IKEv2 Connection Not Working to RRAS
All Replies
-
As mentioned in the prior post, I selected the NAT rule and Inactivated (ie. disabled) it.
As for clearing all sessions, the Help docs says, "Administrators can use these buttons to forcibly terminate selected TCP/UDP connections. Select one or multiple connections and then click Clear; click Clear All to terminate all connections displayed. Cleared sessions display on the Log > View Log screen."
Is that your idea of a scream test? That doesn't sound like something I should do in the middle of the day ;-)
What was your objective with that suggestion?
0 -
There have been times that I had to do this and because you had the NAT rule even now its disabled the session handling does not reset itself for connections to Zywall.
Also now that I understand more if you only have one WAN IP then you can't have VPN IKE, ESP, NATT either go to the Zywall or server after the ATP. Normally you need two WAN IP to do this there are ways to get around this but may not be idea for you to do the simplest is another WAN IP.
0 -
I just tried what you said about clearing the sessions and it did not help. FYI, the "Clear All" button was dimmed, so I switched to "sessions by user" and cleared those. I was immediately disconnected and when I reconnected saw that the others were, as well as the - entry (it was a large number prior, so I assume that means everything else).
Not sure where you got the idea that we only have one WAN IP. If I stated that somewhere I made a mistake. As the original post states, I configured a "separate Public IP to the RRAS server". The IPSec VPN that is not working now is a completely different Public IP.
0 -
Hi @NEP
Since I'm not familier with RRAS, it took sometimes to build it, but I still get some troubles.
To better check this issue, I will send you a private message to get your firewall's configuration, RRAS's configuration, and related AD auth settings. Thanks.
Zyxel Melen0 -
@Zyxel_Melen Thank you for setting up a test server. I have replied to your DM with relevant details.
0 -
Been working on this for a bit now and have a Windows laptop working internally on our guest Wi-Fi network. The connection is near instantaneous. That to me means everything with RRAS and NPS is configured correctly.
So, I tried to get it working from outside the organization again, but it continues to fail. Same as before. I don't have any new information, but with all the changes to get the other working I wanted to check the path. Added port 25 to the group with 500/4500 and found that the path is still open. I cannot check 500/4500 because it is UDP. However, the other traffic is passed to the RRAS server so that should be indicative of it being good.
It still seems like the firewall is messing with the 500/4500 connection (probably due to the other VPN), though I cannot prove that.
0
Ally Member
Guru Member
Zyxel Employee
Categories
- All Categories
- 442 Beta Program
- 2.9K Nebula
- 220 Nebula Ideas
- 128 Nebula Status and Incidents
- 6.5K Security
- 606 USG FLEX H Series
- 344 Security Ideas
- 1.7K Switch
- 84 Switch Ideas
- 1.4K Wireless
- 52 Wireless Ideas
- 7K Consumer Product
- 299 Service & License
- 482 News and Release
- 92 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.8K FAQ
- 34 Documents
- 87 About Community
- 105 Security Highlight
