USG40 - VPN tunnel with virtual interface WAN IP
Running a USG40 with multiple WAN IPs and want to get the VPN tunnel to work with on of the IP adresses from the virtual interface.
Hardware:
Model Name:USG40
Firmware Upgrade Wizard:V4.65
WAN1: 1x static ip behind cable-modem (/28 subnet - other range than the following)
WAN1:1 several assignable ip adresses (/29 subnet)
using the virtual interface to use ONLY the 2 adresses from the /29 subnet
but USG gets the WAN1 IP adress via DHCP
WAN1:1 is assigned by myself (static)
created the objects (Hosts) and created the routing:
host_static_1
host_static_2
host_static_3
routing
LAN1 (/24) SNAT via host_static_1
SERVER (HOST) - also on LAN1, but SNAT host_static_2
SERVER2 (HOST) - also on LAN1, but SNAT host_static_3
(no VLAN, crappy config..)
thats working fine, BUT:
with the USG40 i cant get IPSec to work at all!
Before some days it worked with the WAN1 IP (dhcp assignment), but never with on the the IPs from the virtual interface.
Any Idea how can I get this to work properly?
All Replies
-
Hi @slaven
Welcome to join Zyxel community
.Is your USG40 behind the modem and you would like to use Virtual interface to create VPN connection?
Which VPN topology you would like to create? Site-to-site VPN? or USG40 as a VPN server role?
Thanks.
0 -
Hi, correct - cable modem.USG40 should work as VPN server.0
-
Hi @slaven
According to your situation, please refer to the below labs:
USG60W behind NAT as an L2TP VPN server role with the virtual interface WAN IP.
Topology:
The USG60W behind Zywall110 and USG60W as an L2TP VPN server role let PCs can create L2TP VPN connections to USG60W via the internet. There is a precondition that Zywall110 must set a NAT rule therefore PCs from the internet can connect to USG60W. Likewise, you need to set a NAT rule on your cable modem to make it can redirect traffic to your USG40.Zywall 110 NAT setting:
BTW, must allow L2TP services (IKE, NATT, L2TP-UDP) can be forward, please refer to the below link:
The USG60W setting:
Interface setting:
The USG60W's L2TP VPN Wizard setting:
Verification result: L2TP VPN connections are successfully built from PCs.
USG60W behind NAT as an SSL VPN server role with the virtual interface WAN IP.
Topology:
Zywall 110 need to set NAT rule and allow SSL VPN port service can forward to USG60W.
You can refer to this forum discussion:
https://community.zyxel.com/en/discussion/2139/ssl-vpn-behind-a-other-router
The USG60W's SSL VPN settings:
Please install SSL VPN client software on your PC.
SSL VPN SecuExtender download link(the current version is SSL_VPN_Client_4.0.4.0)
The SSL VPN client connect to the SSL VPN server.
The SSL VPN client is connected.
Verification result: The SSL VPN connection is successfully built from the PC.
0
Zyxel Employee
Categories
- All Categories
- 384 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 80 Nebula Status and Incidents
- 5.1K Security
- 78 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 209 Service & License
- 335 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 898 Nebula FAQ
- 415 Security FAQ
- 234 Switch FAQ
- 205 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 62 Security Highlight
