Zyxel USG60W - VPN over L2TP with domain authentication

Hello everyone, i have a problem on my Zyxel USG60W. I want to open a VPN over L2TP with domain authentication but it doesn´t work. The connection between the Zyxel and the domain controller works. (i tested that in the AAA Server and in the ext-group-user). It works with local users.

Log Messages:
5
15.09.2021 08:52
info
IKE
Recv:[HASH][NOTIFY:R_U_THERE_ACK]
xxxx:500
xxxx:500
IKE_LOG
6
15.09.2021 08:52
info
IKE
The cookie pair is : 0xbfb4e088911027c6 / 0x6d69b60162e17f14
xxxx:500
xxxx:500
IKE_LOG
7
15.09.2021 08:52
info
IKE
Send:[HASH][NOTIFY:R_U_THERE]
xxxx:500
xxxx:500
IKE_LOG
8
15.09.2021 08:52
info
IKE
The cookie pair is : 0x6d69b60162e17f14 / 0xbfb4e088911027c6
xxxx:500
xxxx:500
IKE_LOG
22
15.09.2021 08:51
info
IKE
Recv:[HASH][NOTIFY:R_U_THERE_ACK]
xxxx:500
xxxx:500
IKE_LOG
23
15.09.2021 08:51
info
IKE
The cookie pair is : 0xbfb4e088911027c6 / 0x6d69b60162e17f14
xxxx:500
xxxx:500
IKE_LOG
24
15.09.2021 08:51
info
IKE
Send:[HASH][NOTIFY:R_U_THERE]
xxxx:500
xxxx:500
IKE_LOG
25
15.09.2021 08:51
info
IKE
The cookie pair is : 0x6d69b60162e17f14 / 0xbfb4e088911027c6
xxxx:500
xxxx:500
IKE_LOG
46
15.09.2021 08:51
info
IKE
Recv:[HASH][NOTIFY:R_U_THERE_ACK]
xxxx:500
xxxx:500
IKE_LOG
47
15.09.2021 08:51
info
IKE
The cookie pair is : 0xbfb4e088911027c6 / 0x6d69b60162e17f14
xxxx:500
xxxx:500
IKE_LOG
48
15.09.2021 08:51
info
IKE
Send:[HASH][NOTIFY:R_U_THERE]
xxxx:500
xxxx:500
IKE_LOG
49
15.09.2021 08:51
info
IKE
The cookie pair is : 0x6d69b60162e17f14 / 0xbfb4e088911027c6
xxxx:500
xxxx:500
IKE_LOG
75
15.09.2021 08:50
info
IKE
Recv:[HASH][NOTIFY:R_U_THERE_ACK]
xxxx:500
xxxx:500
IKE_LOG
76
15.09.2021 08:50
info
IKE
The cookie pair is : 0xbfb4e088911027c6 / 0x6d69b60162e17f14
xxxx:500
xxxx:500
IKE_LOG
77
15.09.2021 08:50
info
IKE
Send:[HASH][NOTIFY:R_U_THERE]
xxxx:500
xxxx:500
IKE_LOG
78
15.09.2021 08:50
info
IKE
The cookie pair is : 0x6d69b60162e17f14 / 0xbfb4e088911027c6
xxxx:500
xxxx:500
IKE_LOG
126
15.09.2021 08:50
info
IKE
Recv:[HASH][NOTIFY:R_U_THERE_ACK]
xxxx:500
xxxx:500
IKE_LOG
127
15.09.2021 08:50
info
IKE
The cookie pair is : 0xbfb4e088911027c6 / 0x6d69b60162e17f14
xxxx:500
xxxx:500
IKE_LOG
128
15.09.2021 08:50
info
IKE
Send:[HASH][NOTIFY:R_U_THERE]
xxxx:500
xxxx:500
IKE_LOG
129
15.09.2021 08:50
info
IKE
The cookie pair is : 0x6d69b60162e17f14 / 0xbfb4e088911027c6
xxxx:500
xxxx:500
IKE_LOG
169
15.09.2021 08:49
info
IKE
Recv:[HASH][NOTIFY:R_U_THERE_ACK]
xxxx:500
xxxx:500
IKE_LOG
170
15.09.2021 08:49
info
IKE
The cookie pair is : 0xbfb4e088911027c6 / 0x6d69b60162e17f14
xxxx:500
xxxx:500
IKE_LOG
