ipsec vpn
jeffjohn1941
Posts: 71 Ally Member
I have access to my remote network via its bridged ZyWall5, readily accessible through both Greenbow and Shrewsoft vpn Ipsec ( and Teamviewer). However I just can not access via SBG3300 vpn. Has anyone a working example? (Though I'd rather not disturb my existing links!).
Jeff J Purcell, New Forest, Uk and France, 44290
0
Comments
-
Hello jeffjohan1941,
As your description,
Just want to confirm that do you want to establish Ipsec VPN (Server role) on SBG3300 with Greenbow?
Charlie0 -
No,sorry. GB works fine, as does Shrewsoft with X-Auth and PSK.
However, I can not get the SBG3300 Ipsec VPN to connect to the Zywall 5 using the appropriate protocols. Is it particular about ID type, for exampleJeff J Purcell, New Forest, Uk and France, 442900 -
To establish the VPN connection,
you need to confirm the profile of Encryption, Authentication on phase 1 and phase 2 are the same.
Also,checking the IP type and local, remote policy.
Here is document from FAQ.
https://businessforum.zyxel.com/discussion/641/how-to-establish-vpn-tunnel/p1?new=10 -
Thanks - However from local 'hotspot' (pub), wifi connection to remote VPN server is fine.Works very well. However when I attempt the same connection from home LAN behind SBG3300, I receive the msg. "The remote network address (phase 2) is wrong". Is this a local firewall issue?
Apologies! GreenBow test site works fine, so local setup no problem. Incompatibility with remote server settings, I assume!Jeff J Purcell, New Forest, Uk and France, 442900 -
Thanks
Jeff J Purcell, New Forest, Uk and France, 442900 -
Hello jeffjohn1941,
Do you mean the topology: PC----(connected with Wifi)-----sbg3300-------vpn ----zywall5,
the VPN is working fine.
However, PC---(connected with Lan port)--SBG3300---vpn ----zywall5, the VPN is not working, right?
If yes, first please double confirm the phase 2 profile of SBG and zywall5 match with each other.
Secondly, may I know the PC's IP which get from SBG lan port match with Local policy on SBG 3300?
Charlie0 -
Basically, client connection (Shrewsoft or TheGreenBow) from behind gateway to remote server not possible (except to TheGreenBow test site). I have now read : "If the client PC is behind a NAT device, we have to select FQDN as ID Type, otherwise the VPN tunnel can’t be established". I assume this may well be the problem. (?)
Thanks for your interest, JeffJeff J Purcell, New Forest, Uk and France, 442900 -
Hello jsffjohn1941,
I need to confirm the topology first, is the topology like this
PC(GB)----SBG3300---VPN-----zywall5(Server)?
If not, please share the correct topology of this case.
Secondly, is it working if PC(GB) connect with zywall5(server)directly?
Charlie0 -
Hi Charlie - sorry about delay in responding. Now at the Fr remote site attempting site2site. The Zywall 5 (192.168.0.50) here is behind Router in bridge mode. The remote UK site (80.229.172.170) is the sbg3300. Connecting to the ZyWall using local PC (192.168.0.12). Connection fails with log as shown below:
I can connect without difficulty to either sites as 'road-warrior'. I'd be pleased to receive any advice or suggestions. Many thanks for your support, Jeff
Jeff J Purcell, New Forest, Uk and France, 442900 -
Many thanks for your forebearance! I checked the remote server via TeamViewer and found I could connect out site2site but not in reverse direction. Investigating the FW, I found VPN to LAN and WAN not authorised by wizard; hence the problem. All now resolved, thanks! Jeff
Jeff J Purcell, New Forest, Uk and France, 442900
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 152 Nebula Ideas
- 100 Nebula Status and Incidents
- 5.8K Security
- 290 USG FLEX H Series
- 278 Security Ideas
- 1.5K Switch
- 77 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.5K Consumer Product
- 252 Service & License
- 396 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 86 About Community
- 75 Security Highlight