IPSec-VPN problems
I have two sites. Site one has a USG100 and site 2 has a Flex 200.
Site one is unchanged. Site 2 USE to have a Sonicwall and the two sites were connected with an IPSec-VPN.
I removed the sonicwall at site 2 and replaced with with the Flex 200 and began setting up the P2P VPN again. Of course, I didn't change Site 1 config, but only set up Site 2 to connect to site one in the same way the sonicwall was setup.
I'm here because I can't get the VPN to work.
I have done side by side comparisons on the two sites and literally everything is exactly the same and site 2 is set up exactly like the sonicwall was. Even now, when I reconnect the sonicwall, the VPN comes up fine.
My log is showing no Proposal chosen and I'm dying trying to find out what's wrong.
I've compared the functioning sonicwall VPN settings to the new Flex VPN settings and they are identical in every respect, but still I'm striking out.
Anyone have any ideas?
Thanks!
Cliff
Accepted Solution
- 
            Called Zyxel support. in three mins it was fixed. He set PFS to none on Phase 2. Literally EVERY support doc says to set it to DH2! Face palm 0
All Replies
- 
            Does is say Phase 1 mismatch for the Proposal? in Advance you need to set the right matching encryption 0
- 
            Since your logs are showing "no Proposal chosen," it's likely that there's a mismatch in the Phase 1 or Phase 2 settings between the USG100 and the Flex 200. Ensure that both sides are using the same settings for Phase 1 and Phase 2 negotiations. This includes encryption, hash, Diffie-Hellman Group, and lifetime settings. 0
- 
            Honestly, my tech and I have compared Phase 1 and Phase 2 settings at least ten times in a side by side screening. WE know them by heart now. 0
- 
            Hi @CRP0499 , Please send me both FLEX100 and FLEX200 startup configuration file in PM for further checking. 0
- 
            sent to cooldia already 0
- 
            Called Zyxel support. in three mins it was fixed. He set PFS to none on Phase 2. Literally EVERY support doc says to set it to DH2! Face palm 0
Categories
- All Categories
- 439 Beta Program
- 2.8K Nebula
- 199 Nebula Ideas
- 125 Nebula Status and Incidents
- 6.3K Security
- 492 USG FLEX H Series
- 322 Security Ideas
- 1.6K Switch
- 83 Switch Ideas
- 1.3K Wireless
- 47 Wireless Ideas
- 6.8K Consumer Product
- 285 Service & License
- 455 News and Release
- 89 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 95 Security Highlight

 Freshman Member
  Freshman Member 
          
         
 Guru Member
  Guru Member 
          
          
          
         
 Master Member
  Master Member 
          
          
          
          
          
          
                     
                     
                     
                    