Trouble Configuring Client-To-Site VPN with IKEv2 and USG40
Freshman MemberI'm trying to setup a Client-To-Site VPN with a USG40 Host using IKEv2 and a Microsoft VPN client. I've followed the instructions in the guide - [ZyWALL/USG] How to set up a Client-to-Site VPN (Configuration
Payload/DHCP) connection using IKEv2
I've successfully connected from the remote client to the Host site and the client receives an IP address from the pool. However, I cannot access any resources on the host network, cannot ping the host router or any IP. The Windows client shows connected and packets sent but none received. The USG40 Monitor shows a VPN connection and packets received but none sent.
I'm assuming it's a NAT or Policy problem, but not sure where to look
All Replies
-
Hi @rdvasil1,
May I know if your security policy allows the VPN to access your LAN interface?
Zyxel Melen0 -
Do both site have different LAN subnets you are trying to access?
You maybe need a routing rule at the top of the list like
incoming LAN1
destination subnet of the other site
next hop VPN tunnelThen a policy rule from LAN1 to VPN zone
the other side might also need a routing rule
0
Zyxel Employee
Guru Member
Categories
- All Categories
- 415 Beta Program
- 2.5K Nebula
- 152 Nebula Ideas
- 102 Nebula Status and Incidents
- 5.8K Security
- 305 USG FLEX H Series
- 283 Security Ideas
- 1.5K Switch
- 77 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.5K Consumer Product
- 255 Service & License
- 396 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.7K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 87 About Community
- 77 Security Highlight
