Only 10 seconds to enter VPN credentials
Freshman Member
Hello,
I have a USG Flex 100 on which I have configured an L2TP / IPSec VPN with pre-shared key and identification on Active Directory.
This one works very well, with one detail:
If the user takes more than exactly 10 seconds to enter their credentials, the connection fails.
Does anyone have any idea where this might come from?
Here is what I get in the USG Flex logs:
10 2020-11-07 23:53:01 ***REMOTE_IP***:500 ***VPN_IP***:500
info ike IKE_LOG
The cookie pair is : 0xxxxxxxxxxxxxxxxx / 0xxxxxxxxxxxxxxxxx
11 2020-11-07 23:53:01 ***REMOTE_IP***:500 ***VPN_IP***:500
info ike IKE_LOG
Recv Main Mode request from [***REMOTE_IP***]
12 2020-11-07 23:53:01 ***REMOTE_IP***:500 ***VPN_IP***:500
info ike IKE_LOG
The cookie pair is : 0xxxxxxxxxxxxxxxxx / 0xxxxxxxxxxxxxxxxx [count=2]
13 2020-11-07 23:53:01 ***REMOTE_IP***:500 ***VPN_IP***:500
info ike IKE_LOG
Recv:[SA][VID][VID][VID][VID][VID][VID][VID][VID]
14 2020-11-07 23:53:01 ***REMOTE_IP***:500 ***VPN_IP***:500
info ike IKE_LOG
Recv IKE sa: SA([0] protocol = IKE (1), AES CBC key len = 256, HMAC-SHA1 PRF, HMAC-SHA1-96, 384 bit ECP, AES CBC key len = 128, 256 bit ECP, 2048 bit MODP, 3DES, 1024 bit MODP; ).
15 2020-11-07 23:53:01 ***VPN_IP***:500 ***REMOTE_IP***:500
info ike IKE_LOG
The cookie pair is : 0xxxxxxxxxxxxxxxxx / 0xxxxxxxxxxxxxxxxx [count=2]
16 2020-11-07 23:53:01 ***VPN_IP***:500 ***REMOTE_IP***:500
info ike IKE_LOG
Send:[SA][VID][VID][VID][VID][VID][VID][VID][VID][VID][VID]
17 2020-11-07 23:53:01 ***REMOTE_IP***:500 ***VPN_IP***:500
info ike IKE_LOG
Recv:[KE][NONCE][PRV][PRV]
18 2020-11-07 23:53:01 ***VPN_IP***:500 ***REMOTE_IP***:500
info ike IKE_LOG
Send:[KE][NONCE][PRV][PRV]
19 2020-11-07 23:53:01 ***REMOTE_IP***:4500 ***VPN_IP***:4500
info ike IKE_LOG
The cookie pair is : 0xxxxxxxxxxxxxxxxx / 0xxxxxxxxxxxxxxxxx [count=3]
20 2020-11-07 23:53:01 ***REMOTE_IP***:4500 ***VPN_IP***:4500
info ike IKE_LOG
Recv:[ID][HASH]
21 2020-11-07 23:53:01 ***VPN_IP***:4500 ***REMOTE_IP***:4500
info ike IKE_LOG
The cookie pair is : 0xxxxxxxxxxxxxxxxx / 0xxxxxxxxxxxxxxxxx [count=7]
22 2020-11-07 23:53:01 ***VPN_IP***:4500 ***REMOTE_IP***:4500
info ike IKE_LOG
Send:[ID][HASH]
23 2020-11-07 23:53:01 ***VPN_IP***:4500 ***REMOTE_IP***:4500
info ike IKE_LOG
Phase 1 IKE SA process done
24 2020-11-07 23:53:01 ***REMOTE_IP***:4500 ***VPN_IP***:4500
info ike IKE_LOG
Recv:[HASH][SA][NONCE][ID][ID][PRV][PRV]
25 2020-11-07 23:53:01 ***REMOTE_IP***:4500 ***VPN_IP***:4500
info ike IKE_LOG
Recv IPSec sa: SA([0] protocol = ESP (3), spi_len = 4, spi = 0x00000000, AES CBC key len = 256, HMAC-SHA1-96, No ESN, AES CBC key len = 128, 3DES, DES, NULL; ).
26 2020-11-07 23:53:01 ***REMOTE_IP***:4500 ***VPN_IP***:4500
info ike IKE_LOG
Recv TSi: ipv4(udp:1701,***REMOTE_LOCAL_IP***), TSr: ipv4(udp:1701,***VPN_IP***).
27 2020-11-07 23:53:01 ***VPN_IP***:4500 ***REMOTE_IP***:4500
info ike IKE_LOG
Send:[HASH][SA][NONCE][ID][ID][PRV][PRV]
29 2020-11-07 23:53:01 ***REMOTE_IP***:4500 ***VPN_IP***:4500
info ike IKE_LOG
Recv:[HASH]
30 2020-11-07 23:53:01 ***VPN_IP***:4500 ***REMOTE_IP***:4500
info ike IKE_LOG
[Responder:***VPN_IP***][Initiator:***REMOTE_IP***]
31 2020-11-07 23:53:01 ***VPN_IP***:4500 ***REMOTE_IP***:4500
info ike IKE_LOG
[Policy: ipv4(udp:1701,***VPN_IP***)-ipv4(udp:1701,***REMOTE_LOCAL_IP***)]
32 2020-11-07 23:53:01 ***VPN_IP***:4500 ***REMOTE_IP***:4500
info ike IKE_LOG
[ESP 3des-cbc|hmac-sha1-96][SPI 0xde3551f7|0xdd86a09c][Lifetime 3620]
33 2020-11-07 23:53:01 ***VPN_IP***:4500 ***REMOTE_IP***:4500
info ike IKE_LOG
Dynamic Tunnel [PUPP_L2TP_VPN:PUPP_L2TP_VPN:0xdd86a09c] built successfully
40 2020-11-07 23:53:15 ***REMOTE_IP***:4500 ***VPN_IP***:4500
info ike IKE_LOG
The cookie pair is : 0xxxxxxxxxxxxxxxxx / 0xxxxxxxxxxxxxxxxx [count=3]
41 2020-11-07 23:53:15 ***REMOTE_IP***:4500 ***VPN_IP***:4500
info ike IKE_LOG
Recv:[HASH][DEL] [count=2]
42 2020-11-07 23:53:15 ***REMOTE_IP***:4500 ***VPN_IP***:4500
info ike IKE_LOG
Received delete notification
43 2020-11-07 23:53:15 ***VPN_IP***:4500 ***REMOTE_IP***:4500
info ike IKE_LOG
The cookie pair is : 0xxxxxxxxxxxxxxxxx / 0xxxxxxxxxxxxxxxxx
44 2020-11-07 23:53:15 ***VPN_IP***:4500 ***REMOTE_IP***:4500
info ike IKE_LOG
ISAKMP SA [PUPP_L2TP_VPN] is disconnectedThanks for the suggestions!
0
All Replies
-
If you enter password more than 10 seconds, the VPN will be established failed? If so, it looks like timeout related with AD or clients.
0
Master Member
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 145 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 239 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight
