-
Why Did the L2TP VPN Connection Stop Working
Question: L2TP VPN connection stops working. What settings can I check? Answer: 1. Check the local policy setting: The range 192.168.50.1 - 192.168.50.250 is the L2TP VPN client pool. Ensure that the local policy is not set to this range. Instead, set it to 0.0.0.0. 2. Verify the NAT rules: Review NAT rules to ensure that…
-
How to Resolve IKEv2 VPN Connection Issues on iOS 18.3?
Question: VPN IPSec IKEv2 is not working on iOS 18.3. How can I resolve IKEv2 VPN connection issue? Answer: Currently, there is a known issue with the mobileconfig for IKEv2 on iOS devices that requires manual modification before importing it to an iPhone or iPad. This will be resolved with the release of firmware 5.40…
-
Why we get lots log say:The tunnel [SA_XXX_XX] dns update is failed in Nebula
Question: Why we get lots log say:The tunnel [SA_XXX_XX] dns update is failed in Nebula Answer: This error often occurs because there is unused WAN interface is attempting to initiate the VPN session, but it is down. To resolve this issue, please remove unused WAN from the secondary interface at Nebula VPN page. This…
-
Why I cannot connect ikev2 VPN when WAN address is private IP
Question: Why I cannot connect ikev2 VPN when WAN address is private IP? Answer: Ensure that ports 500 and 4500 are forwarded to the firewall. More information can be found If you need further assistance, feel free to contact Zyxel support.
-
Why can't the SecuExtender obtain the VPN provisioning file from the firewall using an AD account?
Question : Why can't SecuExtender obtain the VPN provisioning file from the firewall using an AD account, resulting in the error message 'Authentication Failed: Wrong Login/Password'? Answer : There are two possible reasons: The user entered the wrong password when retrieving the VPN provisioning file. The user selected…
-
The latest SecuExtender VPN client can't fetch VPN config from legacy USG series.
Question: The latest SecuExtender VPN client can't fetch VPN config from legacy USG series. Answer: The latest VPN client does not support when VPN gateway as Legacy USG Series(USG110,USG310..etc) Please use native IKEV2 client or replace the ATP/FLEX/FLEX H series as instead.
-
Why Can't I Access the Internet When Connected to VPN on Mac?
A customer reported that they are unable to access the internet when connected to VPN using SecuExtender on a Mac device. Issue: * Internet access is blocked when connected to VPN. * Unable to ping external addresses like google.com or 8.8.8.8. Solution: * Ensure that you are using Full Tunnel settings on your firewall.…
-
Why Did I Encounter an Error When Activating My Zyxel SecuExtender License?
If you're experiencing an error while trying to activate your Zyxel SecuExtender license, it might be due to an invalid product version. Resolution: Ensure that you are using the correct version of the SecuExtender client for your license key. The approved version for your key is available please find the Release Note at…
-
Why is the L2TP VPN connection with 2FA not working on USG Flex/ATP models?
Question : The user can follow this FAQ: How to Use Two Factor with Google Authenticator for VPN Access? to set up the L2TP VPN connection with 2FA but why is the L2TP VPN connection with 2FA not working? Answer : The user may miss the configuration as shown below and let the L2TP VPN connection with 2FA not working.…
-
How do I manually add a profile on the iPhone for an IKEv2 VPN connection with on-premise Firewall?
Question : How do I manually add a profile on the iPhone for an IKEv2 VPN connection with on-premise Firewall? Answer : The user can not only import the .mobileconfig file downloaded from the firewall to the iPhone's IKEv2 VPN connection but also manually add an IKEv2 VPN profile on the iPhone. For example, the steps below…
-
How to configure IPv6 IPSec VPN (USG FLEX/ATP)
Scenario: This guide explains how to set up an IPv6 IPsec VPN connection between two locations using Zyxel USG FLEX/ATP firewalls, such as a headquarters and a branch. Before You Begin Ensure the IPv6 setting is enabled on your firewall. Follow this guidance article for instructions. How to Enable IPv6 Settings on Firewall…
-
Cannot connect Remote VPN deplopyed by mobileconfig since iOS18
Symptom: You cannot connect Remote VPN which deployed by mobileconfig since iOS18, You have to create VPN profile manually as alternative Workaround: 1)edit mobileconfig by notepad Find the following lines <key>LocalIdentifier</key> <string></string> and change to <key>LocalIdentifier</key> <string>Zyxel</string>
-
Why does my Android connect to IKEv2 remote access VPN but cannot access other LAN?
Question: Why does my Android connect to IKEv2 remote access VPN but cannot access other LAN? Answer: If you follow this FAQ to set up IKEv2 remote access VPN, IKEv2 VPN with Pre-Shared key on Mobile Devices (Instead of L2TP) — Zyxel Community, please try to set the configuration payload. Some Android might not be able to…
-
How to import TGB profile in MACOS
Question: How to import TGB profile in MACOS Answer: 1)Select import 2)Choose the File with .tgb extension
-
How to Configure IKEv2 VPN for macOS 15 on old USG/ZyWALL series?
Question: What are the settings for configuring IKEv2 VPN on macOS 15 (Sequoia) using Zyxel USG40 and other USG/ZyWALL using firmware 4.73 patch 2? Answer: To set up IKEv2 VPN for macOS 15 (Sequoia) with the Zyxel USG40 and other USG/ZyWALL devices, use the following configurations: Phase 1 (Gateway) Encryption Algorithm:…
-
What are the settings for configuring L2TP VPN on macOS 15 (Sequoia) using old USG/ZyWALL series?
Question: What are the settings for configuring L2TP/IPSec VPN on macOS 15 (Sequoia) using old USG/ZyWALL series? Answer: To configure L2TP VPN for macOS 15 (Sequoia) with the Zyxel USG40 and other USG/ZyWALL using firmware 4.73 patch 2, please follow these settings based on the successful configurations: Phase 1 (Gateway)…
-
Why my Android phone cannot connect to IKEv2 remote access VPN with Pre-Shared key?
Question: Why my Android phone cannot connect to IKEv2 remote access VPN with Pre-Shared key? Answer: If you follow this FAQ IKEv2 VPN with Pre-Shared key on Mobile Devices (Instead of L2TP) — Zyxel Community but encounter connection failure, please check if your Pre-Shared key has big capital and change it to small…
-
IKEv2 VPN with Pre-Shared key on Mobile Devices (Instead of L2TP)
This article will show you how to connect mobile phones (Android and iPhone (iOS)) with IKEv2 PSK (pre-shared key) instead of L2TP. Because in Android 12 and later, L2TP support is no longer available. This article will also look at how to set up IKEv2 PSK for iOS users. First, we need to set up the Tunnel on our Firewall;…
-
Why can't I ping servers over VPN when IKEv2 VPN is established on SecuExtender?
Question: IKEv2 VPN is established on SecuExtender. However, I cannot ping the gateway IP of USG FLEX or servers in LAN. Answer: Review the Two-Factor Authentication (2FA) settings:* Navigate to Object > Auth. Method > Two-Factor Authentication > VPN Access. * Check if 2FA is enabled for all VPN services and users. * If…
-
How to resolve SecuExtender VPN Error Code 70?
Question: I am encountering Error Code 70 while trying to activate SecuExtender VPN, even though I have administrative rights. How can I resolve this? Answer: Error Code 70 typically indicates that the VPN client cannot access the licensing server to get the authorization token needed for activation. To resolve this issue,…