How to configure IPSec VPN on SBG3300-N series

Zyxel_Charlie
Zyxel_Charlie Posts: 1,034  Zyxel Employee
50 Answers 500 Comments Friend Collector Fourth Anniversary
edited June 2022 in VPN
SCENARIO DESCRIPTION:

 

This section describes the external interface of the IPSec VPN features.

Users can configure IPSec VPN using either the simple wizard of the web configuration GUI. The simple IPSec VPN Wizard is and manage the IPSec VPN is described first, followed by the description of the web configuration GUI.

SETUP/STEP BY STEP PROCEDURE:

 

1.          Go to VPN > IPSec VPN > Modify.

2.          Check the “Enable” box for IPSec VPN.

3.          Select the scenario that best describes your intended VPN connection.

 

Site-to-site - Choose this if the remote IPSec router has a static IP address or a domain name. This SP Gateway can initiate the VPN tunnel.

Site-to-site with Dynamic Peer - Choose this if the remote IPSec router has a dynamic IP address. Only the remote IPSec router can initiate the VPN tunnel.

Remote Access (Server Role) - Choose this to allow incoming connections from IPSec VPN clients. The clients have dynamic IP addresses and are also known as dial-in users. Only the clients can initiate the VPN tunnel.This case we choose Application Scenario to “Site-to-Site"

4. This case we choose Application Scenario to “Site-to-Site”.

5. Select interface for My Address

6. Fill in the Peer Gateway Address

7. Click the “Apply

8. Download the GreenBow VPN Client 4.7 version and install to PC. Note: GreenBow VPN Client v5.0 will sometimes become irresponsive and must reboot PC to work again, so I recommend to use v4.7.

        a. Open the VPN client configuration.

        b. Create a new Phase 1.

        c. Set the Interface to "Any", Remote Gateway to the WAN IP address of SBG3300

        d. Pre-shared key, encryption, authentication and key group must be the same for both VPN server    and client

        e. Click Save & Apply.

         f. Create a new Phase 2. Set the address type to "Subnet address", set the remote LAN address and subnet mask.

        g. Encryption and authentication must be the same for both VPN server and client.

        h. Mode must be set to "Tunnel".

         i.  PFS must be uncheck.

         j.  Click Save & Apply.

         k. Click Open Tunnel.

VERIFICATION:

 

 Click “Monitor” to check the VPN status