Two wan side vpn

simonkab
simonkab Posts: 5  Freshman Member
First Comment Fifth Anniversary
edited August 8 in Security

So far I had a L2TP VPN on my Wan side. A new Internet connection was connected to the Wan3 interface. I want to solve the IPSec IKEv2 vpn on this. I did it, but is there a way that the vpn connection can't work at the same time? The vpn receives IP addresses from different domains. I would like to ask for help with this problem!
best regards:
Bence Simonka

All Replies

  • PeterUK
    PeterUK Posts: 3,326  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited August 8

    For one VPN server to one WAN and another VPN server to another WAN should be fine.

    You may need to change the Proposal depending on the client for my Phone for IKEv2 its

    Phase 1 

    AES128 SHA256 DH14

    Phase 2

    AES128 SHA256 DH2

    Windows can have its default Proposal changed by PowerShell more about that here

    VPN solution with USG20-VPN and Fritzbox — Zyxel Community

  • simonkab
    simonkab Posts: 5  Freshman Member
    First Comment Fifth Anniversary

    The 2 vpn are on two different Wan interfaces. I try the connection from an Android device and it doesn't work there. My request would be, could you send a sample configuration for this problem together with the route settings? I don't want to touch the working l2tp vpn if it can be solved, because it is used!

  • Zyxel_Judy
    Zyxel_Judy Posts: 1,497  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Nebula

    Hi @simonkab ,

    I did it, but is there a way that the vpn connection can't work at the same time? 

    Could you provide more details about the situation? Is this the scenario you're describing:
    Scenario:

    • Client A successfully connects to L2TP VPN on the WAN1 side
    • Client B (Android) attempts to connect to IPSec IKEv2 VPN on the same WAN3 side

    Issue:

    • Either Client B's VPN connection fails, or
    • Both Client A's and Client B's VPN connections fail

    Please correct me if I've misunderstood anything or if you need to add more information. By the way, please share with us the model's name, firmware version.

    Engage in the Community, become an MVP, and win exclusive prizes!

    https://bit.ly/Community_MVP

  • PeterUK
    PeterUK Posts: 3,326  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited August 9

    Are you wanting windows client to connect? As IKEv2 in windows needs a Certificate where as Android can do by Pre-Shared Key

    Setup Phase 1 VPN gateway
    interface WAN for this VPN
    Pre-Shared Key

    Advanced note
    If client use a DNS to get to your VPN server you need to change Local ID type to DNS and content your DNS

    Advanced
    Phase 1
    AES128 SHA256 DH14

    Setup Phase 2 VPN connection
    Remote Access (Server Role)
    VPN gateway you made above
    Local policy IP 0.0.0.0
    Enable Configuration Payload
    as IP pool for this VPN
    Advanced
    Phase 2
    AES128 SHA256 DH2

    Some phones may have high Encryption requirements

    (1) IKEv2 VPN with Pre-Shared key on Mobile Devices (Instead of L2TP) – Zyxel Support Campus EMEA

Security Highlight