VPN conection

simone
simone Posts: 3  Freshman Member
First Comment
edited April 2021 in Security

Hi,

The scenario is:

local: pc win10, zywall ipsec vpn client

remote: router wan ip dynamic lan ip 192.168.1.1 with port 500, 4500, 50,51 fwd to usg40 wan ip 192.168.1.3 and lan ip 10.1.1.0/24

I tried both ipsec configuration manual and wizard and from local client I'm able to open VPN tunnel with usg but I'm not able to ping internal ip at all

My goal is to see the internal resource like server and printer when the VPN is up and running.

thanks a lot in advance

Simone

All Replies

  • Zyxel_Jerry
    Zyxel_Jerry Posts: 1,271  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 50 Answers 1000 Comments

    Hi @simone

    Can you disable firewall rule temporarily for testing and try it again?

    This can help us to clarify if your packets are dropped by one of the rules.

    Engage in the Community, become an MVP, and win exclusive prizes!

  • simone
    simone Posts: 3  Freshman Member
    First Comment

    Hi Jerry,

    I tried but I got the same result.

    I found this troubleshooting note :

     Make sure there are no IP conflicts. If the ZyWALL network is configured to use the 192.168.1.0/24 network and the remote user is also using the same IP scheme, traffic will not route through the VPN tunnel properly.

    Hence I assigned a VPN client address on different subnet and it started to work.

    I attached the client screenshot configuration and "ipconfig /all" result.

    I'm not able to assign the ip address to the vpn client, do you have some suggestion?

    Moreover are there vpn clients free? Zwall IPSec VPN client is not free.

    thx

    Simone


  • Zyxel_Jerry
    Zyxel_Jerry Posts: 1,271  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 50 Answers 1000 Comments

    Hi @simone

    To assign IP address to VPN client.

    Go to Configuration > VPN > IPSec VPN  > VPN Coneection > select the rule > Edit

    Enable Mode Config to assign IP address Pool 

    Then go to IKEv1 Gateway > Advanced to enable Mode Config

    Then can get assign IP from the device after tunnel established

    The IPSec VPN Client is the suggested utility to be used to build the IPSec VPN tunnel with the device. If the another 3rd party follows IPSec VPN standard, it should be able to connect theoretically

    If you are not able to use ZyWALL IPSec VPN client

    I suggest to use Win10 built-in L2TP VPN to connect to the device,

    Here is the reference guide of how to build up L2TP VPN tunnel.

    https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=015533&lang=EN

    Engage in the Community, become an MVP, and win exclusive prizes!

  • simone
    simone Posts: 3  Freshman Member
    First Comment

    Hi Jerry,

    I tried to config L2TP, but I'm not able to connect (surely it's my configuration fault) due to this error log

    Match default rule, DROP

    thx

    Simone

  • Zyxel_Jerry
    Zyxel_Jerry Posts: 1,271  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 50 Answers 1000 Comments

    Hi @simone

    After trying to build up L2TP VPN.

    Can you screenshot the View Log page for us?

    Go to Monitor > Log > View Log and select Category : IKE 


    Engage in the Community, become an MVP, and win exclusive prizes!

Security Highlight