This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site to Site VPN issues between UTM and XG firewalls

Hello all,

I am rather new to Sophos and am trying to get a site to site ipsec VPN working. It seems as thou the tunnel comes up, but I cannot seem to get data to traverse the tunnel. I have gotten the firewall rules setup, however I keep getting the same messages in the IPSec VPN event log.

2022:03:07-13:18:05 hq-utm-01 pluto[7633]: packet from 66.XXX.XXX.237:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN

2022:03:07-13:18:45 hq-utm-01 pluto[7633]: "S_secondary" #26: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message

2022:03:07-13:18:45 hq-utm-01 pluto[7633]: "S_secondary" #26: starting keying attempt 14 of an unlimited number

2022:03:07-13:18:45 hq-utm-01 pluto[7633]: "S_secondary" #27: initiating Main Mode to replace #26

2022:03:07-13:18:45 hq-utm-01 pluto[7633]: packet from 66.XXX.XXX.237:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN

Any one have any thoughts on this?

Thanks!

This thread was automatically locked due to age.

Top Replies

jprusch over 3 years ago in reply to Scott Ebbing +1

This is the UTM-side:

Parents

0 Scott Ebbing over 3 years ago

As an update, the following just came into the event log:

2022:03:07-13:55:53 hq-utm-01 pluto[7633]: "S_secondary" #31: responding to Main Mode

2022:03:07-13:55:53 hq-utm-01 pluto[7633]: "S_secondary" #31: NAT-Traversal: Result using RFC 3947: no NAT detected

2022:03:07-13:55:53 hq-utm-01 pluto[7633]: "S_secondary" #31: Peer ID is ID_IPV4_ADDR: '66.XXX.XXX.237'

2022:03:07-13:55:53 hq-utm-01 pluto[7633]: "S_secondary" #31: Dead Peer Detection (RFC 3706) enabled

2022:03:07-13:55:53 hq-utm-01 pluto[7633]: "S_secondary" #31: sent MR3, ISAKMP SA established

2022:03:07-13:56:03 hq-utm-01 pluto[7633]: "S_secondary" #12: received Delete SA payload: deleting ISAKMP State #12

Not sure what is going on.
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 3 years ago in reply to Scott Ebbing

Hi Scott and welcome to the UTM Community!

Please insert pictures of the Edits of the IPsec Connection and Remote Gateway.

Also, confirm that the NAT-T and DPD settings are identical on both devices and that the PreShared Key is the same on both sides.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 Scott Ebbing over 3 years ago in reply to BAlfson

Hi Bob,

Thank you for the reply. Forgive me, but where do I find the NAT-T and DPD settings to make sure they are correct?

Thank you!

Scott
Cancel
Vote Up 0 Vote Down

Cancel
0 jprusch over 3 years ago in reply to Scott Ebbing

This is the UTM-side:
Cancel
Vote Up +1 Vote Down

Cancel
0 jprusch over 3 years ago in reply to jprusch

And that's the XG-side:
Cancel
Vote Up +1 Vote Down

Cancel

Reply

0 jprusch over 3 years ago in reply to jprusch

And that's the XG-side:
Cancel
Vote Up +1 Vote Down

Cancel

Children

No Data