Hi,
i have createt a IPSec Site-to-Site connection.
Authentication type via RSA Key + Hostname.
i don't get a connection. I have checked the rsa key on both sides, i have checked the hostname. I have checked that the rule is enabled and the policies. I don't know why the connection doesnt work.
I have a other connection wich is working to both of the other astaros
Astaro1 -> Astaro2 Not working
Astaro1 -> Astaro3 working
Astaro2 -> Astaro3 working
2013:03:28-14:56:15 astaro pluto[3875]: packet from IP:500: ignoring Vendor ID payload [882fe56d6fd20dbc2251613b2ebe5beb]
2013:03:28-14:56:15 astaro pluto[3875]: packet from IP:500: ignoring Vendor ID payload [Cisco-Unity]
2013:03:28-14:56:15 astaro pluto[3875]: packet from IP:500: received Vendor ID payload [XAUTH]
2013:03:28-14:56:15 astaro pluto[3875]: packet from IP:500: received Vendor ID payload [Dead Peer Detection]
2013:03:28-14:56:15 astaro pluto[3875]: packet from IP:500: received Vendor ID payload [RFC 3947]
2013:03:28-14:56:15 astaro pluto[3875]: packet from IP:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
2013:03:28-14:56:15 astaro pluto[3875]: packet from IP:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
2013:03:28-14:56:15 astaro pluto[3875]: packet from IP:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2013:03:28-14:56:15 astaro pluto[3875]: packet from IP:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
2013:03:28-14:56:15 astaro pluto[3875]: "S-to-S" #924: responding to Main Mode
2013:03:28-14:56:16 astaro pluto[3875]: "S-to-S" #924: NAT-Traversal: Result using RFC 3947: no NAT detected
2013:03:28-14:56:17 astaro pluto[3875]: "S-to-S" #924: Peer ID is ID_IPV4_ADDR: 'IP'
2013:03:28-14:56:17 astaro pluto[3875]: "S-to-S" #924: no RSA public key known for 'IP'
2013:03:28-14:56:17 astaro pluto[3875]: "S-to-S" #924: sending encrypted notification INVALID_KEY_INFORMATION to IP:500
2013:03:28-14:56:26 astaro pluto[3875]: "S-to-S" #924: Peer ID is ID_IPV4_ADDR: 'IP'
2013:03:28-14:56:26 astaro pluto[3875]: "S-to-S" #924: no RSA public key known for 'IP'
2013:03:28-14:56:26 astaro pluto[3875]: "S-to-S" #924: sending encrypted notification INVALID_KEY_INFORMATION to IP:500
2013:03:28-14:56:36 astaro pluto[3875]: "S-to-S" #922: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message
2013:03:28-14:56:36 astaro pluto[3875]: "S-to-S" #922: starting keying attempt 199 of an unlimited number
2013:03:28-14:56:36 astaro pluto[3875]: "S-to-S" #926: initiating Main Mode to replace #922
2013:03:28-14:56:37 astaro pluto[3875]: "S-to-S" #926: ignoring Vendor ID payload [882fe56d6fd20dbc2251613b2ebe5beb]
2013:03:28-14:56:37 astaro pluto[3875]: "S-to-S" #926: ignoring Vendor ID payload [Cisco-Unity]
2013:03:28-14:56:37 astaro pluto[3875]: "S-to-S" #926: received Vendor ID payload [XAUTH]
2013:03:28-14:56:37 astaro pluto[3875]: "S-to-S" #926: received Vendor ID payload [Dead Peer Detection]
2013:03:28-14:56:37 astaro pluto[3875]: "S-to-S" #926: received Vendor ID payload [RFC 3947]
2013:03:28-14:56:37 astaro pluto[3875]: "S-to-S" #926: enabling possible NAT-traversal with method 3
2013:03:28-14:56:37 astaro pluto[3875]: "S-to-S" #926: NAT-Traversal: Result using RFC 3947: no NAT detected
2013:03:28-14:56:37 astaro pluto[3875]: "S-to-S" #926: we don't have a cert
2013:03:28-14:56:37 astaro pluto[3875]: "S-to-S" #926: multiple ipsec.secrets entries with distinct secrets match endpoints: first secret used
2013:03:28-14:56:37 astaro pluto[3875]: "S-to-S" #926: multiple ipsec.secrets entries with distinct secrets match endpoints: first secret used
2013:03:28-14:56:38 astaro pluto[3875]: "S-to-S" #926: ignoring informational payload, type INVALID_KEY_INFORMATION
This thread was automatically locked due to age.
Guest User!
You are not Sophos Staff.
