Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 26 subscribers
  • Views 7649 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IOS VPN zu Sophos UTM

ChristianKühne

Hallo zusammen,

 

ich nach folgedem Guide ein Verbindung zwischen Iphone und  Sophos herstellen wollen,

https://community.sophos.com/kb/en-us/115304

Der Import funktioniert alles noch Tadellos.

Allerdings wenn ich mich mit dem Iphone verbinde erhalte ich folgenden Fehler:

"Serverzertifikat konnte nicht überprüft werden"

Auf der Firewall erhalte ich folgende Meldungen:

preparse_isakmp_policy: peer requests PSK authentication
2018:03:09-14:05:23 remote pluto[24924]: packet from 90.153.97.48:500: initial Main Mode message received on 87.139.56.74:500 but no connection has been authorized with policy=PSK
2018:03:09-14:05:23 remote pluto[24924]: | next event EVENT_DPD in 8 seconds for #10
2018:03:09-14:05:27 remote pluto[24924]: |
2018:03:09-14:05:27 remote pluto[24924]: | *received 456 bytes from 90.153.97.48:500 on ppp0
2018:03:09-14:05:27 remote pluto[24924]: | **parse ISAKMP Message:
2018:03:09-14:05:27 remote pluto[24924]: | initiator cookie:
2018:03:09-14:05:27 remote pluto[24924]: | 67 ff da 42 15 29 15 cd
2018:03:09-14:05:27 remote pluto[24924]: | responder cookie:
2018:03:09-14:05:27 remote pluto[24924]: | 00 00 00 00 00 00 00 00
2018:03:09-14:05:27 remote pluto[24924]: | next payload type: ISAKMP_NEXT_SA
2018:03:09-14:05:27 remote pluto[24924]: | ISAKMP version: ISAKMP Version 1.0
2018:03:09-14:05:27 remote pluto[24924]: | exchange type: ISAKMP_XCHG_IDPROT
2018:03:09-14:05:27 remote pluto[24924]: | flags: none
2018:03:09-14:05:27 remote pluto[24924]: | message ID: 00 00 00 00
2018:03:09-14:05:27 remote pluto[24924]: | length: 456
 
 
Das Zertifkat ist soweit ich es beurteilen kann per SHA1 ausgestellt, was ich inj einem anderem BEotrag gefunden habe.
Auch den Punkt Remote Access > Cisco VPN > IOS device > ovverride Hostname habe ich gesetzt und sichergestellt, dass er aufgelöst werden kann.
 
Für weitere Ideen bin ich euch dankbar.
 
Gruß
Christian
 
 
 


This thread was automatically locked due to age.
  • 0

    Hallo Christian,

    (Sorry, my German-speaking brain isn't creating thoughts at the moment. [:(])

    We really can't see enough of the log to understand what's happening.  The problem occurs before these lines.  Using debug almost never helps find IPsec problems - it just makes it more difficult to read the log file.  Try the following:

    1. Confirm that Debug is not enabled.
    2. Start the IPsec Live Log and wait for it to begin to populate.
    3. Try to connect with your iPhone.
    4. Show us about 60 lines from starting to connect through the first line enabling through "no connection has been authorized with policy=PSK."

    MfG - Bob (Bitte auf Deutsch weiterhin.)