This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

CREATING IPSEC VPN BETWEEN SOPHOS FIREWALL AND CISCO IOS ROUTE

Hi Guys,

I am trying to create IPSEC VPN tunnel between Sophos firewall and a cisco IOS router in vain. Below is my config:

Sophos firewall logs

2019-06-19 17:04:38 29[DMN] <COOP_S2S_VPN-1|21> [GARNER-LOGGING] (child_alert) ALERT: peer did not respond to initial message 10
2019-06-19 17:04:38 29[IKE] <COOP_S2S_VPN-1|21> peer not responding, not retrying we have 2 other IKE_SAs
2019-06-19 17:04:39 13[NET] <COOP_S2S_VPN-1|22> received packet: from 195.202.81.1[500] to 197.232.69.61[500] (328 bytes)
2019-06-19 17:04:39 13[IKE] <COOP_S2S_VPN-1|22> received retransmit of response with ID 0, but next request already sent
2019-06-19 17:04:42 23[IKE] <COOP_S2S_VPN-1|22> sending retransmit 3 of request message ID 0, seq 3
2019-06-19 17:04:42 23[NET] <COOP_S2S_VPN-1|22> sending packet: from 197.232.69.61[500] to 195.202.81.1[500] (92 bytes)
2019-06-19 17:05:05 12[IKE] <COOP_S2S_VPN-1|22> sending retransmit 4 of request message ID 0, seq 3
2019-06-19 17:05:05 12[NET] <COOP_S2S_VPN-1|22> sending packet: from 197.232.69.61[500] to 195.202.81.1[500] (92 bytes)
2019-06-19 17:05:47 19[IKE] <COOP_S2S_VPN-1|22> sending retransmit 5 of request message ID 0, seq 3
2019-06-19 17:05:47 19[NET] <COOP_S2S_VPN-1|22> sending packet: from 197.232.69.61[500] to 195.202.81.1[500] (92 bytes)
2019-06-19 17:07:03 06[IKE] <COOP_S2S_VPN-1|22> giving up after 5 retransmits
2019-06-19 17:07:03 06[DMN] <COOP_S2S_VPN-1|22> [GARNER-LOGGING] (child_alert) ALERT: IKE message (20003140) retransmission to 195.202.81.1 timed out
2019-06-19 17:07:03 06[DMN] <COOP_S2S_VPN-1|22> [GARNER-LOGGING] (child_alert) ALERT: peer did not respond to initial message 0
2019-06-19 17:07:03 06[IKE] <COOP_S2S_VPN-1|22> peer not responding, trying again (2/0)
2019-06-19 17:07:03 06[IKE] <COOP_S2S_VPN-1|22> initiating Main Mode IKE_SA COOP_S2S_VPN-1[22] to 195.202.81.1
2019-06-19 17:07:03 06[ENC] <COOP_S2S_VPN-1|22> generating ID_PROT request 0 [ SA V V V V V V ]
2019-06-19 17:07:03 06[NET] <COOP_S2S_VPN-1|22> sending packet: from 197.232.69.61[500] to 195.202.81.1[500] (260 bytes)
2019-06-19 17:07:03 25[NET] <COOP_S2S_VPN-1|22> received packet: from 195.202.81.1[500] to 197.232.69.61[500] (104 bytes)
2019-06-19 17:07:03 25[ENC] <COOP_S2S_VPN-1|22> parsed ID_PROT response 0 [ SA V ]
2019-06-19 17:07:03 25[IKE] <COOP_S2S_VPN-1|22> received NAT-T (RFC 3947) vendor ID
2019-06-19 17:07:03 25[ENC] <COOP_S2S_VPN-1|22> generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
2019-06-19 17:07:03 25[NET] <COOP_S2S_VPN-1|22> sending packet: from 197.232.69.61[500] to 195.202.81.1[500] (268 bytes)
2019-06-19 17:07:03 09[NET] <COOP_S2S_VPN-1|22> received packet: from 195.202.81.1[500] to 197.232.69.61[500] (328 bytes)
2019-06-19 17:07:03 09[ENC] <COOP_S2S_VPN-1|22> parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D ]
2019-06-19 17:07:03 09[IKE] <COOP_S2S_VPN-1|22> received Cisco Unity vendor ID
2019-06-19 17:07:03 09[IKE] <COOP_S2S_VPN-1|22> received DPD vendor ID
2019-06-19 17:07:03 09[ENC] <COOP_S2S_VPN-1|22> received unknown vendor ID: 26:e0:a3:b5:dd:0d:9c:b6:d7:ec:03:a3:06:e4:bf:99
2019-06-19 17:07:03 09[IKE] <COOP_S2S_VPN-1|22> received XAuth vendor ID
2019-06-19 17:07:03 09[ENC] <COOP_S2S_VPN-1|22> generating ID_PROT request 0 [ ID HASH ]
2019-06-19 17:07:03 09[NET] <COOP_S2S_VPN-1|22> sending packet: from 197.232.69.61[500] to 195.202.81.1[500] (92 bytes)
2019-06-19 17:07:04 16[NET] <COOP_S2S_VPN-1|22> received packet: from 195.202.81.1[500] to 197.232.69.61[500] (328 bytes)
2019-06-19 17:07:04 16[IKE] <COOP_S2S_VPN-1|22> received retransmit of response with ID 0, but next request already sent
2019-06-19 17:07:07 17[IKE] <COOP_S2S_VPN-1|22> sending retransmit 1 of request message ID 0, seq 3
