VPN Primer needed for my USG 100 Flex
All Replies
-
IKE SA [] is disconnected
73.73.116.92:500
98.46.107.197:10228
IKE_LOG
5
2023-05-12 14:34:13
info
IKE
[SA] : No proposal chosen
73.73.116.92:500
98.46.107.197:10228
IKE_LOG
6
2023-05-12 14:34:13
info
IKE
[SA] : Tunnel [WIZ_VPN_v2] Phase 1 proposal mismatch
IKE_LOG
7
2023-05-12 14:34:13
info
IKE
The cookie pair is : 53192 [count=3]
98.46.107.197:10228
IKE_LOG
8
2023-05-12 14:34:13
info
IKE
Recv
IKE sa: SA([0] protocol = IKE (1), AES CBC key len = 256, HMAC-SHA256
PRF, HMAC-SHA256-128, 2048 bit MODP; [1] protocol = IKE (1), AES CBC key
len = 256, HMAC-SHA256 PRF, HMAC-SHA256-128, 256 bit ECP; [2] protocol =
IKE (1), AES CBC key len = 256, HM73.73.116.92:500
IKE_LOG
9
2023-05-12 14:34:13
info
IKE
[INIT] Recv: [SA][KE][NONCE][NOTIFY][NOTIFY][NOTIFY][NOTIFY]
73.73.116.92:500
IKE_LOG
10
2023-05-12 14:34:13
info
IKE
Receiving IKEv2 request
Thank you for the continued help. I am still getting some sort of mismatch
0 -
Try add in for Phase 1 and 2 Settings
AES256 SHA256
The order might matter
0 -
still no luck…
0 -
still Phase 1 proposal mismatch?
Try changing the key group and reboot ipad set the client with ikev2 in IPsec identifier
Setup a DDNS with like no-ip and in advance for local ID Type DNS and content your DDNS
That should be everything
0 -
not sure in phase 1 or two. I tried on a second ipad
BTW. there is a "connect" menu item in VPN connection tab. Not knowing what I am doing, I hit connect with the following error.
CLI Number: 0
Error Number: -16015
Error Message: 'Dial a dynamic tunnel has failed for Crypto map.'Here is the log
1
2023-05-14 16:51:21
info
IKE
IKE SA [WIZ_VPN_v2] is disconnected
server:4500
client:4500
IKE_LOG
122023-05-14 16:51:21
info
IKE
The cookie pair is : 0x8875ff66f1736b17 / 0x5989436118077d7c
Server:4500
client1:4500
IKE_LOG
132023-05-14 16:51:21
info
IKE
[AUTH] Recv:[IDi][NOTIFY][IDr][CONF][NOTIFY][NOTIFY][SA][TSi][TSr][NOTIFY]
client1:4500
Server:4500
IKE_LOG
142023-05-14 16:51:21
info
IKE
The cookie pair is : 0x5989436118077d7c / 0x8875ff66f1736b17
client:4500
Server:4500
IKE_LOG
152023-05-14 16:51:20
info
IKE
[INIT] Send:[SAr1][KE][NONCE][NOTIFY][NOTIFY][NOTIFY][CERTREQ][VID][VID][VID][VID][VID][VID]
Server:500
client:41912
IKE_LOG
162023-05-14 16:51:20
info
IKE
The cookie pair is : 0x8875ff66f1736b17 / 0x5989436118077d7c
Server:500
client:41912
IKE_LOG
172023-05-14 16:51:20
info
IKE
Recv IKE sa: SA([0] protocol = IKE (1), AES CBC key len = 256, HMAC-SHA256 PRF, HMAC-SHA256-128, 2048 bit MODP; [1] protocol = IKE (1), AES CBC key len = 256, HMAC-SHA256 PRF, HMAC-SHA256-128, 256 bit ECP; [2] protocol = IKE (1), AES CBC key len = 256, HM
client:41912
Server:500
IKE_LOG
182023-05-14 16:51:20
info
IKE
[INIT] Recv: [SA][KE][NONCE][NOTIFY][NOTIFY][NOTIFY][NOTIFY]
client:41912
Server:500
IKE_LOG
192023-05-14 16:51:20
info
IKE
Receiving IKEv2 request
client:41912
Server:500
IKE_LOG
202023-05-14 16:51:20
info
IKE
The cookie pair is : 0x5989436118077d7c / 0x8875ff66f1736b17 [count=2]
client:41912
Server:500
IKE_LOG
0
Ally Member
Guru Member
Categories
- All Categories
- 398 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 83 Nebula Status and Incidents
- 5.2K Security
- 99 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 923 WirelessLAN
- 35 WLAN Ideas
- 5.9K Consumer Product
- 212 Service & License
- 337 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2.1K FAQ
- 1K Nebula FAQ
- 445 Security FAQ
- 238 Switch FAQ
- 213 WirelessLAN FAQ
- 47 Consumer Product FAQ
- 142 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 62 Security Highlight
