Phase 1 authentication method mismatch - No proposal chosen
Options
some_IT_person
Posts: 4
in Security
Hi,
We have a Zywall VPN 300 between the internet router and the main switch. Please find diagram to understand the IP addresses and connections.
We are trying to connect a laptop with Windows 10 via VPN end-to-site to be able to communicate with a workstation in the internal network which has the address 10.0.0.2.
We have tried with the VPN setup wizards to create a "Zyxel VPN Client (SecuExtender IPSec)" and an "L2TP over IPSec Client (iOS, Windows, Android)"
With L2TP, the connection fails, and I am not able to capture any packet sent to the router public IP address. There is no log entry about that in the Zywall VPN 300.
With SecuExtender, I am able to capture the packets to the router, but the connection fails and there are log entries about it in the Zywall VPN 300. Two of them are
- Phase 1 authentication method mismatch
- No proposal chosen
Please find also screenshots of the current port configuration in the Zywall, zones, and Security policies.
0
Accepted Solution
-
Your device is behind NAT router. So you may make sure “My address” is configured as “0.0.0.0”.
If configured as interface IP address, then will caused negotiation fail due to IP mismatch.
Since your interface IP is 192.168.0.21(private IP) but doesn’t match to public IP address.
0
Zyxel Employee
All Replies
-
This won't solve the issue with your IPSec configuration but ge2 and ge6 should not share the same address space.
0 -
I have successfully established an L2TP/IPsec connection from a Gnu/Linux client.The windows 10 client still shows the same errors.0
-
Did you changed the proposed cyphers into the IPSec Gateway of L2TP?
0 -
No, I left the default values.I was able to establish a connection with a macbook and with another W10 laptop.So, the initial W10 laptop was defect.0
-
Your device is behind NAT router. So you may make sure “My address” is configured as “0.0.0.0”.
If configured as interface IP address, then will caused negotiation fail due to IP mismatch.
Since your interface IP is 192.168.0.21(private IP) but doesn’t match to public IP address.
0 -
Hi @Zyxel_Stanley,Thanks, that was the problem.
P.D.: Sorry for the duplicated comments. I was not able to see my new posted comment and I got no feedback of something going right or wrong. Not sure if the problem was on my side or the comments went through moderation from your side. If that is the case I can suggest you to inform the person about comment pending of moderation.0 -
Hi @some_IT_person
It's good to know your configuration is correct.
We have removed duplicate response in this thread, and thanks for your suggestion for better user experience.
0
Guru Member
Categories
- All Categories
- 384 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 80 Nebula Status and Incidents
- 5.1K Security
- 79 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 910 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 209 Service & License
- 335 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 898 Nebula FAQ
- 415 Security FAQ
- 234 Switch FAQ
- 205 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 62 Security Highlight
