Can't establish VPN-connection Win10<->USG60W
Hi,
I recently installed a USG60W and now fail to setup VPN correctly.
My goal is to allow tunneling into the LAN via VPN using Windows 10's built-in VPN client.
The firewall is behind the modem given to me by my ISP:
Internet
185.50.xx.yy (WAN) - A1 WLAN Box ADB VV2220 - 10.0.0.138 (DMZ)
10.0.0.2 (WAN1) - ZyXEL USG60W - 192.168.0.20 (LAN1)
When trying to connect, Windows says:

While the firewall's log says:

It seems to me, it's repeatedly rekeying (whatever that means):

VPN connection and gateway were created by the quick setup wizard and are configured as follows:


Does anyone know, what the problem might be or how to solve it?
I appreciate any kind of help!
I recently installed a USG60W and now fail to setup VPN correctly.
My goal is to allow tunneling into the LAN via VPN using Windows 10's built-in VPN client.
The firewall is behind the modem given to me by my ISP:
Internet
185.50.xx.yy (WAN) - A1 WLAN Box ADB VV2220 - 10.0.0.138 (DMZ)
10.0.0.2 (WAN1) - ZyXEL USG60W - 192.168.0.20 (LAN1)
When trying to connect, Windows says:

While the firewall's log says:

It seems to me, it's repeatedly rekeying (whatever that means):

VPN connection and gateway were created by the quick setup wizard and are configured as follows:


Does anyone know, what the problem might be or how to solve it?
I appreciate any kind of help!
0
Comments
-
Hello Poberl,
For VPN connect with win10<->USG,
To establishing the L2TP connection , remember to enable the “IKE service”. Please refer to attached document as your reference.
Charlie
0 -
Hello Charlie,
thank you for your response.
The IKE service was already running, so that doesn't seem to be the problem.
0 -
For the case, USG is behind NAT device.
Please refer this KB to configure the NAT mapping on your modem. (UDP:500 and 4500)
https://kb.zyxel.com/KB/searchArticle!viewDetail.action?articleOid=015090&lang=EN
Also, you need to add registry key on your Windows client
https://support.microsoft.com/en-us/help/926179/how-to-configure-an-l2tp-ipsec-server-behind-a-nat-t-device-in-windows
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent]
"AssumeUDPEncapsulationContextOnSendRule"=dword:00000002
0 -
Hi zyman,
I now am able to connect via VPN.
I think the registry entry did the trick, though I updated the firmware too.
Anyway thanks for your help!
0
Categories
- All Categories
- 415 Beta Program
- 2.5K Nebula
- 152 Nebula Ideas
- 102 Nebula Status and Incidents
- 5.8K Security
- 300 USG FLEX H Series
- 282 Security Ideas
- 1.5K Switch
- 77 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.5K Consumer Product
- 254 Service & License
- 396 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 87 About Community
- 76 Security Highlight