Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 12 replies
  • Subscribers 1 subscriber
  • Views 10835 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSEC No Route to Host

darryljones
IPSEC remote connects - but does not work with the default IPSEC pool IP address.  Message in IPSEC live log is;

ERROR: asynchronous network error report on eth4 for message to 66.159.127.26 port 4500, complainant 66.159.127.26: No route to host [errno 113, origin ICMP type 3 code 13 (not authenticated)

Any suggestions how to get this routing issue solved is appreciated.


This thread was automatically locked due to age.
Parents
  • 0
    Can you see from the packet filter live log what blocked packets correspond to traffic with the specified IP?
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    there are no blocked packets with the corresponding IP address
  • 0 in reply to darryljones
    Version of Astaro - still 7.2x?  Had this worked with a prior version?

    Client-side software and version?

    Yours - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    thats correct

    It appears to me like packets are trying to route back to the real world address - the one from my DSL connection - and it should be trying to rote to the tunnel address from the IPSEC pool - 10.238.11.2
  • 0 in reply to darryljones
    I understand your response to mean that you are still on V7.2, and that this is a fresh, new IPSec configuration, not one that worked prior to a recent Up2Date.  Right?

    Someone should correct me if I'm wrong, but I believe the destination IP would be the 66. one above, not your internal one.  Isn't that the external IP of the client?

    I googled on "asynchronous network error report" (with quotes) and one possible cause could be the client configuration or a bug in the client - that was the reason for my question above.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to darryljones
    I understand your response to mean that you are still on V7.2, and that this is a fresh, new IPSec configuration, not one that worked prior to a recent Up2Date.  Right?

    Someone should correct me if I'm wrong, but I believe the destination IP would be the 66. one above, not your internal one.  Isn't that the external IP of the client?

    I googled on "asynchronous network error report" (with quotes) and one possible cause could be the client configuration or a bug in the client - that was the reason for my question above.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
Cookie Information Banner