Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 1 subscriber
  • Views 5667 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ZyXel UTM Site-to-Site VPN advice?

SSzretter
I am looking for advice, or hopefully sample settings on getting a ZyXEL USG 50 to connect site-to-site to an astaro gateway.    I happen to be running UTM 9 of astaro.     Has anyone done this, and would you be able to share settings on both sides (astaro/zyxel)?   It would be greatly appreciated!


This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to papa__01
    Hi,

    I am sorry, I changed some customer specific data in the log I posted. Here is a less modified version:

    2013:06:13-16:22:33 oc23 pluto[30165]: packet from 83.250.111.111:500: ignoring Vendor ID payload [f758f22668750f03b08df6ebe1******] 
    2013:06:13-16:22:33 oc23 pluto[30165]: packet from 83.250.111.111:500: ignoring Vendor ID payload [afcad71368a1f1c96b8696******] 
    2013:06:13-16:22:33 oc23 pluto[30165]: packet from 83.250.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] 
    2013:06:13-16:22:33 oc23 pluto[30165]: packet from 83.250.111.111:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] 
    2013:06:13-16:22:33 oc23 pluto[30165]: packet from 83.250.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] 
    2013:06:13-16:22:33 oc23 pluto[30165]: packet from 83.250.111.111:500: received Vendor ID payload [RFC 3947] 
    2013:06:13-16:22:33 oc23 pluto[30165]: packet from 83.250.111.111:500: received Vendor ID payload [Dead Peer Detection] 
    2013:06:13-16:22:33 oc23 pluto[30165]: packet from 83.250.111.111:500: ignoring Vendor ID payload [afcad71368a1f1c96b8696******] 
    2013:06:13-16:22:33 oc23 pluto[30165]: "S_oc23_tunnel"[1] 83.250.111.111 #1: responding to Main Mode from unknown peer 83.250.111.111 
    2013:06:13-16:22:33 oc23 pluto[30165]: "S_oc23_tunnel"[1] 83.250.111.111 #1: NAT-Traversal: Result using RFC 3947: no NAT detected 
    2013:06:13-16:22:33 oc23 pluto[30165]: "S_oc23_tunnel"[1] 83.250.111.111 #1: ignoring informational payload, type IPSEC_INITIAL_CONTACT 
    2013:06:13-16:22:33 oc23 pluto[30165]: "S_oc23_tunnel"[1] 83.250.111.111 #1: Peer ID is ID_USER_FQDN: 'oc23@hotmail.se' 
    2013:06:13-16:22:33 oc23 pluto[30165]: "S_oc23_tunnel"[2] 83.250.111.111 #1: deleting connection "S_oc23_tunnel"[1] instance with peer 83.250.111.111 {isakmp=#0/ipsec=#0} 
    2013:06:13-16:22:33 oc23 pluto[30165]: "S_oc23_tunnel"[2] 83.250.111.111 #1: Dead Peer Detection (RFC 3706) enabled 
    2013:06:13-16:22:33 oc23 pluto[30165]: "S_oc23_tunnel"[2] 83.250.111.111 #1: sent MR3, ISAKMP SA established 
    2013:06:13-16:22:33 oc23 pluto[30165]: "S_oc23_tunnel"[2] 83.250.111.111 #1: received Delete SA payload: deleting ISAKMP State #1 
    2013:06:13-16:22:33 oc23 pluto[30165]: "S_oc23_tunnel"[2] 83.250.111.111: deleting connection "S_oc23_tunnel"[2] instance with peer 83.250.111.111 {isakmp=#0/ipsec=#0} 
    2013:06:13-16:22:33 oc23 pluto[30165]: packet from 83.250.111.111:500: Informational Exchange is for an unknown (expired?) SA 
    2013:06:13-16:22:33 oc23 pluto[30165]: packet from 83.250.111.111:500: Informational Exchange is for an unknown (expired?) SA

    Does this still point in the same direction?
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML