IPSec-VPN problems

CRP0499 · May 2023

I have two sites. Site one has a USG100 and site 2 has a Flex 200.

Site one is unchanged. Site 2 USE to have a Sonicwall and the two sites were connected with an IPSec-VPN.

I removed the sonicwall at site 2 and replaced with with the Flex 200 and began setting up the P2P VPN again. Of course, I didn't change Site 1 config, but only set up Site 2 to connect to site one in the same way the sonicwall was setup.

I'm here because I can't get the VPN to work.

I have done side by side comparisons on the two sites and literally everything is exactly the same and site 2 is set up exactly like the sonicwall was. Even now, when I reconnect the sonicwall, the VPN comes up fine.

My log is showing no Proposal chosen and I'm dying trying to find out what's wrong.

I've compared the functioning sonicwall VPN settings to the new Flex VPN settings and they are identical in every respect, but still I'm striking out.

Anyone have any ideas?

Thanks!

Cliff

CRP0499 · May 2023

Called Zyxel support. in three mins it was fixed. He set PFS to none on Phase 2.

Literally EVERY support doc says to set it to DH2!

Face palm

PeterUK · May 2023

Does is say Phase 1 mismatch for the Proposal? in Advance you need to set the right matching encryption

CHS · May 2023

Since your logs are showing "no Proposal chosen," it's likely that there's a mismatch in the Phase 1 or Phase 2 settings between the USG100 and the Flex 200.

Ensure that both sides are using the same settings for Phase 1 and Phase 2 negotiations. This includes encryption, hash, Diffie-Hellman Group, and lifetime settings.