ZyWALL ATP configured L2TP VPN. Windows 10 doesn't connect.

ilnaz
ilnaz Posts: 7
First Anniversary First Comment
edited April 2021 in Security
I configured the L2TP VPN using: CONFIGURATION > Quick Setup > VPN Setup Wizard > VPN Settings for L2TP VPN Settings, and L2TP worked fine. Windows 10 was connecting.


And then I wanted to make sure that only certain users could connect. And created a group for VPN connection. In the Configuration > L2TP VPN > User, I specified a group for VPN connection:

And Windows 10 stopped connecting, error: "Unable to connect .... so the connection port is closed.

When I go back to the original configuration, everything works fine, Windows 10 connects.

I used these settings, because Windows 7 needs to be connected:
Phase 1 settings:
SA Life Time: 86400
Mode: Main
Proposal: 3DES-SHA1
Key Group: DH2

Phase 2 settings:
SA Life Time: 86400
Protocol: ESP
Encapsulation: Transport
Proposal: AES256-SHA1, AES128-SHA1, 3DES-SHA1
PFS: none

For L2TP connection "pre-shared key" and "user name and password" are used.

Configuring the built-in Windows 10 client


What could be the problem?


Tagged:

All Replies

  • ilnaz
    ilnaz Posts: 7
    First Anniversary First Comment
    Log IKE:  isakmp sa [...] is disconnected 
                     send:[hash][del] [count=3] 
                     Dynamic Tunnel [...] built successfully


  • Jeremylin
    Jeremylin Posts: 166  Master Member
    First Anniversary First Answer First Comment
    edited November 2020
    You can reference this thread
    https://businessforum.zyxel.com/discussion/4532/how-to-setup-l2tp-vpn

    Make sure IKE and AuthIP IPSec Keying module is enable on PC.



  • ilnaz
    ilnaz Posts: 7
    First Anniversary First Comment
    edited December 2020
    Jeremylin said: You can reference this thread
    https://businessforum.zyxel.com/discussion/4532/how-to-setup-l2tp-vpn
    Thank You. The L2TP works. 
    But it shows an error in the Log IKE:

    The cookie pair is : … 

    Send:[HASH][DEL] [count=3]

    Tunnel […] is disconnected

    Tunnel […] is disconnected

    The cookie pair is : …

    Recv:[HASH][DEL]

    Dynamic Tunnel [...] rekeyed successfully

    And so everything repeats. Is this the way it should be or is there a problem somewhere?
  • Hey ilnaz, did you ever find the sollution??

    We have a similar issue. We also get the "disconnected" and "[HASH][DEL]"
    We can even see in in the logs:

    Dynamic Tunnel [...:....:0x33029178] built successfully
    Then some rekeying and finaly a "Recv:[HASH][DEL"...
  • 沒有進步的公司幾十年了還是一樣
    把複雜變成簡單,
    你們卻是倒過來 ,, 越來越複雜...
    這些事務 只是軟體..經過時代變遷 ...這些沒有任何意義..它只是設備 只是設定..
    並不能讓用戶去輕易使用...
  • ilnaz said:
    Jeremylin said:

    Thank You. The L2TP works. But it shows an error in the Log IKE:

    The cookie pair is : … 

    Send:[HASH][DEL] [count=3]

    Tunnel […] is disconnected

    Tunnel […] is disconnected

    The cookie pair is : …

    Recv:[HASH][DEL]

    Dynamic Tunnel [...] rekeyed successfully

    And so everything repeats. Is this the way it should be or is there a problem somewhere?
    換個牌子,你的問題可以迅速獲得解決, 時間就是效率
    沒有必要去搬石頭砸自己的腳
  • Zyxel_Vic
    Zyxel_Vic Posts: 281  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @terrylu
    請問您具體在使用上遇到什麼困難呢?能否分享讓我們了解並且當作未來改進的參考?

    謝謝
  • Zyxel_Vic said:
    Hi @terrylu
    請問您具體在使用上遇到什麼困難呢?能否分享讓我們了解並且當作未來改進的參考?

    謝謝
    USG 20 /40  /ATP 200 /
    VPN  PPP /L2TP 
    IOs / 安卓 >>OK 
    Windows 7/8  >> 無法使用
    windows 10 須更新...
    反觀其它廠牌路由器防火牆產品 ...不需要花太多時間在這上面...
    Windows 7/8/ 10/ ios /安卓 /平板
    你們幾十年了...一成不變..沒有進步...
    反而將設置 變得更複雜...
    資訊化的目的是簡化 ,而不是複雜化..
    而你們的反其道而行...它只是軟體和設定...時代的變遷..這些東西毫無意義...
    讓你們的用戶花更多時間在找Q&A 去解決處理你們產品的問題...
    浪費時間和效率 把時間浪費在  設定操作上... 
    資訊化的目的是簡化 ,而不是複雜化..
  • 承上問題..
    使用其它廠牌....以上的問題Windows/7/8/10 /ios/安卓 /平板,可以在最短的時間有效率地處理問題.
    公司是營利事業單位, 不是來買你們的產品 再來找 Q&A解決問題....
    給你們參考
    說的真...
    對你們的產品相當失望

Security Highlight