Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 0 replies
  • Subscribers 1 subscriber
  • Views 1517 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSEC VPN keeps retransmitting

deoli
Hi Guys,

i need your well known help again. I'm expieriencing some issues by creating a Site 2 Site VPN Connection between an branch office and headquarter.

Network Settings:
1 x ASG 7.005 with an Home Use License (Local Site)
1 x Bintec X2300is VPN Router (Remote Site)

I've configured the VPN as follows:

[LIST=1]
  • Astaro 7.005 Configuration:
[/LIST]


IPSEC Policy Configuration:

Name: _IPP_XYZ
IKE Settings: AES 192 / MD5 / Group 2: MODP 1024   Lifetime: 86400 seconds
IPSec Settings: AES 192 / MD5 / Group 2: MODP 1024   Lifetime: 86400 seconds
Settings: Compression off, not using strict policy.

Remote Gateway Configuration:

Name: _RGW_XYZ_X2300is
Gateway: _RTR_XYZ-X2300is
Gateway Type: Initiate
VPN ID is IP Address [192.168.1.2], authenticated via Preshared key

IPsec Connection Configuration:

Name: _VPN_XYZ
Remote Gateway: _RGW_XYZ_X2300is
Interface: IF_TRA
Policy: _IPP_XYZ
Local Networks: IF_LAN
[Auto packet filter is on, not using strict routing]



[LIST=1]
  • Bintec X2300is Configuration:
[/LIST]


Configure Peer:

Peer Address: vpn1.abc.de
Peer IDs: 192.168.1.2
PSK: secret

Peer specific settings:
Phase 1: Rijndal (AES), MD5, 86400, DPD (Dead-Peer-Detection) 
Phase 2: Rijndal (AES), MD5, 86400, DPD (Heartbeat)



[LIST=1]
  • Output of Astaro Live Log: IPSec VPN:
[/LIST]


2007:07:03-20:01:26 (none) pluto[3740]: "S__VPN_Amendi_0" #58: initiating Main Mode to replace #57
2007:07:03-20:01:26 (none) pluto[3740]: "S__VPN_Amendi_0" #58: ignoring Vendor ID payload [0048e2270bea8395ed778d343cc2a076]
2007:07:03-20:01:26 (none) pluto[3740]: "S__VPN_Amendi_0" #58: ignoring Vendor ID payload [810fa565f8ab14369105d706fbd57279]
2007:07:03-20:01:26 (none) pluto[3740]: "S__VPN_Amendi_0" #58: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
2007:07:03-20:01:26 (none) pluto[3740]: "S__VPN_Amendi_0" #58: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2007:07:03-20:01:26 (none) pluto[3740]: "S__VPN_Amendi_0" #58: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
2007:07:03-20:01:26 (none) pluto[3740]: "S__VPN_Amendi_0" #58: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
2007:07:03-20:01:26 (none) pluto[3740]: "S__VPN_Amendi_0" #58: received Vendor ID payload [Dead Peer Detection]
2007:07:03-20:01:26 (none) pluto[3740]: "S__VPN_Amendi_0" #58: enabling possible NAT-traversal with method RFC 3947
2007:07:03-20:01:27 (none) pluto[3740]: "S__VPN_Amendi_0" #58: Informational Exchange message must be encrypted
2007:07:03-20:01:36 (none) pluto[3740]: "S__VPN_Amendi_0" #58: Informational Exchange message must be encrypted
2007:07:03-20:01:56 (none) pluto[3740]: "S__VPN_Amendi_0" #58: Informational Exchange message must be encrypted
2007:07:03-20:02:36 (none) pluto[3740]: "S__VPN_Amendi_0" #58: max number of retransmissions (2) reached STATE_MAIN_I2
2007:07:03-20:02:36 (none) pluto[3740]: "S__VPN_Amendi_0" #58: starting keying attempt 51 of an unlimited number 



Thank you for your help in advance!

greetings,
Oliver


This thread was automatically locked due to age.
Cookie Information Banner