Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 1142 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

uTM 9.004-34 and IOS 6

kernel_wall
Hello all,

i tried what i found on the forum but looks like i missed something, my VPN cisco IPSE is not working anymore when it is still working on my ipad with an older OS Version. here is the log i get in IPSEC logs :


2013:01:29-21:14:52 R-HOME01 pluto[5041]: packet from 80.214.8.223:500: received Vendor ID payload [RFC 3947]
2013:01:29-21:14:52 R-HOME01 pluto[5041]: packet from 80.214.8.223:500: ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]
2013:01:29-21:14:52 R-HOME01 pluto[5041]: packet from 80.214.8.223:500: ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
2013:01:29-21:14:52 R-HOME01 pluto[5041]: packet from 80.214.8.223:500: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
2013:01:29-21:14:52 R-HOME01 pluto[5041]: packet from 80.214.8.223:500: ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
2013:01:29-21:14:52 R-HOME01 pluto[5041]: packet from 80.214.8.223:500: ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
2013:01:29-21:14:52 R-HOME01 pluto[5041]: packet from 80.214.8.223:500: ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
2013:01:29-21:14:52 R-HOME01 pluto[5041]: packet from 80.214.8.223:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
2013:01:29-21:14:52 R-HOME01 pluto[5041]: packet from 80.214.8.223:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
2013:01:29-21:14:52 R-HOME01 pluto[5041]: packet from 80.214.8.223:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2013:01:29-21:14:52 R-HOME01 pluto[5041]: packet from 80.214.8.223:500: received Vendor ID payload [XAUTH]
2013:01:29-21:14:52 R-HOME01 pluto[5041]: packet from 80.214.8.223:500: ignoring Vendor ID payload [Cisco-Unity]
2013:01:29-21:14:52 R-HOME01 pluto[5041]: packet from 80.214.8.223:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
2013:01:29-21:14:52 R-HOME01 pluto[5041]: packet from 80.214.8.223:500: received Vendor ID payload [Dead Peer Detection]
2013:01:29-21:14:52 R-HOME01 pluto[5041]: "D_for USERNAME to Internal (Network)"[3] 80.214.8.223 #16: responding to Main Mode from unknown peer 80.214.8.223
2013:01:29-21:14:54 R-HOME01 pluto[5041]: packet from 80.214.8.223:500: received Vendor ID payload [RFC 3947]
2013:01:29-21:14:54 R-HOME01 pluto[5041]: packet from 80.214.8.223:500: ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]
2013:01:29-21:14:54 R-HOME01 pluto[5041]: packet from 80.214.8.223:500: ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
2013:01:29-21:14:54 R-HOME01 pluto[5041]: packet from 80.214.8.223:500: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
2013:01:29-21:14:54 R-HOME01 pluto[5041]: packet from 80.214.8.223:500: ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
2013:01:29-21:14:54 R-HOME01 pluto[5041]: packet from 80.214.8.223:500: ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
2013:01:29-21:14:54 R-HOME01 pluto[5041]: packet from 80.214.8.223:500: ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
2013:01:29-21:14:54 R-HOME01 pluto[5041]: packet from 80.214.8.223:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
2013:01:29-21:14:54 R-HOME01 pluto[5041]: packet from 80.214.8.223:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
2013:01:29-21:14:54 R-HOME01 pluto[5041]: packet from 80.214.8.223:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2013:01:29-21:14:54 R-HOME01 pluto[5041]: packet from 80.214.8.223:500: received Vendor ID payload [XAUTH]
2013:01:29-21:14:54 R-HOME01 pluto[5041]: packet from 80.214.8.223:500: ignoring Vendor ID payload [Cisco-Unity]
