USG60 <> USG200 Site2Site VPN stopped working after WAN IP change
All Replies
-
Okay these seem to have been transient issues.
I restarted the USSG60 once again between my last post and now (it was restarted before my last post) without any configuration changes and it works now. Key handshake runs on USP4500 now as expected. All other stages of the VPN work.
I think my USG 60 at the branch office had some latent borked configuration. After the first reboot, some changes from the past few months (without reboots) were gone. Nothing too major, but odd nevertheless. Good thing we are switching to a newer USG200 here soon.
Special thanks to PeterUK who brought me on the right track.
0 -
No putting one behind NAT will use port 4500 as the tunnel port 500 is used for exchange keys
Can you check by packet capture on the USG you are sending and receiving either 4500 or protocol 50 when sending ping
its also possible your ISP beyond support knows nothing of the block and just tell you ESP is not blocked
Edit: I see its all working😁
0
Freshman Member
Guru Member
Categories
- All Categories
- 426 Beta Program
- 2.6K Nebula
- 163 Nebula Ideas
- 112 Nebula Status and Incidents
- 5.9K Security
- 343 USG FLEX H Series
- 288 Security Ideas
- 1.5K Switch
- 78 Switch Ideas
- 1.2K Wireless
- 42 Wireless Ideas
- 6.6K Consumer Product
- 261 Service & License
- 404 News and Release
- 86 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.8K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 82 Security Highlight
