0

I am looking to setup an IPSec VPN server in our organisation using a Windows server 2012 machine with remote access and routing installed. I would then like to perform a site to site IPSec VPN connection between our remote offices and our central one using Zyxel USG50 devices.

I have been looking for guides on how to accomplish this, but only ever seem to find ones where the USG is the VPN server, and other devices such as mobiles are connecting.

By the looks of things I have set what is needed on the USG, but the VPN dial just times out. I have disabled the firewall completely so it is not that, and I suspect perhaps I have the wrong encryption types enabled or something of that nature.

The L2TP VPN works from my Windows machine within and outside of the network, and does require my domain username and password to log in, but the USG only has a field for a shared secret. I am finding this device to be very complicated to work with.

Has anyone any experience, or can they point me to some guides, on setting up a USG to connect to a Windows server 2012 using IPSec or L2TP over IPSec.

James Edmonds
  • 1,653
  • 10
  • 36
  • 58
  • 1
    If you have any significant number of remote offices (or, in my brutally frank opinion, *any*) I'd recommend just using a hardware VPN termination device in lieu of terminating the VPN with a Windows Server computer. A hardware device will need far fewer updates and maintenance than Windows Server. It is also my experience is that hardware devices prove, in the end, to be more economical when total cost of ownership is considered and more reliable. – Evan Anderson Feb 07 '14 at 16:45
  • At present, two of our larger offices are using a USG 300 to connect to a USG 300 at our datacentre, and then the other 20 odd offices use small Zyxel routers to create a VPN to an INTY exoserver. The support for this is with a third party. Our thinking is that if we can replace the devices at our datacenter with server 2012, we can move this around virtually, add more power to it as the business expands, and it can also tie into AD for employee VPN access. Plus no third party support costs if we do it ourselves. – James Edmonds Feb 07 '14 at 20:58
  • Everyone's suggestion is to use a hardware VPN termination device. If you buy a license for Windows Server which includes a VPN server, why buy additional hardware just to use as a VPN server? Network admins are getting lazy, now-a-days... Use Windows Server 2012 as your VPN server. – riahc3 Jun 01 '15 at 12:45

0 Answers0