IPsec IKEv1 with user authentication

Hi Support,

I'm facing an issue with setup of an IPsec VPN on my USG20-VPN device at version 5.31

I'm using with success a IKEv1 tunnel only with the Pre-shared key authentication from SecuExtender IPsec client.
But, when I try to adding an authentication level with username+password the tunnel doesn't connect as expected. I've seen a lot of online guide about this configuration but I'm am not able to fix this issue.

The connection seems to be closed unaspectatly during the connection step.
I've attached a ZIP with the item below:
  • screenshot of the client console
  • export of the client configuration
  • screenshot of the ZyWall configuration
  • ZyWall logs
Please, help me to fix this.

Regards,
Marco

All Replies

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,059  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @3529242

    Here are some methods you can try it.
    Method 1. To change the local ID to local IP and peer ID to "any" in phase1 gateway settings(as below the ). Then the SecuExtender gets the IPsec provision file and to establishes IPsec VPN again.



    Method 2. To configure the IPsec VPN via the Wizard and the SecuExtender gets the IPsec provision file and to establish IPsec VPN again. Please refer to this tutorial link(Remote Access VPN Wizard for SecuExtender IPSec and Non-SecuExtender IPSec VPN Clients).






  • Hi @Zyxel_Jeff,

    I'm trying with the wizard (available only for IKEv2) but after the VPN deployment I got an authentication error. I got the same error during my last test with IKEv2 so, seems to be an issue with and without the wizard.

    In attach you can find:
    • screenshot of the client console
    • export of the client configuration
    • screenshot of the ZyWall configuration
    Marco
  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,059  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    @3529242

    Could you share your device config file with us via private message? Maybe we can try to fix it in our lab environment?
  • Hi @Zyxel_Jeff,

    the config is in your private inbox.

    Marco
  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,059  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Could you provide the remote Web-GUI link to us for further checks? Thanks :) .

Security Highlight