Watchguard Firewall xtm515

Reason=Received encryption AES, expecting 3DES

Select allOpen in new window

That means you have AES configured at one end but 3DES at the other. Make sure the Phase1 configuration matches at both ends.

For the VPN settings I have IPSec phase one only:
MD5-DES
SHA1-3DES
MD5-128 AES
SHA1-128AES

On the actually VPN setting, it's microsoft I have
Layer 2 Tunneling Protocal with IPsec (L2TP/IPsec)
I have a password
and for encryption I have Microsoft Chap version 2 checked and nothing else.

NO matter what I change I'm still getting this error:  is there any way to change the setting in the VPN connection?
2021-03-30 08:46:04 iked (75.99.10.90<->8.25.188.116)IKE phase-1 negotiation from 75.99.10.90:500 to 8.25.188.116:500 failed. Gateway-Endpoint='L2TP-IPSec_l2' Reason=Received encryption AES, expecting DES id="0203-0006"       Debug
2021-03-30 08:46:04 iked (75.99.10.90<->8.25.188.116)IKE phase-1 negotiation from 75.99.10.90:500 to 8.25.188.116:500 failed. Gateway-Endpoint='L2TP-IPSec_l2' Reason=Received encryption AES, expecting 3DES id="0203-0006"       Debug
2021-03-30 08:46:04 iked (75.99.10.90<->8.25.188.116)IKE phase-1 negotiation from 75.99.10.90:500 to 8.25.188.116:500 failed. Gateway-Endpoint='L2TP-IPSec_l2' Reason=Received encryption AES, expecting DES id="0203-0006"       Debug
2021-03-30 08:46:04 iked (75.99.10.90<->8.25.188.116)IKE phase-1 negotiation from 75.99.10.90:500 to 8.25.188.116:500 failed. Gateway-Endpoint='L2TP-IPSec_l2' Reason=Received encryption AES, expecting 3DES id="0203-0006"       Debug
2021-03-30 08:46:04 iked (75.99.10.90<->8.25.188.116)IKE phase-1 negotiation from 75.99.10.90:500 to 8.25.188.116:500 failed. Gateway-Endpoint='L2TP-IPSec_l2' Reason=Received encryption AES, expecting DES id="0203-0006"       Debug
2021-03-30 08:46:04 iked (75.99.10.90<->8.25.188.116)IKE phase-1 negotiation from 75.99.10.90:500 to 8.25.188.116:500 failed. Gateway-Endpoint='L2TP-IPSec_l2' Reason=Received encryption AES, expecting 3DES id="0203-0006"       Debug
2021-03-30 08:46:04 iked (75.99.10.90<->8.25.188.116)IKE phase-1 negotiation from 75.99.10.90:500 to 8.25.188.116:500 failed. Gateway-Endpoint='L2TP-IPSec_l2' Reason=Received encryption 3DES, expecting DES id="0203-0006"       Debug
2021-03-30 08:46:04 iked (75.99.10.90<->8.25.188.116)IKE phase-1 negotiation from 75.99.10.90:500 to 8.25.188.116:500 failed. Gateway-Endpoint='L2TP-IPSec_l2' Reason=Received DH group 14, expecting 2 id="0203-0004"       Debug
2021-03-30 08:46:04 iked (75.99.10.90<->8.25.188.116)IKE phase-1 negotiation from 75.99.10.90:500 to 8.25.188.116:500 failed. Gateway-Endpoint='L2TP-IPSec_l2' Reason=Received encryption 3DES, expecting DES id="0203-0006"       Debug
2021-03-30 08:46:04 iked (75.99.10.90<->8.25.188.116)IKE phase-2 negotiation from 75.99.10.90:4500 to 8.25.188.116:4500 failed. Tunnel='L2TP-IPSec' Reason=Received AES key length 128, expecting 256 id="0205-0008"       Debug
2021-03-30 08:46:04 iked (75.99.10.90<->8.25.188.116)IKE phase-2 negotiation from 75.99.10.90:4500 to 8.25.188.116:4500 failed. Tunnel='L2TP-IPSec' Reason=Received ESP authentication None, expecting HMAC-SHA1 id="0205-0007"       Debug
2021-03-30 08:46:04 iked (75.99.10.90<->8.25.188.116)IKE phase-2 negotiation from 75.99.10.90:4500 to 8.25.188.116:4500 failed. Tunnel='L2TP-IPSec' Reason=Received ESP encryption AES, expecting 3DES id="0205-0005"       Debug
2021-03-30 08:46:04 iked (75.99.10.90<->8.25.188.116)IKE phase-2 negotiation from 75.99.10.90:4500 to 8.25.188.116:4500 failed. Tunnel='L2TP-IPSec' Reason=Received AES key length 128, expecting 256 id="0205-0008"       Debug
2021-03-30 08:46:04 iked (75.99.10.90<->8.25.188.116)IKE phase-2 negotiation from 75.99.10.90:4500 to 8.25.188.116:4500 failed. Tunnel='L2TP-IPSec' Reason=Received ESP authentication None, expecting HMAC-MD5 id="0205-0007"       Debug

There's a lot not right with the configuration by the look of the logs.

When you configure the VPN connection, you need to make sure the settings are exactly the same at both ends. It looks to me like your configuration is rattling through multiple options in order to try to find a combination that works. Can you show us your configuration for Phase1 and Phase2 for each end, please?

The reason for that is I'm trying every combination because my original config isn't working - So here's what I have.  Any suggestions to solve this mystery are welcome.  Origionally I only had MD5-DES and SHA1-3DES but I'm still getting errors.
l2tpphase2.PNG
phase1.PNG

Thanks.

I see the Watchguard trying to use PFS, but in the config you showed for Phase2 there is no PFS configured. Set that to DH Group 2 and see if it works.

If you're talking about MD5-DES I changed it to DH group 2  same errors.  UGH.

No I'm talking about in the IPSec PFS settings.

In the IPSec Phase2 tab you have a tick-box for Perfect Forward Secrecy. You have it disabled but it looks like the Watchguard wants to use it, as it is expecting to see Diffe-Hellman Group 2 configured at the client. Enable that and see if it works.

now it will not even connect at all.

Glad to help :-/