vpn ipsec
Antonio967
Posts: 11 Freshman Member
in Security
Good morning,
I have configured a vpn ipsec client to site on USG20 and i have configured user and provisioning, on my pc I have installed ZyWall ipsec vpn client (IKE V1), when during authentication I get the following error: "Server not found! (check the server address / port), both are correct ...
I don't know what to check anymore ...
If I authenticate from the internal network, an authentication error or incorrect password occurs, but they are correct ...
Please help me!!! 0
All Replies
-
USG20 or USG20-VPN?On WAN interface there's configured a private IP Address or a public one?1
-
Sorry, you're right ... USG20-VPN, there is a private IP on the WAN interface. Port forward router: external IP protocol external port Internal IP internal port network enabled IP
xxx tcp-udp 0-65535 192.168.1.254 0-65535 all
192.168.1.254 is USG20-VPN.
0 -
Update: The WAN to Device policy was missing https, now the provisioning works but the tunnel does not open ... sending SA Phase 1 and then ABANDONING CONNECTION
0 -
IDK which device is your router and if that rule works as you expect.
You can try this series instead.
Port forward router:
external IP protocol external port Internal IP internal port network enabled IP
xxx TCP 443 192.168.1.254 443 all
xxx UDP 500 192.168.1.254 500 all
xxx UDP 1701 192.168.1.254 1701 all
xxx UDP 4500 192.168.1.254 4500 all
Port U 1701 is for L2TP
Also, not knowing how the router works, consider to verify alternatively if there's someting like DMZ or firewall rules.
Then on your USG20-VPN should be present Security policies that allow connection to 3 of these ports for provisioning from WAN to Zywall (T 443, U 500, U4500) and the IPSec gateway MUST be NAT-Traversal enabled.
Current software (5.30) won't like that much full world access to administration/provisioning port, so write down at least some small group of geo-ip allowed nations to access T 443 and all other ports.
Consider as alternative to change the default T 443 to something customized, but adapt port forwarding to the same port after changin that in USG20-VPN.1 -
0
-
Update: The ISP was blocking the VPN service, now everything works !!! I have another question ...
With the Tunnel open, I no longer access the resources of the local network but only those of the remote network, can I have access to both at the same time?
Thank you...
0 -
Antonio967 said:Update: The ISP was blocking the VPN service, now everything works !!! I have another question ...
With the Tunnel open, I no longer access the resources of the local network but only those of the remote network, can I have access to both at the same time?
Thank you...
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 147 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight