How the client can distinguish between 2 IPsec Gateway both with dynamic remote peer

ZyxelZoli
ZyxelZoli Posts: 3
edited April 14 in Security
I have 2 IPsec Gateway on USG60 one is used for Site-to-Site VPN the other is for L2TP. Both have different VPN Connection with separated internal subnets. Both have dynamic peer address for remote gateway. The Site-to-Site is the first in the row, and when my phone wants to connect via L2TP I got the message "Invalid payload type in encrypted payload chain" as it check the preshare key with the Site-to-Site VPN Gateway preshare key. The L2TP works in case I deactivate the Site-to-Site Gateway. 

All Replies

  • ZyxelZoli
    ZyxelZoli Posts: 3
     
  • zyman2008
    zyman2008 Posts: 103  Ally Member
    ZyxelZoli,
    Configure IKE phase 1 proposal of Site-to-Site rule different with L2TP/IPSec rule.

  • ZyxelZoli
    ZyxelZoli Posts: 3
    It's different,
    Site-to-Site is:
    AES256-SHA1
    L2TP is:
    1. 3DES SHA1
    2. 3DES MD5
    3. DES SHA1
  • Zyxel_Charlie
    Zyxel_Charlie Posts: 997  Zyxel Employee
    edited November 2020
    @ZyxelZoli
    As Zyman2008 mentioned, set the phase 1 proposal of Site-to-Site rule different with L2TP/IPSec rule, so these two scenarios will be separated.
    Can you private message the remote access for check further?
Sign In to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click on this button!

Sign In Register

Categories

Zyxel Help Center

  • Documents
  • Education Center
  • Video Tutorials
    • EnglishРусский中文(台灣)