The implicit Security Policy works for L2TP remote Client, but not for IPSec remote client
Freshman Member
The implicit Security Policy / IP sec seems to not allow traffic to the lans, Only L2TP works .
Any idea why?
All Replies
-
Hi @Soeren_Hvid_DK,
This is more likely you didn't enable IPSec VPN to use VPN in the site-to-site VPN page. Please navigate to Menu > Site-wide > Configuration > Firewall > Site-to-site VPN to adjust your configuration.
Hope it helps.
Zyxel Melen
Don't miss this great chance to upgrade your Nebula org. for free!
0 -
Unfortunately it made no difference, IPSec still doesn't work
0 -
Hi @Soeren_Hvid_DK,
Could you enable Zyxel support access for me to check the configuration?
https://community.zyxel.com/en/discussion/14234/nebula-how-to-turn-on-zyxel-support-access
Zyxel MelenDon't miss this great chance to upgrade your Nebula org. for free!
0 -
Is enabled now
#####Remove private info#####
Do you need more infomation
0 -
Hi @Soeren_Hvid_DK,
I found that you have set two static route rules for IPSec VPN to VLAN 30. Could you delete these static route roles and test again?
Zyxel MelenDon't miss this great chance to upgrade your Nebula org. for free!
0 -
Yes, no problem, the router is in test stand
0 -
Ok
I removed the 2 static routes, i and i have tested again.
I can connect and get this IP
, but no traffic is allowed to the lans when 2FA is not enabled !
if i enable 2FA , and connect there are no connection to the 2FA webpage https://172.16.50.1/weblogin/cgi?auth_type=vpn
Some time i can connect, and some i can not connect and get this message from windows
0 -
Hi @Soeren_Hvid_DK,
Can I add a cloud authentication account to check this issue?
And for the Windows error message, this error message you're encountering indicates that there may be a configuration issue with the network devices (such as firewalls, NAT devices, or routers) between your computer and the VPN server. To troubleshoot and resolve this error, you can follow these steps:
- Verify your internet connectivity.
- Delete the VPN profile and configure it again.
- Temporarily disable firewalls and security software.
- Check your local network configuration.
- Verify VPN protocol and port. UDP 500 and 4500, TCP/UDP 50 and 51.
- Try connecting from a different network.
Zyxel MelenDon't miss this great chance to upgrade your Nebula org. for free!
0 -
Yes you can add a account, no problem
0 -
Hi @Soeren_Hvid_DK,
After checking, I found:
- IPSec VPN disabled 2FA: I can access LAN 1 and LAN 2.
- IPSec VPN enabled 2FA: Windows won't popout the 2FA verify page, I have to open the browser and manually enter "https://192.168.100.1/weblogin.cgi?auth_type=vpn" to verify.
P.S. The IP address can be one of the firewall interface IP addresses.
The URL in the FAQ is wrong. I have updated it and please use the new URL to test.
Zyxel MelenDon't miss this great chance to upgrade your Nebula org. for free!
0
Zyxel Employee
Categories
- All Categories
- 414 Beta Program
- 2.3K Nebula
- 139 Nebula Ideas
- 92 Nebula Status and Incidents
- 5.5K Security
- 195 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 40 Wireless Ideas
- 6.2K Consumer Product
- 240 Service & License
- 379 News and Release
- 80 Security Advisories
- 24 Education Center
- 5 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 81 About Community
- 70 Security Highlight
