Remote Access VPN: IKE_AUTH response 1 [ N(AUTH_FAILED) ]

adsw
adsw Posts: 4  Freshman Member
First Comment
in USG FLEX H Series

Hello all,

I replaced my Zyxel ZyWALL USG110 with a Zyxel USG FLEX 200H. I configured the Remote Access VPN on the new gateway and setup a IKEv2 profile on an iPhone with iOS 18.x, using the built-in VPN client. I also installed the required self-signed certificate, which I had to manually trust.

When I enable VPN on the iPhone, the IKE_SA_INIT phase is passed without errors, but the IKE_AUTH phase ends with the error message IKE_AUTH response 1 [ N(AUTH_FAILED) ]. It seems that the iOS VPN client is not sending a certificate request and so the authentication fails. With my old gateway and a profile setup under iOS 17.x, everything worked fine. The error only occurred after creating a new profile under iOS 18.x.

I sent a request to the Zyxel support about this and they told me that this seems to be a bug in iOS 18.x. I found information about aHave any of you encountered the same issue and perhaps found a solution that doesn't end in waiting for a bug fix?

Thanks, adsw

All Replies

  • Zyxel_Kay
    Zyxel_Kay Posts: 1,280  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - WLAN Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security

    Hi @adsw

    It appears that iOS 18 introduced changes to the VPN Phase 1 and Phase 2 parameters for its native VPN client. We recommend adjusting the Encryption and Authentication settings on your VPN configuration to align with these updates.

    For step-by-step guidance, please refer to this post on our Community:

    https://community.zyxel.com/en/discussion/26146/why-cant-i-establish-a-vpn-connection-after-updating-to-ios-18-how-can-i-resolve-this-issue

    Kay

  • adsw
    adsw Posts: 4  Freshman Member
    First Comment

    Hello Zyxel_Jeff,

    Thanks for the tip and the links, but I have already followed resp. tried these instructions, unfortunately without success. The error message remains the same. Changing the proposals for IKE_SA_INIT (Phase 1) and IKE_AUTH (Phase 2) leads to the same error as before.

    I am at a loss, because the same settings worked fine with the old gateway. The only explanation I have at the moment would be the iOS bug mentioned earlier.

    Best,
    adsw

  • Zyxel_Kay
    Zyxel_Kay Posts: 1,280  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - WLAN Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security

    Hi @adsw

    Have you tried manually adding the IKEv2 VPN profile? This method might help resolve your issue. You can follow the step-by-step guide in this article:

    How do I manually add an IKEv2 VPN profile on an iPhone for an IKEv2 VPN connection? — Zyxel Community

    Let me know if this works for you!

    Kay

  • adsw
    adsw Posts: 4  Freshman Member
    First Comment

    Hello Zyxel_Kay,

    Thank you for your answer.

    Yes, I tried it to add the profile manually. Server and Remote ID = DDNS server, User Name, Password set and also tried to set Local ID = User Name. Certificate exported and installed and manually trusted in settings on iPhone.

    Long story short. Unfortunately, it doesn't help. But thank you for the tip.

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)