Conect remote worker

I have a USG 60w I have folowed 3 guide (on that explain the manual mehod, aonther the manual method with client downloadable configuration and another via wizzard) that show how to create a VPN to connect PC with Zwall IPSEC Client. All of them do more or less the same things so i explain the manual one.

I have
[piblic_ip](Router from ISP)[192.68.0.0/24]<-------------->[192.168.0.123](ZywallUSG60)[192.168.1.0/24]<------>lan

TO avoid all interference from Router Zywall is in DMZ; so if I go to public IP I get zywall web interface.

I need to conect various PC to the main office 192.168.0.1/24.
All of the romote worker could be in a network of some type but I don't know they are mobile worker.

------
Firs of all I started
1) creating a VPN gateway VPN_GW_IN
ike1
my Addr interface 1  192.168.0.123/24
Dynamic adress
a complex pre shared key
some kind of cripto
nat dpd enabled

pre 2) I create a object of type Range IP 192.168.100.1 - 12.168.100.200


2)Then I created the VPN Conection
firs of all enabled Use Policy Route to control dynamic IPSec rules

It is a Remote Acces Server Role
the Gateway is the one at pont 1
local policy all the guide say lan1 the lan where i need to connect. 192.168.0.1/24

I enabled Mode Config because some guide suggest to use it to identify the clients and assign them a correct IP
IP adress PooI the Range IP creatd before
first DNS i setted the router IP viewed from LAN side 192.168.1.123
Zone IPSEC VPN


Then I created a user to download VPN config

under object user I created the user
under ipsec configuration provisioning I associated the VPN to user and enabled

I tested with a pc via wifi key wich has publi IP  an internal ip in a non overlapped class 192.168.148.0/24

I can correctly download the info in Zyxel IP client
I changed the ip in IKE1 setting to the public IP
I can establish the tunnel

I can reach 192.168.1.36 the IP of zyxel but I can't go nowere I need only to reache the specific IP 192.168.1.x inside my lan subnet






















All Replies

  • JeremylinJeremylin Member Posts: 110  Ally Member
    edited April 20, 2020 11:14PM
    You mean the VPN was fine before but now failed? What is log message of Ike?
    The local policy should select zywall's Wan IP.
    Better draw the picture to understand.
    Check this zyxel published video
     https://www.youtube.com/watch?v=LL9wdvsfXOY

  • GSTGST Member Posts: 6
    I have watched the video.
    IMO there is some missing in rule to allow VPN user( ipsec tunnel is established correctly) to navigate in my lan/1 I can only reach zyxel.
    I have tested another PC both PC has an IP in range (out of my lan) assigned by config  .
Sign In to comment.