USG60 IKEv2/Ipsec client question
Hi-
I'm trying to get a USG60 to connect
to a vpn service as an IPSEC client. EAP auth seems to work (logs show
"AUTH Success!" message) and I get as far as "IKE SA negotiation process
done" in the log. I then seem to enter a loop where we keep sending
the cookie pair back and forth forever (logs show it repeating with a client message of "Send:" and the VPN server a "Recv:" message)
I recall with site to site IPSEC in the past I used to see an explicit phase 1 complete message, not sure if the "SA negotiation process done" means my issue is in phase 2. Does anyone know if that's correct, and why I might be stuck in this loop?
Attaching a screenshot of the loop. USG client is 172.x.x.x and VPN server is 45.x.x.x.
Thanks for any ideas!
lou
0
All Replies
-
Sorry, I said the USG60 client is at 172.x.x.x above when it should say 173.x.x.x
0 -
Hi @Lou_S
There are some points that need to clarify:
(1) Could this VPN connection be established? Or still, stuck in this loop?
(2) Is the destination VPN server also a Zyxel security gateway?
(3) What is your VPN gateway application scenario? Are you available to provide your test topology and startup-config.conf file to me via private message?
Thanks.Don't miss this great chance to upgrade your Nebula org. for free! https://bit.ly/4g2pS9L
0 -
Hi Jeff-Thanks for the reply. I was trying to connect a tunnel from the router to a VPN service (Nord VPN). Nord claims to support IPSEC/IKEv2 using Client_Role with xauth/EAP. I dont know whose tech was at used as the VPN server.I was stuck in this loop for a while but gave up and canceled the service. NordVPN support wouldn't share the needed config settings and I hit a wall. Their refusal to share even basic info made this too hard to debug.Thanks anywayLou0
-
Hi @Lou_S
Thanks for your feedback.
If there is any assistance needs in the future please let us know.
Don't miss this great chance to upgrade your Nebula org. for free! https://bit.ly/4g2pS9L
0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 218 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 245 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3.1K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight