How the client can distinguish between 2 IPsec Gateway both with dynamic remote peer

Options
ZyxelZoli
ZyxelZoli Posts: 3  Freshman Member
First Comment
edited April 2021 in Security
I have 2 IPsec Gateway on USG60 one is used for Site-to-Site VPN the other is for L2TP. Both have different VPN Connection with separated internal subnets. Both have dynamic peer address for remote gateway. The Site-to-Site is the first in the row, and when my phone wants to connect via L2TP I got the message "Invalid payload type in encrypted payload chain" as it check the preshare key with the Site-to-Site VPN Gateway preshare key. The L2TP works in case I deactivate the Site-to-Site Gateway. 

All Replies

  • ZyxelZoli
    ZyxelZoli Posts: 3  Freshman Member
    First Comment
     
  • zyman2008
    zyman2008 Posts: 235  Master Member
    25 Answers First Comment Friend Collector Seventh Anniversary
    ZyxelZoli,
    Configure IKE phase 1 proposal of Site-to-Site rule different with L2TP/IPSec rule.

  • ZyxelZoli
    ZyxelZoli Posts: 3  Freshman Member
    First Comment
    It's different,
    Site-to-Site is:
    AES256-SHA1
    L2TP is:
    1. 3DES SHA1
    2. 3DES MD5
    3. DES SHA1
  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    50 Answers 500 Comments Friend Collector Fourth Anniversary
    edited November 2020
    @ZyxelZoli
    As Zyman2008 mentioned, set the phase 1 proposal of Site-to-Site rule different with L2TP/IPSec rule, so these two scenarios will be separated.
    Can you private message the remote access for check further?

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)