171
15.09.2021 08:49
info
IKE
Send:[HASH][NOTIFY:R_U_THERE]
xxxx:500
xxxx:500
IKE_LOG
172
15.09.2021 08:49
info
IKE
The cookie pair is : 0x6d69b60162e17f14 / 0xbfb4e088911027c6
xxxx:500
xxxx:500
IKE_LOG
196
15.09.2021 08:49
info
IKE
Recv:[HASH][NOTIFY:R_U_THERE_ACK]
xxxx:500
xxxx:500
IKE_LOG
197
15.09.2021 08:49
info
IKE
The cookie pair is : 0xbfb4e088911027c6 / 0x6d69b60162e17f14
xxxx:500
xxxx:500
IKE_LOG
198
15.09.2021 08:49
info
IKE
Send:[HASH][NOTIFY:R_U_THERE]
xxxx:500
xxxx:500
IKE_LOG
199
15.09.2021 08:49
info
IKE
The cookie pair is : 0x6d69b60162e17f14 / 0xbfb4e088911027c6
xxxx:500
xxxx:500
IKE_LOG
216
15.09.2021 08:48
info
IKE
Recv:[HASH][NOTIFY:R_U_THERE_ACK]
xxxx:500
xxxx:500
IKE_LOG
217
15.09.2021 08:48
info
IKE
The cookie pair is : 0xbfb4e088911027c6 / 0x6d69b60162e17f14
xxxx:500
xxxx:500
IKE_LOG
218
15.09.2021 08:48
info
IKE
Send:[HASH][NOTIFY:R_U_THERE]
xxxx:500
xxxx:500
IKE_LOG
219
15.09.2021 08:48
info
IKE
The cookie pair is : 0x6d69b60162e17f14 / 0xbfb4e088911027c6
xxxx:500
xxxx:500
IKE_LOG
235
15.09.2021 08:48
info
IKE
Recv:[HASH][NOTIFY:R_U_THERE_ACK]
xxxx:500
xxxx:500
IKE_LOG
236
15.09.2021 08:48
info
IKE
The cookie pair is : 0xbfb4e088911027c6 / 0x6d69b60162e17f14
xxxx:500
xxxx:500
IKE_LOG
237
15.09.2021 08:48
info
IKE
Send:[HASH][NOTIFY:R_U_THERE]
xxxx:500
xxxx:500
IKE_LOG
238
15.09.2021 08:48
info
IKE
The cookie pair is : 0x6d69b60162e17f14 / 0xbfb4e088911027c6
xxxx:500
xxxx:500
IKE_LOG
245
15.09.2021 08:48
info
IKE
ISAKMP SA [WIZ_L2TP_VPN] is disconnected
xxxx:4500
xxxx:4500
IKE_LOG
246
15.09.2021 08:48
info
IKE
The cookie pair is : 0xecbacc75b0634906 / 0xb9ae4aada8779639
xxxx:4500
xxxx:4500
IKE_LOG
247
15.09.2021 08:48
info
IKE
Received delete notification
xxxx:4500
xxxx:4500
IKE_LOG
248
15.09.2021 08:48
info
IKE
Recv:[HASH][DEL] [count=2]
xxxx:4500
xxxx:4500
IKE_LOG
249
15.09.2021 08:48
info
IKE
The cookie pair is : 0xb9ae4aada8779639 / 0xecbacc75b0634906 [count=3]
xxxx:4500
xxxx:4500
IKE_LOG
260
15.09.2021 08:47
info
IKE
Dynamic Tunnel [WIZ_L2TP_VPN:WIZ_L2TP_VPN:0x27120216] built successfully
xxxx:4500
xxxx:4500
IKE_LOG
261
15.09.2021 08:47
info
IKE
[ESP 3des-cbc|hmac-sha1-96][SPI 0xdb3cd34f|0x27120216][Lifetime 3620]
xxxx:4500
xxxx:4500
IKE_LOG
262
15.09.2021 08:47
info
IKE
[Policy: ipv4(udp:1701,81.223.65.30)-ipv4(udp:1701,172.24.11.133)]
xxxx:4500
xxxx:4500
IKE_LOG
263
15.09.2021 08:47
info
IKE
[Responder:81.223.65.30][Initiator:80.122.193.250]
xxxx:4500
xxxx:4500
IKE_LOG
264
15.09.2021 08:47
info
IKE
Recv:[HASH]
xxxx:4500
xxxx:4500
IKE_LOG
265
15.09.2021 08:47
info
IKE
Send:[HASH][SA][NONCE][ID][ID][PRV][PRV]
xxxx:4500
