dial timeout IPSec VPN site to site

ITRIJNAMS
ITRIJNAMS Posts: 6  Freshman Member
First Comment Third Anniversary
edited April 2021 in Security

Hi all,

just created an IPSev VPN with two zyxel VPN100 for site to site connection, but i have a Dial Timeout warning and no way to connect.

Subnes , VPN Gateway and VPN connection created in both sides.

Seems to IPSec is allowed in Policy Control...

but Dial Timeout??? any idea?

thanks in advance.

All Replies

  • Zyxel_Jerry
    Zyxel_Jerry Posts: 1,271  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 50 Answers 1000 Comments

    Hi @ITRIJNAMS

    Welcome to Zyxel community

    Here is the steps that you can check on both site of VPN100

    1.VPN Gateway settings

    2.VPN Connetion settings

    3.Check the Encryption,Authentication and Key group

    Check the settings of VPN Gateway & VPN Connection on both site.

    If the settings are correct, then check the phase 1 & phase 2 settings in Gateway & Connection

    The Encryption,Authentication and Key group must be the same on both site.


    Engage in the Community, become an MVP, and win exclusive prizes!

  • ITRIJNAMS
    ITRIJNAMS Posts: 6  Freshman Member
    First Comment Third Anniversary
    Thanks for your answer. Finally the VPN is connected, but I have to access from one network to the other. If I ping from 192.168.1.x to 192.168.2.x (or viceversa) it’s imposible reach. Any idea?? Thanks in advance 
  • Zyxel_Jerry
    Zyxel_Jerry Posts: 1,271  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 50 Answers 1000 Comments

    Hi @ITRIJNAMS

    If both site of device are using default settings, the subnet of IP address might overlap,

    Need to add NAT rule and Policy route to avoid overlapping.

    Here is the example of how to configure IPSec VPN when subnet are the same on both site

    https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=016094&lang=EN

    If both site of device are using different subnets,

    Here is the example of how to configure IPSec site to site VPN

    https://businessforum.zyxel.com/discussion/551/an-example-of-site-to-site-vpn#latest

     

    Engage in the Community, become an MVP, and win exclusive prizes!

  • ITRIJNAMS
    ITRIJNAMS Posts: 6  Freshman Member
    First Comment Third Anniversary
    Both sites are using different subnets and the setup seems to be ok, but no way to reach one network from the other ...
    maybe should I add some route policy??
  • Zyxel_Jerry
    Zyxel_Jerry Posts: 1,271  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 50 Answers 1000 Comments

    Hi @ITRIJNAMS

    To analyze this case,

    can you private message your configuration to me for checking further? 

    Engage in the Community, become an MVP, and win exclusive prizes!

Security Highlight