|
ZyXEL USG50 VPN Port QuestionAnyone know if it's possible to change what port the ZyXEL uses for establishing a vpn connection? I've got something that is using port 500 to communicate with an internal cisco asa....but still need to use a site to site vpn between 2 usg 50's...problem is, when the site to site connection is made...it kills the connections to the internal asa's. so i was wondering if it was possible to my the ZyXEL do site to site over a different udp port other than 500. |
|
BranoI hate Vogons MVM join:2002-06-25 Burlington, ON |
Brano
MVM
2012-Oct-4 7:54 pm
Can't be done. It's either or. If you want to use both at the same time get 2nd public IP. |
|
AnavSarcastic Llama? Naw, Just Acerbic Premium Member join:2001-07-16 Dartmouth, NS |
Anav
Premium Member
2012-Oct-4 9:13 pm
Really, you cant change the port number or come in on a different port and then translate it to port 500 for a specific lanIP??? |
|
BranoI hate Vogons MVM join:2002-06-25 Burlington, ON 1 edit |
Brano
MVM
2012-Oct-4 9:35 pm
In theory you could for most services. In reality not for IPSec. Also USG doesn't support that. You can either have IPSec terminated on USG or pass-through. Not both at a same time on one interface. |
|
AnavSarcastic Llama? Naw, Just Acerbic Premium Member join:2001-07-16 Dartmouth, NS |
to tweaker_ui
Okay so if you had a second ISP it could be done. Or how bout a second public IP from the same ISP???? Both of which are very typical when one is using CISCO or other higher end Routers (business case and business sense = requirements for multiple IPs and flexible routing). |
|
BranoI hate Vogons MVM join:2002-06-25 Burlington, ON 1 edit |
Brano
MVM
2012-Oct-4 9:36 pm
2nd ISP should work fine. 2nd IP from same ISP should work too. I'm thinking creating new virtual WAN interface (i.e. wan1:1) and assign it 2nd public IP and go from there. |
|
|
thank all, i'll see bout getting a 2nd ip at both locations. |
|
|
BranoI hate Vogons MVM join:2002-06-25 Burlington, ON 1 edit |
Brano
MVM
2012-Oct-4 10:22 pm
To ammend my statements. I see no reason why 2nd IP/interface should not work. I've never tried it myself though. |
|