ATP 800 half ipsec tunnels don't up after reboot

alexey

After hang and restart half of ipsec tunnels don't up with ZW 1000.

Need manually change passpharase to cert or from cert to passphara.

After that tunnel is build

On 1000 error

On ATP

Recv:[NOTIFY:INVALID_SIGNATURE]

Zyxel_Jeff

Dear @alexey

Thanks for reporting this case to us. Regarding the symptom that you mentioned, it should be the same as this discussion. Please continue collecting syslog information. If the VPN connection gets disconnected, please share the syslog file with us. This will help us identify the possible reason for the disconnection. Thanks.

alexey

@Zyxel_Jeff

After update ATP800 to P2, all usg1000 tunnels up.

Later on this week try some times reboot device and watch result

Don't up 2 FLEX50W tunnels. Flex on P2 FW too.

In logs error about duplicate ip adress, that problem in this thread

https://community.zyxel.com/en/discussion/16813/arp-attack-from-inactive-interface-with-diff-ip

Send new diag and IKE syslog from both devices to PM.

Zyxel_Jeff

Hi @alexey

We noticed there is a message showing "2023 zw_holding src="10.0.1.254:500" dst="10.0.1.64:500" msg="IKE SA [vpn_dis_30km_vti_nova_ike2] is disconnected" note="IKE_LOG" user="unknown" devID="d8ece5c4598f" cat="IKE"", it could be the possible reason why the VPN is disconnected, please provide USG FLEX50W and ATP800 remote links to us for further checking. Thanks.