How the client can distinguish between 2 IPsec Gateway both with dynamic remote peer
Options
Freshman Member
I have 2 IPsec Gateway on USG60 one is used for Site-to-Site VPN the other is for L2TP. Both have different VPN Connection with separated internal subnets. Both have dynamic peer address for remote gateway. The Site-to-Site is the first in the row, and when my phone wants to connect via L2TP I got the message "Invalid payload type in encrypted payload chain" as it check the preshare key with the Site-to-Site VPN Gateway preshare key. The L2TP works in case I deactivate the Site-to-Site Gateway.
0
All Replies
-
0
-
It's different,
Site-to-Site is:
AES256-SHA1
L2TP is:1. 3DES SHA12. 3DES MD53. DES SHA10 -
@ZyxelZoli
As Zyman2008 mentioned, set the phase 1 proposal of Site-to-Site rule different with L2TP/IPSec rule, so these two scenarios will be separated.
Can you private message the remote access for check further?0
Master Member
Zyxel Employee
Categories
- All Categories
- 435 Beta Program
- 2.7K Nebula
- 175 Nebula Ideas
- 117 Nebula Status and Incidents
- 6.1K Security
- 422 USG FLEX H Series
- 297 Security Ideas
- 1.6K Switch
- 78 Switch Ideas
- 1.2K Wireless
- 44 Wireless Ideas
- 6.7K Consumer Product
- 272 Service & License
- 418 News and Release
- 88 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 89 Security Highlight
