dial timeout IPSec VPN site to site

ITRIJNAMS
ITRIJNAMS Posts: 6
First Anniversary First Comment
edited April 2021 in Security

Hi all,

just created an IPSev VPN with two zyxel VPN100 for site to site connection, but i have a Dial Timeout warning and no way to connect.

Subnes , VPN Gateway and VPN connection created in both sides.

Seems to IPSec is allowed in Policy Control...

but Dial Timeout??? any idea?

thanks in advance.

All Replies

  • Zyxel_Jerry
    Zyxel_Jerry Posts: 1,026  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @ITRIJNAMS

    Welcome to Zyxel community

    Here is the steps that you can check on both site of VPN100

    1.VPN Gateway settings

    2.VPN Connetion settings

    3.Check the Encryption,Authentication and Key group

    Check the settings of VPN Gateway & VPN Connection on both site.

    If the settings are correct, then check the phase 1 & phase 2 settings in Gateway & Connection

    The Encryption,Authentication and Key group must be the same on both site.


  • Thanks for your answer. Finally the VPN is connected, but I have to access from one network to the other. If I ping from 192.168.1.x to 192.168.2.x (or viceversa) it’s imposible reach. Any idea?? Thanks in advance 
  • Zyxel_Jerry
    Zyxel_Jerry Posts: 1,026  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @ITRIJNAMS

    If both site of device are using default settings, the subnet of IP address might overlap,

    Need to add NAT rule and Policy route to avoid overlapping.

    Here is the example of how to configure IPSec VPN when subnet are the same on both site

    https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=016094&lang=EN

    If both site of device are using different subnets,

    Here is the example of how to configure IPSec site to site VPN

    https://businessforum.zyxel.com/discussion/551/an-example-of-site-to-site-vpn#latest

     

  • Both sites are using different subnets and the setup seems to be ok, but no way to reach one network from the other ...
    maybe should I add some route policy??
  • Zyxel_Jerry
    Zyxel_Jerry Posts: 1,026  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @ITRIJNAMS

    To analyze this case,

    can you private message your configuration to me for checking further? 

Security Highlight