Zyxel USG60W - VPN over L2TP with domain authentication
Options
Hello everyone, i have a problem on my Zyxel USG60W. I want to open a VPN over L2TP with domain authentication but it doesn´t work. The connection between the Zyxel and the domain controller works. (i tested that in the AAA Server and in the ext-group-user). It works with local users.
Log Messages:
Log Messages:
| 5 |
| 15.09.2021 08:52 |
| info |
| IKE |
| Recv:[HASH][NOTIFY:R_U_THERE_ACK] |
| xxxx:500 |
| xxxx:500 |
| IKE_LOG |
| 6 |
| 15.09.2021 08:52 |
| info |
| IKE |
| The cookie pair is : 0xbfb4e088911027c6 / 0x6d69b60162e17f14 |
| xxxx:500 |
| xxxx:500 |
| IKE_LOG |
| 7 |
| 15.09.2021 08:52 |
| info |
| IKE |
| Send:[HASH][NOTIFY:R_U_THERE] |
| xxxx:500 |
| xxxx:500 |
| IKE_LOG |
| 8 |
| 15.09.2021 08:52 |
| info |
| IKE |
| The cookie pair is : 0x6d69b60162e17f14 / 0xbfb4e088911027c6 |
| xxxx:500 |
| xxxx:500 |
| IKE_LOG |
| 22 |
| 15.09.2021 08:51 |
| info |
| IKE |
| Recv:[HASH][NOTIFY:R_U_THERE_ACK] |
| xxxx:500 |
| xxxx:500 |
| IKE_LOG |
| 23 |
| 15.09.2021 08:51 |
| info |
| IKE |
| The cookie pair is : 0xbfb4e088911027c6 / 0x6d69b60162e17f14 |
| xxxx:500 |
| xxxx:500 |
| IKE_LOG |
| 24 |
| 15.09.2021 08:51 |
| info |
| IKE |
| Send:[HASH][NOTIFY:R_U_THERE] |
| xxxx:500 |
| xxxx:500 |
| IKE_LOG |
| 25 |
| 15.09.2021 08:51 |
| info |
| IKE |
| The cookie pair is : 0x6d69b60162e17f14 / 0xbfb4e088911027c6 |
| xxxx:500 |
| xxxx:500 |
| IKE_LOG |
| 46 |
| 15.09.2021 08:51 |
| info |
| IKE |
| Recv:[HASH][NOTIFY:R_U_THERE_ACK] |
| xxxx:500 |
| xxxx:500 |
| IKE_LOG |
| 47 |
| 15.09.2021 08:51 |
| info |
| IKE |
| The cookie pair is : 0xbfb4e088911027c6 / 0x6d69b60162e17f14 |
| xxxx:500 |
| xxxx:500 |
| IKE_LOG |
| 48 |
| 15.09.2021 08:51 |
| info |
| IKE |
| Send:[HASH][NOTIFY:R_U_THERE] |
| xxxx:500 |
| xxxx:500 |
| IKE_LOG |
| 49 |
| 15.09.2021 08:51 |
| info |
| IKE |
| The cookie pair is : 0x6d69b60162e17f14 / 0xbfb4e088911027c6 |
| xxxx:500 |
| xxxx:500 |
| IKE_LOG |
| 75 |
| 15.09.2021 08:50 |
| info |
| IKE |
| Recv:[HASH][NOTIFY:R_U_THERE_ACK] |
| xxxx:500 |
| xxxx:500 |
| IKE_LOG |
| 76 |
| 15.09.2021 08:50 |
| info |
| IKE |
| The cookie pair is : 0xbfb4e088911027c6 / 0x6d69b60162e17f14 |
| xxxx:500 |
| xxxx:500 |
| IKE_LOG |
| 77 |
| 15.09.2021 08:50 |
| info |
| IKE |
| Send:[HASH][NOTIFY:R_U_THERE] |
| xxxx:500 |
| xxxx:500 |
| IKE_LOG |
| 78 |
| 15.09.2021 08:50 |
| info |
| IKE |
| The cookie pair is : 0x6d69b60162e17f14 / 0xbfb4e088911027c6 |
| xxxx:500 |
| xxxx:500 |
| IKE_LOG |
| 126 |
