Firewall USG110 with VPN connection via IKEv2 is not working both on Preshared-Key or Cerfiticate

Options
ductiena12
ductiena12 Posts: 4
First Comment
edited October 2022 in Security
I had read all the thread about IKEv2 on Zyxel forum but cannot successfully configure the firewall to do such thing. It's showed that there was a paring key but notthing more, client stuck at connecting forever. Does anyone know how to config IKEv2 on this firewall to work with an android phone ? I already configured IPSec IKEv1 and L2TP successful, but some device only has IKEv2 so I need IKEv2 as well.
Thanks for your attention.

All Replies

  • ductiena12
    ductiena12 Posts: 4
    First Comment
    Options
    FWI, it's on lasted fimware already, 4.72
  • Zyxel_Kevin
    Zyxel_Kevin Posts: 765  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    Hi @ductiena12
    If you use the native ikev2 within Samsung devices , pleae  kindly check that you have to add the second DNS Server. 


    Or please see the following link to find connectd ikev2 vpn by strongSwan.
    https://community.zyxel.com/en/discussion/12522/remote-access-vpn-wizard-for-secuextender-ipsec-and-non-secuextender-ipsec-vpn-clients#latest

    Thank you
    Kevin
  • ductiena12
    ductiena12 Posts: 4
    First Comment
    Options
    Thank you for your reply. I already put 1.1.1.1 on the first DNS, and 8.8.8.8 on the second DNS.
    and the link you provided above, my firewall USG110 does not have option to export non secureextender VPN clients like in the picture. so no more further steps can be done.

  • ductiena12
    ductiena12 Posts: 4
    First Comment
    Options
    here are my config on
    vpn gateway:
    Encryption : AES128/SHA256 -> DH14
    Interface = wan2_ppp
    Enabled extend authentication -> AAA Method: default, -> user group: VPN Users
    Policy -> Host, 0.0.0.0
    Enable configuration payload: Range 192.168.50.1 -> 192.68.50.50
    first dns: 8.8.8.8
    second dns2: 1.1.1.1
    Encryption : AES128/SHA256 -> PFS: DH2

    and still cannot connect via IKev2. any suggestions? thanks






  • Zyxel_Kevin
    Zyxel_Kevin Posts: 765  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited September 2022
    Options
    Hi @ductiena12
    Please find the private message. I'd like to schedule remote .
    Thanks
    Kevin
  • Zyxel_Kevin
    Zyxel_Kevin Posts: 765  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    Hi @ductiena12
    Thanks your time today. Please find the PM. I have sent the SOP about ikev2 with mobile (psk,cert) to you.
    And I can connect to your site by my iPhone. 
    I will wait your advance test.  Thank you
    Kevin

  • vpn100
    vpn100 Posts: 1
    First Comment
    Options

    There is also problem to connect to my Samsung tab s7+ with iKev2.

    gateway:

    By using Pre Shared Key

    Engcryption/Authentication: AES256/SHA256

    Key group: DH2, DH14, DH21

    Connection:

    IP address pool: 192.168.99.1 - 99.30

    Active protocal: ESP

    Encapsulation: Tunnel

    Encryption/Authentication: AES256/SHA256

    PFS: DH16, DH20, DH21.

    I can connect to the VPN100 IKEV2 by other Android devices but not the Samsung Tab S7+.

    Would you help to tell if there is need to be set for connecting to S7+ ?

  • mMontana
    mMontana Posts: 1,302  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    Which version of Android is running Samsung Tab S7+?
    Have you any declaration by Samsung that the Android version installed supports IkE v2?
  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,073  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @vpn100

    Welcome to the Zyxel community, may we know what is your Android version of Samsung Tab S7+ ?

    Thanks.

Categories

Security Highlight


Read more

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)