2013:01:29-21:14:54 R-HOME01 pluto[5041]: packet from 80.214.8.223:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
2013:01:29-21:14:54 R-HOME01 pluto[5041]: packet from 80.214.8.223:500: received Vendor ID payload [Dead Peer Detection]
2013:01:29-21:14:54 R-HOME01 pluto[5041]: "D_for USERNAME to Internal (Network)"[3] 80.214.8.223 #17: responding to Main Mode from unknown peer 80.214.8.223
2013:01:29-21:14:54 R-HOME01 pluto[5041]: "D_for USERNAME to Internal (Network)"[3] 80.214.8.223 #16: NAT-Traversal: Result using RFC 3947: peer is NATed
2013:01:29-21:14:55 R-HOME01 pluto[5041]: packet from 80.214.8.182:4500: Main Mode message is part of an unknown exchange
2013:01:29-21:14:55 R-HOME01 pluto[5041]: packet from 80.214.8.182:4500: Main Mode message is part of an unknown exchange
2013:01:29-21:14:58 R-HOME01 pluto[5041]: packet from 80.214.8.182:4500: Main Mode message is part of an unknown exchange
2013:01:29-21:14:58 R-HOME01 pluto[5041]: packet from 80.214.8.182:4500: Main Mode message is part of an unknown exchange
2013:01:29-21:15:01 R-HOME01 pluto[5041]: packet from 80.214.8.182:4500: Main Mode message is part of an unknown exchange
2013:01:29-21:15:01 R-HOME01 pluto[5041]: packet from 80.214.8.182:4500: Main Mode message is part of an unknown exchange
2013:01:29-21:15:05 R-HOME01 pluto[5041]: packet from 80.214.8.182:4500: Main Mode message is part of an unknown exchange
2013:01:29-21:15:05 R-HOME01 pluto[5041]: packet from 80.214.8.182:4500: Main Mode message is part of an unknown exchange
2013:01:29-21:15:05 R-HOME01 pluto[5041]: packet from 80.214.8.182:4500: Main Mode message is part of an unknown exchange
2013:01:29-21:15:05 R-HOME01 pluto[5041]: packet from 80.214.8.182:4500: Main Mode message is part of an unknown exchange
2013:01:29-21:15:17 R-HOME01 pluto[5041]: packet from 80.214.8.182:4500: Main Mode message is part of an unknown exchange
2013:01:29-21:15:17 R-HOME01 pluto[5041]: packet from 80.214.8.182:4500: Main Mode message is part of an unknown exchange
2013:01:29-21:16:04 R-HOME01 pluto[5041]: "D_for USERNAME to Internal (Network)"[3] 80.214.8.223 #16: max number of retransmissions (2) reached STATE_MAIN_R2
2013:01:29-21:16:04 R-HOME01 pluto[5041]: "D_for USERNAME to Internal (Network)"[3] 80.214.8.223 #17: max number of retransmissions (2) reached STATE_MAIN_R1
2013:01:29-21:16:04 R-HOME01 pluto[5041]: "D_for USERNAME to Internal (Network)"[3] 80.214.8.223: deleting connection "D_for USERNAME to Internal (Network)"[3] instance with peer 80.214.8.223 {isakmp=#0/ipsec=#0}



someone can help ? i'm completely lost and i really would like to have my iphone able to vpn in my system.

Cheers
Flo


This thread was automatically locked due to age.
  • 0
    Hi,

    same problem here with iOS6 and UTM9. I have created a new 2048Bit Certificate (VPN ID Hostname, field Hostname and Common Name = external FQDN firewall.domain.com) und changed in the Pulldownmenu the local X509 Cert with the new one. Deleted Profiles and Certificates on my IPhone, connected to User Portal and installed iOS VPN Config on my IPhone.
    That worked for me.


    Regards
    Torsten
  • 0 in reply to thermann
    9.005 includes some fixes for IPSEC   ... might be worth a try.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0
    I have the same problem.  The Certificate have i created with FQDN at Name,Hostname/ID and Common Name. But does not work. Hostname Override also set with FQDN.
    On Ipad and iphone comes the Message "Server Certificate can not check"

    Firmware: 9.005-15
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?