IPSecVPN issue on Zyxel 1100 Firewall
Freshman Member
I have two Zyxel 1100 series firewalls, one at location A and one at location B. About two months ago, I set up IPSecVPNs between the sites and it worked great on the first try.
After that, site 1 got some new static IPs so I went in and made the changes on the VPN gateway and entered the new IP.
The VPN will not connect.
In my log, I see the attempted connection and the Message is Match Default Rule, DROP and the note is ACCESS BLOCK.
I'm feeling like it's a Security Policy > Policy Control, but I have a rule allowing IPSecVPN out so I'm lost as to how to troubleshoot.
Can anyone lend a hand?
Thank you.
After that, site 1 got some new static IPs so I went in and made the changes on the VPN gateway and entered the new IP.
The VPN will not connect.
In my log, I see the attempted connection and the Message is Match Default Rule, DROP and the note is ACCESS BLOCK.
I'm feeling like it's a Security Policy > Policy Control, but I have a rule allowing IPSecVPN out so I'm lost as to how to troubleshoot.
Can anyone lend a hand?
Thank you.
0
Accepted Solution
-
Hi @CRP0499,
Welcome to Zyxel community.
Don’t forget to change phase 1 peer ID on site 2 if you change site 1 interface IP.
Check Site2 VPN phase 1 profile peer IP. It must match peer wan IP.
0
Zyxel Employee
All Replies
-
Hi @CRP0499,
Welcome to Zyxel community.
Don’t forget to change phase 1 peer ID on site 2 if you change site 1 interface IP.
Check Site2 VPN phase 1 profile peer IP. It must match peer wan IP.
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 151 Nebula Ideas
- 98 Nebula Status and Incidents
- 5.7K Security
- 277 USG FLEX H Series
- 277 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.4K Consumer Product
- 250 Service & License
- 395 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 75 Security Highlight
