can not establish IPsec - VPN between MR600 and zwall usg100

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

can not establish IPsec - VPN between MR600 and zwall usg100

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
can not establish IPsec - VPN between MR600 and zwall usg100
can not establish IPsec - VPN between MR600 and zwall usg100
2020-10-06 19:18:05
Model: Archer MR600  
Hardware Version: V1
Firmware Version: Firmwareversion:1.2.0 0.9.1 v0001.0 Build 200511 Rel.44954n

I'm trying to set up an ipsec vpn between a zywall usg100 and an tplink MR600.

it just does not want to work. 

 

 

 IPSec Connection Name:                               Test_vpn
Remote IPSec Gateway (URL):                      test1.dyndns.org

 

Tunnel access from local IP addresses:        Subnet Address
IP Address for VPN:                                        192.168.2.0
Subnet Mask:                                                   255.255.255.0
Tunnel access from remote IP addresses:    Subnet Address
IP Address for VPN:                                        192.168.20.0
Subnet Mask:                                                   255.255.255.0
Key Exchange Method:                                   Auto (IKE)
Authentication Method:                                   Pre-Shared Key
Pre-Shared Key:                                              xxxxxxxxxxx
Perfect Forward Secrecy:                                Enable

== Phase 1==

Mode :                                                              Main                                   

Encryption Algorithm :                                     AES-256

Integrity Algorithm :                                          MD5

Diffie-hellman Group for Key exchange         1024bit

Key Life Time(Seconds) :                                86400

== Phase 2==

Encryption Algorithm :                                     AES-256

Integrity Algorithm :                                          SHA1

Diffie-hellman Group for Key exchange         1024bit

Key Life Time(Seconds) :                                86400

 

Setting on the zywall USG 100

VPN – Gateway :

General Settings

Enable

VPN Gateway Name:                                      Test_VPN

 

Gateway Settings

 

Domain Name / IP                          test1.dyndns.org

 

Peer Gateway Address

Static Address

Primary                                                             test2.dyndns.org

 

Authentication

Pre-Shared Key                              xxxxxxxxxxx

 

 

Phase 1 Settings

 

SA Life Time:                                                                  86400

Negotiation Mode:                                                          Main

Encryption                                                                       AES256

Authentication                                                                  MD5

Key group                                                                        DH2

Dead Peer Detection (DPD)

 

 

VPN-Connection :

 

General Settings

Enable

Connection Name:                                                        VPN_Test1_Test2

 

VPN Gateway

 

Application Scenario

Site-to-site

 

VPN Gateway:                                                                 Test_VPN

 

Policy

Local policy:                                                                    test1.dyndns.org              SUBNET, 192.168.20.0/24

Remote policy:                                                                test2.dyndns.org               SUBNET, 192.168.2.0/24

 

Phase 2 Setting

 

SA Life Time:                                                                  86400

Active Protocol:                                                               ESP

Encapsulation:                                                                 Tunnel

Encryption                                                                       AES256

Authentication                                                                  SHA1

 

Perfect Forward Secrecy (PFS):                                    DH2

 

Related Settings

Zone:                                                                               IPSec_VPN

 

 

what am i doing wrong?

  0      
  0      
#1
Options
1 Reply
Re:can not establish IPsec - VPN between MR600 and zwall usg100
2020-10-13 09:01:50

@bahobo 

Good day,

Thank you very much for your time and patience.

Please refer to the following instruction to check your settings

https://www.tp-link.com/support/faq/1988/

 

After that, please check the internet IP address on the Archer MR600 and make sure it is a public IP;

Otherwise you might need to open related ports for MR600 on the sim card carrier side;

 

Thanks a lot.

Nice to Meet You in Our TP-Link Community. Check Out the Latest Posts: Archer GE550 - BE9300 Tri-Band Wi-Fi 7 Gaming Router EasyMesh Is Available When Wi-Fi Routers Work in AP Mode as A Controller. Archer BE550 New Software Enhances System Stability and Optimizes MLO Network Stability. TL-WA3001 Supports EasyMesh, Speed Limit, Guest Network in AP Mode and/or Multi-SSID Mode. If you found the post or response helpful, please click Helpful. If an answer solves your problem, click "Recommended Solution" so that others can benefit from it.
  0  
  0  
#2
Options

Information

Helpful: 0

Views: 653

Replies: 1

Related Articles