Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 5399 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Astaro does not respond to IPSEC isakmp: phase 1 I ident

warpspasm
Hi Guys,

I'm trying to configure L2TP over IPSEC using certificates. I've hit a problem that must be something basic - after completing the configuration as per the Astaro Firewall, I cannot connect from the Windows Connection that I created (again, according to the manual).

I think something fundamental is wrong because Astaro is not even responding to the isakmp: phase 1 I ident requests - look at this snoop:

11:36:56.008034 IP remote.***.org.isakmp > astaro.***.org.isakmp: isakmp: phase 1 I ident
11:36:57.115207 IP remote.***.org.isakmp > astaro.***.org.isakmp: isakmp: phase 1 I ident
11:36:59.071161 IP remote.***.org.isakmp > astaro.***.org.isakmp: isakmp: phase 1 I ident
11:37:03.070850 IP remote.***.org.isakmp > astaro.***.org.isakmp: isakmp: phase 1 I ident
11:37:11.070645 IP remote.***.org.isakmp > astaro.***.org.isakmp: isakmp: phase 1 I ident
11:37:27.072570 IP remote.***.org.isakmp > astaro.***.org.isakmp: isakmp: phase 1 I ident

That's all I get! I have forgotten something fundamental - any ideas?

Yes, Global IPSEC Settings: Status is enabled [:D]

Thanks!


This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to langoleer
    Hi Guys,

    Well, I wanted to post the ipsec.log, but as I made a test connection to have some data in the file to send you guys I noticed that the ipsec.log file is not even updated [:(] Any ideas what to check next?

    BTW in IPSEC VPN -> Connections, I have enabled IKE Debugging...

    Regards
Children
  • 0 in reply to warpspasm
    Since I'd like to use Certificarte-based authentication. It seems I don't need to create a "New IPSEC Connection" from IPSEC VPN -> Connections because if you select MS Windows L2TP over IPSEC you need choose a pre-shared secret, as per a non-certificate connection, so this seems the wrong place to define tunnels that use certificates. Or did I misunderstand something?

    Thanks!
  • 0 in reply to warpspasm

    Well, I wanted to post the ipsec.log, but as I made a test connection to have some data in the file to send you guys I noticed that the ipsec.log file is not even updated [:(] Any ideas what to check next?
    Regards


    It should not happen. Have you tried doing a simple connection with preshared key before to go with certificates?. You also should include any messages from windows.

    -langoleer
Cookie Information Banner