USG60 - VPN ipsec IP
I configured an ipsec vpn tunnel on my USG60 and everything works fine.
Now I have a question, when I close VPN I have my original source IP given from my ISP where am I (client side).
My goal is to have the destination IP given from the ISP where my USG60 is (server side).
Is it possible to configure it as explained above? With OpenVPN I can do this on a USG60’s LAN device , but I would like to do it via IPSec directly on the USG60.
I am not sure if I catch you.
I understand that you configured an IPsec server for nomad users.
Obviously, the nomad/remote users are connected to the internet before they establish the vpn tunnel.
Once they connect, they receive a new ip adress provided by the "VPN" (in most of the cases via DHCP or via RADIUS).
When the nomad users is disconnected, the "VPN" address is removed.
I suppose you want to determine the public ip address of the USG60 to establish the VPN.
That kind of service is called "Dynamic DNS".
Once your device is on the internet, it logins into a Dynamic DNS platform, so the user only needs to remember the DNS name to know the ip address of the VPN server. In most of the VPN clients, a name could be configured as a remote server.
More information about how to configure a zyxel router to use DDNS can be found on:
I hope it helps you.
Hi Alfonso,thanks, but it's a little bit different.I have aready a ddns configured.Suppose I'm travelling (public ip 18.104.22.168) and the USG60 is at home (public IP 22.214.171.124 with ddns configured).Currently if I close vpn tunnel and check my ip with showmyip I receive 126.96.36.199, the goal is to present myself to internet with 188.8.131.52. This scenario I already done with OpenVPN, and I would like to do with ipsec directly on USG60.Best Regardseze
According to your scenario:
While the vpn is up, the showed ip address of your mobile/laptop should be 184.108.40.206.
But once the vpn. is down ... your ip address will be 220.127.116.11.
So if I understood you well, you want to configure a nomad IPSec VPN server on the USG60, be cause you want to show "always" the ip address 18.104.22.168
Am I right?
I recommend to you l2tp over ipsec.
Most android & ios phone and windows pc can be configured to establish this kind of vpn without installing any new app/software.
Here it is a link which shows how to do it:
I hope it helps you.
"No proposal chosen" : your combination of your encryption, hash and dh group is different on both devices.
As I do not have an iphone, I do not know ipsec iphone capabilities.
But I suppose that the following configuration should work:
I hope you will get it
Line2 Posts: 40at least these proposals should work for L2TP with IOS and Win10:Phase 1: 3DES, SHA1, DH2Phase 2: AES256, SHA1, PFS none1
- 8.5K All Categories
- 1.6K Nebula
- 72 Nebula Ideas
- 57 Nebula Status and Incidents
- 4.5K Security
- 227 Security Ideas
- 985 Switch
- 46 Switch Ideas
- 882 WirelessLAN
- 24 WLAN Ideas
- 5.2K Consumer Product
- 158 Service & License
- 280 News and Release
- 99 Success Stories
- 61 Security Advisories
- 13 Education Center
- 581 FAQ
- 263 Nebula FAQ
- 160 Security FAQ
- 76 Switch FAQ
- 75 WirelessLAN FAQ
- 7 Consumer Product FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 62 About Community
- 46 Security Highlight