ZyWALL ATP configured L2TP VPN. Windows 10 doesn't connect.

ilnaz

I configured the L2TP VPN using: CONFIGURATION > Quick Setup > VPN Setup Wizard > VPN Settings for L2TP VPN Settings, and L2TP worked fine. Windows 10 was connecting.


And then I wanted to make sure that only certain users could connect. And created a group for VPN connection. In the Configuration > L2TP VPN > User, I specified a group for VPN connection:

And Windows 10 stopped connecting, error: "Unable to connect .... so the connection port is closed.

When I go back to the original configuration, everything works fine, Windows 10 connects.

I used these settings, because Windows 7 needs to be connected:

Phase 1 settings:
SA Life Time: 86400
Mode: Main
Proposal: 3DES-SHA1
Key Group: DH2

Phase 2 settings:
SA Life Time: 86400
Protocol: ESP
Encapsulation: Transport
Proposal: AES256-SHA1, AES128-SHA1, 3DES-SHA1
PFS: none

For L2TP connection "pre-shared key" and "user name and password" are used.

Configuring the built-in Windows 10 client: 


What could be the problem?

ilnaz

Log IKE:  isakmp sa [...] is disconnected 
                 send:[hash][del] [count=3] 
                 Dynamic Tunnel [...] built successfully

Jeremylin

You can reference this thread
https://businessforum.zyxel.com/discussion/4532/how-to-setup-l2tp-vpn

Make sure IKE and AuthIP IPSec Keying module is enable on PC.

ilnaz

Jeremylin said:

You can reference this thread
https://businessforum.zyxel.com/discussion/4532/how-to-setup-l2tp-vpn

Thank You. The L2TP works. But it shows an error in the Log IKE:

The cookie pair is : … 

Send:[HASH][DEL] [count=3]

Tunnel […] is disconnected

Tunnel […] is disconnected

The cookie pair is : …

Recv:[HASH][DEL]

Dynamic Tunnel [...] rekeyed successfully

And so everything repeats. Is this the way it should be or is there a problem somewhere?

Interpulse

Hey ilnaz, did you ever find the sollution??

We have a similar issue. We also get the "disconnected" and "[HASH][DEL]"
We can even see in in the logs:

Dynamic Tunnel [...:....:0x33029178] built successfully

Then some rekeying and finaly a "Recv:[HASH][DEL"...

terrylu

沒有進步的公司幾十年了還是一樣
把複雜變成簡單,
你們卻是倒過來 ,, 越來越複雜...
這些事務 只是軟體..經過時代變遷 ...這些沒有任何意義..它只是設備 只是設定..
並不能讓用戶去輕易使用...

terrylu

ilnaz said:

Jeremylin said:

You can reference this thread
https://businessforum.zyxel.com/discussion/4532/how-to-setup-l2tp-vpn

Thank You. The L2TP works. But it shows an error in the Log IKE:

The cookie pair is : … 

Send:[HASH][DEL] [count=3]

Tunnel […] is disconnected

Tunnel […] is disconnected

The cookie pair is : …

Recv:[HASH][DEL]

Dynamic Tunnel [...] rekeyed successfully

And so everything repeats. Is this the way it should be or is there a problem somewhere?

換個牌子,你的問題可以迅速獲得解決, 時間就是效率
沒有必要去搬石頭砸自己的腳

Zyxel_Vic

Hi @terrylu
請問您具體在使用上遇到什麼困難呢?能否分享讓我們了解並且當作未來改進的參考?

謝謝

terrylu

Zyxel_Vic said:

Hi @terrylu
請問您具體在使用上遇到什麼困難呢?能否分享讓我們了解並且當作未來改進的參考?

謝謝

USG 20 /40  /ATP 200 /
VPN  PPP /L2TP 
IOs / 安卓 >>OK 
Windows 7/8  >> 無法使用
windows 10 須更新...
反觀其它廠牌路由器防火牆產品 ...不需要花太多時間在這上面...
Windows 7/8/ 10/ ios /安卓 /平板
你們幾十年了...一成不變..沒有進步...
反而將設置 變得更複雜...
資訊化的目的是簡化 ,而不是複雜化..
而你們的反其道而行...它只是軟體和設定...時代的變遷..這些東西毫無意義...
讓你們的用戶花更多時間在找Q&A 去解決處理你們產品的問題...
浪費時間和效率 把時間浪費在  設定操作上... 
資訊化的目的是簡化 ,而不是複雜化..

terrylu

承上問題..
使用其它廠牌....以上的問題Windows/7/8/10 /ios/安卓 /平板,可以在最短的時間有效率地處理問題.
公司是營利事業單位, 不是來買你們的產品 再來找 Q&A解決問題....
給你們參考
說的真...
對你們的產品相當失望