USG20-VPN - VPN Configuration problem
Good morning everyone.
I've been trying to configure my USG20-VPN for remote access for a while now but I keep bumping in a very strange problem. Hopefully someone will be able to help me.
The configuration that I'm trying to achieve is the most basic: I simply want to access our internal network from outside.
Following is the configuration I'm currently using:
Here's the weird part (to me at least): no matter what I do, even though the connection is estabilished, the IP assigned to the client is always 10.10.10.10.
This IP is not configured anywhere in the IPs and Ranges of the firewall, so I have no idea where it gets picked.
What is even more weird is that the firewall seems to assign an IP address in the range I would like (e.g. 192.168.200.x), but then I have no idea where it gets lost and replaced by this 10.10.10.10.
Firmware revision is V4.20
Any help would be highly appreciated.
Thanks
Luca
I've been trying to configure my USG20-VPN for remote access for a while now but I keep bumping in a very strange problem. Hopefully someone will be able to help me.
The configuration that I'm trying to achieve is the most basic: I simply want to access our internal network from outside.
Following is the configuration I'm currently using:
Here's the weird part (to me at least): no matter what I do, even though the connection is estabilished, the IP assigned to the client is always 10.10.10.10.
This IP is not configured anywhere in the IPs and Ranges of the firewall, so I have no idea where it gets picked.
What is even more weird is that the firewall seems to assign an IP address in the range I would like (e.g. 192.168.200.x), but then I have no idea where it gets lost and replaced by this 10.10.10.10.
Firmware revision is V4.20
Any help would be highly appreciated.
Thanks
Luca
0
Comments
-
The Zyxel IPsec client only support pure IPSec.
But the rule you configured on USG is L2TP/IPSec.
0 -
Thank you so much! Now I can successfully estabilish a connection and get an IP in the range!
Would you be so kind as to hint me on how I should configure routing so that I can reach my internal network from there?0 -
By default, you don't need to add routing on USG or VPn client.
The routing is auto add into dynamic VPN routing table on USG after VPN client connected.
And the Zyxel IPSec client is based on the Remote LAN address setting to forward traffic into tunnel.
In your case is 192.168.1.0/255.255.255.0 and this need to same as Local Policy of the VPN connection rule on USG.
1 -
Thank you! It's all very clear now!0
-
Hi dear
i've the same problem ... thanks0 -
This seems like a Double NAT situation. If your WAN interface is picking up "192.168.x.y" especially as a DHCP address that means that your WAN device is leasing a private internal network address effectively acting like its own router. I would address this with your WAN device configuration. Now, some WiFi modem combo boxes or modems provide basic DHCP and NAT functionality so that users may connect a switch to it and expand the network. But, since you have your own ZYXEL firewall to handle your NAT, you need to consult your internet service provider to assist you in switching your modem to bridged mode, whereby your public WAN IP will directly be leased to your ZYXEL on its WAN interface. You should not be see "192.168" on the WAN interface if you are attempting to anything from public to private through the internet.
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 147 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight