Hello, My goal is to connect 2 office by an ipsec tunnel.
The scenario is:
Office A network-Usg20-ADSL Router---Internet---ADSL Router-Usg20-Office B network.
I'm going ahead step by step. First I have created a network test by connecting the two wan of the zyxel Usg20 on my home network to improve my ipsec knowledgement and I have reaced the goal.
Then I have put 2 Linksys rvl200 between the two usg20 to simulate the adsl router. I have changed the ipsec configuration and I have forwarded all TCP&UDP port from the linksys to the usg20 and enabled the vpn-passthrough on both side but no tunnel come up.
I put a log on the firewall of the linksys and I see the IKE 500 packet coming from office A passing by the linksys to the usg20 of the Office B but no packet I have logged on Office B usg20.
There's fully documented how-to in the USG user guide or you can use the VPN setup wizard.
One recommendation: Make sure you set the ADSL-modems into bridging mode and get the USG20 a public IP to it's WAN interface. Doing NAT and port forwarding on the ADSL modem is going to make your hair grey.
Thanks for your help.... I configured the two routers as explained in my post and it's work fine. In my test I did not see the incoming ike packets from the other usg-20 so I assumed that the problem was on the Linksys....
Your recommendation is right but the ADSL-modems are loaned for use and I think it is not possible to do by its proprietary firmware.
Hi. Usually, if WAN ifaces have public IP there are not problem to start the process, if ISP is not stopping 500 UDP or USG is behind a device listening to same port. If USG is behind a NAT, usually you can work around with a port forwarding (as Brano said). Sometimes, we choose the wrong listening interface, in gateway policy for each USG.