| 15.09.2021 08:50 |
| info |
| IKE |
| Recv:[HASH][NOTIFY:R_U_THERE_ACK] |
| xxxx:500 |
| xxxx:500 |
| IKE_LOG |
| 127 |
| 15.09.2021 08:50 |
| info |
| IKE |
| The cookie pair is : 0xbfb4e088911027c6 / 0x6d69b60162e17f14 |
| xxxx:500 |
| xxxx:500 |
| IKE_LOG |
| 128 |
| 15.09.2021 08:50 |
| info |
| IKE |
| Send:[HASH][NOTIFY:R_U_THERE] |
| xxxx:500 |
| xxxx:500 |
| IKE_LOG |
| 129 |
| 15.09.2021 08:50 |
| info |
| IKE |
| The cookie pair is : 0x6d69b60162e17f14 / 0xbfb4e088911027c6 |
| xxxx:500 |
| xxxx:500 |
| IKE_LOG |
| 169 |
| 15.09.2021 08:49 |
| info |
| IKE |
| Recv:[HASH][NOTIFY:R_U_THERE_ACK] |
| xxxx:500 |
| xxxx:500 |
| IKE_LOG |
| 170 |
| 15.09.2021 08:49 |
| info |
| IKE |
| The cookie pair is : 0xbfb4e088911027c6 / 0x6d69b60162e17f14 |
| xxxx:500 |
| xxxx:500 |
| IKE_LOG |
| 171 |
| 15.09.2021 08:49 |
| info |
| IKE |
| Send:[HASH][NOTIFY:R_U_THERE] |
| xxxx:500 |
| xxxx:500 |
| IKE_LOG |
| 172 |
| 15.09.2021 08:49 |
| info |
| IKE |
| The cookie pair is : 0x6d69b60162e17f14 / 0xbfb4e088911027c6 |
| xxxx:500 |
| xxxx:500 |
| IKE_LOG |
| 196 |
| 15.09.2021 08:49 |
| info |
| IKE |
| Recv:[HASH][NOTIFY:R_U_THERE_ACK] |
| xxxx:500 |
| xxxx:500 |
| IKE_LOG |
| 197 |
| 15.09.2021 08:49 |
| info |
| IKE |
| The cookie pair is : 0xbfb4e088911027c6 / 0x6d69b60162e17f14 |
| xxxx:500 |
| xxxx:500 |
| IKE_LOG |
| 198 |
| 15.09.2021 08:49 |
| info |
| IKE |
| Send:[HASH][NOTIFY:R_U_THERE] |
| xxxx:500 |
| xxxx:500 |
| IKE_LOG |
| 199 |
| 15.09.2021 08:49 |
| info |
| IKE |
| The cookie pair is : 0x6d69b60162e17f14 / 0xbfb4e088911027c6 |
| xxxx:500 |
| xxxx:500 |
| IKE_LOG |
| 216 |
| 15.09.2021 08:48 |
| info |
| IKE |
| Recv:[HASH][NOTIFY:R_U_THERE_ACK] |
| xxxx:500 |
| xxxx:500 |
| IKE_LOG |
| 217 |
| 15.09.2021 08:48 |
| info |
| IKE |
| The cookie pair is : 0xbfb4e088911027c6 / 0x6d69b60162e17f14 |
| xxxx:500 |
| xxxx:500 |
| IKE_LOG |
| 218 |
| 15.09.2021 08:48 |
| info |
| IKE |
| Send:[HASH][NOTIFY:R_U_THERE] |
| xxxx:500 |
| xxxx:500 |
| IKE_LOG |
| 219 |
| 15.09.2021 08:48 |
| info |
| IKE |
| The cookie pair is : 0x6d69b60162e17f14 / 0xbfb4e088911027c6 |
| xxxx:500 |
| xxxx:500 |
| IKE_LOG |
| 235 |
| 15.09.2021 08:48 |
| info |
| IKE |
| Recv:[HASH][NOTIFY:R_U_THERE_ACK] |
| xxxx:500 |
| xxxx:500 |
| IKE_LOG |
| 236 |
| 15.09.2021 08:48 |
| info |
| IKE |
| The cookie pair is : 0xbfb4e088911027c6 / 0x6d69b60162e17f14 |
| xxxx:500 |
| xxxx:500 |
| IKE_LOG |
| 237 |
| 15.09.2021 08:48 |
| info |
| IKE |
| Send:[HASH][NOTIFY:R_U_THERE] |
| xxxx:500 |
| xxxx:500 |
| IKE_LOG |
