Hi there,
Need some help as at the moment I have a little problem connecting Net-2-Net from my Astaro V4 Box to a Sonicwall Box.
I’ll give you a bit of background a company SUBNET policy has been introduced so whilst changing our address range I saw it as an opportune moment to install V4 since going onto V4 the VPN Net to Net ‘blips’ out every 60-90 mins and it’s a phone call to the end (NY) with the SonicWall device to click on RENEGOTIATE (sorry have zero experience on Sonicwall) then the tunnel is back up.
Have Generated New PSK Keys at both sides, deleted the VPN and recreated it to the same effect, any ideas or assistance would be appreciated as those darn tetchy users are looking for blood and it’s damn frustrating.
000
000 "VPN-NewYork_1": 192.168.0.0/16===69.254.208.235...196.148.201.4===192.168.1.0/24
000 "VPN-NewYork_1": CAs: '%any'...'%any'
000 "VPN-NewYork_1": ike_life: 7800s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "VPN-NewYork_1": policy: PSK+ENCRYPT+TUNNEL; interface: eth1; erouted
000 "VPN-NewYork_1": newest ISAKMP SA: #2208; newest IPsec SA: #2179; eroute owner: #2179
000 "VPN-NewYork_1": IKE algorithms wanted: 5_000-1-5, flags=-strict
000 "VPN-NewYork_1": IKE algorithms found: 5_192-1_128-5,
000 "VPN-NewYork_1": IKE algorithm newest: 3DES_CBC_192-MD5-MODP768
000 "VPN-NewYork_1": ESP algorithms wanted: 3_000-1, flags=-strict
000 "VPN-NewYork_1": ESP algorithms loaded: 3_168-1_128,
000 "VPN-NewYork_1": ESP algorithm newest: 3DES_0-HMAC_SHA1; pfsgroup=
000
000 #1796: "VPN-NewYork_1" STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 1922s
000 #1915: "VPN-NewYork_1" STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 3608s
000 #1663: "VPN-NewYork_1" STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_EXPIRE in 24s
000 #2079: "VPN-NewYork_1" STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 5777s
000 #2207: "VPN-NewYork_1" STATE_QUICK_I1 (sent QI1, expecting QR1); EVENT_RETRANSMIT in 0s
000 #2179: "VPN-NewYork_1" STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 2874s; newest IPSEC; eroute owner
000 #2179: "VPN-NewYork_1" esp.cb6cf789@196.148.201.4 esp.30240494@69.254.208.235 tun.1010@196.148.201.4 tun.100f@69.254.208.235
000 #2178: "VPN-NewYork_1" STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 7074s
000 #2212: "VPN-NewYork_1" STATE_QUICK_I1 (sent QI1, expecting QR1); EVENT_RETRANSMIT in 2s established); EVENT_SA_REPLACE in 236s
000
Also this may help this is an extract of the IPSec VPN Log when it goes pear-shaped
2003-Dec 30 11:57:40 (none) pluto[17163]: "VPN-NewYork_1" #1495: received and ignored informational message
2003-Dec 30 11:57:50 (none) pluto[17163]: "VPN-NewYork_1" #1495: ignoring informational payload, type NO_PROPOSAL_CHOSEN
2003-Dec 30 11:57:50 (none) pluto[17163]: "VPN-NewYork_1" #1495: received and ignored informational message
2003-Dec 30 11:57:56 (none) pluto[17163]: "VPN-NewYork_1" #1495: cannot respond to IPsec SA request because no connection is known for 192.168.0.0/16===69.254.208.235...196.148.201.4===174.10.0.0/24 (Note Old NY SUBNET)
2003-Dec 30 11:57:56 (none) pluto[17163]: "VPN-NewYork_1" #1495: sending encrypted notification INVALID_ID_INFORMATION to 195.153.204.7:500
2003-Dec 30 11:58:10 (none) pluto[17163]: "VPN-NewYork_1" #1495: Informational Exchange message for an established ISAKMP SA must be encrypted
2003-Dec 30 11:58:39 (none) pluto[17163]: "VPN-NewYork_1" #1502: max number of retransmissions (2) reached STATE_QUICK_I1
2003-Dec 30 11:58:39 (none) pluto[17163]: "VPN-NewYork_1" #1502: starting keying attempt 71 of an unlimited number
2003-Dec 30 11:58:39 (none) pluto[17163]: "VPN-NewYork_1" #1504: initiating Quick Mode PSK+ENCRYPT+TUNNEL to replace #1502
PS NB Old NY SUBNET Still exists in the log but doesn’t exist within ASTARO.
Thanks
Garfield
This thread was automatically locked due to age.
