The L2TP connection attempt failed

abi_2asolve
abi_2asolve Posts: 10
First Comment
edited April 2021 in Security

Hello I have an USG40 firmware V4.35

I followed the instructions as in https://businessforum.zyxel.com/discussion/456/how-do-you-configure-l2tp-vpn-between-zywall-and-a-windows-7-laptop#latest

and https://businessforum.zyxel.com/discussion/618/how-to-use-the-vpn-setup-wizard-to-create-a-l2tp-vpn-on-the-zywall-usg#latest

nevertheless I keep receiving the error "the L2TP connection attempt failed because the security layer could not negotiate compatible parameters".

I tried from 2 different pcs Win7 and Win10 with the same result.

Any other suggestion ?

thank you

All Replies

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,296  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @abi_2asolve,

    Check if the following settings are correctly configured.

    If item 1-8 are correctly configured but the error still appears, share your configuration file of USG40 with me in private message.


    1. VPN Gateway- Phase 1 Settings

    2. VPN Connection - Local Policy

    The Local Policy must be the WAN IP address of USG40.

    3. VPN Connection - Phase 2 Settings

    4. L2TP VPN - IP Address Pool

    The IP address pool for L2TP VPN clients cannot be the same subnet as WAN/LAN/DMZ/WLAN.

    5. L2TP VPN - Allowed User

    Remember to create user object for L2TP VPN connection.

    6. On Windows, ensure the "Startup type" is set to be "Automatic" and the "Service status" is "Started" on the service "IKE and AuthIP IPsec Keying Modules".

    7. On Windows, ensure the WAN IP of USG40 is correctly configured. It must be the Local Policy in VPN Connection - Local Policy. 

    8. Establish L2TP VPN on mobile phone such as iPhone to clarify it the problem is on USG40 or L2TP client.

    If L2TP VPN is able to be connected on iPhone successfully, the problem should not be on USG40 but Windows.

    You can temporarily disable Windows firewall and security software and try it again.

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,296  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @abi_2asolve,

    Two default security policy rules for IPSec VPN are missing.

    Add the following two default rules back.

    From: IPSec_VPN, To: any, action: allow

    From: IPSec_VPN, To: ZyWALL, action: allow


    After two security policy rules are added, L2TP VPN client is able to be connected.


Security Highlight