ZyWALL USG 100 and VPN tunnel to MS Azure
Options
Freshman Member
Hello.
I'm trying to setup VPN tunnel to MS Azure. Everything was gone by this article https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=015536&lang=EN .
However, I'm getting errors during connection(see attached screenshot). One of the errors means that Phase 2 cryptography is wrong, but I've tried all supported settings for this. And don't get it fix.
Errors:
Send:[HASH][NOTIFY:NO_PROPOSAL_CHOSEN]
SPI:0x0 SEQ:0x0 No rule found, Dropping packet
I've tried to switch firewall off, tried different cryptography settings on router - and nothing. I've tried to ping 10.0.0.4(my VM in Azure) from router - it is not reachable. But in router interface VPN is shown as connected.
Any ideas?
I'm trying to setup VPN tunnel to MS Azure. Everything was gone by this article https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=015536&lang=EN .
However, I'm getting errors during connection(see attached screenshot). One of the errors means that Phase 2 cryptography is wrong, but I've tried all supported settings for this. And don't get it fix.
Errors:
Send:[HASH][NOTIFY:NO_PROPOSAL_CHOSEN]
SPI:0x0 SEQ:0x0 No rule found, Dropping packet
I've tried to switch firewall off, tried different cryptography settings on router - and nothing. I've tried to ping 10.0.0.4(my VM in Azure) from router - it is not reachable. But in router interface VPN is shown as connected.
Any ideas?
0
Accepted Solution
-
I've fixed this issue by changing Local/Remote ID type in VPN Gateway settings. Thanks for the guide, helped for this one.Zyxel_Charlie said:the Phase 2 proposal mismatch, please Algorithm and policy are match first
0
All Replies
-
Hello BogdanGn,
On your Log message,
the Phase 2 proposal mismatch, please double check Algorithm and policy are match first.
Secondly, here is an example which is USG establish VPN with MS Azure, so please check it.
Link:
https://drive.google.com/file/d/1XD6vjvlP8qn9kPq3JUhYpvZa1H_zLfwQ/view?usp=sharing
If the issue still occur, please share the server's configuration for checking further.
Charlie0 -
I've fixed this issue by changing Local/Remote ID type in VPN Gateway settings. Thanks for the guide, helped for this one.Zyxel_Charlie said:the Phase 2 proposal mismatch, please Algorithm and policy are match first
0
Zyxel Employee
Categories
- All Categories
- 439 Beta Program
- 2.8K Nebula
- 200 Nebula Ideas
- 126 Nebula Status and Incidents
- 6.3K Security
- 499 USG FLEX H Series
- 323 Security Ideas
- 1.6K Switch
- 84 Switch Ideas
- 1.3K Wireless
- 49 Wireless Ideas
- 6.8K Consumer Product
- 287 Service & License
- 457 News and Release
- 89 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 96 Security Highlight
