Site-to-site with two Flex 100H
Hi again
I upgraded my setting:
- Office: FritzBox > Flex 100H
- Home: FritzBox > Flex 100H
I have a static IP in both locations and I would like to do a site-to-site VPN with IPsec. At the beginning I tried to just open ESP and UDP 500/4500 and tried to follow the example for a direct connection ("How to Configure Site-to-site IPSec VPN Where the Peer has a Static IP Address" in the handbook). That did not work, so I set the Flex 100Hs as exposed hosts in the Fritzbox. If I type the public IP in the browser I reach them. I again followed the example and then tried to connect, but no success (I used the public IPs as "my address" and "peer gateway address"). It says (also before when I did not have them as exposed hosts):
Command failed: CHILD_SA config 'sec_policy1_OfficeToHome' not found
I can't see anything being blocked in the log. Any idea what's missing?
Edit: never mind, I returned the devices.
All Replies
-
HI,
I have exactly the same problem but with Flex 200H on FW V1.20(ABWV.0)
Built the Tunnel custom, and also with wizard. The same problem. It shows the red Icon for a Problem, but it can't be solved. If you press solve, nothing happens.
I really need help with this.
0 -
Post both ends interface listing and site to site settings
0 -
is it both sides behind NAT? could you provide your VPN configuration?
0 -
both sides routed Subnet without NAT
tripple checked both sides settings:
AES256-SHA512-DH21-86400
AES256-SHA512-DH21-28800
Secret for Testing: Abcd1234 (changed it because I wanted to check if a special Character causes the problems)I also tried other encryptions and also tried misconfiguration on one side, but the behavior won't change
Debug Log on 200H on reconfiguration save shows: yams ERROR zldipsec:216 - params sec_policy1_XXXX
2nd Site USG60 shows on connection attempt No_proposal_choosen in normal Log.
I'd rather not share my complete VPN-config with unmasked IP's at an open board. 😉 idk if PM is here possible.
0 -
I took a look at this support site: https://support.zyxel.eu/hc/de/articles/15718397333906--USG-FLEX-H-Serie-Firewall-Konfigurieren-von-IPSec-Site-To-Site-VPN-auf-der-USG-FLEX-H-Serie-Firewall-mit-dynamischer-IP
I compared the views and settings-options.
On my Firewall there is no option for Active Protocoll or Encapsulation at Phase 2 Policy Settings:
Maybe FW Bug at 1.20 ? I created the tunnels on 1.20.
0
Guru Member
Zyxel Employee
Categories
- All Categories
- 395 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 81 Nebula Status and Incidents
- 5.1K Security
- 82 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 914 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 209 Service & License
- 337 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2K FAQ
- 909 Nebula FAQ
- 415 Security FAQ
- 236 Switch FAQ
- 207 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 138 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 62 Security Highlight
