USG20-VPN L2TP/IPSEC with WIndows Client

Options
Hi,

I have set up several USG firewalls with L2TP/IPSEC to Windows Clients and most have worked with little or no tweaking.  I have set up one on a Verizon FIOS network. No matter how I adjust the settings I end up with remote server not responding errors.
Zyxel support suggested it was a FIOS issue. I worked with Verizon on the issue and they went as far are replacing the modem, nothing changed...  I have gone through the KB and have tried several of the solutions mentioned.    Some additional suggestions would be appreciated. 

Thanks,
LA

The following are the log files.

165 6/14/2021 21:37 info IKE Recv:[HASH][DEL] [count=2] 71.9.147.250:4500 98.118.57.19:4500 IKE_LOG

166 6/14/2021 21:37 info IKE The cookie pair is : 0x71204fb952d2c817 / 0x2f868f00234ef22e [count=3] 71.9.147.250:4500 98.118.57.19:4500 IKE_LOG
170 6/14/2021 21:36 info IKE Dynamic Tunnel [RemoteAccess_L2TP_Wiz:RemoteAccess_L2TP_Wiz:0xa9ec625c] built successfully 98.118.57.19:4500 71.9.147.250:4500 IKE_LOG

171 6/14/2021 21:36 info IKE [ESP 3des-cbc|hmac-sha1-96][SPI 0x4043cdf5|0xa9ec625c][Lifetime 3620] 98.118.57.19:4500 71.9.147.250:4500 IKE_LOG

173 6/14/2021 21:36 info IKE [Policy: ipv4(udp:1701,98.118.57.19)-ipv4(udp:1701,192.122.55.112)] 98.118.57.19:4500 71.9.147.250:4500 IKE_LOG
174 6/14/2021 21:36 info IKE [Responder:98.118.57.19][Initiator:71.9.147.250] 98.118.57.19:4500 71.9.147.250:4500 IKE_LOG

175 6/14/2021 21:36 info IKE Recv:[HASH] 71.9.147.250:4500 98.118.57.19:4500 IKE_LOG

176 6/14/2021 21:36 info IKE Send:[HASH][SA][NONCE][ID][ID][PRV][PRV] 98.118.57.19:4500 71.9.147.250:4500 IKE_LOG

177 6/14/2021 21:36 info IKE Recv TSi: ipv4(udp:1701,192.122.55.112), TSr: ipv4(udp:1701,98.118.57.19). 71.9.147.250:4500 98.118.57.19:4500 IKE_LOG

178 6/14/2021 21:36 info IKE Recv IPSec sa: SA([0] protocol = ESP (3), spi_len = 4, spi = 0x00000000, AES CBC key len = 256, HMAC-SHA1-96, No ESN, AES CBC key len = 128, 3DES, DES, NULL; ). 71.9.147.250:4500 98.118.57.19:4500 IKE_LOG

179 6/14/2021 21:36 info IKE Recv:[HASH][SA][NONCE][ID][ID][PRV][PRV] 71.9.147.250:4500 98.118.57.19:4500 IKE_LOG

180 6/14/2021 21:36 info IKE Phase 1 IKE SA process done 98.118.57.19:4500 71.9.147.250:4500 IKE_LOG

181 6/14/2021 21:36 info IKE Send:[ID][HASH] 98.118.57.19:4500 71.9.147.250:4500 IKE_LOG

182 6/14/2021 21:36 info IKE The cookie pair is : 0x2f868f00234ef22e / 0x71204fb952d2c817 [count=7] 98.118.57.19:4500 71.9.147.250:4500 IKE_LOG
183 6/14/2021 21:36 info IKE Recv:[ID][HASH] 71.9.147.250:4500 98.118.57.19:4500 IKE_LOG

184 6/14/2021 21:36 info IKE The cookie pair is : 0x71204fb952d2c817 / 0x2f868f00234ef22e [count=3] 71.9.147.250:4500 98.118.57.19:4500 IKE_LOG
185 6/14/2021 21:36 info IKE Send:[KE][NONCE][PRV][PRV] 98.118.57.19:500 71.9.147.250:500 IKE_LOG

186 6/14/2021 21:36 info IKE Recv:[KE][NONCE][PRV][PRV] 71.9.147.250:500 98.118.57.19:500 IKE_LOG

187 6/14/2021 21:36 info IKE Send:[SA][VID][VID][VID][VID][VID][VID][VID][VID][VID][VID] 98.118.57.19:500 71.9.147.250:500 IKE_LOG

188 6/14/2021 21:36 info IKE The cookie pair is : 0x2f868f00234ef22e / 0x71204fb952d2c817 [count=2] 98.118.57.19:500 71.9.147.250:500 IKE_LOG

189 6/14/2021 21:36 info IKE Recv IKE sa: SA([0] protocol = IKE (1), AES CBC key len = 256, HMAC-SHA1 PRF, HMAC-SHA1-96, 384 bit ECP, AES CBC key len = 128, 256 bit ECP, 2048 bit MODP, 3DES, 1024 bit MODP; ). 71.9.147.250:500 98.118.57.19:500 IKE_LOG

190 6/14/2021 21:36 info IKE Recv:[SA][VID][VID][VID][VID][VID][VID][VID][VID] 71.9.147.250:500 98.118.57.19:500 IKE_LOG

191 6/14/2021 21:36 info IKE The cookie pair is : 0x71204fb952d2c817 / 0x2f868f00234ef22e [count=2] 71.9.147.250:500 98.118.57.19:500 IKE_LOG

192 6/14/2021 21:36 info IKE Recv Main Mode request from [71.9.147.250] 71.9.147.250:500 98.118.57.19:500 IKE_LOG

193 6/14/2021 21:36 info IKE The cookie pair is : 0x2f868f00234ef22e / 0x0000000000000000 71.9.147.250:500 98.118.57.19:500 IKE_LOG


All Replies

  • CHS
    CHS Posts: 177  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited June 2021
    Options
    The L2TP seems already built successfully.
    But client(71.9.147.250) sent delete tunnel request to server. The reason should come from your client setting.
    165 6/14/2021 21:37 info IKE Recv:[HASH][DEL] [count=2] 71.9.147.250:4500 98.118.57.19:4500 IKE_LOG

    After building tunnel successfully, it will authenticate by your L2TP user.

    Did you configure user authentication setting in your windows L2TP profile?

    This screenshot is captured from my device.


Security Highlight