VPN on Zyxel USG FLEX 100 W not work
Freshman Member
Hello,
we have a problem with the VPN configuration on the USG FLEX 100 W. The device is behind a router provided by the ISP and the client cannot connect to the VPN.
We have configured the IPSec VPN through the wizard but the client goes into timeout (GNU/Linux OS) and secuextender fails to connect and prompts for credentials again (Windows OS).
We also opened UDP ports 500 and 4500 on the ISP's router to handle IKE and NATT protocols, but the client still does not connect.
Can you please help us with this?
Attached is an image of the network diagram:
All Replies
-
If you send a packet from this site
and run a packet capture on USG do you see it from 192.241.153.165 for ports 500 and 4500?
0 -
It seems that the packets are being captured correctly by the USG.
0 -
If on windows the default need is:
Phase 1 Settings in VPN gateway
3DES SHA1 DH2
Phase 2 Settings in VPN connection
AES256 SHA1 PFS none
is your VPN server setup on USG for L2TP over IPSec IKEv1 or IKEv2?
Do you have Policy Control to allow from WAN to Zywall and VPN zone to Zywall for ports 500 , 4500 and 1701?
0 -
I configured phase 1 and phase 2 as indicated, but the client still won't connect.
I used the wizard to enable vpn and the L2TP protocol was not enabled. Is it necessary to enable it? If I enable the L2TP protocol I cannot select any connection
Policy Control has been set up
0 -
The L2TP only works with IKEv1 not v2
and for phase 2 Encapsulation is Transport
0 -
Hi @cmdevops
It looks like your policy doesn't include the ESP protocol. Could you please add it? Additionally, could you take a screenshot and share your firewall logs (found under MONITOR > Log > View Log) from the time the event occurred?
Thank you!
Kay
See how you've made an impact in Zyxel Community this year!
0 -
We have both Windows and Linux systems so we used the wizard which allows access both with Secuextender and without. It uses the IKEv2 protocol
0 -
I enabled the ESP protocol in Policy Control and found the logs
0
Guru Member
Zyxel Employee
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 146 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight
