ZyXEL → Re: Zywall L2TP VPN problems due to ?no L2TP IPSEC protection?

I tried several different changes to encryption settings while trying to debug this, and nothing seemed to work. Also, from the logs, it looks like the IPSEC tunnel does get established, and it's running into a problem with the L2TP layer after the tunnel is up (so that would seem to me that the cipher are OK - but maybe I don't fully understand how this works)...

But in any event, I currently have the following ciphers enabled:

Phase1:
Neg Mode: Main
1. 3DES-SHA1
2. AES128-SHA1
Key Group: DH2

Phase2:
Encaps: Transport
1. AES256-SHA1
2. AES128-SHA1
3. 3DES-SHA1
PFS: none

If you don't mind posting what you're using successfully, that would be great! Also, I assume you have this working on FW 4.10(AAAA.1)? Did you have the VPN configured before upgrading? I had to do the "double-upgrade" from (if I remember correctly), 3.10->3.20, and then 3.20->4.10. Before the upgrade I had a regular IPSEC tunnel working with the Shrewsoft client from Win7, and also an L2TP/IPSEC tunnel working from both IOS and Android. After the double-upgrade, the Shrewsoft was still working, but IOS/Android is now broken....

Thanks!

For me, USG 40 4.10(AAA.1) using my Samsung Note2 4.3 android. I have AES256 MD5, AES256 SHA1, 3DES SHA1. Local policy address object for host 0.0.0.0

For the vpn gateway,
negotiation main
AES256 SHA1
AES256 MD5
key group dh2
Nat traversal checked
My address - interface address object of my WAN interface.

The key for me was the my address setting in the gateway. I had to use an address object of type interface, my wan Interface. It seems my version of Android only sends the VPN servers address (the USG) in the negotiation. Until I set that my negotiation would fail.

Thanks. Unfortunately matching your settings didn't help for me .... Argh.

Can anyone post the relevant settings for a Zywall 110 with a working L2TP VPN between FW v4.10(AAAA.1) and IOS 8.1?

Thanks....