IPsec ZyXEL USG40

From AAISP Support Site
Revision as of 15:23, 10 July 2015 by AshleyJ (talk | contribs) (adding more changes)

FireBrick IPsec

Please make sure you have followed the following tutorial on how to set up an IPSec tunnel on a FireBrick: https://support.aa.net.uk/FireBrick_to_FireBrick_IPsec_(Howto)

ZyWALL USG40 IPsec instructions


  • Log into the ZyWALL Dashboard.
  • Enter the configuration tab on the left & select "VPN" and then select "IPsec VPN" (sic).
  • Select the "VPN Gateway" tab.
  • Click on "Add".
  • Select "Show Advanced Settings".
  • Make sure that you have ticked the "Enable" box for the connection.


  • Enter a VPN Gateway name, for example my FireBrick is called "Internal2", so that's the name I will use for this configuration.
  • Select IKEv2 protocol.
  • Keep "My Address" as "Wan1" or select one that suits your specific configuration.


  • Under "Peer Gateway Address" select "Static Address" and enter the public IP Address of your FireBrick. - Note, keep "Secondary" as "0.0.0.0".
  • The "Authentication" section needs to be set to "Pre-shared Key" - This is the pass phrase that you have set on the FireBrick.
  • "Local ID type" needs to be set to "DNS". In the "Content" box, you should enter the domain name for your FireBrick. e.g. "internal2.**.co.uk".
  • "Peer ID type" should be set as "Any".
  • The "SA Life Time" field should have a value of "3000000" Seconds.


Now, the Proposal that the USG should be sending to the FireBrick is as follows:

  • '#1' - "Encryption: "3DES" - Authentication: "SHA1" and the key group should be set as "DH2".

Now, click "OK" and activate the config by clicking on the entry that you have just created and pressing the "Activate" button.