USG60 - VPN ipsec IP
Freshman Member
Hi all,
Now I have a question, when I close VPN I have my original source IP given from my ISP where am I (client side).
My goal is to have the destination IP given from the ISP where my USG60 is (server side).
Is it possible to configure it as explained above? With OpenVPN I can do this on a USG60’s LAN device , but I would like to do it via IPSec directly on the USG60.
Best Regards
eze
0
All Replies
-
Hi @ezekiel74
I am not sure if I catch you.
I understand that you configured an IPsec server for nomad users.
Obviously, the nomad/remote users are connected to the internet before they establish the vpn tunnel.
Once they connect, they receive a new ip adress provided by the "VPN" (in most of the cases via DHCP or via RADIUS).
When the nomad users is disconnected, the "VPN" address is removed.
I suppose you want to determine the public ip address of the USG60 to establish the VPN.
That kind of service is called "Dynamic DNS".
Once your device is on the internet, it logins into a Dynamic DNS platform, so the user only needs to remember the DNS name to know the ip address of the VPN server. In most of the VPN clients, a name could be configured as a remote server.
More information about how to configure a zyxel router to use DDNS can be found on:
https://www.noip.com/support/knowledgebase/setting-ddns-zyxel-router/
I hope it helps you.
Enjoy
1 -
Hi Alfonso,thanks, but it's a little bit different.I have aready a ddns configured.Suppose I'm travelling (public ip 81.20.139.26) and the USG60 is at home (public IP 153.23.24.58 with ddns configured).Currently if I close vpn tunnel and check my ip with showmyip I receive 81.20.139.26, the goal is to present myself to internet with 153.23.24.58. This scenario I already done with OpenVPN, and I would like to do with ipsec directly on USG60.Best Regardseze
0 -
Hi @ezekiel74
According to your scenario:
While the vpn is up, the showed ip address of your mobile/laptop should be 153.23.24.58.
But once the vpn. is down ... your ip address will be 81.20.139.26.
So if I understood you well, you want to configure a nomad IPSec VPN server on the USG60, be cause you want to show "always" the ip address 153.23.24.58
Am I right?
1 -
Hi @ezekiel74
I recommend to you l2tp over ipsec.
Most android & ios phone and windows pc can be configured to establish this kind of vpn without installing any new app/software.
Here it is a link which shows how to do it:
https://support.zyxel.eu/hc/en-us/articles/360001390914-L2TP-configuration-on-a-USG-Firewall-using-the-Windows-built-in-client
I hope it helps you.
Enjoy
1 -
-
Hi @ezekiel74
"No proposal chosen" : your combination of your encryption, hash and dh group is different on both devices.
As I do not have an iphone, I do not know ipsec iphone capabilities.
But I suppose that the following configuration should work:
Encryption: AES
Hash: SHA1
DH: 2
I hope you will get it
1 -
at least these proposals should work for L2TP with IOS and Win10:Phase 1: 3DES, SHA1, DH2Phase 2: AES256, SHA1, PFS none1
Master Member
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 146 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight
