IPsec VPN USG Flex 200 error
Options
![Miguel_Bragado](https://us.v-cdn.net/6029482/uploads/avatarstock/n5VP8WBH3IZR4.png)
Miguel_Bragado
Posts: 3
![Friend Collector](https://us.v-cdn.net/6029482/uploads/badges/HNJASEUSC535.png)
![First Comment](https://us.v-cdn.net/6029482/uploads/badges/MBNFIRD87YVH.png)
in Security
hello,
I am trying to set up a point to point ipsec vpn on a USG Flex 200, my side is the client.
I have used the wizard and it has created the gateway and the connection but I can't get it to connect.
In the log I see the error Phase 2 proposal mismatch and No proposal chosen.
![Image: https://us.v-cdn.net/6029482/uploads/editor/fj/um4dtexahoqv.jpg](https://us.v-cdn.net/6029482/uploads/editor/fj/um4dtexahoqv.jpg)
I have checked within the parameters of the VPN connection in the Phase 2 Settings section that I have the Proposal AES256 and SHA512 as configured on the other side.
![Image: https://us.v-cdn.net/6029482/uploads/editor/fj/um4dtexahoqv.jpg](https://us.v-cdn.net/6029482/uploads/editor/fj/um4dtexahoqv.jpg)
I have checked within the parameters of the VPN connection in the Phase 2 Settings section that I have the Proposal AES256 and SHA512 as configured on the other side.
What could be wrong so that the connection is not established?
![Image: https://us.v-cdn.net/6029482/uploads/editor/mc/aia5141dge8s.jpg](https://us.v-cdn.net/6029482/uploads/editor/mc/aia5141dge8s.jpg)
Thanks in advance, regards
![Image: https://us.v-cdn.net/6029482/uploads/editor/mc/aia5141dge8s.jpg](https://us.v-cdn.net/6029482/uploads/editor/mc/aia5141dge8s.jpg)
Thanks in advance, regards
0
All Replies
-
Hello @Miguel_Bragado,Welcome to Zyxel community.Could you provide the firmware version of the USG FLEX 200? and Is another site also a Zyxel device? We also need the complete logs of the negotiation.Is USG FLEX 200 behind NAT? or another peer?Moreover, for further checking, could you provide remote access via private message to me, I will check on this for you, thank you.James0
-
Hello,
This is my installation scheme. USG is behind the router of my internet provider, but i have a 1 to 1 nat configured on this router. Firmware Version is V5.31(ABUI.0) / 2022-06-30 02:27:32
I can provide remote access to the equipment if you tell me how to send you the credentials.
Thanks in advance, BR
0 -
Hello @Miguel_Bragado,You may contact me through private message, clicking my name/icon for messages. You can limit the access to our official public IP's61.222.75.1461.220.247.15761.220.247.15861.220.247.160Thank you.Moreover, is the remote site a Zyxel device too? is it possible to provide remote access on remote site?
James0 -
0
Categories
- All Categories
- 413 Beta Program
- 2.3K Nebula
- 192 Nebula Ideas
- 87 Nebula Status and Incidents
- 5.3K Security
- 142 USG FLEX H Series
- 253 Security Ideas
- 1.3K Switch
- 75 Switch Ideas
- 993 Wireless
- 51 Wireless Ideas
- 6.1K Consumer Product
- 231 Service & License
- 362 News and Release
- 74 Security Advisories
- 23 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 101 About Community
- 67 Security Highlight