I would like to connect 2 VPN50 to 1 VPN100 using a site-to-site connection.
VPN50_100_User
Posts: 4
in Security
Hello everyone,
I have a question about the Site-To-Site VPN connection with multiple Zyxel Zywalls.
I would like to connect 2 VPN50 to 1 VPN100 using a site-to-site connection.
Can someone show me a configuration example. My problem is that 1 VPN 50 works fine with the VPN100, but with the second VPN50 I always get a dial time out error.
Thank you very much in advance for your help.
0
Accepted Solution
-
1
Guru MemberAll Replies
-
1 gateway and 1 tunnel for every VPN50 on VPN100.Also, on VPN50 tunnel should be nailed up, on VPN100 not.Do not overlap subnets among sites. Or manage it correctly (NAT)0
-
@VPN50_100_UserIf you want two VPN50 connect to VPN100, you need to create two VPN profiles on VPN100 for this scenario.Also, you can set different Proposal or Pre-shared key to avoid rule mismatch.Be aware that just mMontana mentioned do not overlap subnets among sites.If the VPN still down, you can go to Monitor>Log> Select IKE on category field to understand which phase failed.0
-
Thank you kindly for the answers.I'm afraid there might be an address problem. I used the following addresses:VPN100 - VPN Connection 1: Local Policy: LAN1_SUBNET INTERFACE SUBNET, 10.168.0.0/19Remote Policy: VPN50-1 SUBNET, 10.168.166.0/24VPN100 - VPN Connection 2: Local Policy: LAN1_SUBNET INTERFACE SUBNET, 10.168.0.0/19Remote Policy: VPN50-2 SUBNET, 10.168.133.0/24VPN50-1 - VPN Connection: Local Policy: LAN1_SUBNET INTERFACE SUBNET, 10.168.166.0/24Remote Policy: VPN100 SUBNET, 10.168.0.0/19VPN50-2 - VPN Connection: LAN1_SUBNET INTERFACE SUBNET, 10.168.133.0/24Remote Policy: VPN100 SUBNET, 10.168.0.0/19Is the addressing given above correct?The LOG entries from the VPN100 are:IKE - The cookie pair is : 0x45a07b4db5077d02 / 0xf1814d0662645e68IKE - [info] Send:IKE - The cookie pair is : 0xf1814d0662645e68 / 0x45a07b4db5077d02IKE - [info] Recv:Security Policy Control - Match default rule, DROP
somebody knows what i'm doing wrong?0 -
These LOG entries are repeated a few times and then there are the following entries:IKE - [INIT] Send:[SAr1][KE][NONCE][NOTIFY][NOTIFY][NOTIFY][CERTREQ][VID][VID][VID]IKE - [AUTH] Recv:[IDi][CERTREQ][AUTH][SA][TSi][TSr][NOTIFY][NOTIFY][NOTIFY][NOTIFY]IKE - [ID] : Tunnel [IKEv2_Tunnel_Site_to_Site_IHL] Phase 2 Remote policy mismatchIKE - [SA] : No proposal chosenIKE - IPsec SA negotiation failed0
-
Thank you very much for your help.The link was very helpful. I had a typo in the dns entry in the VPN100. Now everything works fine.Thanks again for your help0
-
Thanks for the helpful post ... Please share this post on ( https://gbplusmod.com/ ) ..Here a lot of people are askimg me the same...-1
-
If your carrier allows it, you can view your APN settings in one of the following locations: Settings > Cellular > Cellular Data Options > Cellular Network. Settings > Mobile Data > Mobile Data Options > Mobile Data Network-1
Zyxel Employee
Categories
- 8.4K All Categories
- 1.6K Nebula
- 70 Nebula Ideas
- 57 Nebula Status and Incidents
- 4.5K Security
- 226 Security Ideas
- 981 Switch
- 46 Switch Ideas
- 872 WirelessLAN
- 22 WLAN Ideas
- 5.1K Consumer Product
- 156 Service & License
- 280 News and Release
- 59 Security Advisories
- 13 Education Center
- 579 FAQ
- 262 Nebula FAQ
- 160 Security FAQ
- 76 Switch FAQ
- 74 WirelessLAN FAQ
- 7 Consumer Product FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 69 About Community
- 46 Security Highlight
