Flex 200 - L2TP Pre-shared Key

mm_bret

I want to be sure I understand how the router isolates Preshared Keys.

It is my understanding each defined gateway can have it's own unique key.

So an ipsec site-to-site gateway can have it's unique key and my l2tp gateway can have it's own unique key.

Currently I cannot create an l2tp vpn unless the pre shared key is the same as the

defined ipsec site-to-site key.

Feels like a bug. I would expect each tunnel to operate separately with it's own

unique key.

PeterUK

From what I understand is the Preshared Key happens after setting up encryption to relay the key at which point it fails to match however as found out if the connecting side needs to encryption or Authentication at a given level

Say

Phase 1

Encryption AES256

Authentication SHA256

Preshared Key 1

Then another

Phase 1

Encryption AES256

Authentication SHA1

Preshared Key 2

Then you can have two site to site

or use peer ID type IPv4

or vote for this for DNS FQDN way

https://community.zyxel.com/en/discussion/22111/fqdn-by-dns-lookup-for-peer-id-type#latest

mm_bret

Let me phrase differently.

If I have a site-to-site vpn using 1234567890 as my preshared gateway key.

and

I have an L2TP vpn using soccerball as my preshared key.

If the site to site is off, shouldn't the l2tp sync up using the soccerball key?

So far it will not.

However, if I change the soccerball key to 1234567890, the L2TP connects.

I will test on a couple other Flex 200's, I have several, and it seems that they behave different.

Thanks Peter