Error when converting a wizard made VPN to custom made VPN

GiuseppeR

Hello everyone, I set a VPN via Wizard:

But I wanted to edit its authentication method:

and I tried to convert it to "Custom" but I get this error:

How can I solve it?

PeterUK

I just use custom from the start

But I do see your point it seems the wizard is not perfect  

GiuseppeR

Hi @PeterUK

when you set a VPN manually and you have the origin behind a NAT, how do you set this area:

Meaning of "Origin IP" and "Mapped IP"?

Idea is the ISP router has 1.2.3.4 as public IP, its network is 192.168.1.1/24

Zyxel firewall is in a DMZ and it is static at 192.168.1.100

So how I can configure those 2 forms?

PeterUK

You likely do not need that setting if your doing the following

Full VPN tunnel from FlexH 1.32 FW to Nebula Org firewall — Zyxel Community

GiuseppeR

I'm trying to set that VPN from uOS interface, so I tried to understand how uOS thinks.

I'm looking how to set the gateway and IP that has the FlexH to replicate this condition:

because I have the router in the middle and I cannot manipulate it.

So I have to tell the Local Site to go to Remote Site without considering it, like I can do that via Nebula using NAT traversal:

Zyxel_Melen

https://community.zyxel.com/en/discussion/comment/78551#Comment_78551

Hi @GiuseppeR

The NAT rule here is not for NAT traversal, it is to translate the source IP address for the traffic to pass the tunnel. For more details, you may check the USG FLEX H online help IPSec VPN > The Site to Site VPN Screen > The Site to Site VPN Add/Edit Screen - Custom > Policy-Based VPN NAT Advanced Scenarios.

About the Error when converting a wizard made VPN to custom made VPN, I can replicate this issue in my lab and we will investigate this issue and fix in the future firmware release.
Update: This issue has been addressed and will be fixed in the next firmware release.