Two wan side vpn
So far I had a L2TP VPN on my Wan side. A new Internet connection was connected to the Wan3 interface. I want to solve the IPSec IKEv2 vpn on this. I did it, but is there a way that the vpn connection can't work at the same time? The vpn receives IP addresses from different domains. I would like to ask for help with this problem!
best regards:
Bence Simonka
All Replies
-
For one VPN server to one WAN and another VPN server to another WAN should be fine.
You may need to change the Proposal depending on the client for my Phone for IKEv2 its
Phase 1
AES128 SHA256 DH14
Phase 2
AES128 SHA256 DH2
Windows can have its default Proposal changed by PowerShell more about that here
0 -
The 2 vpn are on two different Wan interfaces. I try the connection from an Android device and it doesn't work there. My request would be, could you send a sample configuration for this problem together with the route settings? I don't want to touch the working l2tp vpn if it can be solved, because it is used!
0 -
Hi @simonkab ,
I did it, but is there a way that the vpn connection can't work at the same time?
Could you provide more details about the situation? Is this the scenario you're describing:
Scenario:- Client A successfully connects to L2TP VPN on the WAN1 side
- Client B (Android) attempts to connect to IPSec IKEv2 VPN on the same WAN3 side
Issue:
- Either Client B's VPN connection fails, or
- Both Client A's and Client B's VPN connections fail
Please correct me if I've misunderstood anything or if you need to add more information. By the way, please share with us the model's name, firmware version.
Engage in the Community, become an MVP, and win exclusive prizes!
0 - Client A successfully connects to L2TP VPN on the WAN1 side
-
Are you wanting windows client to connect? As IKEv2 in windows needs a Certificate where as Android can do by Pre-Shared Key
Setup Phase 1 VPN gateway
interface WAN for this VPN
Pre-Shared KeyAdvanced note
If client use a DNS to get to your VPN server you need to change Local ID type to DNS and content your DNSAdvanced
Phase 1
AES128 SHA256 DH14Setup Phase 2 VPN connection
Remote Access (Server Role)
VPN gateway you made above
Local policy IP 0.0.0.0
Enable Configuration Payload
as IP pool for this VPN
Advanced
Phase 2
AES128 SHA256 DH2Some phones may have high Encryption requirements
(1) IKEv2 VPN with Pre-Shared key on Mobile Devices (Instead of L2TP) – Zyxel Support Campus EMEA
0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.5K Security
- 216 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 243 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight