Site to Site IPsec VPN between two XG Firewall: IPsec connection could not be established

Hi Michele,

You may have a NAT which is forwarding IPSEC packets or the IPSEC packets are not getting to their destination.

Can you get the logs from both sides at the same time?

Thank you for your help.

On the other side is the same:

generating ID_PROT request 0 [ SA V V V V V V ]

sending retransmit 1 of request message ID 0, seq 1

sending retransmit 2 of request message ID 0, seq 1

sending retransmit 3 of request message ID 0, seq 1

Seems to be that both sides are not communicating .

What do you mean in deep ''You may have a NAT'' ?

Thanks.

Thank you for your help.

On the other side is the same:

generating ID_PROT request 0 [ SA V V V V V V ]

sending retransmit 1 of request message ID 0, seq 1

sending retransmit 2 of request message ID 0, seq 1

sending retransmit 3 of request message ID 0, seq 1

Seems to be that both sides are not communicating .

What do you mean in deep ''You may have a NAT'' ?

Thanks.

For example if you have a DNAT for 'ANY' service, it would be forwarding your IPSEC packets instead it terminating at the ipsec service as DNAT's take precedence. 

Thanks.

How I should configure that rule?

I've configured two DNAT rule (one of each side) but I'm not sure about it.

Thanks.

Just make sure the services don't include IPSEC (udp 500/4500 Proto 50).