IPSecVPN issue on Zyxel 1100 Firewall
I have two Zyxel 1100 series firewalls, one at location A and one at location B. About two months ago, I set up IPSecVPNs between the sites and it worked great on the first try.
After that, site 1 got some new static IPs so I went in and made the changes on the VPN gateway and entered the new IP.
The VPN will not connect.
In my log, I see the attempted connection and the Message is Match Default Rule, DROP and the note is ACCESS BLOCK.
I'm feeling like it's a Security Policy > Policy Control, but I have a rule allowing IPSecVPN out so I'm lost as to how to troubleshoot.
Can anyone lend a hand?
Thank you.
After that, site 1 got some new static IPs so I went in and made the changes on the VPN gateway and entered the new IP.
The VPN will not connect.
In my log, I see the attempted connection and the Message is Match Default Rule, DROP and the note is ACCESS BLOCK.
I'm feeling like it's a Security Policy > Policy Control, but I have a rule allowing IPSecVPN out so I'm lost as to how to troubleshoot.
Can anyone lend a hand?
Thank you.
0
Accepted Solution
-
Hi @CRP0499,
Welcome to Zyxel community.
Don’t forget to change phase 1 peer ID on site 2 if you change site 1 interface IP.
Check Site2 VPN phase 1 profile peer IP. It must match peer wan IP.
0
All Replies
-
Hi @CRP0499,
Welcome to Zyxel community.
Don’t forget to change phase 1 peer ID on site 2 if you change site 1 interface IP.
Check Site2 VPN phase 1 profile peer IP. It must match peer wan IP.
0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 218 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 245 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3.1K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight