USG 110 wrong VPN Connection chosen

DUU
DUU Posts: 2  Freshman Member
First Comment
edited April 2021 in Security

Hello,

We have 2 VPN connection set:

1 L2TP over IPSEC client (Dynamic 0.0.0.0) to site (our USG 110)

1 IPSEC site (our USG 110) - site (Home Dlink which was working with our old USG100), Fix IPs on both site

The L2TP VPN work fine.

The external router trying to connect the VPN to the USG, but unfortunately, according the logs, the USG take the wrong VPN rule to connect the external router. He take the L2TP VPN rule instead of the site-site IPSEC rule, and of course, we receive a "wrong proposal chosen".

The Local ID type for the VPN Gateway policy for the site-site VPN are the IPs address.

Best Answers

  • DUU
    DUU Posts: 2  Freshman Member
    First Comment
    Answer ✓

    Hello,

    Thank you for you message.

    You completely right, I remove all policies on both side and reconfigured it using the Wizard. Everything working now well. I also figured out that firstly I set the local ID as WAN IP, but the WAN IP wasn't the public IP, because the router was behind another one, that why the ID didn't match.

All Replies

  • DUU
    DUU Posts: 2  Freshman Member
    First Comment
    Answer ✓

    Hello,

    Thank you for you message.

    You completely right, I remove all policies on both side and reconfigured it using the Wizard. Everything working now well. I also figured out that firstly I set the local ID as WAN IP, but the WAN IP wasn't the public IP, because the router was behind another one, that why the ID didn't match.

  • warwickt
    warwickt Posts: 111  Ally Member
    5 Answers First Comment Friend Collector Third Anniversary

    HI DUU thanks for the advise. mate!

    warwick

    Hong Kong

Security Highlight