L2TP 2nd try
I have an USG110.
And I have problems to connect from my Android to the USG.
I followed this instruction https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=015514.
I have a "short" connect in phase 1:
enclosed the log
2020-11-25 14:31:30,194.230.147.29:28885 ,77.58.xxx.xxx:500 , info ,ike ,IKE_LOG , , , , Recv Main Mode request from [194.230.147.29]
2020-11-25 14:31:30,194.230.147.29:28885 ,77.58.xxx.xxx:500 , info ,ike ,IKE_LOG , , , , The cookie pair is : 0x7279c6b27a7d5860 / 0x8dd1b16585edd57d
2020-11-25 14:31:30,194.230.147.29:28885 ,77.58.xxx.xxx:500 , info ,ike ,IKE_LOG , , , , Recv:[SA][VID][VID][VID][VID][VID][VID]
2020-11-25 14:31:30,194.230.147.29:28885 ,77.58.xxx.xxx:500 , info ,ike ,IKE_LOG , , , , Recv IKE sa: SA([0] protocol = IKE (1), AES CBC key len = 256, HMAC-SHA384 PRF, HMAC-SHA384-192, 1024 bit MODP, HMAC-SHA256 PRF, HMAC-SHA256-128, HMAC-SHA512 PRF, HMAC-SHA512-256, HMAC-SHA1 PRF, HMAC-SHA1-96, HMAC-MD5 PRF, HMAC-MD5-96, AES CBC key len = 1
2020-11-25 14:31:30,77.58.xxx.xxx:500 ,194.230.147.29:28885 , info ,ike ,IKE_LOG , , , , The cookie pair is : 0x8dd1b16585edd57d / 0x7279c6b27a7d5860
2020-11-25 14:31:30,77.58.xxx.xxx:500 ,194.230.147.29:28885 , info ,ike ,IKE_LOG , , , , Send:[NOTIFY:NO_PROPOSAL_CHOSEN]
2020-11-25 14:31:30, , , debug ,ike ,IKE_LOG , , , , Remote IKE peer 194.230.147.29:28885 ID (null)
2020-11-25 14:32:30,77.58.xxx.xxx:500 ,194.230.147.29:28885 , info ,ike ,IKE_LOG , , , , The cookie pair is : 0x8dd1b16585edd57d / 0x7279c6b27a7d5860
2020-11-25 14:32:30,77.58.xxx.xxx:500 ,194.230.147.29:28885 , info ,ike ,IKE_LOG , , , , ISAKMP SA [] is disconnected
any ideas, what is wrong?
Accepted Solution
-
Here is the answer for those who have the same problem.The USG cannot distinguish between ip-sec VPN and l2tp (over ip-sec) VPN when listening to the same FQDN.0
All Replies
-
There is NO_PROPOSAL_CHOSEN on log message. It could be Phase 1 Algorithms mismatch.
From my site is working with this scenario.
Did you use quick setup to create VPN profile?0 -
As I mentioned, it is my second try.
So I removed all settings from the first try and then I started with the quick setup.
I compared the settings with this ATP800 Lab
https://support.zyxel.eu/hc/en-us/articles/360008700039-Virtual-Lab-End-to-Site-VPN-L2TP-
and I can't see any differences. (one difference, I have a local user).
I have no glue why Phase 1 can't find a proposal.0 -
@bavaria
Can you private message the remote access , since I would like to establish VPN from my side for check further.0 -
Here is the answer for those who have the same problem.The USG cannot distinguish between ip-sec VPN and l2tp (over ip-sec) VPN when listening to the same FQDN.0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 147 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight