IKEv2 VPN - successful connection, can't reach devices on target/remote LAN
Freshman Member
Following up from https://businessforum.zyxel.com/discussion/2068/ikev2
I have successfully configured an IKEv2 VPN, and can make a successful connection to the Zyxel USG device with an iPhone and mac OS.
However, I can't reach any devices inside the remote network (trying the Zyxel on it's LAN IP, and a printer with an available web interface in/on/via the LAN).
Note: I did have a prior, IKE(v1) VPN configuration (now disabled) with which I could connect and access LAN devices.
I've checked and the existing firewall rules (that permit such traffic) include the newly setup & working (at least to connect) IKEv2 VPN setup.
I also found and followed this Zyxel article, but the issue remains (unresolved).
https://mysupport.zyxel.com/hc/en-us/articles/360005744000--ZyWALL-USG-How-to-set-up-a-Client-to-Site-VPN-Configuration-Payload-DHCP-connection-using-IKEv2
I have successfully configured an IKEv2 VPN, and can make a successful connection to the Zyxel USG device with an iPhone and mac OS.
However, I can't reach any devices inside the remote network (trying the Zyxel on it's LAN IP, and a printer with an available web interface in/on/via the LAN).
Note: I did have a prior, IKE(v1) VPN configuration (now disabled) with which I could connect and access LAN devices.
I've checked and the existing firewall rules (that permit such traffic) include the newly setup & working (at least to connect) IKEv2 VPN setup.
I also found and followed this Zyxel article, but the issue remains (unresolved).
https://mysupport.zyxel.com/hc/en-us/articles/360005744000--ZyWALL-USG-How-to-set-up-a-Client-to-Site-VPN-Configuration-Payload-DHCP-connection-using-IKEv2
0
Accepted Solution
-
This was solved by Zyxel_Emily - thank you so very much !!
The fix is:"The IP address pool for IKEv2 cannot conflict with WAN/LAN/DMZ subnet even if they are not in use.Please check the pool of IKEv2 again."
With a screenshot suggesting a configured IKEv2-Pool address object, with IPs from 100.100.100.1 - 100.100.100.10
Which I used exactly, and updated the existing IKEv2 connection settings to use that address pool and it works, I can reach devices on the remote LAN.
Configuration > Object > Address/Geo IP > (Add) > Name: IKEv2-Pool, Address Type: Range, Start IP 100.100.100.1 , End IP 100.100.100.10Configuration > IPSec VPN >Select (here, my name used) IKEv2 Connection > Edit > Configuration Payload > Click at the top on "Show Advanced Settings" >
Configuration Payload: click on/activate Enable Configuration Payload >
IP address pool: IKEv2-Pool(Also supply DNS if/as desired below that).
1
All Replies
-
Hi @CoreSG,We need to check the configuration file of your device.Could you share the startup-config.conf with me in private message?I will contact you in private message for the configuration file.0
-
This was solved by Zyxel_Emily - thank you so very much !!
The fix is:"The IP address pool for IKEv2 cannot conflict with WAN/LAN/DMZ subnet even if they are not in use.Please check the pool of IKEv2 again."
With a screenshot suggesting a configured IKEv2-Pool address object, with IPs from 100.100.100.1 - 100.100.100.10
Which I used exactly, and updated the existing IKEv2 connection settings to use that address pool and it works, I can reach devices on the remote LAN.
Configuration > Object > Address/Geo IP > (Add) > Name: IKEv2-Pool, Address Type: Range, Start IP 100.100.100.1 , End IP 100.100.100.10Configuration > IPSec VPN >Select (here, my name used) IKEv2 Connection > Edit > Configuration Payload > Click at the top on "Show Advanced Settings" >
Configuration Payload: click on/activate Enable Configuration Payload >
IP address pool: IKEv2-Pool(Also supply DNS if/as desired below that).
1
Zyxel Employee
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight
