Best Practice USG2+ with USG60W

Options
ChrisGer
ChrisGer Posts: 205  Ally Member
First Anniversary Friend Collector First Answer First Comment
edited April 2021 in Security
Hello ZyxEL guy's :).
is there a best practice esisting to create a site-2-site between a USG2+ and a USN60W ?

USG60W has allready a Server role for IPSEC configured (mobile devices)
also a SSL VPN area to get connected trough SSL-VPN and Windows devices.

The next challage to configure a USG2+ with the best and possible configuration options to have a secure and stable site-2-site between remote and branch location.

Thanks forward for recommendation or experience.

Regards
Christian

Comments

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,450  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    Hi @ChristianG,
    The configuration as below, did you encounter any IOP or stability issue on VPN connection?
    1.    Phase 1 configuration
          
    2.    Create phase 2 configuration

    3.    Phase 2 configuration

  • ChrisGer
    ChrisGer Posts: 205  Ally Member
    First Anniversary Friend Collector First Answer First Comment
    edited June 2018
    Options
    no issue actualy, but the device is since a vew days old, and it should establish a IPSEC connectivity to my USG60 without any interactivity by useing a SSL VPN Client in WIndows10, to avoid issues, if there is a Feature Uodate Release that require a new or updated, certified device driver for the IPSEC Client Software ;)
    The secondary site is 100% Windows10 and non mobile users, but they require a stable and availible  Client-2-Site connectivity, to use the storage at the main site. that's my reason to ask about the best and secure practice to establish a client-2-site connectivity by a USG2plus, and the WAN IP at the main site is in use for dailin by IPSEC and SSL VPN Client.

    Is DES and MD5 th highest level of secureity for a successful Client-to-Site connectivty from the 2plus to a USG60W ?  :/

    Result of this request
    Configure a Client-to-Site dial in (Client = USG2plus and Site = USG60W) in acording with the possible max. level of secureity (e.g. AES128/256 with SHA1, avoid MD5/DES and avoid a software client on the windows10 client at the remote site).

    Thanks for the quit response

    Regards
    Christian
  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,450  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    Hi @ChristianG,
    It's not highest level of security for VPN connection. you also can use AES256+SHA1.
    Here is Zywall2+ VPN encryption and authentication list for your reference.
    Encryption : DES、3DES、 SHA128、 SHA192 、SHA256
    Authentication : MD5、 SHA1

Security Highlight