Remote Access IPSEC VPN doesn't work
Freshman Member
Hello,
I did setup Remote Access IPSec VPN using SecuExtender. I can't make it work. To troubleshoot I connected the client directly to the wan network of the USGFlex200 (192.168.250.50/24) . Here is attached the SecuExtender console output. I'm a new Zyxel user, so I probably have missed something obvious in the configuration (even if I used the wizard) ?
Thanks in advance,
Best regards,
Jerome
All Replies
-
With the wizard did you select IKEv2?
0 -
Yes IKEv2. Wizard screenshots attached.
0 -
Log are saying Self-signed certificate not accepted, on SecuExtender are you using the "get from server" under configuration?
0 -
Hi @Jerome89,
Welcome to Zyxel Community!
After analyzing, your USG FLEX is using a self-signed certificate with a private WAN IP.
Since this is not a public IP, the VPN gateway is likely behind another router, causing the certificate validation and IKEv2 negotiation to fail.
Please check the following:
- Make sure the USG FLEX has a public IP or that UDP ports 500 and 4500 are forwarded from the upstream router.
- Use a certificate whose CN matches the public IP used by the client.
The VPN should connect if the gateway is reachable on a valid public address.
Zyxel Tina
0
Guru Member
Master Member
Categories
- All Categories
- 439 Beta Program
- 2.8K Nebula
- 199 Nebula Ideas
- 123 Nebula Status and Incidents
- 6.3K Security
- 486 USG FLEX H Series
- 320 Security Ideas
- 1.6K Switch
- 83 Switch Ideas
- 1.3K Wireless
- 46 Wireless Ideas
- 6.8K Consumer Product
- 284 Service & License
- 452 News and Release
- 88 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 93 Security Highlight
