IKEv2 PSK - phase 2 error

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

IKEv2 PSK - phase 2 error

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
IKEv2 PSK - phase 2 error
IKEv2 PSK - phase 2 error
2023-12-29 14:13:17
Tags: #VPN
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: 2.2.3 Build 20231201 Rel.32918

Hi,

 

I need to setup a VPN link between a supplier and our ER-605 as server, with the requirements : 
- IKEv2
- PSK and aes256-sha256-dh14 in phase 1 and phase 2

 

We must apply these requirements and can't ask to change anything.
The tunnel fails to established with an "error during IKE phase 2" on client side. Can't have more details or logs.
ER605 side : absolutely no logs

 

Can you check if something's wrong with the config, please ?

 

ER605 v2.0 stand alone mode
2.2.3 Build 20231201 Rel.32918

 

Network plan (ER605 is the VPN server) :

 

Client side :

 

ER605 conf :


Regards

  1      
  1      
#1
Options
1 Reply
Re:IKEv2 PSK - phase 2 error
2024-01-02 01:57:41

Hi @JulienM 

Thanks for posting in our business forum.

Wireshark would be the way to find out the reason why. Conf looks good to me. Everything is set up correctly.

If this issue persists even you try to modify the encryption, it might be a problem with the double-NAT. Then you have to remove the NAT and test again.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#2
Options