VPN2S Behind Cisco Router

DavidDWM
DavidDWM Posts: 1
First Anniversary
edited April 2021 in Security

Hi all,

Sorry if this question has already been asked but couldn't find an answer. I have a VPN2S sat behind a Cisco 887 that is handling the broadband configuration and management.

I have opened port 500 and 4500 UDP to the WAN port IP address on the VPN2S (192.168.1.65). I have then used the wizard to configure the VPN gateway (IPSEC VPN) as a Server role (I'm wanting my laptop and desktop at a co-working space to connect to that location my firewall is at and breakout to the internet from there)

I have then loaded the IPSec VPN client on to my laptop, configured it for Ikey1 but no matter what I do I cannot seem to get it to connect. I have tried connecting internally at the firewall locations, external at the co working space and on a 4G connection.

Error message I get is:

"VPN client gave up the connection. Retry to open the tunnel."

Not sure how to overcome this? Any help with configuration would be much appreciated.

Thanks

David

All Replies

  • Zyxel_Jerry
    Zyxel_Jerry Posts: 1,026  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @DavidDWM ,

    Welcome to Zyxel community

    Please refer to the topology and related settings below:

    (10.10.10.2)PC A==== VPN2S ===== USG60 (router)==== Internet========USG210 =====PC B(192.168.10.33)

    Setup settings on USG210

    WAN : 10.214.48.29

    LAN  192.168.10.1

    IPSec VPN settings 

    After setup VPN wizard on USG210, please check the CONFIGURATION > VPN > IPSec VPN > VPN Gateway > Show Advanced Settings > Authentication > Peer ID Type 

    Setup VPN2S settings

    WAN :192.168.50.33

    LAN : 10.10.10.1

    IPsec VPN settings

    After setup VPN wizard on VPN2S, please check the CONFIGURATION Site Map> VPN > IPSec VPN > Gateway Configuration > Edit the Gateway Configuration > Authentication > Advanced > Peer ID Type 

    In your scenario, VPN2S is behind NAT and the NAT router is Cisco 887,

    After setup VPN wizard on both site, it have to do NAT settings on Cisco router.

    Here is the example of how to setup NAT on the router.

    Setup NAT Router

    USG60 settings (router)

    WAN :10.214.48.30

    LAN : 192.168.50.1

    NAT settings

    Test Result

    PC A ping PC B

    PC B ping PC A


Security Highlight