Problems connecting to L2TP on a USG40 through mobile connection
Hello,
I'm facing a strange issue with a USG40 and L2TP connection from multiple and different devices (computers, tablets, mobile phones...).
When a person tries to connect to the L2TP VPN with any compatible device connected to a WiFi network it works perfectly and the connection can be established but when it comes to use the same devices connected through mobile 3G or 4G connection it never works and if I look to the VPN connection log IKE Phase 1 stops at "Send:[SA][VID][VID][VID][VID][VID][VID][VID][VID][VID]". Is there any setting I can check on the USG to overcome this problem or it's a known limitation of mobile connections?
Thank you
Kari
I'm facing a strange issue with a USG40 and L2TP connection from multiple and different devices (computers, tablets, mobile phones...).
When a person tries to connect to the L2TP VPN with any compatible device connected to a WiFi network it works perfectly and the connection can be established but when it comes to use the same devices connected through mobile 3G or 4G connection it never works and if I look to the VPN connection log IKE Phase 1 stops at "Send:[SA][VID][VID][VID][VID][VID][VID][VID][VID][VID]". Is there any setting I can check on the USG to overcome this problem or it's a known limitation of mobile connections?
Thank you
Kari
0
All Replies
-
Hi @kaika313
Some of ISP may deny VPN connection in 3G/4G network.
But for clarify the reason of connection fail, need to check the log on USG.
Can you share screenshot of USG IKE logs?
Maybe it will show connection fail reason.
0 -
Hi @Zyxel_Stanley
I've also tried with different ISPs with the same result. So I thought that it could be that I've missed or made mistakes with settings. Attached you'll find the log with the comparison between WiFi connection where everything goes right and after the connection with the same device but using ISP connection. Red text is where the connection stuck.
Thank you0 -
Hi @kaika313
Thanks for shared the IKE log from USG.
You can compare the log when client connecting the tunnel by 3G/4G connection.
USG did not receive packets when negotiating the IKE in phase 1. (in step#5).
The negotiation packets may lost in Internet or dropped by ISP.
0 -
Hi @Zyxel_Stanley,
thank you for your reply. So, the short answer is that there's nothing I could do to overcome this problem...?
Thank you0 -
Hi @kaika313
If the packet is lost in internet or ISP, then VPN is unable establish in this environment.
You can double confirm with your ISP if L2TP VPN connection is allowed in 3G/4G network.
0 -
Hi @Zyxel_Stanley,
ok, it happens with different ISPs so to overcome this issue we're testing SSL VPN when connecting through 3G/4G network as it seems to work without issues.
Thank you for your support
Kari0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 146 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight