| Usg20 site-to-site ipsec behind nat Hello,
My goal is to connect 2 office by an ipsec tunnel.
The scenario is:
Office A network-Usg20-ADSL Router---Internet---ADSL Router-Usg20-Office B network.
I'm going ahead step by step.
First I have created a network test by connecting the two wan of the zyxel Usg20 on my home network to improve my ipsec knowledgement and I have reaced the goal.
Then I have put 2 Linksys rvl200 between the two usg20 to simulate the adsl router.
I have changed the ipsec configuration and I have forwarded all TCP&UDP port from the linksys to the usg20 and enabled the vpn-passthrough on both side but no tunnel come up.
I put a log on the firewall of the linksys and I see the IKE 500 packet coming from office A passing by the linksys to the usg20 of the Office B but no packet I have logged on Office B usg20.
Any Idea??
thanks... |
|
|
|
 BranoI hate VogonsPremium,MVM
join:2002-06-25
Burlington, ON
kudos:6
 ·Bell Fibe
| There's fully documented how-to in the USG user guide or you can use the VPN setup wizard.
One recommendation: Make sure you set the ADSL-modems into bridging mode and get the USG20 a public IP to it's WAN interface.
Doing NAT and port forwarding on the ADSL modem is going to make your hair grey. |
|
| reply to mikidg1984
Thanks for your help....
I configured the two routers as explained in my post and it's work fine.
In my test I did not see the incoming ike packets from the other usg-20 so I assumed that the problem was on the Linksys....
Your recommendation is right but the ADSL-modems are loaned for use and I think it is not possible to do by its proprietary firmware.
thank you very much for the help.... |
|
| Hi.
Usually, if WAN ifaces have public IP there are not problem to start the process, if ISP is not stopping 500 UDP or USG is behind a device listening to same port.
If USG is behind a NAT, usually you can work around with a port forwarding (as Brano said).
Sometimes, we choose the wrong listening interface, in gateway policy for each USG. |
|
