Remote Access VPN: IKE_AUTH response 1 [ N(AUTH_FAILED) ]
Freshman Member
Hello all,
I replaced my Zyxel ZyWALL USG110 with a Zyxel USG FLEX 200H. I configured the Remote Access VPN on the new gateway and setup a IKEv2 profile on an iPhone with iOS 18.x, using the built-in VPN client. I also installed the required self-signed certificate, which I had to manually trust.
When I enable VPN on the iPhone, the IKE_SA_INIT phase is passed without errors, but the IKE_AUTH phase ends with the error message IKE_AUTH response 1 [ N(AUTH_FAILED) ]. It seems that the iOS VPN client is not sending a certificate request and so the authentication fails. With my old gateway and a profile setup under iOS 17.x, everything worked fine. The error only occurred after creating a new profile under iOS 18.x.
I sent a request to the Zyxel support about this and they told me that this seems to be a bug in iOS 18.x. I found information about aHave any of you encountered the same issue and perhaps found a solution that doesn't end in waiting for a bug fix?
Thanks, adsw
All Replies
-
Hi @adsw
It appears that iOS 18 introduced changes to the VPN Phase 1 and Phase 2 parameters for its native VPN client. We recommend adjusting the Encryption and Authentication settings on your VPN configuration to align with these updates.
For step-by-step guidance, please refer to this post on our Community:
Kay
See how you've made an impact in Zyxel Community this year!
0 -
Hello Zyxel_Jeff,
Thanks for the tip and the links, but I have already followed resp. tried these instructions, unfortunately without success. The error message remains the same. Changing the proposals for IKE_SA_INIT (Phase 1) and IKE_AUTH (Phase 2) leads to the same error as before.
I am at a loss, because the same settings worked fine with the old gateway. The only explanation I have at the moment would be the iOS bug mentioned earlier.
Best,
adsw0 -
Hi @adsw
Have you tried manually adding the IKEv2 VPN profile? This method might help resolve your issue. You can follow the step-by-step guide in this article:
Let me know if this works for you!
Kay
See how you've made an impact in Zyxel Community this year!
0 -
Hello Zyxel_Kay,
Thank you for your answer.
Yes, I tried it to add the profile manually. Server and Remote ID = DDNS server, User Name, Password set and also tried to set Local ID = User Name. Certificate exported and installed and manually trusted in settings on iPhone.
Long story short. Unfortunately, it doesn't help. But thank you for the tip.
0
Zyxel Employee
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 147 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight
