I have multiple respond only vpn's and am trying to add another to a CradlePoint modem/router. It is failing to connect and when I look at the logs it appears the XG is confusing the new endpoint with an existing vpn. In the log excerpt below 174.246.210.199 is the existing/working vpn (Station13) and 166.176.121.97 is the ip of the new vpn endpoint (Engine11). The preshared keys are not the same. The local and remote ID in the gateways settings are blank on both vpn's.
Why is this happening? How is the XG supposed to identify the correct connection to use for incoming requests?
XG210_WP03_SFOS 18.5.1 MR-1-Build326# tail -f strongswan.log | grep Station13
2022-02-22 16:34:02 17[NET] <Station13-1|890239> received packet: from 174.246.210.199[17924] to 205.169.97.162[4500] (60 bytes)
2022-02-22 16:34:02 17[ENC] <Station13-1|890239> parsed INFORMATIONAL request 685 [ ]
2022-02-22 16:34:02 17[ENC] <Station13-1|890239> generating INFORMATIONAL response 685 [ ]
2022-02-22 16:34:02 17[NET] <Station13-1|890239> sending packet: from 205.169.97.162[4500] to 174.246.210.199[17924] (60 bytes)
2022-02-22 16:34:22 09[CFG] <Station13-1|891306> selected peer config 'Station13-1'
2022-02-22 16:34:22 09[IKE] <Station13-1|891306> authentication of '10.116.49.110' with pre-shared key successful
2022-02-22 16:34:22 09[IKE] <Station13-1|891306> authentication of '205.169.97.162' (myself) with pre-shared key
2022-02-22 16:34:22 09[IKE] <Station13-1|891306> IKE_SA Station13-1[891306] established between 205.169.97.162[205.169.97.162]...166.176.121.97[10.116.49.110]
2022-02-22 16:34:22 09[IKE] <Station13-1|891306> scheduling rekeying in 28296s
2022-02-22 16:34:22 09[IKE] <Station13-1|891306> maximum IKE_SA lifetime 28656s
2022-02-22 16:34:22 09[IKE] <Station13-1|891306> traffic selectors 192.168.10.0/24 === 192.168.11.0/28 inacceptable
2022-02-22 16:34:22 09[DMN] <Station13-1|891306> [GARNER-LOGGING] (child_alert) ALERT: the received traffic selectors did not match: 192.168.11.0/28 === 192.168.10.0/24
2022-02-22 16:34:22 09[IKE] <Station13-1|891306> failed to establish CHILD_SA, keeping IKE_SA
2022-02-22 16:34:22 09[ENC] <Station13-1|891306> generating IKE_AUTH response 1 [ IDr AUTH N(TS_UNACCEPT) ]
2022-02-22 16:34:22 09[NET] <Station13-1|891306> sending packet: from 205.169.97.162[4500] to 166.176.121.97[46034] (128 bytes)
2022-02-22 16:34:22 22[NET] <Station13-1|891306> received packet: from 166.176.121.97[46034] to 205.169.97.162[4500] (80 bytes)
2022-02-22 16:34:22 22[ENC] <Station13-1|891306> parsed INFORMATIONAL request 2 [ D ]
2022-02-22 16:34:22 22[IKE] <Station13-1|891306> received DELETE for IKE_SA Station13-1[891306]
2022-02-22 16:34:22 22[IKE] <Station13-1|891306> deleting IKE_SA Station13-1[891306] between 205.169.97.162[205.169.97.162]...166.176.121.97[10.116.49.110]
2022-02-22 16:34:22 22[IKE] <Station13-1|891306> IKE_SA deleted
2022-02-22 16:34:22 22[ENC] <Station13-1|891306> generating INFORMATIONAL response 2 [ ]
2022-02-22 16:34:22 22[NET] <Station13-1|891306> sending packet: from 205.169.97.162[4500] to 166.176.121.97[46034] (80 bytes)
2022-02-22 16:34:22 32[NET] <Station13-1|890239> received packet: from 174.246.210.199[17924] to 205.169.97.162[4500] (60 bytes)
2022-02-22 16:34:22 32[ENC] <Station13-1|890239> parsed INFORMATIONAL request 686 [ ]
2022-02-22 16:34:22 32[ENC] <Station13-1|890239> generating INFORMATIONAL response 686 [ ]
2022-02-22 16:34:22 32[NET] <Station13-1|890239> sending packet: from 205.169.97.162[4500] to 174.246.210.199[17924] (60 bytes)
This thread was automatically locked due to age.
