Can't establish VPN-connection Win10<->USG60W

poberl

Hi,

I recently installed a USG60W and now fail to setup VPN correctly.
My goal is to allow tunneling into the LAN via VPN using Windows 10's built-in VPN client.

The firewall is behind the modem given to me by my ISP:
Internet
185.50.xx.yy (WAN) - A1 WLAN Box ADB VV2220 - 10.0.0.138 (DMZ)
10.0.0.2 (WAN1) - ZyXEL USG60W - 192.168.0.20 (LAN1)

When trying to connect, Windows says:


While the firewall's log says:


It seems to me, it's repeatedly rekeying (whatever that means):



VPN connection and gateway were created by the quick setup wizard and are configured as follows:


Does anyone know, what the problem might be or how to solve it?

I appreciate any kind of help!

Zyxel_Charlie

Hello Poberl,
For VPN connect with win10<->USG,
To establishing the L2TP connection , remember to enable the “IKE service”. Please refer to attached document as your reference.
Charlie

 

poberl

Hello Charlie,

thank you for your response.
The IKE service was already running, so that doesn't seem to be the problem.

zyman2008

For the case, USG is behind NAT device.
Please refer this KB to configure the NAT mapping on your modem. (UDP:500 and 4500)
https://kb.zyxel.com/KB/searchArticle!viewDetail.action?articleOid=015090&lang=EN

Also, you need to add registry key on your Windows client
https://support.microsoft.com/en-us/help/926179/how-to-configure-an-l2tp-ipsec-server-behind-a-nat-t-device-in-windows
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent]
"AssumeUDPEncapsulationContextOnSendRule"=dword:00000002

poberl

Hi zyman,

I now am able to connect via VPN.
I think the registry entry did the trick, though I updated the firmware too.
Anyway thanks for your help!