Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 2505 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

L2TP/IPSec Windows XP/7 uses first user instead of second

guawhitehawk
Hi all,

dunno if anyone had this strange behaviour before. We´re using L2TP/IPSec for RA to our datacenter and this works great with our Mac Clients using OS X internal L2TP Functionalities.

But while we need Windows too (for using vSphere Client) we wanna setup this on some XP SP3 (all updates) and Win 7 clients.
Here we have a strange behaviour on ALL Systems.

At moment there are 2 distinct users configured, call them "Auser" and "Buser" so "Auser" is on place 1 in the List of the ASGs Allowed Users (normally sort from a to z)

while connecting with a Windows Client the ASG tries to use the first user, even if the second user is selected to be used in the win client.
The Log says: (when i connect with "Buser" and its password!!!)

2012:04:16-16:35:07 seth-2 pluto[7632]: packet from 160.xx.xx.xx:51: received Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
2012:04:16-16:35:07 seth-2 pluto[7632]: packet from 160.xx.xx.xx:51: ignoring Vendor ID payload [FRAGMENTATION]
2012:04:16-16:35:07 seth-2 pluto[7632]: packet from 160.xx.xx.xx:51: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2012:04:16-16:35:07 seth-2 pluto[7632]: packet from 160.xx.xx.xx:51: ignoring Vendor ID payload [Vid-Initial-Contact]
2012:04:16-16:35:07 seth-2 pluto[7632]: "S_for Auser"[18] 160.xx.xx.xx:4500 #219: responding to Main Mode from unknown peer 160.xx.xx.xx:4500
2012:04:16-16:35:07 seth-2 pluto[7632]: | NAT-T: new mapping 160.xx.xx.xx:4500/51)
2012:04:16-16:35:07 seth-2 pluto[7632]: "S_for Auser"[18] 160.xx.xx.xx:51 #218: ERROR: netlink response for Add SA esp.c6be7c76@46.xx.xx.xx included errno 22: Invalid argument
2012:04:16-16:35:07 seth-2 pluto[7632]: "S_for Auser"[18] 160.xx.xx.xx:51 #219: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
2012:04:16-16:35:08 seth-2 pluto[7632]: "S_for Auser"[18] 160.xx.xx.xx:51 #219: byte 2 of ISAKMP Identification Payload must be zero, but is not
2012:04:16-16:35:08 seth-2 pluto[7632]: "S_for Auser"[18] 160.xx.xx.xx:51 #219: malformed payload in packet. Probable authentication failure (mismatch of preshared secrets?) 


Does anyone has any clue??

Using ASG 8.301


This thread was automatically locked due to age.
Parents Reply Children
No Data