Having trouble to use USG20-VPN as an IPSec client to Corporate SeGW

Options
goldentiger
goldentiger Posts: 1
edited April 2021 in Security
Hi, I have tried to use USG20-VPN as an IPSec client to corporate SeGW, but no success. Even though I know the pre-shared key is correct, IKE_Log always shows Authenticate failed. Here is the detailed IKE_Log.

19
2018-11-16 08:54:57
info
IKE
IKE SA [WIZ_VPN] is disconnected
24.126.78.126:500
96.37.189.196:500
IKE_LOG
20
2018-11-16 08:54:57
info
IKE
[SA] : Authentication failed
96.37.189.196:500
24.126.78.126:500
IKE_LOG
21
2018-11-16 08:54:57
info
IKE
[AUTH] Recv:[NOTIFY]
96.37.189.196:500
24.126.78.126:500
IKE_LOG
22
2018-11-16 08:54:57
info
IKE
[AUTH] Send:[IDi][CERTREQ][IDr][AUTH][SAi2][TSi][TSr][NOTIFY][NOTIFY][NOTIFY][NOTIFY]
24.126.78.126:500
96.37.189.196:500
IKE_LOG
23
2018-11-16 08:54:57
info
IKE
The cookie pair is : 0x53d48f281c603c35 / 0x943ed46d3a7563c1 [count=2]
24.126.78.126:500
96.37.189.196:500
IKE_LOG
24
2018-11-16 08:54:57
info
IKE
[INIT] Recv:[SA][KE][NONCE][VID][VID][NOTIFY][NOTIFY][CERTREQ][NOTIFY][VID]
96.37.189.196:500
24.126.78.126:500
IKE_LOG
25
2018-11-16 08:54:57
info
IKE
The cookie pair is : 0x943ed46d3a7563c1 / 0x53d48f281c603c35 [count=3]
96.37.189.196:500
24.126.78.126:500
IKE_LOG
26
2018-11-16 08:54:57
info
IKE
[INIT] Send:[SAi1][KE][NONCE][NOTIFY][NOTIFY][VID][VID][VID]
24.126.78.126:500
96.37.189.196:500
IKE_LOG
27
2018-11-16 08:54:57
info
IKE
Tunnel[WIZ_VPN:WIZ_VPN] Send IKEv2 request
24.126.78.126:500
96.37.189.196:500
IKE_LOG
28
2018-11-16 08:54:57
info
IKE
The cookie pair is : 0x53d48f281c603c35 / 0x0000000000000000 [count=2]
24.126.78.126:500
96.37.189.196:500
IKE_LOG

Can someone shed some lights on how to configure USG20-VPN as an IPSec client using IKEv2?

#Biz_Security_Nov_2018

All Replies

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,333  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    To build VPN tunnel between USG20-VPN and other firewall/gateway, you need to adjust some parameters on both devices to make it work.
    We need more information to check why the VPN tunnel is not established.
    I will send you a private message and let you know what information we need.

    Want a FREE Access Point? Participate in our campaign and share your network setup for a chance to win! https://bit.ly/3z9MJPB

Security Highlight