Hi. I've already registered problem in zyxel's support. But I think that problem could be in my certificates or some misconfiguration in L2TP, so I hope someone could give me a hint.

Hi, could anybody help me!!! I've configured L2TP/IPSec outgoing connection to the remote gateway Zyxel usg 100. I'm using certificates (from ca built on openssl) in phase 1. Auth in phase 2 is using login\password. CRL if published according extension of issued certificates. Everything works fine unless I turn on CRL check on Zyxel. In this case I get error 789. In zyxel's logs I can see that certificate was successfully checked in CRL and even (looks like) SA with built.: "Recv:[ID][Cert][Sig][Cr][Cr] "Phase 1 IKE SA process done" "Send: Notify:Initial_Contact". I tried to debug the problem using wfp ans IPSec audit policy. I figured out that the problem in on the PC in phase 1- Event id 4652: Error in ASN1 tag. Question: why this problem arises only with CRL check enabled on zyxel?! On with side the problem is (zyxel/pc or certificate itself)? By the way: if two zyxel establish VPN IPSec (site-to-site) connection there is no issue in their CRL check they do not form tunnel is remote peers certificate revoked. Thank for any help!!! <o:p>PS: here is the link for the zip with open keys in use: cert.zip</o:p> <o:p></o:p>

Hi, Since this problem occurs after enabling CRL check on ZyXEL, I suggest you contact ZyXEL support for better help because of involving a 3rd party product. Thanks for your understanding. Juke Chou TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedbackhere.Juke Chou TechNet Community Support

Hi, If so, I will keep this thread opened. Also, if you get any update from Zyxel support, please share the info here. Thanks. Juke Chou TechNet Community Support

Ok. I still have no answer from zyxel support (reqest is escalated to the 2nd line).

Hi, Thanks. We will also continue investigating this, if get any light, I will post back. Juke Chou TechNet Community Support

Zyxel released 3.00 firware. The problem is fixed.