Problem Site to Site USG 210 and USG 20W

Manuel13
Manuel13 Posts: 7  Freshman Member
Second Anniversary
in Security
Hi
I have a problem for connect the USG.
I create VPN Site to Site, but not work.
I use this configuration....but the tunnel not Up.

https://support.zyxel.eu/hc/it/articles/360001378873-USG-ZyWall-Configurazione-da-sito-a-sito-VPN-IPSec

USG 210 has public ip 93.40.x.x
Local IP: 192.168.1.1

USG 20W has dynamic public ip (xxx.ddns.net)
Local IP: 192.168.0.1


For Remote policy use SUBNET 192.168.20.0/24 in USG210 and USG202W...
It's right?

I attach the error LOG


All Replies

  • valerio_vanni
    valerio_vanni Posts: 133  Ally Member
    5 Answers First Comment Friend Collector Third Anniversary
    No... configuration has to be specular.

    In each router's configuration "local policy" is local LAN, but "remote policy" network should be "local policy" of the other.

  • Manuel13
    Manuel13 Posts: 7  Freshman Member
    Second Anniversary
    Perfetto, ora il tunnel è UP, ma non riesco ad accedere alla rete remota.

    Perfect, now the tunnel is UP, but I can't access the remote network.
  • valerio_vanni
    valerio_vanni Posts: 133  Ally Member
    5 Answers First Comment Friend Collector Third Anniversary
    E' meglio che ci parliamo in inglese, è la lingua ufficiale del forum. Altrimenti ci capiamo solo noi due e ti perdi parecchi commenti utili :-)

    So now tunnel is:
    USG 210: Local 192.168.1.0/24 Remote 192.168.0.0/24
    USG 20: Local 192.168.0.0/24 Remote 192.168.1.0/24

    Are you able to ping something? At least remote firewall?
    When you try to ping, do you see something in log?

    You could look at firewall rules on both device (directions ipsec-vpn-to... and ...to-ipsec-vpn) .


  • Manuel13
    Manuel13 Posts: 7  Freshman Member
    Second Anniversary
    I try ping remote network, but not risponde.
    I attach the firewall rules... i create rules Ipsec to Lan1 and lan1 to ipsec.. but not work.
    Thanks for support

  • valerio_vanni
    valerio_vanni Posts: 133  Ally Member
    5 Answers First Comment Friend Collector Third Anniversary
    Neither remote firewall is responding?

    You could try, in "vpn monitor", a connectivity check pointing LAN IP of remote firewall.
    You could try to activate "log" in relevant firewall rules, to see if it detects something.
  • Zyxel_Tobias
    Zyxel_Tobias Posts: 200  Zyxel Employee
    5 Answers First Comment Friend Collector Sixth Anniversary
    HI @Manuel13

    Please check if "ZONE" includes your VPN Tunnel or IPSEC will not work for Traffic.

    If you need a remote check to fix this issue, please be in touch with Europe Support Team:

    https://support.zyxel.eu/hc/en-us/requests/new?ticket_form_id=114093996354

    Kind Regards,

    Tobias

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)