XG IPSEC Error - EST-P1: System did not accept any proposal received.

Oliver,

can you configure L2TP on XG? I mean L2TP Connections Under Administration > VPN and also configure L2TP settings. Make sure you add an XG local user and try.

Also AD users cannot be used with SSO authentication mechanism but you have to use RADIUS instead.

Let us know if it works. If it does not, share logs from Log Viewer.

Hi Luke,

Please find the logs attached below.

Regards

Oliver Knights

Hi Oliver,

Can you confirm that in the advanced section of the windows side of the configuration you have configured the Windows client to use a preshared key.

Hello Leon,

I can confirm i have a PSK set in the windows settings

Hi Oliver, can you check the following for me

- Go to Windows Firewall with Advanced Security, then properties

- switch to the IPsec Settings tab and then click "Customize"

- under Authentication Method, select "Advanced" and then "Customize"

- the First Authentication method should be "Preshared key", if it is "Computer (Kerberos V5)" delete that and add in the "Preshared key"

Hi Leon,

Thanks for the reply. I can confirm that the psk is set under the windows firewall as well.

Regards

Oliver Knights

Hi Oliver,

Just confirming (as per the original note from Luk) you using an on appliance user and that you have configured both the L2TP Server and Connection Policy.

- System > VPN > L2TP Settings

- System > VPN > L2TP Connections

Also change the authentication protocol at the console command line with "set vpn l2tp authentication any"

(I went back and looked at your original screen shot and it appears to be the configuration for a full IPsec client and not the L2TP client, they are different settings)

Hi Oliver,

Just confirming (as per the original note from Luk) you using an on appliance user and that you have configured both the L2TP Server and Connection Policy.

- System > VPN > L2TP Settings

- System > VPN > L2TP Connections

Also change the authentication protocol at the console command line with "set vpn l2tp authentication any"

(I went back and looked at your original screen shot and it appears to be the configuration for a full IPsec client and not the L2TP client, they are different settings)

Hi Leon,

I've managed to sort it. I didn't set up a l2tp connection.

I'd setup a ipsec  connection and then the l2tp server. I thought the l2tp connection page was to list connected clients. I thought that the l2tp server would use the ipsec policy.

Thanks for the help

Regards

Oliver Knights

I think I have all of my L2TP settings done.  I am trying to get my windows client to connect.

I keep getting these "successful"  errors list here...  what could I be missing?

I am using a local account on the firewall...

Hi John,

The error "EST-P1: System did not accept an proposal received" is basically stating that Phase 1 negotiations failed as as there was a mismatch in protocols.

Check out the following knowledge base articles

As you are using Windows Client I suspect you may not have removed the Kerberos authentication method and possibly not set up the pre shared key on the Windows side.