How the client can distinguish between 2 IPsec Gateway both with dynamic remote peer

ZyxelZoli · November 2, 2020 6:00PM

I have 2 IPsec Gateway on USG60 one is used for Site-to-Site VPN the other is for L2TP. Both have different VPN Connection with separated internal subnets. Both have dynamic peer address for remote gateway. The Site-to-Site is the first in the row, and when my phone wants to connect via L2TP I got the message "Invalid payload type in encrypted payload chain" as it check the preshare key with the Site-to-Site VPN Gateway preshare key. The L2TP works in case I deactivate the Site-to-Site Gateway.

ZyxelZoli · November 2, 2020 6:01PM

zyman2008 · November 2, 2020 7:58PM

ZyxelZoli,
Configure IKE phase 1 proposal of Site-to-Site rule different with L2TP/IPSec rule.

ZyxelZoli · November 2, 2020 8:17PM

It's different,
Site-to-Site is:
AES256-SHA1
L2TP is:

1. 3DES SHA1

2. 3DES MD5

3. DES SHA1

Zyxel_Charlie · November 3, 2020 10:47PM

@ZyxelZoli
As Zyman2008 mentioned, set the phase 1 proposal of Site-to-Site rule different with L2TP/IPSec rule, so these two scenarios will be separated.
Can you private message the remote access for check further?

New Firmware	Security Advisories
Education Center	Video Tutorials

How the client can distinguish between 2 IPsec Gateway both with dynamic remote peer

All Replies

Who's Online