How the client can distinguish between 2 IPsec Gateway both with dynamic remote peer

ZyxelZoli
ZyxelZoli Posts: 3
First Comment
edited April 2021 in Security
I have 2 IPsec Gateway on USG60 one is used for Site-to-Site VPN the other is for L2TP. Both have different VPN Connection with separated internal subnets. Both have dynamic peer address for remote gateway. The Site-to-Site is the first in the row, and when my phone wants to connect via L2TP I got the message "Invalid payload type in encrypted payload chain" as it check the preshare key with the Site-to-Site VPN Gateway preshare key. The L2TP works in case I deactivate the Site-to-Site Gateway. 

All Replies

  •  
  • zyman2008
    zyman2008 Posts: 197  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    ZyxelZoli,
    Configure IKE phase 1 proposal of Site-to-Site rule different with L2TP/IPSec rule.

  • It's different,
    Site-to-Site is:
    AES256-SHA1
    L2TP is:
    1. 3DES SHA1
    2. 3DES MD5
    3. DES SHA1
  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    edited November 2020
    @ZyxelZoli
    As Zyman2008 mentioned, set the phase 1 proposal of Site-to-Site rule different with L2TP/IPSec rule, so these two scenarios will be separated.
    Can you private message the remote access for check further?

Security Highlight