USG FLEX H Series [Firewall] - Configure IPSec Site-To-Site VPN on USG FLEX H Series Firewall with dynamic IP

How to Configure Site-to-site IPSec VPN Where the Peer has a Dynamic IP Address
This example shows how to use the VPN Setup Wizard to create a site-to-site IKEv2 VPN with the Peer has a Dynamic IP Address. The example instructs how to configure the VPN tunnel between each site. When the VPN tunnel is configured, each site can be accessed securely.

Set up IPSec VPN Tunnel for HQ (static IP)

  • Login on your HQ device "Web GUI"
  • Go to the VPN section
  • Type the VPN "Name" used to identify this VPN connection
  • Select the type to the "Custom"
  • Click "Next"

  • Type "My Address" - Domain Name or IP
  • Select "Peer Gateway Address" as Dynamic Address (since in our example the remote office has a dynamic IP address)
  • Type a secure "Pre-shared key"
  • Click "Next"

  • Scroll down to find the "Phase 2" setting
  • Type "Local" and "Remote Subnet" and select "Responder Only"
  • Click "Save" the change.

Set up IPSec VPN Tunnel for Branch (dynamic IP)

  • Login on your Branch device "Web GUI"
  • Go to the VPN section
  • Type the VPN "Name" used to identify this VPN connection
  • Select the type to the "Custom"
  • Click "Next"

In the section "Network"

  • Type "My Address" as "0.0.0.0"
  • Type "Peer Gateway Address"
  • Type a secure "Pre-shared key"

  • Scroll down to find the "Phase 2" setting
  • Type "Local" and "Remote Subnet"
  • Then click "Save" change

Test IPSec VPN Tunnel

  • Verify the IPSec VPN status

  • Ping the PC in the Branch Office

Win 11 > cmd > ping 192.168.160.1

Articles in this section

Was this article helpful?
0 out of 0 found this helpful
Share