Multiple S2S VPNs with AWS can't established after internet break
All Replies
-
It appears you already figured out your issue, but I just wanted to point out that DH groups 16 thru 18 have known issues, I believe it started in v4.39.From firmware release notes:IKE v2 Proposal mix not working (DH16, DH17, DH18)
0 -
Hi @Zyxel_Can
Maybe you fixed the DH group issue, but the devices are too slow for this. When tunnels had been negotiated, the GUI was very slow and showed a lot of CLI errors, CPU worked on 90%... and that's why tunnels hadn't been established.0 -
DH19(ECP256), DH20(ECP384) is support by Azure. (DH21 is not support)
It's an alternative to DH16,17,18 with same security strength but fast.
0 -
Zyxel_Can said:
Hi @gb5102,
Thank you for your comment.
All of the firmwares after v4.62 covers IKE v2 Proposal mix not working (DH16, DH17, DH18) fix.Are you saying the known issues with DH16/17/18 are fixed in current firmware versions?Because this issue is still listed under "Known Issues" section in v4.65 release notes for Zywall 110.
0 -
Hi @gb5102,
Sorry for misunderstanding.
The fix was actually implemented in the forum release version.
Currently the latest forum release version is 4.62 WK14:
https://community.zyxel.com/en/discussion/10639/zld-v4-62-wk14-firmware-release#latest
The 4.65 forum release will be ready next week.
You can download the latest updates from the following thread once it was released:
https://community.zyxel.com/en/categories/firmware-release
0
Freshman Member
Zyxel Employee
Master Member
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight
