manualshive.com logo in svg

TheGreenBow IPSec VPN Client Zyxel ZyWall 10, Configuration Manual

TheGreenBow IPSec VPN Client Zyxel ZyWall 10 Configuration Manual is a comprehensive guide that helps users to easily set up and configure their VPN client. This manual is available for free download from our website, allowing users to access step-by-step instructions and optimize their VPN experience.

Share
Download
background image

Doc.Ref tgbvpn_cg_ZyWall10_en
Doc.version 

2.0 – Nov.2004 

VPN version 

2.5x 

 

 

4

 

VPN IPSec Troubleshooting 

4.1

 

« PAYLOAD MALFORMED

 

» error 

114920 Default (SA ZyWALL-P1) SEND phase 1 Main Mode  [SA][VID] 
114920 Default (SA ZyWALL-P1) RECV phase 1 Main Mode  [NOTIFY] 
114920 Default exchange_run: exchange_validate failed 
114920 Default dropped message from 195.100.205.114 port 500 due to notification 
type PAYLOAD_MALFORMED 
114920 Default SEND Informational  [NOTIFY] with PAYLOAD_MALFORMED error 

 
If you have an « PAYLOAD MALFORMED » error you might have a wrong Phase 1 [SA], check if the encryption 
algorithms are the same on each side of the VPN tunnel. 

4.2

 

« INVALID COOKIE » error 

115933 Default message_recv: invalid cookie(s) 5918ca0c2634288f 7364e3e486e49105 
115933 Default dropped message from 195.100.205.114 port 500 due to notification 
type INVALID_COOKIE 
115933 Default SEND Informational  [NOTIFY] with INVALID_COOKIE error 

 
If you have an « INVALID COOKIE » error, it means that one of the endpoint is using a SA that is no more in use. 
Reset the VPN connection on each side. 

4.3

 

« no keystate » error 

115315 Default (SA ZyWALL-P1) SEND phase 1 Main Mode  [SA][VID] 
115317 Default (SA ZyWALL-P1) RECV phase 1 Main Mode  [SA][VID] 
115317 Default (SA ZyWALL-P1) SEND phase 1 Main Mode  [KEY][NONCE] 
115319 Default (SA ZyWALL-P1) RECV phase 1 Main Mode  [KEY][NONCE] 
115319 Default (SA ZyWALL-P1) SEND phase 1 Main Mode  [ID][HASH][NOTIFY] 
115319 Default ipsec_get_keystate: no keystate in ISAKMP SA 00B57C50 

 
If you have an « no keystate » error, check if the preshared key is correct or if the local ID is correct (see 
« Advanced » button). You should have more information in the remote endpoint logs. 

4.4

 

« received remote ID other than expected » error 

120348 Default (SA ZyWALL-P1) SEND phase 1 Main Mode  [SA][VID] 
120349 Default (SA ZyWALL-P1) RECV phase 1 Main Mode  [SA][VID] 
120349 Default (SA ZyWALL-P1) SEND phase 1 Main Mode  [KEY][NONCE] 
120351 Default (SA ZyWALL-P1) RECV phase 1 Main Mode  [KEY][NONCE] 
120351 Default (SA ZyWALL-P1) SEND phase 1 Main Mode  [ID][HASH][NOTIFY] 
120351 Default (SA ZyWALL-P1) RECV phase 1 Main Mode  [ID][HASH][NOTIFY] 
120351 Default ike_phase_1_recv_ID: received remote ID other than expected 
[email protected]

 
The « Remote ID » value (see « Advanced » Button) do not match what the remote endpoint is expected. 

IPSec VPN Router Configuration 

Property of TheGreenBow Sistech SA - © Sistech 2001-2005 

9/12 

Summary of Contents for IPSec VPN Client Zyxel ZyWall 10

Page 1: ...IPSec VPN Client Configuration Guide Router Zyxel ZyWall 10 WebSite http www thegreenbow com Contact support thegreenbow com IPSec VPN Router Configuration Property of TheGreenBow Sistech SA Sistech 2001 2005 0 12 ...

Page 2: ...eGreenBow IPSec VPN Client configuration 0 3 1 VPN Client Phase 1 IKE Configuration 0 3 2 VPN Client Phase 2 IPSec Configuration 0 3 3 Open the IPSec VPN tunnels 0 4 VPN IPSec Troubleshooting 0 4 1 PAYLOAD MALFORMED error 0 4 2 INVALID COOKIE error 0 4 3 no keystate error 0 4 4 received remote ID other than expected error 0 4 5 NO PROPOSAL CHOSEN error 0 4 6 INVALID ID INFORMATION error 0 4 7 I cl...

Page 3: ...heGreenBow VPN client to the LAN behind the Zyxel ZyWall Router The VPN client is connected to the Internet by a dialup connection from an ISP The client will have a virtual IP address in the remote LAN All the addresses in this document are given for example purpose 192 168 1 3 Internet Zyxel ZyWall 10 192 168 1 78 192 168 1 1 155 2 4 36 80 11 8 4 192 168 100 57 IPSec VPN Router Configuration Pro...

Page 4: ...all VPN configuration can be achieved with a web browser Read Zyxel ZyWALL 10 documentation for more information Once connected to your VPN gateway click on VPN link in the Zyxel ZyWALL 10 VPN configuration interface Select a VPN connection and click on Edit 2 2 ZyWall IKE Mode Click on Active Select IKE and Main if you want to use IKE Main mode exchange IPSec VPN Router Configuration Property of ...

