Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 3380 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN between Watchguard and ASG

rppalmer
The Watch says it's expecting agressive mode in it's logs, and then I see the following message on the ASG.

Notify Message Type: INVALID_EXCHANGE_TYPE
2009:02:08-21:20:22 (none) pluto[5607]: packet from ***.***.***.***:500: ignoring informational payload, type INVALID_EXCHANGE_TYPE 

Has anyone sucessfully gotten this to work?  I don't see any agressive mode options on the ASG.


This thread was automatically locked due to age.
Parents
  • 0
    I searched the KnowledgBase for 'aggressive v7'.  According to the ASC-V9/ASG-V7 Config Guide: "The Aggressive Mode option is not supported by Astaro Security Gateway."

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    I searched the KnowledgBase for 'aggressive v7'.  According to the ASC-V9/ASG-V7 Config Guide: "The Aggressive Mode option is not supported by Astaro Security Gateway."

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson
    Here is the log on the Watchguard box (see below).  I am not sure if this will help or not.  

    If anyone has experience with getting a VPN configured using a Watchguard X1000 (running Fireware) to ASG7 please let me know.  I need to know if the ASG7 not supporting aggressive mode makes or breaks the ability for me to create a VPN.

    2009-02-08 21:20:50 iked Invalid exchange type in ISAKMP HDR from 65.245.75.253:500 to 202.235.45.66 cookies i=c48d23af cb385382 r=21bf8517 b35dcbb5. Expecting aggressive mode  
    2009-02-08 21:20:50 iked Invalid exchange type in ISAKMP HDR from 65.245.75.253:500 to 202.235.45.66 cookies i=c48d23af cb385382 r=21bf8517 b35dcbb5. Expecting aggressive mode  
    2009-02-08 21:20:50 iked  IkeNotifyPayloadHtoN : net order spi(0xc4 0x8d 0x23 0xaf)    
    2009-02-08 21:20:50 iked  Sending INVALID_EXCHANGE_TYPE message to 65.245.75.253:500  
    2009-02-08 21:20:50 iked  Sending INVALID_EXCHANGE_TYPE message to 65.245.75.253:500
  • 0 in reply to rppalmer
    RP, since Main Mode is more secure than Aggressive, I'd be surprised if the WatchGuard wouldn't have that facility.  My guess is that Astaro's choice to NOT offer Aggressive Mode is a conscious one.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    it does offer main mode but is in use by another VPN so it won't let me use it.  Unfortunately I can't reconfigure the other VPNs either...
  • 0 in reply to rppalmer
    It won't let you make that selection VPN by VPN?
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Cookie Information Banner