| 238 |
| 15.09.2021 08:48 |
| info |
| IKE |
| The cookie pair is : 0x6d69b60162e17f14 / 0xbfb4e088911027c6 |
| xxxx:500 |
| xxxx:500 |
| IKE_LOG |
| 245 |
| 15.09.2021 08:48 |
| info |
| IKE |
| ISAKMP SA [WIZ_L2TP_VPN] is disconnected |
| xxxx:4500 |
| xxxx:4500 |
| IKE_LOG |
| 246 |
| 15.09.2021 08:48 |
| info |
| IKE |
| The cookie pair is : 0xecbacc75b0634906 / 0xb9ae4aada8779639 |
| xxxx:4500 |
| xxxx:4500 |
| IKE_LOG |
| 247 |
| 15.09.2021 08:48 |
| info |
| IKE |
| Received delete notification |
| xxxx:4500 |
| xxxx:4500 |
| IKE_LOG |
| 248 |
| 15.09.2021 08:48 |
| info |
| IKE |
| Recv:[HASH][DEL] [count=2] |
| xxxx:4500 |
| xxxx:4500 |
| IKE_LOG |
| 249 |
| 15.09.2021 08:48 |
| info |
| IKE |
| The cookie pair is : 0xb9ae4aada8779639 / 0xecbacc75b0634906 [count=3] |
| xxxx:4500 |
| xxxx:4500 |
| IKE_LOG |
| 260 |
| 15.09.2021 08:47 |
| info |
| IKE |
| Dynamic Tunnel [WIZ_L2TP_VPN:WIZ_L2TP_VPN:0x27120216] built successfully |
| xxxx:4500 |
| xxxx:4500 |
| IKE_LOG |
| 261 |
| 15.09.2021 08:47 |
| info |
| IKE |
| [ESP 3des-cbc|hmac-sha1-96][SPI 0xdb3cd34f|0x27120216][Lifetime 3620] |
| xxxx:4500 |
| xxxx:4500 |
| IKE_LOG |
| 262 |
| 15.09.2021 08:47 |
| info |
| IKE |
| [Policy: ipv4(udp:1701,81.223.65.30)-ipv4(udp:1701,172.24.11.133)] |
| xxxx:4500 |
| xxxx:4500 |
| IKE_LOG |
| 263 |
| 15.09.2021 08:47 |
| info |
| IKE |
| [Responder:81.223.65.30][Initiator:80.122.193.250] |
| xxxx:4500 |
| xxxx:4500 |
| IKE_LOG |
| 264 |
| 15.09.2021 08:47 |
| info |
| IKE |
| Recv:[HASH] |
| xxxx:4500 |
| xxxx:4500 |
| IKE_LOG |
| 265 |
| 15.09.2021 08:47 |
| info |
| IKE |
| Send:[HASH][SA][NONCE][ID][ID][PRV][PRV] |
| xxxx:4500 |
| xxxx:4500 |
| IKE_LOG |
| 266 |
| 15.09.2021 08:47 |
| info |
| IKE |
| Recv TSi: ipv4(udp:1701,172.24.11.133), TSr: ipv4(udp:1701,81.223.65.30). |
| xxxx:4500 |
| xxxx:4500 |
| IKE_LOG |
| 267 |
| 15.09.2021 08:47 |
| info |
| IKE |
| Recv IPSec sa: SA([0] protocol = ESP (3), spi_len = 4, spi = 0x00000000, AES CBC key len = 256, HMAC-SHA1-96, No ESN, AES CBC key len = 128, 3DES, DES, NULL; ). |
| xxxx:4500 |
| xxxx:4500 |
| IKE_LOG |
| 268 |
| 15.09.2021 08:47 |
| info |
| IKE |
| Recv:[HASH][SA][NONCE][ID][ID][PRV][PRV] |
| xxxx:4500 |
| xxxx:4500 |
| IKE_LOG |
| 269 |
| 15.09.2021 08:47 |
| info |
| IKE |
| Phase 1 IKE SA process done |
| xxxx:4500 |
| xxxx:4500 |
| IKE_LOG |
| 270 |
| 15.09.2021 08:47 |
| info |
| IKE |
| Send:[ID][HASH] |
| xxxx:4500 |
| xxxx:4500 |
| IKE_LOG |
| 271 |
| 15.09.2021 08:47 |
| info |
| IKE |
