Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 823 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSEC UTM to Juniper

ywillie

SSG140(Juniper) Branch A
OS:6.1.0r2.0
Local Subnet:192.168.1.0/24
WAN:53.20.19.114/28

SG125 (Sophos) Branch B
OS:UTM 9.605-1
Local Subnet:192.168.2.0/24
WAN:112.22.30.58/32



I've been trying to set IPSEC Tunnels between the two Firewalls and many times it would not up.
On the UTM side i created accordingly.
I've also created two network and host definition of Branch A
1.The IPSEC Policy


2. Remote Gateway



3.



Under Juniper.
Under -> Policy -> Policy Elements -> Addresses -> List
I created the Subnet of Branch B

On the Juniper side i created accordingly.
1.Remote Gateway


under advanced i keyed in the preshared key.

2. IPSEC Tunnel

under advanced.


This is the live output log from Sophos UTM Side.
2020:07:27-21:25:44 vncpfw001 pluto[32593]: "Branch_A_Gateway" #677: initiating Main Mode to replace #676
2020:07:27-21:25:44 vncpfw001 pluto[32593]: packet from 53.20.19.114:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN
2020:07:27-21:25:54 vncpfw001 pluto[32593]: packet from 53.20.19.114:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN
2020:07:27-21:26:14 vncpfw001 pluto[32593]: packet from 53.20.19.114:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN
2020:07:27-21:26:54 vncpfw001 pluto[32593]: packet from 53.20.19.114:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN
2020:07:27-21:27:34 vncpfw001 pluto[32593]: packet from 53.20.19.114:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN
2020:07:27-21:28:14 vncpfw001 pluto[32593]: packet from 53.20.19.114:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN
2020:07:27-21:28:54 vncpfw001 pluto[32593]: packet from 53.20.19.114:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN
2020:07:27-21:29:34 vncpfw001 pluto[32593]: packet from 53.20.19.114:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN
2020:07:27-21:30:14 vncpfw001 pluto[32593]: packet from 53.20.19.114:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    i think phase 1 (IKE) proposal don't match.

    Sophos : AES256/SHA1   

    Juniper 3DES/SHA1


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to dirkkotte

    thx for pointing out.
    I've also managed to spot the problem not long after i checked that it was under AES256 instead of 3DES.

    I've also noticed the slow uptime using IKEv1 and 3DES for ipsec between Sophos and Juniper.
    Guess that there's no any other way since it's an old juniper firewall that could only supported that .
    It doesn't support ikev2

Reply
  • 0 in reply to dirkkotte

    thx for pointing out.
    I've also managed to spot the problem not long after i checked that it was under AES256 instead of 3DES.

    I've also noticed the slow uptime using IKEv1 and 3DES for ipsec between Sophos and Juniper.
    Guess that there's no any other way since it's an old juniper firewall that could only supported that .
    It doesn't support ikev2

Children
No Data
Unfiltered HTML