The implicit Security Policy works for L2TP remote Client, but not for IPSec remote client

Soeren_Hvid_DK · October 10

The implicit Security Policy / IP sec seems to not allow traffic to the lans, Only L2TP works .

Any idea why?

Zyxel_Melen · October 15

Hi @Soeren_Hvid_DK,

After checking, I found:

IPSec VPN disabled 2FA: I can access LAN 1 and LAN 2.
IPSec VPN enabled 2FA: Windows won't popout the 2FA verify page, I have to open the browser and manually enter "https://192.168.100.1/weblogin.cgi?auth_type=vpn" to verify.
P.S. The IP address can be one of the firewall interface IP addresses.

The URL in the FAQ is wrong. I have updated it and please use the new URL to test.

Zyxel_Melen · October 11

Hi @Soeren_Hvid_DK,

This is more likely you didn't enable IPSec VPN to use VPN in the site-to-site VPN page. Please navigate to Menu > Site-wide > Configuration > Firewall > Site-to-site VPN to adjust your configuration.

Hope it helps.

Soeren_Hvid_DK · October 11

Unfortunately it made no difference, IPSec still doesn't work

Zyxel_Melen · October 11

Hi @Soeren_Hvid_DK,

Could you enable Zyxel support access for me to check the configuration?

https://community.zyxel.com/en/discussion/14234/nebula-how-to-turn-on-zyxel-support-access

Soeren_Hvid_DK · October 11

Is enabled now

#####Remove private info#####

Do you need more infomation

Zyxel_Melen · October 14

Hi @Soeren_Hvid_DK,

I found that you have set two static route rules for IPSec VPN to VLAN 30. Could you delete these static route roles and test again?

Soeren_Hvid_DK · October 14

Yes, no problem, the router is in test stand

Soeren_Hvid_DK · October 14

Ok

I removed the 2 static routes, i and i have tested again.

I can connect and get this IP

, but no traffic is allowed to the lans when 2FA is not enabled !

if i enable 2FA , and connect there are no connection to the 2FA webpage https://172.16.50.1/weblogin/cgi?auth_type=vpn

Some time i can connect, and some i can not connect and get this message from windows

Zyxel_Melen · October 15

Hi @Soeren_Hvid_DK,

Can I add a cloud authentication account to check this issue?

And for the Windows error message, this error message you're encountering indicates that there may be a configuration issue with the network devices (such as firewalls, NAT devices, or routers) between your computer and the VPN server. To troubleshoot and resolve this error, you can follow these steps:

Verify your internet connectivity.
Delete the VPN profile and configure it again.
Temporarily disable firewalls and security software.
Check your local network configuration.
Verify VPN protocol and port. UDP 500 and 4500, TCP/UDP 50 and 51.
Try connecting from a different network.

Soeren_Hvid_DK · October 15

Yes you can add a account, no problem

Zyxel_Melen · October 15

Hi @Soeren_Hvid_DK,

After checking, I found:

IPSec VPN disabled 2FA: I can access LAN 1 and LAN 2.
IPSec VPN enabled 2FA: Windows won't popout the 2FA verify page, I have to open the browser and manually enter "https://192.168.100.1/weblogin.cgi?auth_type=vpn" to verify.
P.S. The IP address can be one of the firewall interface IP addresses.

The URL in the FAQ is wrong. I have updated it and please use the new URL to test.

The implicit Security Policy works for L2TP remote Client, but not for IPSec remote client

Accepted Solution

All Replies

Categories

Nebula Tips & Tricks

Nebula Help Center