IPSEC IKE V2 Issue with HA-Pro

Options
Fred_77
Fred_77 Posts: 115  Ally Member
First Anniversary 10 Comments Friend Collector First Answer
edited April 2021 in Security
Hi guys, i'm new in the community and i need your help if possible
i'm really going crazy because of an issue with 2 USG310 in HA-Pro and 2 VPN IPSEC IKEv2 with self-signed certificates.
My scenario: 2 USG, 2 ISP, 2 VPN (one for each ISP and relative certificate based on wan interface ip).
VPN1 works well on both devices (it doesn' care wich one USG is active).
VPN2 works only if USG that has signed the certificate is in active state.
If the HA-Pro swap the role between devices, VPN 2 stop working... i have to create another certificate signed by the active device and configure thisone in VPN GW.
But in this way, every time HA-Pro swap the role, VPN GW of VPN2 needs to be reconfigured. Any idea??? Thanks in advance. 
 :) Fred

Comments

  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    Options

    @Fred_77
    Regarding to this case,
    If only VPN2 exist(VPN1 disable), does the issue still happen?
    Did you configure local ID and Peer ID for VPN profiles? If not, you can try to configure Local/Remote ID and check it again.

    Also, when the issue occur, could you share the device log related with VPN2 then private message to me? 

    Go to Monitor page>Select IKE as category and screenshot it.

    Charlie


Categories

Security Highlight


Read more

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)