Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 785 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSEC site-to-site is not working with uploading CA Certificate

laxman kumar

Hi,

I was trying to connect site-to-site vpn, But it was not working with below.

1)upload local certificate

2)Remote certificate is selected as External certificate

3)upload Remote CA Certificate

Below is the image to depicts what i was tried to explain to you.

site-to-site

My question is, is there any issue with upload Remote CA certificate and trying to connect to another site. Because every time i could see the log below by uploading remote CA certificate.

2022-12-16 07:18:16Z 32[CFG] <lax_pki-1|2741> selected peer config 'lax_pki-1'
2022-12-16 07:18:16Z 32[IKE] <lax_pki-1|2741> no trusted RSA public key found for 'device3'
2022-12-16 07:18:16Z 32[IKE] <lax_pki-1|2741> peer supports MOBIKE, but disabled in config
2022-12-16 07:18:16Z 32[IKE] <lax_pki-1|2741> got additional MOBIKE peer address: 192.168.50.1
2022-12-16 07:18:16Z 32[IKE] <lax_pki-1|2741> got additional MOBIKE peer address: fd81:e807:b2cb::1
2022-12-16 07:18:16Z 32[DMN] <lax_pki-1|2741> [GARNER-LOGGING] (child_alert) ALERT: Couldn't authenticate the remote gateway. Check the authentication settings on both devices.
2022-12-16 07:18:16Z 32[ENC] <lax_pki-1|2741> generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
2022-12-16 07:18:16Z 32[NET] <lax_pki-1|2741> sending packet: from 202.53.10.133[4500] to 182.66.67.83[64916] (80 bytes)
2022-12-16 07:18:16Z 32[IKE] <lax_pki-1|2741> IKE_SA lax_pki-1[2741] state change: CONNECTING => DESTROYING

Can you please check with uploading CA certificate and try to create the tunnel b/w site-to-site.

Note: With the same certificates of local and remote certificate(peer2 certificate uploaded as a remote certificate), i could able to create the tunnel

site-to-site-local-remote-cert

I was seen this issue with all possible certificate generate methods. if ca certificate upload then tunnel is not getting creating. working only with direct uploading of local and remote certificates.

Please help me on this.

Thank you.



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to Vivek Jagad

    Hi  

    Thank you for the reply.

    I don't think there is an issue with remote peer. Because when we upload local certificate and remote certificate(which also present in peer). In this case we haven't seen any authentication issue. Only issue with ca certificate(I am sure about both peers having the same CA Cert)

    Once we upload the local and remote certificate, we were able to create the tunnel and everything is working fine. only not working with CA certificate(have tested many times, not succeed to create a tunnel even a single time, with uploading CA certificate).

    If you have any document to generate certificates outside the sophos and use it in the sophos, then please share with us.

    Basically we don't have any suspect on remote peer side.

    Thank you.

Children
Unfiltered HTML