Hello
I have just tried to connect via Ipsec(VPN no PPTP) using SSH-Sentinel to a ASL 4.00.
IKE Phase 1 succeds
IKE Phase 2 failed with the following message:
Cannot run the Diagnostics. The remote end cannot find suitable IPSec proposal (Phase 2) parameters. Verify the IPSec proposal parameters.
I´ve checked the paramters including the lifetime, they are all axactly the same on the firewall.
In the livelog I get this messages
packet from xxx.xxx.xxx.xxx:500: ignoring Vendor ID payload [SSH Sentinel 1.4]
"test2_1"[1] xxx.xxx.xxx.xxx #1: responding to Main Mode from unknown peer xxx.xxx.xxx.xxx
"test2_1"[1] xxx.xxx.xxx.xxx #1: ignoring informational payload, type IPSEC_INITIAL_CONTACT
"test2_1"[1] xxx.xxx.xxx.xxx #1: Peer ID is ID_DER_ASN1_DN: XXXXXXXX(Zertifikat)
"test2_1"[1] xxx.xxx.xxx.xxx #1: Issuer CRL not found
"test2_1"[1] xxx.xxx.xxx.xxx #1: Issuer CRL not found
"test2_1"[1] xxx.xxx.xxx.xxx #1: sent MR3, ISAKMP SA established
"test2_1"[1] xxx.xxx.xxx.xxx #1: cannot respond to IPsec SA request because no connection is known for 0.0.0.0/0===xxx.xxx.xxx.xxx XXXXXXXXX(Zertifikat)
"test2_1"[1] xxx.xxx.xxx.xxx #1: sending encrypted notification INVALID_ID_INFORMATION to xxx.xxx.xxx.xxx:500
Two things I´m not sure about:
1. I get the same result, even I type a wrong password when I am connecting, phase 1 succeeds.
2. I´m not sure which certificate I have to use on the firewall as local certificate. I created a second one an tried the same as the client, same result
Thanks for your help
Jonas
This thread was automatically locked due to age.
