IPSec - Difference between USG Flex200 and 500
Hello Zyxel!
I tested a USG Flex200 firewall a couple of months ago. I was able to set up Site to Site IPSec VPN.
I am now working with a USG Felx500 firewall, I use the same settings as before but the VPN connection is not working. I see the following entries in the log:
[SA]: No proposal chosen [count = 11]
[SA]: Tunnel [ipsec_tun] Phase 2 proposal mismatch [count = 11]
The cookie pair is: 0x17f1b7f811048b03 / 0x4d5b3b5ddc4e9173 [count = 33]
Send: [HASH] [NOTIFY: NO_PROPOSAL_CHOSEN] [count = 9]
[SA]: Tunnel [ipsec_tun] Phase 2 proposal mismatch [count = 11]
The cookie pair is: 0x17f1b7f811048b03 / 0x4d5b3b5ddc4e9173 [count = 33]
Send: [HASH] [NOTIFY: NO_PROPOSAL_CHOSEN] [count = 9]
Can there be a difference between the USG Felx200 and 500? Maybe 3DES-MD5 algorithms are handled differently?
Thanks!
0
All Replies
-
Try with both ends with phase 1 and 2 at AES128 SHA10
-
Also, 3DES-MD5 is quite... unsecure....
0 -
Hi @nubira,
Can you check the Proposals and Perfect Forward Secrecy are the same for the both site in Phase 2?If that doesn’t solve your problem, can you provide me remote access to USG FLEX200 and USG FLEX500 by private message?
0 -
Dear Community,
I went back to the USG FELX200. The same configuration as on the 500, connects to the remote firewall without an error message in logs (I know 3des-md5 is not secure, but it is supported by the remote site).
But the traffic is not working:
As you can see, inbound traffic is zero. What could be the reason for this?
1. Security Policiy?
The relevant security policies look like this:
2. Routing?
I didn't add a route manually. It would be necessary?
I still don’t understand it all because this configuration was still working in January (when I tested the Zyxel products). I just bought them and we can’t work with them.
Thanks0 -
Hello,
I found the solution. New security rules were needed:
When I set it up, the traffic started in the tunnel. Interestingly, there was no need for this in January.
The point is, it works
Thanks
0
Categories
- All Categories
- 184 Beta Program
- 1.7K Nebula
- 89 Nebula Ideas
- 63 Nebula Status and Incidents
- 4.7K Security
- 236 Security Ideas
- 1.1K Switch
- 51 Switch Ideas
- 914 WirelessLAN
- 27 WLAN Ideas
- 5.4K Consumer Product
- 174 Service & License
- 295 News and Release
- 65 Security Advisories
- 14 Education Center
- 983 FAQ
- 426 Nebula FAQ
- 255 Security FAQ
- 100 Switch FAQ
- 115 WirelessLAN FAQ
- 21 Consumer Product FAQ
- 66 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 68 About Community
- 52 Security Highlight