ipsec vpn
jeffjohn1941
Posts: 71 Ally Member
I have access to my remote network via its bridged ZyWall5, readily accessible through both Greenbow and Shrewsoft vpn Ipsec ( and Teamviewer). However I just can not access via SBG3300 vpn. Has anyone a working example? (Though I'd rather not disturb my existing links!).
Jeff J Purcell, New Forest, Uk and France, 44290
0
Comments
-
Hello jeffjohan1941,
As your description,
Just want to confirm that do you want to establish Ipsec VPN (Server role) on SBG3300 with Greenbow?
Charlie0 -
No,sorry. GB works fine, as does Shrewsoft with X-Auth and PSK.
However, I can not get the SBG3300 Ipsec VPN to connect to the Zywall 5 using the appropriate protocols. Is it particular about ID type, for exampleJeff J Purcell, New Forest, Uk and France, 442900 -
To establish the VPN connection,
you need to confirm the profile of Encryption, Authentication on phase 1 and phase 2 are the same.
Also,checking the IP type and local, remote policy.
Here is document from FAQ.
https://businessforum.zyxel.com/discussion/641/how-to-establish-vpn-tunnel/p1?new=10 -
Thanks - However from local 'hotspot' (pub), wifi connection to remote VPN server is fine.Works very well. However when I attempt the same connection from home LAN behind SBG3300, I receive the msg. "The remote network address (phase 2) is wrong". Is this a local firewall issue?
Apologies! GreenBow test site works fine, so local setup no problem. Incompatibility with remote server settings, I assume!Jeff J Purcell, New Forest, Uk and France, 442900 -
Thanks
Jeff J Purcell, New Forest, Uk and France, 442900 -
Hello jeffjohn1941,
Do you mean the topology: PC----(connected with Wifi)-----sbg3300-------vpn ----zywall5,
the VPN is working fine.
However, PC---(connected with Lan port)--SBG3300---vpn ----zywall5, the VPN is not working, right?
If yes, first please double confirm the phase 2 profile of SBG and zywall5 match with each other.
Secondly, may I know the PC's IP which get from SBG lan port match with Local policy on SBG 3300?
Charlie0 -
Basically, client connection (Shrewsoft or TheGreenBow) from behind gateway to remote server not possible (except to TheGreenBow test site). I have now read : "If the client PC is behind a NAT device, we have to select FQDN as ID Type, otherwise the VPN tunnel can’t be established". I assume this may well be the problem. (?)
Thanks for your interest, JeffJeff J Purcell, New Forest, Uk and France, 442900 -
Hello jsffjohn1941,
I need to confirm the topology first, is the topology like this
PC(GB)----SBG3300---VPN-----zywall5(Server)?
If not, please share the correct topology of this case.
Secondly, is it working if PC(GB) connect with zywall5(server)directly?
Charlie0 -
Hi Charlie - sorry about delay in responding. Now at the Fr remote site attempting site2site. The Zywall 5 (192.168.0.50) here is behind Router in bridge mode. The remote UK site (80.229.172.170) is the sbg3300. Connecting to the ZyWall using local PC (192.168.0.12). Connection fails with log as shown below:
I can connect without difficulty to either sites as 'road-warrior'. I'd be pleased to receive any advice or suggestions. Many thanks for your support, Jeff
Jeff J Purcell, New Forest, Uk and France, 442900 -
Many thanks for your forebearance! I checked the remote server via TeamViewer and found I could connect out site2site but not in reverse direction. Investigating the FW, I found VPN to LAN and WAN not authorised by wizard; hence the problem. All now resolved, thanks! Jeff
Jeff J Purcell, New Forest, Uk and France, 442900
Categories
- All Categories
- 347 Beta Program
- 2.1K Nebula
- 114 Nebula Ideas
- 77 Nebula Status and Incidents
- 5K Security
- 44 USG FLEX H Series
- 246 Security Ideas
- 1.2K Switch
- 65 Switch Ideas
- 901 WirelessLAN
- 33 WLAN Ideas
- 5.8K Consumer Product
- 204 Service & License
- 326 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.8K FAQ
- 831 Nebula FAQ
- 401 Security FAQ
- 219 Switch FAQ
- 190 WirelessLAN FAQ
- 45 Consumer Product FAQ
- 136 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 71 About Community
- 61 Security Highlight