Discussions - Zyxel Community

Cannot connect Remote VPN deplopyed by mobileconfig since iOS18
Symptom: You cannot connect Remote VPN which deployed by mobileconfig since iOS18, You have to create VPN profile manually as alternative Workaround: 1)edit mobileconfig by notepad Find the following lines <key>LocalIdentifier</key> <string></string> and change to <key>LocalIdentifier</key> <string>Zyxel</string>
USG FLEX H Series - NAT Traversal Support for IPSec Remote Access VPN
With the latest uOS firmware update, Zyxel's H Series firewalls now support NAT Traversal (NAT-T) for IPSec Remote Access VPNs. This feature is essential for devices deployed behind a NAT or firewall, allowing them to maintain a stable VPN connection when the device itself is assigned a private IP. Why NAT Traversal is…
How to trace IPsec log?
Scenario: You have IPSec VPN problem, It may be disconnection or traffic problem, Please collect the following information to Zyxel Support Maintenance > Diagnostics > Network Tool 1)Network Tool: IPsec Trace Log , click "Start" 2)Try to replicate issue or wait the issue happened then stop 3)Download the "ipsecvpn.log" and…
How to Configure IKEv2 VPN for macOS 15 on old USG/ZyWALL series?
Question: What are the settings for configuring IKEv2 VPN on macOS 15 (Sequoia) using Zyxel USG40 and other USG/ZyWALL using firmware 4.73 patch 2? Answer: To set up IKEv2 VPN for macOS 15 (Sequoia) with the Zyxel USG40 and other USG/ZyWALL devices, use the following configurations: Phase 1 (Gateway) Encryption Algorithm:…
Why can't I establish a VPN connection after updating to iOS 18? How can I resolve this issue?
Question : Why can't I establish an IKEv2 VPN connection after updating to iOS 18? How can I resolve this issue? Answer : Since there are changes to the VPN Phase 1 and Phase 2 parameters for iOS's native VPN client, please modify them accordingly to allow the remote VPN to work. USG Flex/ATP firewall model settings:…
How to avoid unexpected routing issues when enabling both IPsec VPN and L2TP VPN simultaneously?
Scenario : The user may need to enable both IPsec VPN and L2TP VPN remote settings simultaneously. How can unexpected routing issues be avoided when enabling both IPsec VPN and L2TP VPN at the same time? Answer : STEP1. Navigate to Site-wide > Configure > Firewall > Remote access VPN STEP2.Please ensure their Client VPN…
How to establish an VPN connection with the USG Lite 60 AX by the macOS Sonoma native VPN client?
Question : How to establish the VPN connection with the USG Lite 60 AX by the macOS Sonoma native VPN client? Answer : This article will guide you on how to establish an IKEv2 VPN connection with the USG Lite 60 AX using the macOS Sonoma native VPN client. Navigate to Site-wide> Configure > Cloud authentication > To add a…
How to establish an VPN connection with a Nebula firewall by the macOS Sonoma native VPN client?
Question : After updating to macOS Sonoma, if you cannot establish an IKEv2 VPN connection with the Nebula firewall, how do you resolve this problem? Answer : Since there are changes to the VPN Phase 1 and Phase 2 parameters for macOS Sonoma's native VPN client, please modify them accordingly to allow the remote VPN to…
Why can't I ping servers over VPN when IKEv2 VPN is established on SecuExtender?
Question: IKEv2 VPN is established on SecuExtender. However, I cannot ping the gateway IP of USG FLEX or servers in LAN. Answer: Review the Two-Factor Authentication (2FA) settings:* Navigate to Object > Auth. Method > Two-Factor Authentication > VPN Access. * Check if 2FA is enabled for all VPN services and users. * If…
Why can't I establish a VPN connection after updating to macOS Sonoma? How can I resolve this issue?
Question : Why can't I establish a VPN connection after updating to macOS Sonoma? How can I resolve this issue? Answer : Since there are changes to the VPN Phase 1 and Phase 2 parameters for macOS Sonoma's native VPN client, please modify them accordingly to allow the remote VPN to work. USG Flex/ATP firewall model…
How to debug ipsec dial up problem on H series
We have real time debug command on H series. 1)Please login by SSH and pefrom the following command cmd debug ipsec trace log 2)Replicate issue, trying to dial-up Remote Access VPN or Site to Site VPN. 3)Provide the output of command to Zyxel Support.
Why is there Network Congestion on ATP700 VPN?
When experiencing network congestion on your ATP700 VPN, you might observe logs indicating full TX queues. This issue can stem from several factors: * Bandwidth Management (BWM) limiting traffic. * Interface ingress/egress bandwidth configuration. * Internet Service Provider (ISP) bandwidth restrictions. To address the…
How to Resolve VPN Certificate Issues Between uOS and ZLD Devices?
Question: What should I do if the self-generated certificate from uOS can't be used for IKEv2 VPN on ZLD devices? Answer: If you encounter an issue where a self-generated certificate from a uOS device cannot be used for an IKEv2 VPN gateway profile on ZLD devices, follow these steps: * The issue arises due to the ZLD VPN…
Is it possible to configure VPN for USG FLEX H device on Nebula?
Question: Is it possible to configure VPN for USG FLEX H device on Nebula? Answer: Currently, USG FLEX H series supports Cloud Monitoring Mode only on Nebula. You need to login to the web GUI to configure VPN. You can also generate the IP address for remote connection in Devices > Firewall > Live tools > Remote…
Is SecuExtender compatible with Microsoft SurfacePRO with ARM processor?
```html Q: Is SecuExtender compatible with Microsoft SurfacePRO with ARM processor? A: No, SecuExtender is not compatible with ARM processors. While the installation may complete successfully, the application will not run on ARM-based devices. It is recommended to use Windows built-in VPN for devices running on ARM…
How do I set up SecuExtender on a USG FLEX H device to generate a tbg file?
Question: How do I set up SecuExtender on a USG FLEX H to generate a tbg file? Answer: After you enable "Remote Access VPN" on your USG FLEX H device, go to SecuExtender VPN Client and click Configuration > Get from Server. The SecuExtender VPN Client will fetch the configuration file from USG FLEX H.
How to edit mobileconfig to use account and password authentication
How to edit mobileconfig to use account and password authentication The default authentication method is to use credentials. You can edit mobileconfig to let it use username/password. 1)Please edit the following lines WAS: IS: 2)Please add the following lines upper <key>ChildSecurityAssociationParameters</key>
Is there any VPN client software for macOS that supports IKEv1?
Question: I would like to build IKEv1 VPN connection with macOS, which VPN software should I use? Answer: macOS ternimated the support for IKEv1, so currently we don't have a VPN software for macOS that supports IKEv1.
Why are some DH options missing from SecuExtender?
Question: For old version of SecuExtender(IPSec_6.6.87.108), it supports the DH options from DES, 3DES, SHA-1, DH1, all the way to DH21. However, why DES, 3DES, SHA-1, DH 1, DH 2, DH 5 are missing from the new version of SecuExtender VPN client (IPSec_SSL_VPN_7.7.40.019). Answer: We remove DES, 3DES, SHA-1, DH 1, DH 2, DH…
Why is IKEv1 missing from SecuExtender?
Question: For old version of SecuExtender(IPSec_6.6.87.108), it supports IKEv1, however, why IKEv1 is missing from the new version of SecuExtender VPN client (IPSec_SSL_VPN_7.7.40.019). Answer: We remove IPsec/IKEv1 from SecuExtender(IPSec_SSL_VPN_7.7.40.019) for security reasons, this protocol is already deprecated by the…

Welcome!

It looks like you're new here. Sign in or register to get started.