IPSec - Difference between USG Flex200 and 500
Options
Hello Zyxel!
I tested a USG Flex200 firewall a couple of months ago. I was able to set up Site to Site IPSec VPN.
I am now working with a USG Felx500 firewall, I use the same settings as before but the VPN connection is not working. I see the following entries in the log:
[SA]: No proposal chosen [count = 11]
[SA]: Tunnel [ipsec_tun] Phase 2 proposal mismatch [count = 11]
The cookie pair is: 0x17f1b7f811048b03 / 0x4d5b3b5ddc4e9173 [count = 33]
Send: [HASH] [NOTIFY: NO_PROPOSAL_CHOSEN] [count = 9]
[SA]: Tunnel [ipsec_tun] Phase 2 proposal mismatch [count = 11]
The cookie pair is: 0x17f1b7f811048b03 / 0x4d5b3b5ddc4e9173 [count = 33]
Send: [HASH] [NOTIFY: NO_PROPOSAL_CHOSEN] [count = 9]
Can there be a difference between the USG Felx200 and 500? Maybe 3DES-MD5 algorithms are handled differently?
Thanks!
0
All Replies
-
Try with both ends with phase 1 and 2 at AES128 SHA10
-
Also, 3DES-MD5 is quite... unsecure....
0 -
Hi @nubira,
Can you check the Proposals and Perfect Forward Secrecy are the same for the both site in Phase 2?If that doesn’t solve your problem, can you provide me remote access to USG FLEX200 and USG FLEX500 by private message?
0 -
Dear Community,
I went back to the USG FELX200. The same configuration as on the 500, connects to the remote firewall without an error message in logs (I know 3des-md5 is not secure, but it is supported by the remote site).
But the traffic is not working:
As you can see, inbound traffic is zero. What could be the reason for this?
1. Security Policiy?
The relevant security policies look like this:
2. Routing?
I didn't add a route manually. It would be necessary?
I still don’t understand it all because this configuration was still working in January (when I tested the Zyxel products). I just bought them and we can’t work with them.
Thanks0 -
Hello,
I found the solution. New security rules were needed:
When I set it up, the traffic started in the tunnel. Interestingly, there was no need for this in January.
The point is, it works
Thanks
0
Categories
- All Categories
- 392 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 78 Nebula Status and Incidents
- 5.1K Security
- 51 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 210 Service & License
- 332 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 880 Nebula FAQ
- 415 Security FAQ
- 220 Switch FAQ
- 195 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 63 Security Highlight