IPSEC VPN - Remote Access VPN stopped working

Options
networx
networx Posts: 9
First Anniversary First Comment
in USG FLEX H Series

Dear,

i can't figure out what is wrong.

We setup the Zyxel Remote Access VPN. This was working for a few weeks and now we receive the error "The remote connection was denied because the username and password combination you provided is not recognized, or the selected authenticationprotocol it not premitted on the remote access server".

In the client log i see:

CoId={2B7A7503-3FD7-0003-B371-822BD73FDA01}: The user xxxxx dialed a connection named xxxx which has failed. The error code returned on failure is 691.

In the firewall log i see "generating IKE_AUTH response 2 [ EAP/FAIL ]"

I know the username and password is correct. I created a test user just to be sure and the same error.

I attached screenshots of the whole configuration.

We use the Windows buildin VPN client with the custom certificate.

Please advice

2024-01-05 15_36_54-SERVER Tech03 - Werk 2 - Microsoft​ Edge.jpg
2024-01-05 15_36_46-SERVER Tech03 - Werk 2 - Microsoft​ Edge.jpg
2024-01-05 15_36_30-SERVER Tech03 - Werk 2 - Microsoft​ Edge.jpg
2024-01-05 15_35_52-SERVER Tech03 - Werk 2 - Microsoft​ Edge.jpg
2024-01-05 15_34_34-SERVER Tech03 - Werk 2 - Microsoft​ Edge.jpg
2024-01-05 15_33_36-Logboeken.jpg

All Replies

  • networx
    networx Posts: 9
    First Anniversary First Comment
    Options

    We created the vpn users locally on the Zyxel firewall.

    USG FLEX 500H

    V1.10(ABZH.1)

  • PeterUK
    PeterUK Posts: 2,848  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited January 7
    Options

    Set certificate for VPN validation to auto disable/enable VPN download the script and see if that works

    is the certificate you made by IP or domain?

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,099  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @networx

    Not sure if it is related to the selected certificate or other issues. Could you provide remote Web-GUI access for further investigation? We will send a private message to you later; please check your inbox. Thanks.

  • networx
    networx Posts: 9
    First Anniversary First Comment
    Options

    Hi Peter, Hi Jeff,

    Sorry for the delay in reponse. The vpn connection worked again after rebooting the firewall. Let's hope this is a one time issue.

    We generated a certificate using the firewall with the fqdn adres of the client.

    Thank you for the response. At the moment the ticket was completed by rebooting.

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,099  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @networx

    OK, noted. Many thanks for your update.

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)