L2TP VPN for USG40 not working, impossibile to have server response, need mobile access.
Options
Phoenix2875
Posts: 3
Hi to all, I need an help. I'm new to Zyxel, but not to firewalls and networking. A customer have installed in his company a branch office vpn with 2 USG 40W firewalls. The ipsec tunnel is correctly working. In the main site there's a single public ip in pppoe naked configuration. The previous sysadmin configured also an ssl client to site vpn and installed on the pc the windows Zyxel Client. All is working. Now customer wants to access with mobile (iOS) phone. I've configured vpn with and without the wizard for l2tp connection. Created an user object and associated in l2tp configuration. Wizard created correctly gateway in ipsec vpn settings and enabled l2tp configuration. All seems to be perfect, but when i try to connect i receive a "server didn't respond" error. Now..what can i check? i've tried to check port 443 (ssl) to public ip and it's correctly opened (for ssl vpn) but when i check 1701 for l2tp it gives me a "closed port". Provider told me that there's a transparent IP so, problem seems to be on USG. I' don't really understand what is blocking authentication...wizard is so simple..thank you.
0
Comments
-
Hi @Phoenix2875
is one of the supportet Secure Extender Clients (SSL-VPN) compatible with your iOS ?Perhapse, ZYXEL can provide a pissibility for iOS to use the internal IPSEC Client like Android OS
@Zyxel_Cooldia
Has ZYXEL a guide to use the iOS internal IPSEC Client to get connected with pure IPSEC ?
Regards
Christian0 -
Hi @Phoenix2875Welcome to Zyxel community.
The L2TP tunnel is working on ESP(protocol 50) but not SSL(port 443).And also ESP is allowed by default policy control rule.
In your environment, USG is using for PPPoE connection.So you can make sure configuration first. Configuration > VPN > IPSec VPN > VPN Gateway > WIZ_L2TP_VPN.My address should select as “wan_ppp” interface IP.
And go to Configuration > VPN > IPSec VPN > VPN Connection > WIZ_L2TP_VPN.Make sure the local policy IP address is the same address as your PPPoE interface
On your phone, you can make sure configuration again.
1 -
Hi @ChristianG
The link you provided is for Mac OS SecuExtender.
As I know there is no SSL VPN client for mobile device. (e.g IOS or Android phone)
The L2TP is Phoenix2875 required, and in my company there is no any problem to establishing L2TP VPN tunnel by my iPhone.0 -
Hi @CHS
it's correct, that there is no SSL-VPN for mobile devices (Android)
so i sent the link with the Applpe OS descriptions for a checkup.
With Android, i'm useing IPSEC IKEv1 connection with the embedded VPN client in Android OS and decommissioned the L2TPoverIPSEC.
@Phoenix2875
"The ipsec tunnel is correctly working"
So that's why i wrote... Ask ZYXEL if there is a way to connect directly with IPSEC and no L2TP configuration is required to get connected.
Regards
Christian
0 -
thank you all for now, i'll try some settings and post the solution that works. (if it works) :-)1
-
The problem was that Wizard select WAN instead of Wan_PPP. Changed to right one all working. thank you!.0
Ally Member
Zyxel Employee
Master Member
Categories
- All Categories
- 394 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 78 Nebula Status and Incidents
- 5.1K Security
- 51 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 210 Service & License
- 332 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 880 Nebula FAQ
- 415 Security FAQ
- 221 Switch FAQ
- 195 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 63 Security Highlight
