ZyWALL USG 100 and VPN tunnel to MS Azure
Freshman Member
Hello.
I'm trying to setup VPN tunnel to MS Azure. Everything was gone by this article https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=015536&lang=EN .
However, I'm getting errors during connection(see attached screenshot). One of the errors means that Phase 2 cryptography is wrong, but I've tried all supported settings for this. And don't get it fix.
Errors:
Send:[HASH][NOTIFY:NO_PROPOSAL_CHOSEN]
SPI:0x0 SEQ:0x0 No rule found, Dropping packet
I've tried to switch firewall off, tried different cryptography settings on router - and nothing. I've tried to ping 10.0.0.4(my VM in Azure) from router - it is not reachable. But in router interface VPN is shown as connected.
Any ideas?
I'm trying to setup VPN tunnel to MS Azure. Everything was gone by this article https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=015536&lang=EN .
However, I'm getting errors during connection(see attached screenshot). One of the errors means that Phase 2 cryptography is wrong, but I've tried all supported settings for this. And don't get it fix.
Errors:
Send:[HASH][NOTIFY:NO_PROPOSAL_CHOSEN]
SPI:0x0 SEQ:0x0 No rule found, Dropping packet
I've tried to switch firewall off, tried different cryptography settings on router - and nothing. I've tried to ping 10.0.0.4(my VM in Azure) from router - it is not reachable. But in router interface VPN is shown as connected.
Any ideas?
0
Accepted Solution
-
I've fixed this issue by changing Local/Remote ID type in VPN Gateway settings. Thanks for the guide, helped for this one.Zyxel_Charlie said:the Phase 2 proposal mismatch, please Algorithm and policy are match first
0
All Replies
-
Hello BogdanGn,
On your Log message,
the Phase 2 proposal mismatch, please double check Algorithm and policy are match first.
Secondly, here is an example which is USG establish VPN with MS Azure, so please check it.
Link:
https://drive.google.com/file/d/1XD6vjvlP8qn9kPq3JUhYpvZa1H_zLfwQ/view?usp=sharing
If the issue still occur, please share the server's configuration for checking further.
Charlie0 -
I've fixed this issue by changing Local/Remote ID type in VPN Gateway settings. Thanks for the guide, helped for this one.Zyxel_Charlie said:the Phase 2 proposal mismatch, please Algorithm and policy are match first
0
Zyxel Employee
Categories
- All Categories
- 415 Beta Program
- 2.5K Nebula
- 152 Nebula Ideas
- 101 Nebula Status and Incidents
- 5.8K Security
- 296 USG FLEX H Series
- 281 Security Ideas
- 1.5K Switch
- 77 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.5K Consumer Product
- 254 Service & License
- 396 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 87 About Community
- 76 Security Highlight
