Hello,
I try to configure 2 sites with an site-to-site tunnel.
XG SiteA directly connected to the internet (public ip on WAN), XG SiteB connected to a router, port forward (udp 500/4500) to local ip on the WAN.
I can't find how to match the local ip behind the router in the peer config. I think that is the reason of the no peer config found error.
Anyone have an idea?
Logging from SiteA:
2020-10-07 22:10:04 22[CFG] rereading secrets
2020-10-07 22:10:04 22[CFG] loading secrets from '/_conf/ipsec/ipsec.secrets'
2020-10-07 22:10:04 22[CFG] loading secrets from '/_conf/ipsec/connections/SITE2SITE.secrets'
2020-10-07 22:10:04 22[CFG] loaded IKE secret for IP_SITEA IP_SITEB
2020-10-07 22:10:04 14[CFG] rereading ca certificates from '/_conf/ipsec/ipsec.d/cacerts'
2020-10-07 22:10:04 19[CFG] received stroke: add connection 'SITE2SITE-1'
2020-10-07 22:10:04 19[CFG] added configuration 'SITE2SITE-1'
2020-10-07 22:10:05 16[NET] <94> received packet: from IP_SITEB[500] to IP_SITEA[500] (548 bytes)
2020-10-07 22:10:05 16[ENC] <94> parsed ID_PROT request 0 [ SA V V V V V V ]
2020-10-07 22:10:05 16[IKE] <94> received XAuth vendor ID
2020-10-07 22:10:05 16[IKE] <94> received DPD vendor ID
2020-10-07 22:10:05 16[IKE] <94> received Cisco Unity vendor ID
2020-10-07 22:10:05 16[IKE] <94> received FRAGMENTATION vendor ID
2020-10-07 22:10:05 16[IKE] <94> received NAT-T (RFC 3947) vendor ID
2020-10-07 22:10:05 16[IKE] <94> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
2020-10-07 22:10:05 16[IKE] <94> IP_SITEB is initiating a Main Mode IKE_SA
2020-10-07 22:10:05 16[ENC] <94> generating ID_PROT response 0 [ SA V V V V V ]
2020-10-07 22:10:05 16[NET] <94> sending packet: from IP_SITEA[500] to IP_SITEB[500] (180 bytes)
2020-10-07 22:10:05 15[NET] <94> received packet: from IP_SITEB[500] to IP_SITEA[500] (652 bytes)
2020-10-07 22:10:05 15[ENC] <94> parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
2020-10-07 22:10:05 15[IKE] <94> remote host is behind NAT
2020-10-07 22:10:05 15[ENC] <94> generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
2020-10-07 22:10:05 15[NET] <94> sending packet: from IP_SITEA[500] to IP_SITEB[500] (652 bytes)
2020-10-07 22:10:06 29[NET] <94> received packet: from IP_SITEB[4500] to IP_SITEA[4500] (92 bytes)
2020-10-07 22:10:06 29[ENC] <94> parsed ID_PROT request 0 [ ID HASH ]
2020-10-07 22:10:06 29[CFG] <94> looking for pre-shared key peer configs matching IP_SITEA...IP_SITEB[LOCALIP_BEHIND_ROUTER]
2020-10-07 22:10:06 29[IKE] <94> no peer config found
2020-10-07 22:10:06 29[ENC] <94> generating INFORMATIONAL_V1 request 1053061279 [ HASH N(AUTH_FAILED) ]
2020-10-07 22:10:06 29[NET] <94> sending packet: from IP_SITEA[4500] to IP_SITEB[4500] (108 bytes)
Configuration:
IPsec connection summary SITEA
Configuration of IPsec connection:
Name :
SITE2SITE
Description :
Connection type :
Site-to-site
Policy :
DefaultHeadOffice
Gateway type :
Respond only
Authentication type :
Preshared key
Local WAN port :
Port2.VLANID - IP_SITEA
Local subnet :
SITEA_LAN
Remote host :
IP_SITEB
Remote subnet :
SITEB_LAN
IPsec connection summary SITEB
Configuration of IPsec connection:
Name :
SITE2SITE
Description :
Connection type :
Site-to-site
Policy :
DefaultBranchOffice
Gateway type :
Initiate the connection
Authentication type :
Preshared key
Local WAN port :
Port2 - LOCALIP_BEHIND_ROUTER
Local subnet :
SITEB_LAN
Remote host :
IP_SITEA
Remote subnet :
SITEA_LAN
This thread was automatically locked due to age.
