|
L2TP connection problemHi, I have Zywall 110, and it is configured as server side vpn. There are some remote clients that have Zyxel USG 100, and one static IP. If one of them connects over L2TP or IPsec (windows client) everything works OK. The problem begins when two or more clients from the same location try to connect. First one that is connected will stay connected, and the others will just bounce off and they wont be successful. Is there anything else that needs to be configured so that several remote users can connect (from the same static IP address) ? This is the network; I would like not to configure site to site connection.
Remote LAN ----110----------USG 100 ---------Clients |
|
BranoI hate Vogons MVM join:2002-06-25 Burlington, ON |
Brano
MVM
2013-Dec-3 9:05 am
Seems like an isseue with the FW. Contact ZyXel USA. ...please keep us updated. |
|
|
Hi, I was just told that it is not possible to have multiple L2TP clients connecting from the same static IP to zywall 110. It is because they use same port. They said that it is possible with IPsec client, but I tried with SHrew client and didn't work. Any thoughts ?? What to do ? |
|
BranoI hate Vogons MVM join:2002-06-25 Burlington, ON 1 edit |
Brano
MVM
2013-Dec-3 10:00 am
That doesn't sound right. Who did you talk to? Try again and ask them to switch you to next level of support. |
|
|
Hi , I know that it doesn't sound right ..... I called twice and they claim the same, although this second one said that it is not possible also with IPsec client .... did anyone tried the same ?? They are saying that the only solution is to buy another router and configure site to site ..... Thanks |
|
BranoI hate Vogons MVM join:2002-06-25 Burlington, ON (Software) OPNsense Ubiquiti UniFi UAP-AC-PRO Ubiquiti NanoBeam M5 16
|
Brano
MVM
2013-Dec-3 11:36 am
Quick internet search reveals that many have this problem. However, reading through several articles mostly due to poor implementation of the VPN server or NAT device on the source side. Here's one example of many » support.microsoft.com/kb ··· 25/en-us...ZyXel needs accept the fact that this is nothing unheard of and fix the firmware instead trying to (as many times before) sell you another box. That said, if you have VPN router on both ends, yes, you could create site-to-site VPN in this case. |
|
JPedroT Premium Member join:2005-02-18 |
to Aleksandar
In the older ZyNOS based devices, there was a CI command to jiggy a bit to get the clients to use different source ports for IKE.
ip nat incike
It was used to get Cisco clients to connect to Cisco VPN concentrators, because it did not like that multiple clients connect from port 520 for IKE.
Maybe something like this exists for ZLD devices also? |
|
|
I tried yesterday from home to connect 2 clients remotely at the same time. I used two laptops and I was able to connect without any problem via IPsec client at the same time and use resources on the remote subnet. So it is possible to use several IPsec clients at the same time. I forgot to try the same with l2tp. I can try that today ..... Either way the branch office with the problem has static IP, I at home have dynamic, and they have zyxel USG 100 that maybe is doing something with the packets (NAT). @Brano; yap I tried similar with editing registry so that l2tp knows that it is behind NAT, but then there is the problem when the remote user goes somewhere else then he needs to edit registry once again, ..... this is really pain in the ....., @JPedroT; thanks for the tip, I was hoping to find something like that. I was searching internet but wasn't able to find anything similar for zywall 110. |
|
Aleksandar
1 recommendation |
Hi, I managed to configure it with IPsec. The problem was that in Zyxel or Greenbow VPN client there is a field "VPN Client Address" and it is usually 0.0.0.0. So I thought that they will automatically receive some address, but not, they will use all the same address and that is 10.10.10.10. After I changed that to example: 192.168.155.5 (not overlapping with any local nor remote network range) I was able to ping and use resources on remote network. I also configured Shrew Free VPN, it is a bit complicated but still doable. |
|