Dear experts
We have a Zyxel ZyWall USG 1000 device in Location A.
We have configured an IPSec VPN Tunnel between Location A and Location B (Location B is a partner of us.)
Location A --> FW A --> Public IP A --> Subnet A
Location B --> FW B --> Public IP B --> Subnet B
The IPSec VPN Tunnel is not the usual setup because for Phase 2 we are using the following specific configuration:
- For the local Subnet instead of Subnet A we are using the Public IP A /32
- For the remote Subnet we are using the Subnet B
The tunnel is connecting and for a short period of time it's possible to communicate from Subnet A with the Systems from Subnet B.
Now after this very short time the tunnel will disconnect.
The partner B is assuming that the NAT is not working. or that there is a mismatch (the partner said that not all Subnets from Location B were configured on FW A which is not the case)
The Firewall log:
"[COOKIE] Invalid cookie, no sa found [count=2]"
Any idea what might be wrong ?
Best regards
Imbalance
↧