Page 5: ... Address with the IP addresses of your LAN 2 4 ZyWall Phase 1 IDs Phase 1 IDs are set in the following view of the configuration interface We choose to use IP Addresses as IDs 2 5 ZyWall IPSec Protocol Next step consists into selecting IPSec Protocol TheGreenBow VPN client do not accept AH protocol Set the Pre Shared Key and click on Advanced IPSec VPN Router Configuration Property of TheGreenBow ...

Page 6: ...on algorithms For Phase 1 select the algorithm you want DH1 is also known as Diffie Hellman 768 and DH2 as Diffie Hellman 1024 For Phase 2 do not forget to select ESP as active protocol Click on Apply once you have finished IPSec VPN Router Configuration Property of TheGreenBow Sistech SA Sistech 2001 2005 6 12 ...

Page 7: ...PN Client Phase 2 IPSec Configuration In this window you define IPSec VPN Policy VPN Client address is the virtual IP address of the client inside the LAN With Zyxel VPN gateways this address must not belong to the remote LAN Take as example the choice of 192 168 1 100 for virtual IP address When the VPN client is sending a TCP or an UDP packet to a target remote computer 192 168 0 x this target w...

Page 8: ...n configured accordingly you are ready to open VPN tunnels First make sure you enable your firewall with IPSec traffic 1 Click on Save Apply to take into account all modifications we ve made on your VPN Client configuration 2 Click on Open Tunnel or generate traffic that will automatically open a secure IPsec VPN Tunnel e g ping IE browser 3 Select Connections to see opened VPN Tunnels 4 Select Co...

Page 9: ...e error 115315 Default SA ZyWALL P1 SEND phase 1 Main Mode SA VID 115317 Default SA ZyWALL P1 RECV phase 1 Main Mode SA VID 115317 Default SA ZyWALL P1 SEND phase 1 Main Mode KEY NONCE 115319 Default SA ZyWALL P1 RECV phase 1 Main Mode KEY NONCE 115319 Default SA ZyWALL P1 SEND phase 1 Main Mode ID HASH NOTIFY 115319 Default ipsec_get_keystate no keystate in ISAKMP SA 00B57C50 If you have an no ke...

Page 10: ...SEND phase 1 Main Mode ID HASH NOTIFY 122626 Default SA ZyWALL P1 RECV phase 1 Main Mode ID HASH NOTIFY 122626 Default phase 1 done initiator id c364cd70 195 100 205 112 responder id c364cd72 195 100 205 114 src 195 100 205 112 dst 195 100 205 114 122626 Default SA ZyWALL ZyWALL P2 SEND phase 2 Quick Mode SA KEY ID HASH NONCE 122626 Default RECV Informational HASH NOTIFY with INVALID_ID_INFORMATIO...

Page 11: ...efault gateway value in VPN Server LAN A target on your remote LAN can receive pings but does not answer because there is a no Default gateway setting You cannot access to the computers in the LAN by their name You must specify their IP address inside the LAN We recommend you to install ethereal http www ethereal com on one of your target computer You can check that your pings arrive inside the LA...

Page 12: ...s News and updates on TheGreenBow web site http www thegreenbow com Technical support by email at support thegreenbow com Sales contacts at 33 1 43 12 39 37 ou by email at info thegreenbow com IPSec VPN Router Configuration Property of TheGreenBow Sistech SA Sistech 2001 2005 12 12 ...

Reviews:

No comments

Related manuals for IPSec VPN Client Zyxel ZyWall 10

NEC Express5800/E120d-M Getting Started preview
Express5800/E120d-M
Brand: NEC Pages: 2
Paradyne 3172 Quick Reference preview
3172
Brand: Paradyne Pages: 20
Paradyne Compshere 3000 Series Notice preview
Compshere 3000 Series
Brand: Paradyne Pages: 2
Pantech Sprint PX-500 Quick Start Manual preview
Sprint PX-500
Brand: Pantech Pages: 17
Queclink GV600 Series Instruction Manual preview
GV600 Series
Brand: Queclink Pages: 9
TP-Link TD-8817 Specifications preview
TD-8817
Brand: TP-Link Pages: 3
Lorex LNR100 SERIES Instruction Manual preview
LNR100 SERIES
Brand: Lorex Pages: 186
Aztech DSL1000EW(L) Speci?Cations preview
DSL1000EW(L)
Brand: Aztech Pages: 2
dixell XT120C Installing And Operating Insructions preview
XT120C
Brand: dixell Pages: 4
Justec JDR454WV4 User Manual preview
JDR454WV4
Brand: Justec Pages: 61
NETGEAR RP614 v2 Installation Manual preview
RP614 v2
Brand: NETGEAR Pages: 2
impinj Speedway Revolution Installation And Operation Manual preview
Speedway Revolution
Brand: impinj Pages: 60
Paradyne Fan Tray 8820-S2-900 Installation Instructions Manual preview
Fan Tray 8820-S2-900
Brand: Paradyne Pages: 6
Eaton SONiX Pm10 Technical Manual preview
SONiX Pm10
Brand: Eaton Pages: 14
Accton Technology MR3202A User Manual preview
MR3202A
Brand: Accton Technology Pages: 78
Xyclop XC-16CH-NVR-4TB Quick Start Manual preview
XC-16CH-NVR-4TB
Brand: Xyclop Pages: 19
Patton electronics 593/45 User Manual preview
593/45
Brand: Patton electronics Pages: 8
LevelOne WBA-4000 User Manual preview
WBA-4000
Brand: LevelOne Pages: 49

Brands by name

Popular brands

Load more brands