Site to Site VPN on a Zywall 110 behind another Zywall 110 (Multiple public IP addresses)

[Deleted User]
[Deleted User] Posts: 0  Freshman Member
First Comment
edited April 2021 in Security
Hi all,

Have an issue to build a Site to Site VPN to a Zywall 110 behind another Zywall 110.

Topology
ISP Router -> Zywall 110 (Core, 5 Public IP's, e.g. I use 188.12.13.20) -> Zywall 110 (Internal, WAN IP 172.19.22.1)

Configuration
- NAT on Core Firewall -> 1:1 NAT, 188.12.13.20 -> 172.19.22.1
- Site to Site VPN with IKEv1 is built on Internal Firewall

Additional information
Internal Firewall was connected directly to the ISP router before and VPN was working properly.

Issue
Now I had to install a 2nd Firewall in front of the Internal Firewall. Since then the VPN isn't working. Get still erro "No Proposal Chosen". Tried to set "NAT Traversal" flag but it's the same.

How can I configure the VPN to get a connection? I assume I need to send the answer to the peer with my external IP 188.12.13.20 but I don't need how to configure properly.

Cheers

Accepted Solution

  • [Deleted User]
    [Deleted User] Posts: 0  Freshman Member
    First Comment
    Answer ✓
    Finally I found a solution. In fact it was pretty easy but sometimes you can search for ages and at the end it's just one field you need to change. ;-)

    In phase 1 settings of the VPN I had to choose Local ID type "IPv4" under "Advance" and enter the public IP address.

All Replies

  • [Deleted User]
    [Deleted User] Posts: 0  Freshman Member
    First Comment
    Answer ✓
    Finally I found a solution. In fact it was pretty easy but sometimes you can search for ages and at the end it's just one field you need to change. ;-)

    In phase 1 settings of the VPN I had to choose Local ID type "IPv4" under "Advance" and enter the public IP address.

Security Highlight