cannot acces to internal resources after ikev2 vpn connection is established

Options
Iraklizh
Iraklizh Posts: 11  Freshman Member
First Comment
edited April 2021 in Security

Hi dear ZYXEL admin's team! I so new in Zixel and have one trouble. Please be so kind halp me and explain what issue is wrong in may config, becase with self signed ikev2 certificate integrated in my own pc i can connect to zixel usg 40 w device, connection established, i get vpn_range ip address but cannot receve any packets (only see sended packets) and cannot get internal resources for example cannot connect to internal server via rdp.

All Replies

  • Iraklizh
    Iraklizh Posts: 11  Freshman Member
    First Comment
    Options

    Steel read and watched manuals about how to establish connections with IKEv2 vpn and usg 40, but now it does not connected any more and only what can i see is IKE autentification credentials are unacceptable. what is wrong? watched zixel's videomanual from here https://www.youtube.com/watch?v=xvl346kttys .... cannot understand...

    Please Help Me!!!

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,450  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @Iraklizh ,

    I follow the video and set up it step by step, the tunnel build up successfully, and I can ping to Lan host without issue.

    Can you post USG error log when you connect to?

    BTW, the certificate must import to “Computer account”, instead of “My user account”. Tunnel will build up fail if you import to “My user account”.

    Windows certificate snap-ins


    USG log at “Monitor > Log”


  • Iraklizh
    Iraklizh Posts: 11  Freshman Member
    First Comment
    Options

    I made it both for my computer and my user account :(, i will try to resolve it, but what is happened next, i tried to set up l2tp vpn. user connects by l2tp vpn, connection is established, but i again have not access to remote network resources, like i cannot ping any remote machines there by their addreess

  • Iraklizh
    Iraklizh Posts: 11  Freshman Member
    First Comment
    Options

    And i sow in monitor that my computer connected by l2tp, user logged, and ip address assigned (192.168.2.1), but my remote subnet has 192.168.1.0/24 network and remote device there is 192.168.1.200. If i made L2TP_VPN_Range addresses fro 192.168.1.220-1.230 situation is same. what i do wrong? i cannot understand. sorry. that why i need your help.

  • Iraklizh
    Iraklizh Posts: 11  Freshman Member
    First Comment
    Options

    i can now ping default gateway on the remote subnet, and when i go to internet, i can go there via remote public ip. all this ok, but my issue to access to rdp server in this remote network. The address of remote network rdp server is 192.168.1.200 and when i connected by l2tp vpn i cannot ping it also other devices connected in remote lan cannot be pinged from my connected pc via vpn.

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,450  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @Iraklizh ,

    Please assign another pool for l2tp client. There is no need to assign same subnet as lan subnet 192.168.1.X/24.

    Also, 192.168.2.X/24 is another interface subnet in USG. Don’t use both subnet for l2tp pool.

    You can set the l2tp pool to 192.168.99.20~40 and try it again. 

  • Iraklizh
    Iraklizh Posts: 11  Freshman Member
    First Comment
    Options
    ok, thanks,  will try this article.
  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,450  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    Hi @Iraklizh ,
    Feel free to let us know if you have any questions. :)

Security Highlight