[vpn-help] VPN help with ZyXel USG20W

David Liddle david_liddle at wycliffe.net
Thu May 29 02:28:47 CDT 2014 

Louis,

We have a variety of ZyXEL USG devices, from the 20W up to the 300, running
client and site-to-site VPNs. The firmware is basically the same, and there
are no differences in VPN capabilities. Could you post or send the most
relevant portions of your USG configuration, obscuring the private details?
For example, the following is one of our working configurations on a 20W:

isakmp policy VPN_Client_Gateway

 activate

 local-ip interface wan1

 peer-ip 0.0.0.0 0.0.0.0

 authentication pre-share

 encrypted-keystring *********************

 local-id type ip ***.***.***.***

 peer-id type any

 fall-back-check-interval 300

 lifetime 86400

 mode main

 group2

 transform-set aes128-sha

 xauth type server default

!

crypto map VPN_Client_Connection

 adjust-mss auto

 activate

 netbios-broadcast

 ipsec-isakmp VPN_Client_Gateway

 scenario remote-access-server

 encapsulation tunnel

 transform-set esp-aes128-sha

 set security-association lifetime seconds 28800

 set pfs group2

 local-policy BRIDGE_BR1

 remote-policy any

 no conn-check activate


The settings for the Shrew client are easy to match, so I won't copy those
for the time being. Please start by comparing what you have to these
working settings.

------------------------------

*David Liddle*

*IT Support Specialist*
Wycliffe Global Alliance - Europe Area

david_liddle at wycliffe.net



On Thu, May 29, 2014 at 8:17 AM, <vpn-help-request at lists.shrew.net> wrote:

> Send vpn-help mailing list submissions to
>         vpn-help at lists.shrew.net
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         https://lists.shrew.net/mailman/listinfo/vpn-help
> or, via email, send a message with subject or body 'help' to
>         vpn-help-request at lists.shrew.net
>
> You can reach the person managing the list at
>         vpn-help-owner at lists.shrew.net
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of vpn-help digest..."
>
> Today's Topics:
>
>    1. VPN help with ZyXel USG20W (Louis Au)
>
>
> ---------- Forwarded message ----------
> From: Louis Au <lau07 at ymail.com>
> To: "vpn-help at lists.shrew.net" <vpn-help at lists.shrew.net>
> Cc:
> Date: Wed, 14 May 2014 16:14:10 -0700 (PDT)
> Subject: [vpn-help] VPN help with ZyXel USG20W
> Hi,
>
> I just wondering if anyone has any experience to get Shrew VPN client
> working with ZyXel USG20W.  I notice that there is another post for ZyXel
> USG already.  I had followed the instructions step-by-step very carefully,
> however I get an error that said "Invalid message from gateway".  The only
> different I can tell is that my ZyXel is model USG20W, but the one posted
> is USG300.  The screen look identical. So, it must be something specific
> about this USG20W.  I tried to use other VPN client too, and I got the same
> error, it seems like ZyXel send back some invalid command back during the
> phase 2 authication process.
>
> I have attached the screenshoot from the ZyXel log file and the Shrew VPN
> client screen.  Any help is appreicated.
>
> Thanks,
> Louis
>
> lau07 at ymail.com
>
>
> _______________________________________________
> vpn-help mailing list
> vpn-help at lists.shrew.net
> https://lists.shrew.net/mailman/listinfo/vpn-help
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20140529/ae9d9d37/attachment.html>

More information about the vpn-help mailing list