IPSecVPN issue on Zyxel 1100 Firewall

CRP0499
CRP0499 Posts: 16  Freshman Member
First Comment Fourth Anniversary
edited April 2021 in Security
I have two Zyxel 1100 series firewalls, one at location A and one at location B.  About two months ago, I set up IPSecVPNs between the sites and it worked great on the first try.  

After that, site 1 got some new static IPs so I went in and made the changes on the VPN gateway and entered the new IP.  

The VPN will not connect.  

In my log, I see the attempted connection and the Message is Match Default Rule, DROP and the note is ACCESS BLOCK.

I'm feeling like it's a Security Policy > Policy Control, but I have a rule allowing IPSecVPN out so I'm lost as to how to troubleshoot.

Can anyone lend a hand?

Thank you.

Accepted Solution

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,511  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    Answer ✓

    Hi @CRP0499,

    Welcome to Zyxel community. :) 

    Don’t forget to change phase 1 peer ID on site 2 if you change site 1 interface IP.

    Check Site2 VPN phase 1 profile peer IP. It must match peer wan IP.

All Replies

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,511  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    Answer ✓

    Hi @CRP0499,

    Welcome to Zyxel community. :) 

    Don’t forget to change phase 1 peer ID on site 2 if you change site 1 interface IP.

    Check Site2 VPN phase 1 profile peer IP. It must match peer wan IP.

Security Highlight