usg 1000 vpn 16015 error

kriszty
kriszty Posts: 18  Freshman Member
edited April 14 in Security

Question ,

i have 3 USG 1000 firewalls first one has firmware 3.00 and the other has 3.30
i setup the first firewall , this one is online and running, the VPN is working fine !

the other 2 , i restored the settings from the first firewall, ( these other 2 are offline )
if i want to connect the default VPN, it gives an error ( 16015 dial a dynamic tunnel has failed crypto )

is this because it,s not connected to the internet, or is this firmware related ?

thanks


«1

Comments

  • Blabababa
    Blabababa Posts: 121  Ally Member
    This message looks like that the setup on the client or the proposal for tunnel did not match the server's.
    Are the ip ranges and encryption method identical on the both sides?
  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,033  Zyxel Employee
    Hello Kriszty,
    G'day
    For the L2TP connection, you should initiate the session from client side not server side, because the peer security gateway(client) is dynamic address (0.0.0.0)which means USG does not know which client can be established tunnel.
    This is why you press connect button, it will show this error message.

    To avoid this issue occur, once again please make sure to initiate the L2TP session on Client side not server side. 
    If the issue still happen, please share the configuration via private message, and share the screenshot of log message.
    Thanks
    BR,
    Charlie

  • kriszty
    kriszty Posts: 18  Freshman Member
    so basicly, if i connect it to the internet ( online ), it should work ? , i will try it this weekend, thanks for the replies
  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,033  Zyxel Employee
    Hello Kriszty,
    Does the issue disappear or still occur?
    Charlie
  • kriszty
    kriszty Posts: 18  Freshman Member
    hi Charlie, yes it works now ...
    but another question, how to setup my zywall so only the vpn is made ( wich can access the lan network ) but for internet using his own internet connection.  Now if a client makes a vpn it uses the zywall internet connection. i can disable the zywall internet access, but then the client can not use his own internet connection, is this firewall related or routing ?
  • kriszty
    kriszty Posts: 18  Freshman Member
    edited October 2017
    this is the routing screen

  • kriszty
    kriszty Posts: 18  Freshman Member
    edited October 2017
    this is the firewall rules
  • kriszty
    kriszty Posts: 18  Freshman Member
    this is my setup, i can connect to the vpn and access my external lan , but i want to use my own internet...not the zywall internet
  • Jeremylin
    Jeremylin Posts: 166  Master Member
    When you establish L2TP VPN to USG, the all traffic will be redirect to tunnel.
    If you want to access internet also l2TP enable, the only way is that access internet via USG.
    However, if you dont want to use USG's internet connection, just disable L2TP tunnel, and you can use own internet connection.
  • kriszty
    kriszty Posts: 18  Freshman Member
    Hi Jeremy, should i remove the last line in the routing ?

Security Highlight