USG20-VPN, L2TP/IPSec, Static client IP ?

DaG2942
DaG2942 Posts: 4
in Security
Hi,

I’ve configured a USG20-VPN for L2TP/IPSec VPN server.
I’ve configured some Windows VPN Client to connect to this Server.

It works!
Clients receive an IP in range set in Server (IP_Range_Pool)

But now, how/where to configure the USG20 to Reserve one specific static IP for one specific Client ?!

I have tried somethings in the server but no success (and breaking VPN…).
I have also tried in the client side (fixe IP on VPN virtual connector) but no success (and breaking VPN…).
How can I to reserve static IP ??

Thank you verry mutch.

All Replies

  • ticsystems
    ticsystems Posts: 52  ZCNE Certified
    First Anniversary ZCNE Security Level 1 Certification - 2020 10 Comments Nebula Gratitude
    I have the same problem. When setting a private ip, it does not connect. It only works if I set the first or last IP of the pool.

  • DaG2942
    DaG2942 Posts: 4
    Thanks.But not a solution.Moreover, I tried your tric : Set the first or last IP of the pool, But it don't work for me !
    Are we alon ?
  • mMontana
    mMontana Posts: 1,300  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    DaG2942 said:
    But now, how/where to configure the USG20 to Reserve one specific static IP for one specific Client ?!
    What are you trying to achieve?
    It's not necessary a static IP for create policy rules, you can create rules also on users as object ;)
  • DaG2942
    DaG2942 Posts: 4
    Hi,

    Not a problem of rules or other setting for the client side.
    For some specifics industrial communication protocols, machines on the VPN server side have to be configured (statically) with the static IP of the machines into the VPN client side. (And reverse, but that is no problem)
    The question is how to do this, not why. But if you have idea…

    If I can reserve IP client by user, I would by happy!
    (I don’t well know USG20 and VPN…) (and English, sorry)

    Thanks.
  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,450  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @DaG2942,
    The L2TP client cannot be assigned as static IP. But this can be achieved by using Zyxel IPSec VPN Client.
    Zyxel IPSec VPN client download link:
    https://www.zyxel.com/cn/zh/products_services/VPN-Client-Software-SecuExtender-Software/ipsec-vpn

  • DaG2942
    DaG2942 Posts: 4
    Hi,

    Ha, ok, Zyxel IPSec VPN Client is a software, not hardware as I thought !!

    Is it license-free?

    Not tried yet (cannot yet), but:
    In the sample, the Zyxel VPN Client address is 20.20.20.11 is INSIDE the configured address pool for dhcp client (in server). What appends if a ‘dynamic’ client (normal Windows VPN client) has already this address!!?
    In order to avoid this, is it possible to set the Zyxel IPSec VPN Client address out of the pool address (ie 20.20.20.9) ?

     
    Thank again!

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,450  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @DaG2942,
    It's not free license, and the address assigning must in pool range.
  • mMontana
    mMontana Posts: 1,300  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Feature request: user-related IP reservation for SSLVPN and L2TP.

Categories

Security Highlight


Read more

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)