VPN Configuration on Zyxel USG FLEX 700

cmanley · February 8

I am configuring and IPSec VPN on this router and each time, I get this error in the logs.

The highlighted line is where I am having the issue. That tunnel is another VPN I have configured on the router that is working for something else. I am not sure why this new VPN is trying to use that tunnel for authentication. It has a policy mismatch, because it is configured different because it is used for something else.

Here is the correct gateway.

Here is the VPN using that gateway.

So what is causing it to try to authenticate with this Tunnel?

UPDATE: If I change my phase 2 encapsulation setting to "transport" I get this error:

Firmware version: V5.37(ABWD.1)

PeterUK · February 8

Change Local policy to 0.0.0.0

cmanley · February 8

No luck. I get the same error. Phase 1 works no problem, but it seems to continue to try and authenticate phase 2 with the wrong VPN.

PeterUK · February 8

If you have other IKEv1 tunnels on the same interface that can cause problems

cmanley · February 8

So, if I need multiple VPNs what is the solution?

PeterUK · February 8

Not sure I think Phase 1 local ID and Peer ID type might be needed

or you can try having IKEv2 for tunnels site to site and IKEv1 for Remote Access (Server Role)

cmanley · February 8

I wish I could figure out what exactly these errors mean. Phase 1 seems to work fine.

PeterUK · February 8

Have you setup L2TP VPN for the server role?

cmanley · February 8

This?

PeterUK · February 8

So testing here Phase 1 local ID and Peer ID type don't allow more then one type of VPN on the same interface but if you do site to site as IKEv2 with a IKEv1 server role that works

PeterUK · February 8

also on the same interface with IKEv1 you can have site to site by Pre-Shared Key and server role by Certificate

VPN Configuration on Zyxel USG FLEX 700

All Replies

Categories

Security Highlight

Security Help Center