USG60 IKEv2/Ipsec client question
Hi-
I'm trying to get a USG60 to connect
to a vpn service as an IPSEC client. EAP auth seems to work (logs show
"AUTH Success!" message) and I get as far as "IKE SA negotiation process
done" in the log. I then seem to enter a loop where we keep sending
the cookie pair back and forth forever (logs show it repeating with a client message of "Send:" and the VPN server a "Recv:" message)
I recall with site to site IPSEC in the past I used to see an explicit phase 1 complete message, not sure if the "SA negotiation process done" means my issue is in phase 2. Does anyone know if that's correct, and why I might be stuck in this loop?
Attaching a screenshot of the loop. USG client is 172.x.x.x and VPN server is 45.x.x.x.
Thanks for any ideas!
lou

0
All Replies
-
Sorry, I said the USG60 client is at 172.x.x.x above when it should say 173.x.x.x
0 -
Hi @Lou_S
There are some points that need to clarify:
(1) Could this VPN connection be established? Or still, stuck in this loop?
(2) Is the destination VPN server also a Zyxel security gateway?
(3) What is your VPN gateway application scenario? Are you available to provide your test topology and startup-config.conf file to me via private message?
Thanks.0 -
Hi Jeff-Thanks for the reply. I was trying to connect a tunnel from the router to a VPN service (Nord VPN). Nord claims to support IPSEC/IKEv2 using Client_Role with xauth/EAP. I dont know whose tech was at used as the VPN server.I was stuck in this loop for a while but gave up and canceled the service. NordVPN support wouldn't share the needed config settings and I hit a wall. Their refusal to share even basic info made this too hard to debug.Thanks anywayLou0
-
Hi @Lou_S
Thanks for your feedback.
If there is any assistance needs in the future please let us know.
0
Categories
- 8.1K All Categories
- 1.6K Nebula
- 60 Nebula Ideas
- 54 Nebula Status and Incidents
- 4.4K Security
- 224 Security Ideas
- 963 Switch
- 45 Switch Ideas
- 868 WirelessLAN
- 12 WLAN Ideas
- 5.2K Consumer Product
- 139 Service & License
- 268 News and Release
- 53 Security Advisories
- 12 Education Center
- 573 FAQ
- 273 Nebula FAQ
- 132 Security FAQ
- 73 Switch FAQ
- 72 WirelessLAN FAQ
- 7 Consumer Product FAQ
- Documents
- 34 Nebula Monthly Express
- 71 About Community
- 44 Security Highlight