This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSEC between two Astaro's doesn’t start

Hello,
I am newbie in IPSEC and few days ago I started to build IPSEC connection between ASG v.6.3 and ASG v.7.011...
My ASG 7.011 is behind NAT, also I using PSK. I read whole documents that contains IPSEC in Astaro Knowledge base and configured devices depend it, but still not working…

Can you help me what’s wrong?

2007:12:16-14:43:12 (none) pluto[4122]: | *received 196 bytes from 88.203.202.30:500 on eth2
2007:12:16-14:43:12 (none) pluto[4122]: | bb fd f1 7d b7 75 55 a4 00 00 00 00 00 00 00 00
2007:12:16-14:43:12 (none) pluto[4122]: | 01 10 02 00 00 00 00 00 00 00 00 c4 0d 00 00 34
2007:12:16-14:43:12 (none) pluto[4122]: | 00 00 00 01 00 00 00 01 00 00 00 28 00 01 00 01
2007:12:16-14:43:12 (none) pluto[4122]: | 00 00 00 20 00 01 00 00 80 0b 00 01 80 0c 0e 10
2007:12:16-14:43:12 (none) pluto[4122]: | 80 01 00 05 80 02 00 01 80 03 00 01 80 04 00 02
2007:12:16-14:43:12 (none) pluto[4122]: | 0d 00 00 10 4f 45 5b 70 75 41 7d 59 59 58 7e 46
2007:12:16-14:43:12 (none) pluto[4122]: | 0d 00 00 14 af ca d7 13 68 a1 f1 c9 6b 86 96 fc
2007:12:16-14:43:12 (none) pluto[4122]: | 77 57 01 00 0d 00 00 14 4a 13 1c 81 07 03 58 45
2007:12:16-14:43:12 (none) pluto[4122]: | 5c 57 28 f2 0e 95 45 2f 0d 00 00 14 7d 94 19 a6
2007:12:16-14:43:12 (none) pluto[4122]: | 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 0d 00 00 14
2007:12:16-14:43:12 (none) pluto[4122]: | cd 60 46 43 35 df 21 f8 7c fd b2 fc 68 b6 a4 48
2007:12:16-14:43:12 (none) pluto[4122]: | 00 00 00 14 44 85 15 2d 18 b6 bb cd 0b e8 a8 46
2007:12:16-14:43:12 (none) pluto[4122]: | 95 79 dd cc
2007:12:16-14:43:12 (none) pluto[4122]: | **parse ISAKMP Message:
2007:12:16-14:43:12 (none) pluto[4122]: | initiator cookie:
2007:12:16-14:43:12 (none) pluto[4122]: | bb fd f1 7d b7 75 55 a4
2007:12:16-14:43:12 (none) pluto[4122]: | responder cookie:
2007:12:16-14:43:12 (none) pluto[4122]: | 00 00 00 00 00 00 00 00
2007:12:16-14:43:12 (none) pluto[4122]: | next payload type: ISAKMP_NEXT_SA
2007:12:16-14:43:12 (none) pluto[4122]: | ISAKMP version: ISAKMP Version 1.0
2007:12:16-14:43:12 (none) pluto[4122]: | exchange type: ISAKMP_XCHG_IDPROT
2007:12:16-14:43:12 (none) pluto[4122]: | flags: none
2007:12:16-14:43:12 (none) pluto[4122]: | message ID: 00 00 00 00
2007:12:16-14:43:12 (none) pluto[4122]: | length: 196
2007:12:16-14:43:12 (none) pluto[4122]: | ***parse ISAKMP Security Association Payload:
2007:12:16-14:43:12 (none) pluto[4122]: | next payload type: ISAKMP_NEXT_VID
2007:12:16-14:43:12 (none) pluto[4122]: | length: 52
2007:12:16-14:43:12 (none) pluto[4122]: | DOI: ISAKMP_DOI_IPSEC
2007:12:16-14:43:12 (none) pluto[4122]: | ***parse ISAKMP Vendor ID Payload:
2007:12:16-14:43:12 (none) pluto[4122]: | next payload type: ISAKMP_NEXT_VID
2007:12:16-14:43:12 (none) pluto[4122]: | length: 16
2007:12:16-14:43:12 (none) pluto[4122]: | ***parse ISAKMP Vendor ID Payload:
2007:12:16-14:43:12 (none) pluto[4122]: | next payload type: ISAKMP_NEXT_VID
2007:12:16-14:43:12 (none) pluto[4122]: | length: 20
2007:12:16-14:43:12 (none) pluto[4122]: | ***parse ISAKMP Vendor ID Payload:
2007:12:16-14:43:12 (none) pluto[4122]: | next payload type: ISAKMP_NEXT_VID
2007:12:16-14:43:12 (none) pluto[4122]: | length: 20
2007:12:16-14:43:12 (none) pluto[4122]: | ***parse ISAKMP Vendor ID Payload:
2007:12:16-14:43:12 (none) pluto[4122]: | next payload type: ISAKMP_NEXT_VID
2007:12:16-14:43:12 (none) pluto[4122]: | length: 20
2007:12:16-14:43:12 (none) pluto[4122]: | ***parse ISAKMP Vendor ID Payload:
2007:12:16-14:43:12 (none) pluto[4122]: | next payload type: ISAKMP_NEXT_VID
2007:12:16-14:43:12 (none) pluto[4122]: | length: 20
2007:12:16-14:43:12 (none) pluto[4122]: | ***parse ISAKMP Vendor ID Payload:
2007:12:16-14:43:12 (none) pluto[4122]: | next payload type: ISAKMP_NEXT_NONE
2007:12:16-14:43:12 (none) pluto[4122]: | length: 20
