50.008. Please navigate to VPN > SSL VPN > to configure the Incoming…
How to make H series as VPN server role?
Scenario: The branch1, 2 would access HQ subnet and vice versa through Site to Site VPN Solution: If you don't want to use Route based VPN, You can use Policy based VPN as alternative. HQ Site: 1)Setup Peer Address is Dynamic Addeess 2)Check Iniation is Responder Only and Remote TS is "0.0.0.0/0" You don't need to add…
How to verify which traffic will into VPN tunnel on H series?
Question: How to verify which traffic will into VPN tunnel on H series? Answer: You can fine which traffic will into Tunnel by following command usgflex700h> show ipsec xfrm-policy vrf main
How to trace IPsec log?
Scenario: You have IPSec VPN problem, It may be disconnection or traffic problem, Please collect the following information to Zyxel Support Maintenance > Diagnostics > Network Tool 1)Network Tool: IPsec Trace Log , click "Start" 2)Try to replicate issue or wait the issue happened then stop 3)Download the "ipsecvpn.log" and…
Why I can't find the allow subnets in ovpn file?
Question: You have setup split tunnel for OpenVPN, but can't find the allowed subnet in ovpn srcipt? Answer: The VPN server tell OpenVPN client what subnets allowed during "Connecting Phase" instead of ovpn script. You can see the process from OpenVPN log.
Why can't I connect SSL VPN to USG FLEX H using SecuExtender SSL VPN Client Windows client 4.0.5.0?
Question: Why can't I connect SSL VPN to USG FLEX H using SecuExtender SSL VPN Client Windows client 4.0.5.0? Answer: The old SecuExtender SSL VPN Client Windows client 4.0.5.0 is not compatible with USG FLEX H series.…
How to configure site to site VPN with multiple subnets between ZLD and uOS using route-based?
This example shows how to use the VPN Setup Wizard to create a site-to-site VPN with the Peer gateway is ZLD device using route-based VPN. And there are multiple subnets can commuicate each other The example instructs how to configure the VPN tunnel between each site. When the VPN tunnel is configured, each site can be…
How to configure site to site VPN between ZLD and uOS using route-based?
This example shows how to use the VPN Setup Wizard to create a site-to-site VPN with the Peer gateway is ZLD device using route-based VPN. The example instructs how to configure the VPN tunnel between each site. When the VPN tunnel is configured, each site can be accessed securely. Set up IPSec VPN Tunnel for uOS VPN >…
Why can't I establish a VPN connection after updating to iOS 18? How can I resolve this issue?
Question : Why can't I establish an IKEv2 VPN connection after updating to iOS 18? How can I resolve this issue? Answer : Since there are changes to the VPN Phase 1 and Phase 2 parameters for iOS's native VPN client, please modify them accordingly to allow the remote VPN to work. USG Flex/ATP firewall model settings:…
How to find the license key from a client workstation that uses SecuExtender VPN Client?
Question: How to find the license key from a client workstation that uses SecuExtender VPN Client? Answer: On SecuExtender VPN Client, click "About..." to check the licnese key and registration Email.
How do I access a specific LAN subnet exclusively via SSL VPN's split tunnel?
Question : In some circumstances, the user may want to access a specific LAN subnet via the SSL VPN tunnel only, while accessing the internet through the local network. How can this be set up? Answer : Please navigate to VPN > SSL VPN > Client will use VPN to access > Choose Local Network Only (Split Tunnel) and add the…
Why can't you establish an SSL VPN connection with the USG Flex H models?
Question : Why can't you establish an SSL VPN connection with the USG Flex H models, and why are there "Match default rule DROP" log messages? Answer : The possible reason is that the SSL VPN service port is not allowed from the WAN to Device security policy. For example, the Server port of the SSL VPN is 10443. The user…
Why can't I establish a VPN connection after updating to macOS Sonoma? How can I resolve this issue?
Question : Why can't I establish a VPN connection after updating to macOS Sonoma? How can I resolve this issue? Answer : Since there are changes to the VPN Phase 1 and Phase 2 parameters for macOS Sonoma's native VPN client, please modify them accordingly to allow the remote VPN to work. USG Flex/ATP firewall model…

Welcome!

It looks like you're new here. Sign in or register to get started.