warwickt  Ally Member

Hello PeterHer as mentioned by mMontana above as a good suggestion , just use a reverse-proxy on your host that handles the WAN(s) and their interfaces for HTTPS/HTTP requests to a mythical 'server02" FWIW we use NGINX .. there is an abundance {plenty (tonnes!)} of wonderful documentation, and beginner step-by-step guides,…

Hello FrankLauer , it's unusual that the current settings would have been purged from the xxx.config file . :s I will say in the past that ofcourse that we have certainly 'lost' current setting from one firmware switch to another using your technique above. :'( However the settings are usually there on one of the config…

你好, G'day, Hallo fellow Zyxel forum denizens! B) Update and Fix: I'm pleased to advise that thanks to the excellent bunch of blokes at Zyxel TW SW Engineering and Tech Support (Zyxel_Cooldia) have resolved this AAA LDAP Authentication issue that I reported above for firmware V4.70-AAKY.0 in Zyxel USG40 and USG60…

Hi CMruk can you attach the logging (categories) IKE and any IPSEC and debugging logs from the 310 when the tunel build or connection fails?? get them with a router cli command Router> show logging entries category ike begin 1 end 500 (unformatted here.. Router> show logging entries category ike begin 1 end 500 ) These are…

Hi Zyxel_Cooldia thanks for the DM and the followup as expected form your excellent support service. <3 Thanks also for the confirmation that this can be reproduces in your Zyxel labs.. =) We've also looked at a packet traces from the usg appliance the LAN LDAP servers on same the LAN and also over a VTI for * a test aaa…

G'day @lbocquet did you try logging into the router with ssh and trying the shutdown command? Note that both the UI and the CLI methods do NOT POWER off the device.. but does stop the OS. * you will need to power offthe device manually . # ssh your-adminuser@<your-zyxel-appliance-on_local_lan><br>Password: <br>Bad terminal…

Hi cantonim, here are the IKE (VPN Gateway) and Crypto (VPN Connection) configurations for an L2TP connection that work with all  iOS Devices and most legacy L2TP clients. This is from our lab USG40 and has been working flawlessly for years (unitl a recent firmware update :'( )... works fine. Works with oldest and…

Hello RAV_ZYXEL , suggest you gather the IKE and debugging logs for the period in question and attach them for forum members and Zyxel techs to assist. Should the VPN connection be received and processed by the appliance, you will definately start to see what the error is. Make sure you sed (edit out/substitute with xxxxx)…

G'day Stephan, I suggest you look at implementing a (series of) VTI connection(s) between your USG60 hosts with some basic policy routes (or OSPF with multiple routers). Its very straight forward.. Search these forums: I had a few posts out there however, better, well known forum member @PeterUK had a few in the day. When…

G'day Denis, We use this: (I'm a freebsd/macos/ unix linux user) in Windows PS as part of an installer script for an IKEv2 IKE Client setting for Windows 10 PRO to change the default crypto/cypher to SHA256 and AES356 . PFS etc etc Здравствуйте, Денис, Мы используем это: (Я пользователь freebsd / macos / unix linux) в…

HI Zyxel_Lucious thanks .. I read your PM ... please advise of any updates. Regards! :) Warwick Hong KOng

H Zyxel_Lucious see your PM .... you didn't answer my question ... Thanks 

HI Berry just noticed it would suggest you gather the logs for the WAN outage and post them here. (you may need to set up a syslog host somewhere on your LAN .. it's simple enough to do) You point out above that your WAN_PPP responds when you (assuming) you inactivate and then reactivate the WAN_PPP connection (true |…

Hi SandB just a thought, if you cannot get a response from a host lookup for "landisk" for example instead of the FQDN hostname of landisk.bbb.cc ?? have you configured your local you domain name in the router? You can see this in the router by: show fqdn command or Web UI /Configuration/ System/ Host Name /Gen Setting ...…

Hi Berry as Jeremylin asked if the WAN IP changes .. for the point of my suggest let's say you may have a DYNAMIC IP ADDRESS (Service) with your ISP.. (true?) It's as you state you use a DYN DNS of sorts to get access from WAN over inter-webs. If so .. else don't read any further...) Assuming your service with your ISP is…