2007:12:16-14:43:12 (none) pluto[4122]: packet from 88.203.202.30:500: ignoring Vendor ID payload [4f455b7075417d5959587e46]
2007:12:16-14:43:12 (none) pluto[4122]: packet from 88.203.202.30:500: received Vendor ID payload [Dead Peer Detection]
2007:12:16-14:43:12 (none) pluto[4122]: packet from 88.203.202.30:500: received Vendor ID payload [RFC 3947]
2007:12:16-14:43:12 (none) pluto[4122]: packet from 88.203.202.30:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
2007:12:16-14:43:12 (none) pluto[4122]: packet from 88.203.202.30:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
2007:12:16-14:43:12 (none) pluto[4122]: packet from 88.203.202.30:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
2007:12:16-14:43:12 (none) pluto[4122]: | ****parse IPsec DOI SIT:
2007:12:16-14:43:12 (none) pluto[4122]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
2007:12:16-14:43:12 (none) pluto[4122]: | ****parse ISAKMP Proposal Payload:
2007:12:16-14:43:12 (none) pluto[4122]: | next payload type: ISAKMP_NEXT_NONE
2007:12:16-14:43:12 (none) pluto[4122]: | length: 40
2007:12:16-14:43:12 (none) pluto[4122]: | proposal number: 0
2007:12:16-14:43:12 (none) pluto[4122]: | protocol ID: PROTO_ISAKMP
2007:12:16-14:43:12 (none) pluto[4122]: | SPI size: 0
2007:12:16-14:43:12 (none) pluto[4122]: | number of transforms: 1
2007:12:16-14:43:12 (none) pluto[4122]: | *****parse ISAKMP Transform Payload (ISAKMP):
2007:12:16-14:43:12 (none) pluto[4122]: | next payload type: ISAKMP_NEXT_NONE
2007:12:16-14:43:12 (none) pluto[4122]: | length: 32
2007:12:16-14:43:12 (none) pluto[4122]: | transform number: 0
2007:12:16-14:43:12 (none) pluto[4122]: | transform ID: KEY_IKE
2007:12:16-14:43:12 (none) pluto[4122]: | ******parse ISAKMP Oakley attribute:
2007:12:16-14:43:12 (none) pluto[4122]: | af+type: OAKLEY_LIFE_TYPE
2007:12:16-14:43:12 (none) pluto[4122]: | length/value: 1
2007:12:16-14:43:12 (none) pluto[4122]: | ******parse ISAKMP Oakley attribute:
2007:12:16-14:43:12 (none) pluto[4122]: | af+type: OAKLEY_LIFE_DURATION
2007:12:16-14:43:12 (none) pluto[4122]: | length/value: 3600
2007:12:16-14:43:12 (none) pluto[4122]: | ******parse ISAKMP Oakley attribute:
2007:12:16-14:43:12 (none) pluto[4122]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
2007:12:16-14:43:12 (none) pluto[4122]: | length/value: 5
2007:12:16-14:43:12 (none) pluto[4122]: | ******parse ISAKMP Oakley attribute:
2007:12:16-14:43:12 (none) pluto[4122]: | af+type: OAKLEY_HASH_ALGORITHM
2007:12:16-14:43:12 (none) pluto[4122]: | length/value: 1
2007:12:16-14:43:12 (none) pluto[4122]: | ******parse ISAKMP Oakley attribute:
2007:12:16-14:43:12 (none) pluto[4122]: | af+type: OAKLEY_AUTHENTICATION_METHOD
2007:12:16-14:43:12 (none) pluto[4122]: | length/value: 1
2007:12:16-14:43:12 (none) pluto[4122]: | ******parse ISAKMP Oakley attribute:
2007:12:16-14:43:12 (none) pluto[4122]: | af+type: OAKLEY_GROUP_DESCRIPTION
2007:12:16-14:43:12 (none) pluto[4122]: | length/value: 2
2007:12:16-14:43:12 (none) pluto[4122]: | preparse_isakmp_policy: peer requests PSK authentication
2007:12:16-14:43:12 (none) pluto[4122]: packet from 88.203.202.30:500: initial Main Mode message received on 192.168.1.4:500 but no connection has been authorized with policy=PSK
2007:12:16-14:43:12 (none) pluto[4122]: | next event EVENT_RETRANSMIT in 9 seconds for #2052

Regards,
Alexander

This thread was automatically locked due to age.

Parents

0 ClausP over 17 years ago

forwarding for UDP Port 4500 on the router to the astaro enabled ?
Cancel
Vote Up 0 Vote Down

Cancel
0 AlexanderBG over 17 years ago in reply to ClausP

Hi,
On NAT-ed router I forward UDP:500 and UDP: 4500 to Astaro…

BR,
Alex
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 AlexanderBG over 17 years ago in reply to ClausP

Hi,
On NAT-ed router I forward UDP:500 and UDP: 4500 to Astaro…

BR,
Alex
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 AlexanderBG over 17 years ago in reply to AlexanderBG

Still doesn't work!
Can someone help me ?
Cancel
Vote Up 0 Vote Down

Cancel