ipsec vpn

jeffjohn1941
jeffjohn1941 Posts: 65
First Comment Friend Collector Third Anniversary
 Ally Member
edited April 2021 in Security
I have access to my remote network via its bridged ZyWall5, readily accessible through both Greenbow and Shrewsoft vpn Ipsec ( and Teamviewer). However I just can not access via SBG3300 vpn. Has anyone a working example? (Though I'd rather not disturb my existing links!).
Jeff J Purcell, New Forest, Uk and France, 44290
«1

Comments

  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034
    50 Answers 500 Comments Friend Collector Fourth Anniversary
     Guru Member
    Hello jeffjohan1941,
    As your description,
    Just want to confirm that do you want to establish Ipsec VPN (Server role) on SBG3300 with Greenbow? 
    Charlie
  • jeffjohn1941
    jeffjohn1941 Posts: 65
    First Comment Friend Collector Third Anniversary
     Ally Member
    No,sorry. GB works fine, as does Shrewsoft with X-Auth and PSK.
    However, I can not get the SBG3300 Ipsec VPN to connect to the Zywall 5 using the appropriate protocols. Is it particular about ID type, for example
    Jeff J Purcell, New Forest, Uk and France, 44290
  • Jeremylin
    Jeremylin Posts: 166
    First Comment First Answer Third Anniversary
     Master Member
    edited October 2017
    To establish the VPN connection,
    you need to confirm the profile of Encryption, Authentication on phase 1 and phase 2 are the same.  
    Also,checking the IP type and local, remote policy.
    Here is document from FAQ.
    https://businessforum.zyxel.com/discussion/641/how-to-establish-vpn-tunnel/p1?new=1





  • jeffjohn1941
    jeffjohn1941 Posts: 65
    First Comment Friend Collector Third Anniversary
     Ally Member
    edited November 2017
    Thanks - However from local 'hotspot' (pub), wifi connection to remote VPN server is fine.Works very well. However when I attempt the same connection from home LAN behind SBG3300, I receive the msg. "The remote network address (phase 2) is wrong". Is this a local firewall issue?  

    Apologies! GreenBow test site works fine, so local setup no problem. Incompatibility with remote server settings, I assume!
    Jeff J Purcell, New Forest, Uk and France, 44290
  • jeffjohn1941
    jeffjohn1941 Posts: 65
    First Comment Friend Collector Third Anniversary
     Ally Member
    edited November 2017
    Thanks 
    Jeff J Purcell, New Forest, Uk and France, 44290
  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034
    50 Answers 500 Comments Friend Collector Fourth Anniversary
     Guru Member
    Hello jeffjohn1941,
    Do you mean the topology: PC----(connected with Wifi)-----sbg3300-------vpn ----zywall5,
    the VPN is working fine.
    However, PC---(connected with Lan port)--SBG3300---vpn ----zywall5, the VPN is not working, right?
    If yes, first please double confirm the phase 2 profile of SBG and zywall5 match with each other.
    Secondly, may I know the PC's IP which get from SBG lan port match with Local policy on SBG 3300?
    Charlie
  • jeffjohn1941
    jeffjohn1941 Posts: 65
    First Comment Friend Collector Third Anniversary
     Ally Member
    Basically, client connection (Shrewsoft or TheGreenBow) from behind gateway to remote server not possible (except to TheGreenBow test site). I have now read : "If the client PC is behind a NAT device, we have to select FQDN as ID Type, otherwise the VPN tunnel can’t be established".  I assume this may well be  the problem. (?)
    Thanks for your interest, Jeff
    Jeff J Purcell, New Forest, Uk and France, 44290
  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034
    50 Answers 500 Comments Friend Collector Fourth Anniversary
     Guru Member
    Hello jsffjohn1941,
    I need to confirm the topology first, is the topology like this 
    PC(GB)----SBG3300---VPN-----zywall5(Server)?
    If not, please share the correct topology of this case.
    Secondly, is it working if PC(GB) connect with zywall5(server)directly?
    Charlie
  • jeffjohn1941
    jeffjohn1941 Posts: 65
    First Comment Friend Collector Third Anniversary
     Ally Member
    Hi Charlie - sorry about delay in responding. Now at the Fr remote site attempting site2site. The Zywall 5 (192.168.0.50) here is behind Router in bridge mode. The remote UK site (80.229.172.170) is the sbg3300. Connecting to the ZyWall using local PC (192.168.0.12). Connection fails with log as shown below:



    I can connect without difficulty to either sites as 'road-warrior'.  I'd be pleased to receive any advice or suggestions.  Many thanks for your support, Jeff
    Jeff J Purcell, New Forest, Uk and France, 44290
  • jeffjohn1941
    jeffjohn1941 Posts: 65
    First Comment Friend Collector Third Anniversary
     Ally Member
    Many thanks for your forebearance!  I checked the remote server via TeamViewer and found I could connect out site2site but not in reverse direction. Investigating the FW, I found VPN to LAN and  WAN  not authorised by wizard; hence the problem.  All now resolved, thanks! Jeff
    Jeff J Purcell, New Forest, Uk and France, 44290

Security Highlight