Zyxel as VPN-Server role with zyxels connecting as clients + WAN failover.

B3liar
B3liar Posts: 2
edited July 2021 in Security
Dear fellow zyxel community i am struggling with my IpSec VPN + Failover configuration.

I got Zyxel USG FLEX 200 as VPN SERVER role and 6 Zyxels USG20W-VPN connecting as client-role, whole network is configured to work at Windows Server connected physicaly to the USG FLEX, those 6 zyxels are distributed on 6 points from where employes connect to the server VIA RDP and work from there on our shop system.

Everything seems to work fine, zyxels connect to the VPN people can use RDP without any problem also server communicate with theirs pc's without problems (fiscal printers) but since i added WAN failover it got kinda messy.

WAN 1 is our main connection but sometime it get down.
WAN 2 is our failover LTE connection.

When WAN 1 get's down whole network switch to WAN 2, zyxels in ending points disconnect for 10-15 seconds then reconnect to second IP on WAN 2 and continue to work but when WAN 1 comes back to life there starts problems.

Zyxels reconnect trought WAN 1, VPN is reconnected and seems to be alive but there is no communication between those zyxels (i cant ping from server to client and also from client to server) and after this comeback to WAN 1 one solution to fix this problem with connection is restart main ZYXEL FLEX or change IP pool/ip addres of client zyxel.

i will post my configuration if somebody will spot something wrong let me know :)

But remember thats its live system and i cant do experimental test's so i am pleading for tested/correct informations/suggestions. 

FLEX is : 192.168.1.1-255

Ending points are : 10.0.0.1 - 255
                              10.0.1.1 - 255
                              10.0.2.1 - 255
                                   ETC.

SERVER ROLE SCREENSHOTS : 
1. WAN/LAN CONF + FAILOVER



2. VPN CONF SERVER SIDE


















CLIENT SIDE : 


All Replies

Security Highlight