Error when converting a wizard made VPN to custom made VPN

Options
GiuseppeR
GiuseppeR Posts: 427  Master Member
Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Engineer Level 1 - Nebula First Comment Friend Collector
in USG FLEX H Series

Hello everyone, I set a VPN via Wizard:

immagine.png

But I wanted to edit its authentication method:

immagine.png

and I tried to convert it to "Custom" but I get this error:

immagine.png

How can I solve it?

All Replies

  • PeterUK
    PeterUK Posts: 3,887  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited June 30

    I just use custom from the start

    But I do see your point it seems the wizard is not perfect  

  • GiuseppeR
    GiuseppeR Posts: 427  Master Member
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Engineer Level 1 - Nebula First Comment Friend Collector

    Hi @PeterUK

    when you set a VPN manually and you have the origin behind a NAT, how do you set this area:

    immagine.png

    Meaning of "Origin IP" and "Mapped IP"?

    Idea is the ISP router has 1.2.3.4 as public IP, its network is 192.168.1.1/24

    Zyxel firewall is in a DMZ and it is static at 192.168.1.100

    So how I can configure those 2 forms?

  • PeterUK
    PeterUK Posts: 3,887  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    You likely do not need that setting if your doing the following

    Full VPN tunnel from FlexH 1.32 FW to Nebula Org firewall — Zyxel Community

  • GiuseppeR
    GiuseppeR Posts: 427  Master Member
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Engineer Level 1 - Nebula First Comment Friend Collector

    I'm trying to set that VPN from uOS interface, so I tried to understand how uOS thinks.

    I'm looking how to set the gateway and IP that has the FlexH to replicate this condition:

    immagine.png

    because I have the router in the middle and I cannot manipulate it.

    So I have to tell the Local Site to go to Remote Site without considering it, like I can do that via Nebula using NAT traversal:

    immagine.png
  • Zyxel_Melen
    Zyxel_Melen Posts: 3,523  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate
    edited July 9
    https://community.zyxel.com/en/discussion/comment/78551#Comment_78551

    Hi @GiuseppeR

    The NAT rule here is not for NAT traversal, it is to translate the source IP address for the traffic to pass the tunnel. For more details, you may check the USG FLEX H online help IPSec VPN > The Site to Site VPN Screen > The Site to Site VPN Add/Edit Screen - Custom > Policy-Based VPN NAT Advanced Scenarios.

    About the Error when converting a wizard made VPN to custom made VPN, I can replicate this issue in my lab and we will investigate this issue and fix in the future firmware release.
    Update: This issue has been addressed and will be fixed in the next firmware release.

    Zyxel Melen


Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)