Hi-
I am able to connect to the ASL 4 with the Sentinel 1.4,
but I cannot do anything else.
I have LAN with private network (172.17.102.0/24) and I tried to use the VPN host both with the LAN network and with another private network (192.168.100.0/24), but it doesn;t seem to matter.
When I look in 'ipconfig /all' I see that the virtual nic is not connected, even though the VPN is connected. And I don't have an IP address for it.
I tried to asing a virtual IP from the ASL, but then the diagnostics in Sentinel doesn't work - IPSec proposal fails (2nd stage)
I cannot ping to anything behind the ASL and tracert shows that it trys to get through the normal route.
I tried with Auto Packet Filter and without it, but I get the same thing.
here is the live log from the IPSec live log while running the Sentinel diagnostics-
Apr 28 15:13:10 fw pluto[14046]: "VPN__YUVAL_1"[2] X.X.X.73 #34: max number of retransmissions (2) reached STATE_MAIN_R1
Apr 28 15:13:18 fw pluto[14046]: "VPN__YUVAL_1"[2] X.X.X.73 #35: max number of retransmissions (2) reached STATE_MAIN_R1
Apr 28 15:13:21 fw pluto[14046]: "VPN__YUVAL_1"[2] X.X.X.73 #36: max number of retransmissions (2) reached STATE_MAIN_R1
Apr 28 15:13:22 fw pluto[14046]: "VPN__YUVAL_1"[2] X.X.X.73 #37: max number of retransmissions (2) reached STATE_MAIN_R1
Apr 28 15:13:24 fw pluto[14046]: "VPN__YUVAL_1"[2] X.X.X.73 #38: max number of retransmissions (2) reached STATE_MAIN_R1
Apr 28 15:13:28 fw pluto[14046]: "VPN__YUVAL_1"[2] X.X.X.73 #39: max number of retransmissions (2) reached STATE_MAIN_R1
Apr 28 15:13:28 fw pluto[14046]: "VPN__YUVAL_1"[2] X.X.X.73 #40: max number of retransmissions (2) reached STATE_MAIN_R1
Apr 28 15:13:28 fw pluto[14046]: "VPN__YUVAL_1"[2] X.X.X.73: deleting connection "VPN__YUVAL_1" instance with peer X.X.X.73
Apr 28 15:14:04 fw pluto[14046]: "VPN__YUVAL_1"[3] X.X.X.73 #41: responding to Main Mode from unknown peer X.X.X.73
Apr 28 15:14:04 fw pluto[14046]: packet from X.X.X.73:500: ignoring Vendor ID payload [SSH Sentinel 1.4]
Apr 28 15:14:05 fw pluto[14046]: "VPN__YUVAL_1"[3] X.X.X.73 #41: Issuer CRL not found
Apr 28 15:14:05 fw pluto[14046]: "VPN__YUVAL_1"[3] X.X.X.73 #41: Issuer CRL not found
Apr 28 15:14:05 fw pluto[14046]: "VPN__YUVAL_1"[3] X.X.X.73 #41: Peer ID is ID_USER_FQDN: 'yuval@kafrit.co.il'
Apr 28 15:14:05 fw pluto[14046]: "VPN__YUVAL_1"[3] X.X.X.73 #41: ignoring informational payload, type IPSEC_INITIAL_CONTACT
Apr 28 15:14:05 fw pluto[14046]: "VPN__YUVAL_1"[3] X.X.X.73 #41: received Delete SA payload: deleting IPSEC State #42
Apr 28 15:14:05 fw pluto[14046]: "VPN__YUVAL_1"[3] X.X.X.73 #41: received Delete SA payload: deleting ISAKMP State #41
Apr 28 15:14:05 fw pluto[14046]: "VPN__YUVAL_1"[3] X.X.X.73 #41: sent MR3, ISAKMP SA established
Apr 28 15:14:05 fw pluto[14046]: "VPN__YUVAL_1"[3] X.X.X.73 #42: IPsec SA established
Apr 28 15:14:05 fw pluto[14046]: "VPN__YUVAL_1"[3] X.X.X.73 #42: responding to Quick Mode
Apr 28 15:14:05 fw pluto[14046]: "VPN__YUVAL_1"[3] X.X.X.73: deleting connection "VPN__YUVAL_1" instance with peer X.X.X.73
Apr 28 15:20:20 fw pluto[14046]: packet from X.X.X.73:500: ignoring Vendor ID payload [SSH Sentinel 1.4]
Apr 28 15:20:20 fw pluto[14046]: "VPN__YUVAL_1"[1] X.X.X.73 #48: responding to Main Mode from unknown peer X.X.X.73
Apr 28 15:20:21 fw pluto[14046]: "VPN__YUVAL_1"[1] X.X.X.73 #48: ignoring informational payload, type IPSEC_INITIAL_CONTACT
Apr 28 15:20:21 fw pluto[14046]: "VPN__YUVAL_1"[1] X.X.X.73 #48: Peer ID is ID_USER_FQDN: 'yuval@kafrit.co.il'
Apr 28 15:20:21 fw pluto[14046]: "VPN__YUVAL_1"[1] X.X.X.73 #48: Issuer CRL not found
Apr 28 15:20:21 fw pluto[14046]: "VPN__YUVAL_1"[1] X.X.X.73 #48: Issuer CRL not found
Apr 28 15:20:21 fw pluto[14046]: "VPN__YUVAL_1"[1] X.X.X.73 #48: sent MR3, ISAKMP SA established
Apr 28 15:20:21 fw pluto[14046]: "VPN__YUVAL_1"[1] X.X.X.73 #48: cannot respond to IPsec SA request because no connection is known for 192.168.100.0/24===X.X.X.71...X.X.X.73[yuval@kafrit.co.il]
Apr 28 15:20:21 fw pluto[14046]: "VPN__YUVAL_1"[1] X.X.X.73 #48: sending encrypted notification INVALID_ID_INFORMATION to X.X.X.73:500
Notice the last two lines.
I need your help!
Thanks-
O
This thread was automatically locked due to age.