2019-06-19 17:07:07 17[NET] <COOP_S2S_VPN-1|22> sending packet: from 197.232.69.61[500] to 195.202.81.1[500] (92 bytes)
2019-06-19 17:07:08 23[NET] <COOP_S2S_VPN-1|22> received packet: from 195.202.81.1[500] to 197.232.69.61[500] (328 bytes)
2019-06-19 17:07:08 23[IKE] <COOP_S2S_VPN-1|22> received retransmit of response with ID 0, but next request already sent
2019-06-19 17:07:14 12[IKE] <COOP_S2S_VPN-1|22> sending retransmit 2 of request message ID 0, seq 3
2019-06-19 17:07:14 12[NET] <COOP_S2S_VPN-1|22> sending packet: from 197.232.69.61[500] to 195.202.81.1[500] (92 bytes)
2019-06-19 17:07:15 13[NET] <COOP_S2S_VPN-1|22> received packet: from 195.202.81.1[500] to 197.232.69.61[500] (328 bytes)
2019-06-19 17:07:15 13[IKE] <COOP_S2S_VPN-1|22> received retransmit of response with ID 0, but next request already sent
2019-06-19 17:07:25 30[NET] <COOP_S2S_VPN-1|22> received packet: from 195.202.81.1[500] to 197.232.69.61[500] (328 bytes)
2019-06-19 17:07:25 30[IKE] <COOP_S2S_VPN-1|22> received retransmit of response with ID 0, but next request already sent
2019-06-19 17:07:27 11[IKE] <COOP_S2S_VPN-1|22> sending retransmit 3 of request message ID 0, seq 3
2019-06-19 17:07:27 11[NET] <COOP_S2S_VPN-1|22> sending packet: from 197.232.69.61[500] to 195.202.81.1[500] (92 bytes)
2019-06-19 17:07:50 32[IKE] <COOP_S2S_VPN-1|22> sending retransmit 4 of request message ID 0, seq 3
2019-06-19 17:07:50 32[NET] <COOP_S2S_VPN-1|22> sending packet: from 197.232.69.61[500] to 195.202.81.1[500] (92 bytes)
2019-06-19 17:08:32 11[IKE] <COOP_S2S_VPN-1|22> sending retransmit 5 of request message ID 0, seq 3
2019-06-19 17:08:32 11[NET] <COOP_S2S_VPN-1|22> sending packet: from 197.232.69.61[500] to 195.202.81.1[500] (92 bytes)
2019-06-19 17:09:48 20[IKE] <COOP_S2S_VPN-1|22> giving up after 5 retransmits
2019-06-19 17:09:48 20[DMN] <COOP_S2S_VPN-1|22> [GARNER-LOGGING] (child_alert) ALERT: IKE message (34002690) retransmission to 195.202.81.1 timed out
2019-06-19 17:09:48 20[DMN] <COOP_S2S_VPN-1|22> [GARNER-LOGGING] (child_alert) ALERT: peer did not respond to initial message 1
2019-06-19 17:09:48 20[IKE] <COOP_S2S_VPN-1|22> peer not responding, trying again (3/0)
2019-06-19 17:09:48 20[IKE] <COOP_S2S_VPN-1|22> initiating Main Mode IKE_SA COOP_S2S_VPN-1[22] to 195.202.81.1
2019-06-19 17:09:48 20[ENC] <COOP_S2S_VPN-1|22> generating ID_PROT request 0 [ SA V V V V V V ]
2019-06-19 17:09:48 20[NET] <COOP_S2S_VPN-1|22> sending packet: from 197.232.69.61[500] to 195.202.81.1[500] (260 bytes)
2019-06-19 17:09:48 31[NET] <COOP_S2S_VPN-1|22> received packet: from 195.202.81.1[500] to 197.232.69.61[500] (104 bytes)
2019-06-19 17:09:48 31[ENC] <COOP_S2S_VPN-1|22> parsed ID_PROT response 0 [ SA V ]
2019-06-19 17:09:48 31[IKE] <COOP_S2S_VPN-1|22> received NAT-T (RFC 3947) vendor ID
2019-06-19 17:09:48 31[ENC] <COOP_S2S_VPN-1|22> generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
2019-06-19 17:09:48 31[NET] <COOP_S2S_VPN-1|22> sending packet: from 197.232.69.61[500] to 195.202.81.1[500] (268 bytes)
2019-06-19 17:09:48 26[NET] <COOP_S2S_VPN-1|22> received packet: from 195.202.81.1[500] to 197.232.69.61[500] (328 bytes)
2019-06-19 17:09:48 26[ENC] <COOP_S2S_VPN-1|22> parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D ]
2019-06-19 17:09:48 26[IKE] <COOP_S2S_VPN-1|22> received Cisco Unity vendor ID
2019-06-19 17:09:48 26[IKE] <COOP_S2S_VPN-1|22> received DPD vendor ID
2019-06-19 17:09:48 26[ENC] <COOP_S2S_VPN-1|22> received unknown vendor ID: 26:e0:a3:b5:0c:e8:57:4d:ad:99:9d:1b:85:f2:3b:d3
2019-06-19 17:09:48 26[IKE] <COOP_S2S_VPN-1|22> received XAuth vendor ID

This thread was automatically locked due to age.

0 Ashen1 over 6 years ago

Hi,

does your vpn coming up and disconnecting afterwards? or not coming up at all?

Regards
Cancel
Vote Up 0 Vote Down

Cancel