| The cookie pair is : 0xecbacc75b0634906 / 0xb9ae4aada8779639 [count=7] |
| xxxx:4500 |
| xxxx:4500 |
| IKE_LOG |
| 272 |
| 15.09.2021 08:47 |
| info |
| IKE |
| Recv:[ID][HASH] |
| xxxx:4500 |
| xxxx:4500 |
| IKE_LOG |
| 273 |
| 15.09.2021 08:47 |
| info |
| IKE |
| The cookie pair is : 0xb9ae4aada8779639 / 0xecbacc75b0634906 [count=3] |
| xxxx:4500 |
| xxxx:4500 |
| IKE_LOG |
| 274 |
| 15.09.2021 08:47 |
| info |
| IKE |
| Send:[KE][NONCE][PRV][PRV] |
| xxxx:500 |
| xxxx:1011 |
| IKE_LOG |
| 276 |
| 15.09.2021 08:47 |
| info |
| IKE |
| Recv:[KE][NONCE][PRV][PRV] |
| xxxx:1011 |
| xxxx:500 |
| IKE_LOG |
| 277 |
| 15.09.2021 08:47 |
| info |
| IKE |
| Send:[SA][VID][VID][VID][VID][VID][VID][VID][VID][VID][VID] |
| xxxx:500 |
| xxxx:1011 |
| IKE_LOG |
| 278 |
| 15.09.2021 08:47 |
| info |
| IKE |
| The cookie pair is : 0xecbacc75b0634906 / 0xb9ae4aada8779639 [count=2] |
| xxxx:500 |
| xxxx:1011 |
| IKE_LOG |
| 279 |
| 15.09.2021 08:47 |
| info |
| IKE |
| Recv IKE sa: SA([0] protocol = IKE (1), AES CBC key len = 256, HMAC-SHA1 PRF, HMAC-SHA1-96, 384 bit ECP, AES CBC key len = 128, 256 bit ECP, 2048 bit MODP, 3DES, 1024 bit MODP; ). |
| xxxx:1011 |
| xxxx:500 |
| IKE_LOG |
| 280 |
| 15.09.2021 08:47 |
| info |
| IKE |
| Recv:[SA][VID][VID][VID][VID][VID][VID][VID][VID] |
| xxxx:1011 |
| xxxx:500 |
| IKE_LOG |
| 281 |
| 15.09.2021 08:47 |
| info |
| IKE |
| The cookie pair is : 0xb9ae4aada8779639 / 0xecbacc75b0634906 [count=2] |
| xxxx:1011 |
| xxxx:500 |
| IKE_LOG |
| 282 |
| 15.09.2021 08:47 |
| info |
| IKE |
| Recv Main Mode request from [80.122.193.250] |
| xxxx:1011 |
| xxxx:500 |
| IKE_LOG |
| 283 |
| 15.09.2021 08:47 |
| info |
| IKE |
| The cookie pair is : 0xecbacc75b0634906 / 0x0000000000000000 |
| xxxx:1011 |
| xxxx:500 |
| IKE_LOG |
0
All Replies
-
Can your L2TP VPN tunnel built by local user success? (e.g. admin)
You can refer to FAQ to make sure your configuration is correct first and try to build tunnel by admin first.
And also, you can login USG web portal by your AD account first to make sure your external Auth is correct.
And you can only left "PAP" in authentication protocol.
0
Master Member
Categories
- All Categories
- 397 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 78 Nebula Status and Incidents
- 5.1K Security
- 52 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 211 Service & License
- 332 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 880 Nebula FAQ
- 415 Security FAQ
- 221 Switch FAQ
- 195 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 63 Security Highlight