xxxx:4500
IKE_LOG
266
15.09.2021 08:47
info
IKE
Recv TSi: ipv4(udp:1701,172.24.11.133), TSr: ipv4(udp:1701,81.223.65.30).
xxxx:4500
xxxx:4500
IKE_LOG
267
15.09.2021 08:47
info
IKE
Recv IPSec sa: SA([0] protocol = ESP (3), spi_len = 4, spi = 0x00000000, AES CBC key len = 256, HMAC-SHA1-96, No ESN, AES CBC key len = 128, 3DES, DES, NULL; ).
xxxx:4500
xxxx:4500
IKE_LOG
268
15.09.2021 08:47
info
IKE
Recv:[HASH][SA][NONCE][ID][ID][PRV][PRV]
xxxx:4500
xxxx:4500
IKE_LOG
269
15.09.2021 08:47
info
IKE
Phase 1 IKE SA process done
xxxx:4500
xxxx:4500
IKE_LOG
270
15.09.2021 08:47
info
IKE
Send:[ID][HASH]
xxxx:4500
xxxx:4500
IKE_LOG
271
15.09.2021 08:47
info
IKE
The cookie pair is : 0xecbacc75b0634906 / 0xb9ae4aada8779639 [count=7]
xxxx:4500
xxxx:4500
IKE_LOG
272
15.09.2021 08:47
info
IKE
Recv:[ID][HASH]
xxxx:4500
xxxx:4500
IKE_LOG
273
15.09.2021 08:47
info
IKE
The cookie pair is : 0xb9ae4aada8779639 / 0xecbacc75b0634906 [count=3]
xxxx:4500
xxxx:4500
IKE_LOG
274
15.09.2021 08:47
info
IKE
Send:[KE][NONCE][PRV][PRV]
xxxx:500
xxxx:1011
IKE_LOG
276
15.09.2021 08:47
info
IKE
Recv:[KE][NONCE][PRV][PRV]
xxxx:1011
xxxx:500
IKE_LOG
277
15.09.2021 08:47
info
IKE
Send:[SA][VID][VID][VID][VID][VID][VID][VID][VID][VID][VID]
xxxx:500
xxxx:1011
IKE_LOG
278
15.09.2021 08:47
info
IKE
The cookie pair is : 0xecbacc75b0634906 / 0xb9ae4aada8779639 [count=2]
xxxx:500
xxxx:1011
IKE_LOG
279
15.09.2021 08:47
info
IKE
Recv IKE sa: SA([0] protocol = IKE (1), AES CBC key len = 256, HMAC-SHA1 PRF, HMAC-SHA1-96, 384 bit ECP, AES CBC key len = 128, 256 bit ECP, 2048 bit MODP, 3DES, 1024 bit MODP; ).
xxxx:1011
xxxx:500
IKE_LOG
280
15.09.2021 08:47
info
IKE
Recv:[SA][VID][VID][VID][VID][VID][VID][VID][VID]
xxxx:1011
xxxx:500
IKE_LOG
281
15.09.2021 08:47
info
IKE
The cookie pair is : 0xb9ae4aada8779639 / 0xecbacc75b0634906 [count=2]
xxxx:1011
xxxx:500
IKE_LOG
282
15.09.2021 08:47
info
IKE
Recv Main Mode request from [80.122.193.250]
xxxx:1011
xxxx:500
IKE_LOG
283
15.09.2021 08:47
info
IKE
The cookie pair is : 0xecbacc75b0634906 / 0x0000000000000000
xxxx:1011
xxxx:500
IKE_LOG


All Replies

  • CHS
    CHS Posts: 181  Master Member
    5 Answers First Comment Friend Collector Sixth Anniversary
    edited September 2021
    Can your L2TP VPN tunnel built by local user success?  (e.g. admin)
    You can refer to FAQ to make sure your configuration is correct first and try to build tunnel by admin first.

    And also, you can login USG web portal by your AD account first to make sure your external Auth is correct.
    And you can only left "PAP" in authentication protocol.
     

Security Highlight