USG20-VPN L2TP/IPSEC with WIndows Client
laltobelli
Posts: 6 
Freshman Member
Freshman Member
in Security
Hi,
I have set up several USG firewalls with L2TP/IPSEC to Windows Clients and most have worked with little or no tweaking. I have set up one on a Verizon FIOS network. No matter how I adjust the settings I end up with remote server not responding errors.
Zyxel support suggested it was a FIOS issue. I worked with Verizon on the issue and they went as far are replacing the modem, nothing changed... I have gone through the KB and have tried several of the solutions mentioned. Some additional suggestions would be appreciated.
Thanks,
LA
The following are the log files.
I have set up several USG firewalls with L2TP/IPSEC to Windows Clients and most have worked with little or no tweaking. I have set up one on a Verizon FIOS network. No matter how I adjust the settings I end up with remote server not responding errors.
Zyxel support suggested it was a FIOS issue. I worked with Verizon on the issue and they went as far are replacing the modem, nothing changed... I have gone through the KB and have tried several of the solutions mentioned. Some additional suggestions would be appreciated.
Thanks,
LA
The following are the log files.
165 6/14/2021 21:37 info IKE Recv:[HASH][DEL] [count=2] 71.9.147.250:4500 98.118.57.19:4500 IKE_LOG
166 6/14/2021 21:37 info IKE The cookie pair is : 0x71204fb952d2c817 / 0x2f868f00234ef22e [count=3] 71.9.147.250:4500 98.118.57.19:4500 IKE_LOG
170 6/14/2021 21:36 info IKE Dynamic Tunnel [RemoteAccess_L2TP_Wiz:RemoteAccess_L2TP_Wiz:0xa9ec625c] built successfully 98.118.57.19:4500 71.9.147.250:4500 IKE_LOG
171 6/14/2021 21:36 info IKE [ESP 3des-cbc|hmac-sha1-96][SPI 0x4043cdf5|0xa9ec625c][Lifetime 3620] 98.118.57.19:4500 71.9.147.250:4500 IKE_LOG
173 6/14/2021 21:36 info IKE [Policy: ipv4(udp:1701,98.118.57.19)-ipv4(udp:1701,192.122.55.112)] 98.118.57.19:4500 71.9.147.250:4500 IKE_LOG
174 6/14/2021 21:36 info IKE [Responder:98.118.57.19][Initiator:71.9.147.250] 98.118.57.19:4500 71.9.147.250:4500 IKE_LOG
175 6/14/2021 21:36 info IKE Recv:[HASH] 71.9.147.250:4500 98.118.57.19:4500 IKE_LOG
176 6/14/2021 21:36 info IKE Send:[HASH][SA][NONCE][ID][ID][PRV][PRV] 98.118.57.19:4500 71.9.147.250:4500 IKE_LOG
177 6/14/2021 21:36 info IKE Recv TSi: ipv4(udp:1701,192.122.55.112), TSr: ipv4(udp:1701,98.118.57.19). 71.9.147.250:4500 98.118.57.19:4500 IKE_LOG
178 6/14/2021 21:36 info IKE Recv IPSec sa: SA([0] protocol = ESP (3), spi_len = 4, spi = 0x00000000, AES CBC key len = 256, HMAC-SHA1-96, No ESN, AES CBC key len = 128, 3DES, DES, NULL; ). 71.9.147.250:4500 98.118.57.19:4500 IKE_LOG
179 6/14/2021 21:36 info IKE Recv:[HASH][SA][NONCE][ID][ID][PRV][PRV] 71.9.147.250:4500 98.118.57.19:4500 IKE_LOG
180 6/14/2021 21:36 info IKE Phase 1 IKE SA process done 98.118.57.19:4500 71.9.147.250:4500 IKE_LOG
181 6/14/2021 21:36 info IKE Send:[ID][HASH] 98.118.57.19:4500 71.9.147.250:4500 IKE_LOG
182 6/14/2021 21:36 info IKE The cookie pair is : 0x2f868f00234ef22e / 0x71204fb952d2c817 [count=7] 98.118.57.19:4500 71.9.147.250:4500 IKE_LOG
183 6/14/2021 21:36 info IKE Recv:[ID][HASH] 71.9.147.250:4500 98.118.57.19:4500 IKE_LOG
184 6/14/2021 21:36 info IKE The cookie pair is : 0x71204fb952d2c817 / 0x2f868f00234ef22e [count=3] 71.9.147.250:4500 98.118.57.19:4500 IKE_LOG
185 6/14/2021 21:36 info IKE Send:[KE][NONCE][PRV][PRV] 98.118.57.19:500 71.9.147.250:500 IKE_LOG
186 6/14/2021 21:36 info IKE Recv:[KE][NONCE][PRV][PRV] 71.9.147.250:500 98.118.57.19:500 IKE_LOG
187 6/14/2021 21:36 info IKE Send:[SA][VID][VID][VID][VID][VID][VID][VID][VID][VID][VID] 98.118.57.19:500 71.9.147.250:500 IKE_LOG
188 6/14/2021 21:36 info IKE The cookie pair is : 0x2f868f00234ef22e / 0x71204fb952d2c817 [count=2] 98.118.57.19:500 71.9.147.250:500 IKE_LOG
189 6/14/2021 21:36 info IKE Recv IKE sa: SA([0] protocol = IKE (1), AES CBC key len = 256, HMAC-SHA1 PRF, HMAC-SHA1-96, 384 bit ECP, AES CBC key len = 128, 256 bit ECP, 2048 bit MODP, 3DES, 1024 bit MODP; ). 71.9.147.250:500 98.118.57.19:500 IKE_LOG
190 6/14/2021 21:36 info IKE Recv:[SA][VID][VID][VID][VID][VID][VID][VID][VID] 71.9.147.250:500 98.118.57.19:500 IKE_LOG
191 6/14/2021 21:36 info IKE The cookie pair is : 0x71204fb952d2c817 / 0x2f868f00234ef22e [count=2] 71.9.147.250:500 98.118.57.19:500 IKE_LOG
192 6/14/2021 21:36 info IKE Recv Main Mode request from [71.9.147.250] 71.9.147.250:500 98.118.57.19:500 IKE_LOG
193 6/14/2021 21:36 info IKE The cookie pair is : 0x2f868f00234ef22e / 0x0000000000000000 71.9.147.250:500 98.118.57.19:500 IKE_LOG
0
All Replies
-
The L2TP seems already built successfully.
But client(71.9.147.250) sent delete tunnel request to server. The reason should come from your client setting.165 6/14/2021 21:37 info IKE Recv:[HASH][DEL] [count=2] 71.9.147.250:4500 98.118.57.19:4500 IKE_LOGAfter building tunnel successfully, it will authenticate by your L2TP user.
Did you configure user authentication setting in your windows L2TP profile?
This screenshot is captured from my device.
0
Master Member
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 145 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 239 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 72 Security Highlight
