# Zywall USG200 and VPN from iphone with IOS 6/7/8



## petatester (Feb 4, 2015)

Hello everybody!
I'm searching for help from Spain so forgive me for my poor english.

I'm in charge of a new USG200 of a customer of mine. I really dont know too much about firewalls but I have setup four different ones until now, and this model is my favorite.

I am going to explain how it is configured and then I'm going to the problem. I can give you all the photos that you want, but only if they are needed (I dont want to bore you).

Ok. So the firewall is connected to 2 different Huawei routers (both with static ips). One router is normal (adsl 2) and the other has a 4G signal. Both routers had normal configurations but with all ports redirected to firewalls WAN1 and WAN2. The firewall is balancing the output (not input).

Until now, and after lots of hours reading from different places, I have configured 2 IPSEC VPNs (1 for each router) and 1 SSL VPN for both static ips too. All this VPNs are working flawlessly and I am very proud of them. Is not a big deal for you maybe, but it's a lot for me...
My customers can connect from Macs with Ipsecuritas attacking to IPSEC VPNs, and from Windows with SSL VPNs thaks to Zywall Secuextender (implemented in Zywall).
Until there, no problems.

Note: until here I have setup a few Users, a few NAT rules, some Firewall rules, the VPNs (2 identicals for IPSEC with its 2 gateways) and 1 SSL, but I havent defined LOCAL POLICY ROUTES (because it works and because I cannot understand them).

And now the problem: my customer wants to connect from iPads and iPhone6 plus also...
I have read a lot of documents about L2TP VPNs, even specific ones for this problem, but I didnt archive this goal, and I see this impossible...

Facts / Questions:
- have I reached the maximum number of active VPNs in this zywall? It seems not.
- routers are not configured as monouser (they have not that option). It doesnt affect to other VPNs. Does it affect to this because of Local Policy routes?
- i have upgraded firmware to latest 3.30 from January.
- In the lovely firewall logs (i have read tons of those) it says everytime things like "No proposal chosen" or "sa proposal mismatch", ... it varies when I start changing things into L2TP setup.
- if I left Local Policy with WAN public ip address, it doesnt work at all, but if I chang it to Wan Interface Address (wich is an ip like 192.168.2.xx to connect to router), log says that Phase1 negotiation is succeded but Phase 2 OF IPSEC VPN failed! (And I'm connecting to L2TP, and not IPSEC!...).
- Everytime into ipad says something like "L2TP VPN not responding" or something.

As said, thankyou for reading until here! and I will be pleased to obtain any help/tutorial/manual or whatever.
If you ask for details, I can give you any, even screen pictures of setups, as many as you want.

Really really thankyou!!!


----------



## petatester (Feb 4, 2015)

Any help, please?...


----------

