Quick HowTo for a VPN Connection to a Phone and W10?

Username_is_reserved
Username_is_reserved Posts: 107  Ally Member
First Comment Friend Collector Fourth Anniversary
Hi
Can someone recommend a HowTo for a VPN with a ATP from a Phone and W10 Client?
Thanks

All Replies

  • mMontana
    mMontana Posts: 1,389  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
    Look for L2TP.
  • Zyxel_Emily
    Zyxel_Emily Posts: 1,396  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    In Quick Setup > Remote Access VPN Setup, select one of the scenario to configure remote access VPN on wizard.


    L2TP VPN 
    How to setup L2TP VPN for remote access
    Note: Android 12 and later versions do not support L2TP VPN. Please use IKEv2 instead.

    IKEv2
  • Username_is_reserved
    Username_is_reserved Posts: 107  Ally Member
    First Comment Friend Collector Fourth Anniversary
    edited December 2022
    So I try to make the VPN Connection but I always get the error:
    1	2022-12-21 22:08:38	info	IKE	The cookie pair is : 0x1274635555208d3c / 0xac26bcad3e72b10a [count=3]	YYY.YYY.245.53:500	ZZZ.ZZZ.220.28:500	IKE_LOG<br>2	2022-12-21 22:08:38	info	IKE	The cookie pair is : 0xac26bcad3e72b10a / 0x1274635555208d3c [count=2]	ZZZ.ZZZ.220.28:500	YYY.YYY.245.53:500	IKE_LOG<br>3	2022-12-21 22:08:37	info	IKE	The cookie pair is : 0x1274635555208d3c / 0xfe82223f7b4d520f [count=3]	YYY.YYY.245.53:500	ZZZ.ZZZ.220.28:500	IKE_LOG<br>4	2022-12-21 22:08:37	info	IKE	The cookie pair is : 0xfe82223f7b4d520f / 0x1274635555208d3c [count=2]	ZZZ.ZZZ.220.28:500	YYY.YYY.245.53:500	IKE_LOG<br>5	...<br>6	2022-12-21 22:08:36	info	IKE	IKE SA [] is disconnected [count=3]	YYY.YYY.245.53:500	ZZZ.ZZZ.220.28:500	IKE_LOG<br>7	2022-12-21 22:08:36	info	IKE	Send:[NOTIFY:INVALID_MAJOR_VERSION]	YYY.YYY.245.53:500	ZZZ.ZZZ.220.28:500	IKE_LOG<br>8	2022-12-21 22:08:36	info	IKE	The cookie pair is : 0x1274635555208d3c / 0x345ebc7c96200639	YYY.YYY.245.53:500	ZZZ.ZZZ.220.28:500	IKE_LOG<br>9	2022-12-21 22:08:36	info	IKE	Major version numbers are different	ZZZ.ZZZ.220.28:500	YYY.YYY.245.53:500	IKE_LOG<br>10	2022-12-21 22:08:36	info	IKE	The cookie pair is : 0x345ebc7c96200639 / 0x1274635555208d3c	ZZZ.ZZZ.220.28:500	YYY.YYY.245.53:500	IKE_LOG<br>11	2022-12-21 22:08:36	info	IKE	Recv Main Mode request from [ZZZ.ZZZ.220.28]	ZZZ.ZZZ.220.28:500	YYY.YYY.245.53:500	IKE_LOG<br>12	2022-12-21 22:08:36	info	IKE	The cookie pair is : 0x1274635555208d3c / 0x0000000000000000	ZZZ.ZZZ.220.28:500	YYY.YYY.245.53:500	IKE_LOG<br>13	2022-12-21 22:08:36	info	IKE	[SA] : No proposal chosen [count=3]	YYY.YYY.245.53:500	ZZZ.ZZZ.220.28:500	IKE_LOG<br>14	2022-12-21 22:08:36	info	IKE	[SA] : Tunnel [RemoteAccess_L2TP_Wiz] Phase 1 proposal mismatch [count=3]	YYY.YYY.245.53:500	ZZZ.ZZZ.220.28:500	IKE_LOG<br>15	2022-12-21 22:08:36	info	IKE	The cookie pair is : 0x1274635555208d3c / 0x8258c8e74d93acb9 [count=3]	YYY.YYY.245.53:500	ZZZ.ZZZ.220.28:500	IKE_LOG<br>16	2022-12-21 22:08:36	info	IKE	Recv IKE sa: SA([0] protocol = IKE (1), 3DES, HMAC-SHA1-96, HMAC-SHA1 PRF, 1024 bit MODP; [1] protocol = IKE (1), 3DES, HMAC-SHA256-128, HMAC-SHA256 PRF, 1024 bit MODP; [2] protocol = IKE (1), 3DES, HMAC-SHA384-192, HMAC-SHA384 PRF, 1024 bit MODP; ). [count=3]	ZZZ.ZZZ.220.28:500	YYY.YYY.245.53:500	IKE_LOG<br>17	2022-12-21 22:08:36	info	IKE	[INIT] Recv: [SA][KE][NONCE][NOTIFY][NOTIFY][NOTIFY][VID][VID][VID][VID] [count=3]	ZZZ.ZZZ.220.28:500	YYY.YYY.245.53:500	IKE_LOG<br>18	2022-12-21 22:08:36	info	IKE	Receiving IKEv2 request [count=3]	ZZZ.ZZZ.220.28:500	YYY.YYY.245.53:500	IKE_LOG<br>19	2022-12-21 22:08:36	info	IKE	The cookie pair is : 0x8258c8e74d93acb9 / 0x1274635555208d3c [count=2]	ZZZ.ZZZ.220.28:500	YYY.YYY.245.53:500	IKE_LOG

    That do I wrong? Thanks
  • Zyxel_Emily
    Zyxel_Emily Posts: 1,396  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    In the log, it shows [RemoteAccess_L2TP_Wiz] Phase 1 proposal mismatch. Please check VPN Gateway Phase 1 Settings. ATP and L2TP VPN client must use the same Encryption, Authentication method, DH key group and ID Type/Content to establish the IKE SA. Besides, you can also check the IKE version. If you're using L2TP VPN, use IKEv1. If your client is Andriod phones with Android 12 and later versions, it doesn't support L2TP VPN. Please select IKEv2 scenario.  
    If it is still not working, please send the remote access information of your ATP and one L2TP VPN account/password to me in private message. 

  • Username_is_reserved
    Username_is_reserved Posts: 107  Ally Member
    First Comment Friend Collector Fourth Anniversary
    Thanks for replay I export the Settings to Win10 and Import them via the Batch File. It seem the Import worked. Do I have to change anything in Win or the ATP after them?
    Thanks
  • Zyxel_Emily
    Zyxel_Emily Posts: 1,396  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    Just click on the .bat file and the setting will be configured automatically on Windows 10. Click "Connect" and enter the username and password. L2TP VPN is connected. 


  • Username_is_reserved
    Username_is_reserved Posts: 107  Ally Member
    First Comment Friend Collector Fourth Anniversary
    edited December 2022
    sry I did an mistake and now it works on my Win10 Tablet.
    How to add them Manually on my W7 Machine?
    Thanks

Security Highlight