Can't establish VPN-connection Win10<->USG60W
Options
Hi,
I recently installed a USG60W and now fail to setup VPN correctly.
My goal is to allow tunneling into the LAN via VPN using Windows 10's built-in VPN client.
The firewall is behind the modem given to me by my ISP:
Internet
185.50.xx.yy (WAN) - A1 WLAN Box ADB VV2220 - 10.0.0.138 (DMZ)
10.0.0.2 (WAN1) - ZyXEL USG60W - 192.168.0.20 (LAN1)
When trying to connect, Windows says:
While the firewall's log says:
It seems to me, it's repeatedly rekeying (whatever that means):
VPN connection and gateway were created by the quick setup wizard and are configured as follows:
Does anyone know, what the problem might be or how to solve it?
I appreciate any kind of help!
I recently installed a USG60W and now fail to setup VPN correctly.
My goal is to allow tunneling into the LAN via VPN using Windows 10's built-in VPN client.
The firewall is behind the modem given to me by my ISP:
Internet
185.50.xx.yy (WAN) - A1 WLAN Box ADB VV2220 - 10.0.0.138 (DMZ)
10.0.0.2 (WAN1) - ZyXEL USG60W - 192.168.0.20 (LAN1)
When trying to connect, Windows says:
While the firewall's log says:
It seems to me, it's repeatedly rekeying (whatever that means):
VPN connection and gateway were created by the quick setup wizard and are configured as follows:
Does anyone know, what the problem might be or how to solve it?
I appreciate any kind of help!
0
Comments
-
Hello Poberl,
For VPN connect with win10<->USG,
To establishing the L2TP connection , remember to enable the “IKE service”. Please refer to attached document as your reference.
Charlie
0 -
Hello Charlie,
thank you for your response.
The IKE service was already running, so that doesn't seem to be the problem.
0 -
For the case, USG is behind NAT device.
Please refer this KB to configure the NAT mapping on your modem. (UDP:500 and 4500)
https://kb.zyxel.com/KB/searchArticle!viewDetail.action?articleOid=015090&lang=EN
Also, you need to add registry key on your Windows client
https://support.microsoft.com/en-us/help/926179/how-to-configure-an-l2tp-ipsec-server-behind-a-nat-t-device-in-windows
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent]
"AssumeUDPEncapsulationContextOnSendRule"=dword:00000002
0 -
Hi zyman,
I now am able to connect via VPN.
I think the registry entry did the trick, though I updated the firmware too.
Anyway thanks for your help!
0
Categories
- All Categories
- 396 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 81 Nebula Status and Incidents
- 5.1K Security
- 86 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 915 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 211 Service & License
- 337 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2K FAQ
- 912 Nebula FAQ
- 419 Security FAQ
- 237 Switch FAQ
- 207 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 139 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 62 Security Highlight