Can't establish VPN-connection Win10<->USG60W
Hi,
I recently installed a USG60W and now fail to setup VPN correctly.
My goal is to allow tunneling into the LAN via VPN using Windows 10's built-in VPN client.
The firewall is behind the modem given to me by my ISP:
Internet
185.50.xx.yy (WAN) - A1 WLAN Box ADB VV2220 - 10.0.0.138 (DMZ)
10.0.0.2 (WAN1) - ZyXEL USG60W - 192.168.0.20 (LAN1)
When trying to connect, Windows says:
While the firewall's log says:
It seems to me, it's repeatedly rekeying (whatever that means):
VPN connection and gateway were created by the quick setup wizard and are configured as follows:
Does anyone know, what the problem might be or how to solve it?
I appreciate any kind of help!
I recently installed a USG60W and now fail to setup VPN correctly.
My goal is to allow tunneling into the LAN via VPN using Windows 10's built-in VPN client.
The firewall is behind the modem given to me by my ISP:
Internet
185.50.xx.yy (WAN) - A1 WLAN Box ADB VV2220 - 10.0.0.138 (DMZ)
10.0.0.2 (WAN1) - ZyXEL USG60W - 192.168.0.20 (LAN1)
When trying to connect, Windows says:
While the firewall's log says:
It seems to me, it's repeatedly rekeying (whatever that means):
VPN connection and gateway were created by the quick setup wizard and are configured as follows:
Does anyone know, what the problem might be or how to solve it?
I appreciate any kind of help!
0
Comments
-
Hello Poberl,
For VPN connect with win10<->USG,
To establishing the L2TP connection , remember to enable the “IKE service”. Please refer to attached document as your reference.
Charlie
0 -
Hello Charlie,
thank you for your response.
The IKE service was already running, so that doesn't seem to be the problem.
0 -
For the case, USG is behind NAT device.
Please refer this KB to configure the NAT mapping on your modem. (UDP:500 and 4500)
https://kb.zyxel.com/KB/searchArticle!viewDetail.action?articleOid=015090&lang=EN
Also, you need to add registry key on your Windows client
https://support.microsoft.com/en-us/help/926179/how-to-configure-an-l2tp-ipsec-server-behind-a-nat-t-device-in-windows
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent]
"AssumeUDPEncapsulationContextOnSendRule"=dword:00000002
0 -
Hi zyman,
I now am able to connect via VPN.
I think the registry entry did the trick, though I updated the firmware too.
Anyway thanks for your help!
0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 218 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 245 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3.1K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight