vadar007
join:2005-11-28
Irvine, CA
1 edit | Zywall IPSec VPN Client to Zywall 5 connection I am able to successfully create a tunnel from my laptop (Vista 32 bit) using the ZyWall IPSec VPN Client 2.3.204 to my ZyWall 5. The ZyWall 5 log confirms tunnel built successfully. However I cannot ping or otherwise connect to any device on my remote network. What am I missing?
20090511 193151 Default (SA Greenland-P1) SEND phase 1 Main Mode [SA] [VID] [VID] [VID] [VID] [VID] [VID]
20090511 193152 Default (SA Greenland-P1) RECV phase 1 Main Mode [SA] [VID] [VID] [VID] [VID]
20090511 193152 Default (SA Greenland-P1) SEND phase 1 Main Mode [KEY_EXCH] [NONCE] [NAT_D] [NAT_D]
20090511 193152 Default (SA Greenland-P1) RECV phase 1 Main Mode [KEY_EXCH] [NONCE] [NAT_D] [NAT_D]
20090511 193152 Default (SA Greenland-P1) SEND phase 1 Main Mode [HASH] [ID] [NOTIFY]
20090511 193152 Default (SA Greenland-P1) RECV phase 1 Main Mode [HASH] [ID] [NOTIFY]
20090511 193152 Default phase 1 done: initiator id xxx@xxx.dnsalias.com, responder id xxx.dnsalias.com
20090511 193152 Default (SA Greenland-P1) RECV Transaction Mode [HASH] [ATTRIBUTE]
20090511 193159 Default (SA Greenland-P1) SEND Transaction Mode [HASH] [ATTRIBUTE]
20090511 193159 Default (SA Greenland-P1) RECV Transaction Mode [HASH] [ATTRIBUTE]
20090511 193159 Default (SA Greenland-P1) SEND Transaction Mode [HASH] [ATTRIBUTE]
20090511 193159 Default (SA Greenland-Greenland2-P2) SEND phase 2 Quick Mode [HASH] [SA] [KEY_EXCH] [NONCE] [ID] [ID]
20090511 193200 Default (SA Greenland-Greenland2-P2) RECV phase 2 Quick Mode [HASH] [SA] [KEY_EXCH] [NONCE] [ID] [ID]
20090511 193200 Default (SA Greenland-Greenland2-P2) SEND phase 2 Quick Mode [HASH]
20090511 193242 Default (SA Greenland-P1) SEND Informational [HASH] [NOTIFY] type DPD_R_U_THERE
20090511 193242 Default (SA Greenland-P1) RECV Informational [HASH] [NOTIFY] type DPD_R_U_THERE_ACK | |
|
 
superataru
join:2004-12-07
07100
| Re: Zywall IPSec VPN Client to Zywall 5 connection Hi. The built of the channel is a matter of agreements of parameters among the peers.
After this:
1. are remote and local overlapping?
2. is local corrisponding to real lan you want to reach from remote?
3. do you allow vpn to lan in the firewall settings?
4. do targets have some firewall stopping incoming traffic?
. . . and so on. | |
|
 | vadar007
join:2005-11-28
Irvine, CA
| Re: Zywall IPSec VPN Client to Zywall 5 connection 1. are remote and local overlapping? No
2. is local corrisponding to real lan you want to reach from remote? Yes
3. do you allow vpn to lan in the firewall settings? Yes Ports 500 and 4500 (Ingress and Egress)
4. do targets have some firewall stopping incoming traffic?
No
Even the Xamp Authorization works like a champ. | |
|
| | vadar007
join:2005-11-28
Irvine, CA
2 edits | Re: Zywall IPSec VPN Client to Zywall 5 connection Okay, found the problem. I did not have rules set for the VPN/LAN and LAN/VPN settings. When I added all services to these I can see the remote LAN devices. I am not comfortable leaving everything open. What services/ports should I leave open if I just want to VNC into my server on the remote LAN? | |
|
| | | jdmt
Premium
join:2002-05-06
Seattle, WA
| Re: Zywall IPSec VPN Client to Zywall 5 connection Leaving these services open should be fine, since only VPN authenticated clients would be able to traverse over the VPN --> LAN connection. You could limit scope of the rule to specific hosts on either end if you wanted to lock it down a little. I do this with my ZyWALL to ZyWALL VPNs, permitting access to server resources only for VPN connected devices.
By the way, how exactly did you configure the VPN client? I'm trying to get this to work and the documentation is somewhat thin! | |
|
| | | | vadar007
join:2005-11-28
Irvine, CA | Re: Zywall IPSec VPN Client to Zywall 5 connection I referenced the Zywall 5 Support Notes v4.03 (Sept 2007). I also looked at documentation for the GreenBow IPSec VPN client which is very similar to Zywall's. They have a configuration guide for the Zywall 5. Just Google for it... | |
|
| | | | | jdmt
Premium
join:2002-05-06
Seattle, WA | Re: Zywall IPSec VPN Client to Zywall 5 connection In case you're interested, the ZyXEL VPN client is actually OEM'd from Green Bow. Not sure if there is any ZyXEL value add... | |
|
tnroroc
Let's Rock
join:2001-04-25
Matawan, NJ
1 edit | Where does one obtain this "ZyWall IPSec VPN Client 2.3.204" software from?
Is it the preferred / simplier VPN client to use when access via an ZyWall (5) device?
Is it free?
--
rok - Enjoy this game called life, nobody is actually keeping score.  | |
|
| jdmt
Premium
join:2002-05-06
Seattle, WA
| Re: Zywall IPSec VPN Client to Zywall 5 connection You can download it from ZyXEL at:
»ftp://ftp.zyxel.com/ZyWALL_IPSec_VPN_C···oftware/
It can used as a trial version, or activated with a key, purchased directly from ZyXEL or via an authorized reseller.
Once you figure it out, it's fairly easy to use, but I can't offer a comparison with other clients since I haven't used many. | |
|
|
|
|
