ZyWALL USG 100 and VPN tunnel to MS Azure

BogdanGn
BogdanGn Posts: 2  Freshman Member
First Comment
edited April 2021 in Security
Hello.

I'm trying to setup VPN tunnel to MS Azure. Everything was gone by this article https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=015536&lang=EN .

However, I'm getting errors during connection(see attached screenshot). One of the errors means that Phase 2 cryptography is wrong, but I've tried all supported settings for this. And don't get it fix.
Errors:
Send:[HASH][NOTIFY:NO_PROPOSAL_CHOSEN]
SPI:0x0 SEQ:0x0 No rule found, Dropping packet


I've tried to switch firewall off, tried different cryptography settings on router - and nothing. I've tried to ping 10.0.0.4(my VM in Azure) from router - it is not reachable. But in router interface VPN is shown as connected.
Any ideas?



Accepted Solution

  • BogdanGn
    BogdanGn Posts: 2  Freshman Member
    First Comment
    Answer ✓
    the Phase 2 proposal mismatch, please Algorithm and policy are match first
    I've fixed this issue by changing Local/Remote ID type in VPN Gateway settings. Thanks for the guide, helped for this one.

All Replies

  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    Hello BogdanGn,
    On your Log message,
    the Phase 2 proposal mismatch, please double check Algorithm and policy are match first.
    Secondly, here is an example which is USG establish VPN with MS Azure, so please check it. 
    Link:
    https://drive.google.com/file/d/1XD6vjvlP8qn9kPq3JUhYpvZa1H_zLfwQ/view?usp=sharing
    If the issue still occur, please share the server's configuration for checking further.
    Charlie
  • BogdanGn
    BogdanGn Posts: 2  Freshman Member
    First Comment
    Answer ✓
    the Phase 2 proposal mismatch, please Algorithm and policy are match first
    I've fixed this issue by changing Local/Remote ID type in VPN Gateway settings. Thanks for the guide, helped for this one.

Security Highlight