How the client can distinguish between 2 IPsec Gateway both with dynamic remote peer

I have 2 IPsec Gateway on USG60 one is used for Site-to-Site VPN the other is for L2TP. Both have different VPN Connection with separated internal subnets. Both have dynamic peer address for remote gateway. The Site-to-Site is the first in the row, and when my phone wants to connect via L2TP I got the message "Invalid payload type in encrypted payload chain" as it check the preshare key with the Site-to-Site VPN Gateway preshare key. The L2TP works in case I deactivate the Site-to-Site Gateway. 

All Replies

  • zyman2008
    zyman2008 Posts: 103  Ally Member
    Configure IKE phase 1 proposal of Site-to-Site rule different with L2TP/IPSec rule.

  • It's different,
    Site-to-Site is:
    L2TP is:
    1. 3DES SHA1
    2. 3DES MD5
    3. DES SHA1
  • Zyxel_Charlie
    Zyxel_Charlie Posts: 997  Zyxel Employee
    edited November 2020
    As Zyman2008 mentioned, set the phase 1 proposal of Site-to-Site rule different with L2TP/IPSec rule, so these two scenarios will be separated.
    Can you private message the remote access for check further?
Sign In to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click on this button!

Community News