Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 26 subscribers
  • Views 884 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site to Site VPN doesn´t Connect / Need help

Jochen Barg

Dear Sir or Madem,

i would connect an XG 125 with an XG 135 over Site to Site IP Sec Tunnel, i have confugured

the XG´s like this Tutorial:

https://support.sophos.com/support/s/article/KB-000035717?language=en_US

But the Tunnel doesn´t came up, here is the Logfile from XG 125 who should initate the Connection:

2021-02-12 12:13:27 32[ENC] <ETP-1|314> parsed ID_PROT response 0 [ SA V V V V V
 ]                                                                              
2021-02-12 12:13:27 32[IKE] <ETP-1|314> received XAuth vendor ID                
2021-02-12 12:13:27 32[IKE] <ETP-1|314> received DPD vendor ID                  
2021-02-12 12:13:27 32[IKE] <ETP-1|314> received Cisco Unity vendor ID          
2021-02-12 12:13:27 32[IKE] <ETP-1|314> received FRAGMENTATION vendor ID        
2021-02-12 12:13:27 32[IKE] <ETP-1|314> received NAT-T (RFC 3947) vendor ID     
2021-02-12 12:13:27 32[ENC] <ETP-1|314> generating ID_PROT request 0 [ KE No NAT
-D NAT-D ]                                                                      
2021-02-12 12:13:27 32[NET] <ETP-1|314> sending packet: from 192.168.178.xx[500]
 to 178.13.251.217[500] (652 bytes)                                             
2021-02-12 12:13:27 30[NET] <ETP-1|314> received packet: from xx.13.251.xx[500
] to 192.168.178.23[500] (652 bytes)                                            
2021-02-12 12:13:27 30[ENC] <ETP-1|314> parsed ID_PROT response 0 [ KE No NAT-D 
NAT-D ]                                                                         
2021-02-12 12:13:27 30[IKE] <ETP-1|314> local host is behind NAT, sending keep a
lives                                                                           
2021-02-12 12:13:27 30[IKE] <ETP-1|314> remote host is behind NAT               
2021-02-12 12:13:27 30[ENC] <ETP-1|314> generating ID_PROT request 0 [ ID HASH ]
2021-02-12 12:13:27 30[NET] <ETP-1|314> sending packet: from xx.168.178.xx[4500
] to 178.13.251.217[4500] (92 bytes)                                            
2021-02-12 12:13:27 19[NET] <ETP-1|314> received packet: from xx.13.251.xx[450
0] to 192.168.178.23[4500] (108 bytes)                                          
2021-02-12 12:13:27 19[ENC] <ETP-1|314> parsed INFORMATIONAL_V1 request 24320292
52 [ HASH N(AUTH_FAILED) ]                                                      
2021-02-12 12:13:27 19[IKE] <ETP-1|314> informational: received AUTHENTICATION_F
AILED error notify                                                              
2021-02-12 12:13:27 19[IKE] <ETP-1|314> IKE_SA AUTHENTICATION_FAILED set_conditi
on COND_START_OVER                                                              
2021-02-12 12:13:27 19[IKE] <ETP-1|314> ### destroy: 0x7f2dcc001440             
2021-02-12 12:13:27 19[IKE] <ETP-1|314> IKE_SA has_condition COND_START_OVER ret
ry initiate in 60 sec


Can anyone tell me please, whats the Problem.

Thanks and best regards

Jochen



This thread was automatically locked due to age.
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to Sophos Community.

    It shows authentication failed message in log events. Also, NAT-T is detected.

    ===================================================

    2021-02-12 12:13:27 30[IKE] <ETP-1|314> local host is behind NAT, sending keep alives
    2021-02-12 12:13:27 30[IKE] <ETP-1|314> remote host is behind NAT
    2021-02-12 12:13:27 30[ENC] <ETP-1|314> generating ID_PROT request 0 [ ID HASH ]
    2021-02-12 12:13:27 30[NET] <ETP-1|314> sending packet: from xx.168.178.xx[4500] to 178.13.251.217[4500] (92 bytes)
    2021-02-12 12:13:27 19[NET] <ETP-1|314> received packet: from xx.13.251.xx[4500] to 192.168.178.23[4500] (108 bytes)
    2021-02-12 12:13:27 19[ENC] <ETP-1|314> parsed INFORMATIONAL_V1 request 2432029252 [ HASH N(AUTH_FAILED) ]
    2021-02-12 12:13:27 19[IKE] <ETP-1|314> informational: received AUTHENTICATION_FAILED error notify
    2021-02-12 12:13:27 19[IKE] <ETP-1|314> IKE_SA AUTHENTICATION_FAILED set_condition COND_START_OVER
    2021-02-12 12:13:27 19[IKE] <ETP-1|314> ### destroy: 0x7f2dcc001440
    2021-02-12 12:13:27 19[IKE] <ETP-1|314> IKE_SA has_condition COND_START_OVER retry initiate in 60 sec

    ===================================================

    Request to confirm the preshared key/digital certificate at both ends. If it doesn't work then try to configure 'Local ID' and 'Remote ID' in tunnel configuration.