USG 50 Defaul Wan_Device Policy

Options

Hello, I am having great difficulty with my ISP not authenticating my USG Flex 50. They have suggested I make sure PPP traffic is allowed through the WAN interface and have provided me with the gateway of the PPPoE session (100.64.x.x) so I may allow traffic from that address through the firewall.

Any pointers on how I would do that?

Thanks in anticipation.

All Replies

  • smb_corp_user
    smb_corp_user Posts: 161  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited June 2023
    Options

    Unless you have got some complex configuration added to your device already, I recommend resetting your USG50 to factory defaults, then restart the USG and run the Setup Wizard to get the correct settings for your PPPoE connection (make sure you select the correct options based on what information the ISP has provided).

    Should there be any issues during the configuration, reset your USG50, reboot and run the Setup Wizard again. That is normally enough to get the correct ISP connection settings. Make sure you have got your USG 50 User Guide available, either the paper copy shipped with your device or a PDF copy to read on your phone or tablet.

  • MikeT344
    MikeT344 Posts: 5
    First Comment
    Options

    Thanks for thre reply. I have done as you say a few times. The ISP can see a handshake but after that no connection is made. I am in a limbo land where the ISP say its not them but I can see no reason why a standard set up as you suggest should fail to work.

    I purchased a Zyxel Plex 50 as that is the make the ISP recomends and indeed that is the make of theirstandard issue router.

    Any other thoughts?

  • PeterUK
    PeterUK Posts: 2,848  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited June 2023
    Options

    Does the PPP for PPPoE show connected icon?

    The default rule from LAN1 to any should allow everything

    can you ping 1.1.1.1 on PC?

    does your ISP list settings you need to do in object > ISP account WAN1_PPPoE?

    authentication, compression?

  • MikeT344
    MikeT344 Posts: 5
    First Comment
    Options

    No - the light bulb is orange but the connected icon is greyed out.

    Pinging 1.1.1.1 receives a reply and "Destination net unreachable".

    I have been through the config with the ISP and even obtained a fixed IP. Compression is off at their direction and as I understand it there is no way to turn encryption off because thats the RFC standard for PPPoE.

    Their supplied router (DX3301-T0) works fine but the USGPlex 50 as well as a Draytek Vigor 2865 both fail to authenticate.

    Im at a loss.

  • Zyxel_James
    Zyxel_James Posts: 626  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    @MikeT344 How about the authentication type, did you verify the type with your provider? and make sure if a VLAN tag is needed?

    Moreover, please run a packet capture, I would like to check the PPP negotiation packets, thanks.

  • MikeT344
    MikeT344 Posts: 5
    First Comment
    Options

    Authentication type PAP/CHAP "should be fine". No VLAN tag.

    How may I send a .cap file to you?

  • MikeT344
    MikeT344 Posts: 5
    First Comment
    Options

    I am sending screen capyure in pdf together with the error code on initial connection test after wizard set up.

    Does this give you what you need?

  • Zyxel_James
    Zyxel_James Posts: 626  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    @MikeT344 Please provide the packet captured of the PPPoE negotiation, you can contact me via private message, thanks

Security Highlight