VPN BETWEEN ZYXEL ATP200 AND FRITZBOX! 7590
All Replies
-
IKEv2. That's "normal".Create a new IKEv1 Gateway, key group could be none.Create new gateway, associate the gateway to the connection, then remove the old.0
-
IKEv1 and still same Key Group without „none“
0 -
You're correct and I'm wrong... I double checked on 4.x device few minutes ago.
According to this post
https://community.zyxel.com/en/discussion/comment/38965/#Comment_38965
maybe there's a different way, for allowing connection between Fritz device and the ATP, configuring the connection without PFS/Keygroup and the gateway with the key group.
0 -
You may have a try key group setting on ATP200:
Phase1(VPN Gateway): DH2
Phase2(VPN Connection): none
If still doesn't help, you can share VPN connection fail log entries.0 -
No Logs at USG310 !
The only log is at Fritzbox :IKE-Error 0x2026
"no proposal chosen"
0 -
Is there anyone really got a connection between those devices ?
Or do we talk about things that „normally has to work“ but nobody tested it in real conditions.
I can connect from my devices ( Mac,IPhone, IPad … ) to my Fritzbox (IPSec VPN-Server) or to my USG310 (IPSec/L2TP VPN-Server).
But still have problems Fritz tu USG !!!
0 -
Kepir said:No Logs at USG310 !
The only log is at Fritzbox :IKE-Error 0x2026
"no proposal chosen"
The log on Fritzbox said "no proposal chosen" means no matched rules on USG.
So that cloud be settings mismatch of IPSec rules on USG.
With IKE log of your USG can help to understand what's mismatch settings between both.
Make sure the IKE log is enable on your USG. And then post the logs you get.
0 -
@Kepir
Your VPN connection scenario is different as previous one which setting is "client to site VPN"...
Here is FRITZBOX site to site VPN configuration guide:
https://en.avm.de/service/vpn/tips-tricks/connecting-the-fritzbox-with-a-companys-vpn/
In IKEv1 setting on USG could be:
#6 The VPN ID on USG doesn't support space in setting, so you could enter FRITZBOX WAN IP address as VPN-ID on both of sites.
If your VPN tunnel still with the problem, you have to take screenshot on USG/FRITZBOX all IKE log entries....because there are too many reason will case no proposal chosen!!!0 -
Thank you @zyman2008 @CHS,
yesterday i found an other solution . i created vpn.cfg file and i have a stable vpn connection.
But i am not able to ping each other.
Here is my config .
0 -
Here some additional screenshots ..0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 148 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight