Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 17 replies
  • Subscribers 1 subscriber
  • Views 6612 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

l2tp/ipsec vpn broken after ASG8 install

h3mp
just loaded ASG8 on my ASG220 and imported my v7 config...

everything works fine, apart from l2tp/ipsec clients cannot connect..

all user accounts and certs seem to be there as before..

but windows just hangs connecting (you see port opened, then connecting to... - just hangs there then times out eventually)..

anyone else suffering this? - also, where is the ipsec/l2tp log - cant see anything in the ipsec log, does this have a seperate log?

Thanks

Mark


This thread was automatically locked due to age.
Parents
  • 0
    ok, tried at 22.29 to connect...

    IPsec log:
    2010:07:02-22:29:37 wormhole pluto[5222]: packet from 195.***.***.***:500: Informational Exchange is for an unknown (expired?) SA

    this didnt show in the live log - any idea if this helps?

    full packet filter log at same time:


    2010:07:02-22:29:38 *hostname* ulogd[4001]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="0:c:85:xx:xx:xx" dstmac="0:1a:8c:xx:xx:xx" srcip="90.***.***.***" dstip="195.***.***.***" proto="17" length="412" tos="0x00" prec="0x00" ttl="121" srcport="500" dstport="500" 
    2010:07:02-22:29:40 *hostname* ulogd[4001]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="0:c:85:xx:xx:xx" dstmac="0:1a:8c:xx:xx:xx" srcip="90.***.***.***" dstip="195.***.***.***" proto="17" length="412" tos="0x00" prec="0x00" ttl="121" srcport="500" dstport="500" 
    2010:07:02-22:29:43 *hostname* ulogd[4001]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="0:c:85:xx:xx:xx" dstmac="0:1a:8c:xx:xx:xx" srcip="90.***.***.***" dstip="195.***.***.***" proto="17" length="412" tos="0x00" prec="0x00" ttl="121" srcport="500" dstport="500" 
    2010:07:02-22:29:47 *hostname* ulogd[4001]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="0:c:85:xx:xx:xx" dstmac="0:1a:8c:xx:xx:xx" srcip="90.***.***.***" dstip="195.***.***.***" proto="17" length="412" tos="0x00" prec="0x00" ttl="121" srcport="500" dstport="500"
Reply
  • 0
    ok, tried at 22.29 to connect...

    IPsec log:
    2010:07:02-22:29:37 wormhole pluto[5222]: packet from 195.***.***.***:500: Informational Exchange is for an unknown (expired?) SA

    this didnt show in the live log - any idea if this helps?

    full packet filter log at same time:


    2010:07:02-22:29:38 *hostname* ulogd[4001]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="0:c:85:xx:xx:xx" dstmac="0:1a:8c:xx:xx:xx" srcip="90.***.***.***" dstip="195.***.***.***" proto="17" length="412" tos="0x00" prec="0x00" ttl="121" srcport="500" dstport="500" 
    2010:07:02-22:29:40 *hostname* ulogd[4001]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="0:c:85:xx:xx:xx" dstmac="0:1a:8c:xx:xx:xx" srcip="90.***.***.***" dstip="195.***.***.***" proto="17" length="412" tos="0x00" prec="0x00" ttl="121" srcport="500" dstport="500" 
    2010:07:02-22:29:43 *hostname* ulogd[4001]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="0:c:85:xx:xx:xx" dstmac="0:1a:8c:xx:xx:xx" srcip="90.***.***.***" dstip="195.***.***.***" proto="17" length="412" tos="0x00" prec="0x00" ttl="121" srcport="500" dstport="500" 
    2010:07:02-22:29:47 *hostname* ulogd[4001]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="0:c:85:xx:xx:xx" dstmac="0:1a:8c:xx:xx:xx" srcip="90.***.***.***" dstip="195.***.***.***" proto="17" length="412" tos="0x00" prec="0x00" ttl="121" srcport="500" dstport="500"
Children
No Data