VPN Configuration on Zyxel USG FLEX 700

cmanley · February 2024

I am configuring and IPSec VPN on this router and each time, I get this error in the logs.

The highlighted line is where I am having the issue. That tunnel is another VPN I have configured on the router that is working for something else. I am not sure why this new VPN is trying to use that tunnel for authentication. It has a policy mismatch, because it is configured different because it is used for something else.

Here is the correct gateway.

Here is the VPN using that gateway.

So what is causing it to try to authenticate with this Tunnel?

UPDATE: If I change my phase 2 encapsulation setting to "transport" I get this error:

Firmware version: V5.37(ABWD.1)

PeterUK · February 2024

Change Local policy to 0.0.0.0

cmanley · February 2024

No luck. I get the same error. Phase 1 works no problem, but it seems to continue to try and authenticate phase 2 with the wrong VPN.

PeterUK · February 2024

If you have other IKEv1 tunnels on the same interface that can cause problems

cmanley · February 2024

So, if I need multiple VPNs what is the solution?

PeterUK · February 2024

Not sure I think Phase 1 local ID and Peer ID type might be needed

or you can try having IKEv2 for tunnels site to site and IKEv1 for Remote Access (Server Role)

cmanley · February 2024

I wish I could figure out what exactly these errors mean. Phase 1 seems to work fine.

PeterUK · February 2024

Have you setup L2TP VPN for the server role?

cmanley · February 2024

This?

PeterUK · February 2024

So testing here Phase 1 local ID and Peer ID type don't allow more then one type of VPN on the same interface but if you do site to site as IKEv2 with a IKEv1 server role that works

PeterUK · February 2024

also on the same interface with IKEv1 you can have site to site by Pre-Shared Key and server role by Certificate

VPN Configuration on Zyxel USG FLEX 700

All Replies

Categories

Security Help Center