Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 2933 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Waiting for Message 6

EvilKnivel
Hi,

i have a problem with a vpn connection from one user client.

The Log of the VPN Client (NCP) 

8/7/2013 12:51:11 PM  IPSec: Start building connection
8/7/2013 12:51:11 PM  Ike: Outgoing connect request MAIN mode - gateway=***.***.***.*** : Profilname_Client
8/7/2013 12:51:11 PM  Ike: XMIT_MSG1_MAIN - Profilname_Client
8/7/2013 12:51:12 PM  Ike: RECV_MSG2_MAIN - Profilname_Client
8/7/2013 12:51:12 PM  Ike: IKE phase I: Setting LifeTime to 3600 seconds
8/7/2013 12:51:12 PM  Ike: IkeSa negotiated with the following properties -
8/7/2013 12:51:12 PM    Authentication=RSA_SIGNATURES,Encryption=AES,Hash=MD5,DHGroup=5,KeyLen=256
8/7/2013 12:51:12 PM  Ike: Profilname_Client ->Support for NAT-T version - 9
8/7/2013 12:51:12 PM  Ike: XMIT_MSG3_MAIN - Profilname_Client
8/7/2013 12:51:12 PM  IPSec: Final Tunnel EndPoint is:***.***.***.***
8/7/2013 12:51:12 PM  Ike: RECV_MSG4_MAIN - Profilname_Client
8/7/2013 12:51:12 PM  Ike: Turning on NATD mode - Profilname_Client - 3
8/7/2013 12:51:12 PM  Ike: XMIT_MSG5_MAIN - Profilname_Client
8/7/2013 12:51:13 PM  Ike: XMIT_MSG5_MAIN_RESUME - Profilname_Client
8/7/2013 12:51:40 PM  ERROR - 4023: IKE(phase1):Lost contact to Gateway (No Response) in state  - Profilname_Client.
8/7/2013 12:51:40 PM  Ike: phase1:name(Profilname_Client) - ERROR - retry timeout - max retries
8/7/2013 12:51:40 PM  IPSec: Disconnected from Profilname_Client on channel 1.


Log of the Astaro: 

2013:08:07-11:46:08  pluto[3642]: packet from 62.84.***.IP:15170: ignoring Vendor ID payload [da8e937880010000]
2013:08:07-11:46:08  pluto[3642]: packet from 62.84.***.IP:15170: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
2013:08:07-11:46:08  pluto[3642]: packet from 62.84.***.IP:15170: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2013:08:07-11:46:08  pluto[3642]: packet from 62.84.***.IP:15170: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
2013:08:07-11:46:08  pluto[3642]: packet from 62.84.***.IP:15170: received Vendor ID payload [RFC 3947]
2013:08:07-11:46:08  pluto[3642]: packet from 62.84.***.IP:15170: received Vendor ID payload [Dead Peer Detection]
2013:08:07-11:46:08  pluto[3642]: packet from 62.84.***.IP:15170: ignoring Vendor ID payload [NCP Client]
2013:08:07-11:46:08  pluto[3642]: packet from 62.84.***.IP:15170: ignoring Vendor ID payload [c61baca1f1a60cc10800000000000000]
2013:08:07-11:46:08  pluto[3642]: packet from 62.84.***.IP:15170: ignoring Vendor ID payload [cbe79444a0870de4224a2c151fbfe099]
2013:08:07-11:46:08  pluto[3642]: packet from 62.84.***.IP:15170: ignoring Vendor ID payload [FRAGMENTATION c0000000]
2013:08:07-11:46:08  pluto[3642]: ""[6] 62.84.***.IP:15170 #1848: responding to Main Mode from unknown peer 62.84..IP:15170
2013:08:07-11:46:08  pluto[3642]: ""[6] 62.84.***.IP:15170 #1848: NAT-Traversal: Result using RFC 3947: both are NATed
2013:08:07-11:46:38  pluto[3642]: ""[6] 62.84.***.IP:15170 #1848: next payload type of ISAKMP Hash Payload has an unknown value: 96
2013:08:07-11:46:38  pluto[3642]: ""[6] 62.84.***.IP:15170 #1848: malformed payload in packet 


I don't know why it is not working... I have delete the Profile and created a new one.. Same error. I have tested the Client in my office with the same settings and it was working... After that i send the Notebook to the collegue and he get this error.


This thread was automatically locked due to age.
Parents
  • 0
    It seems unusual that one of the devices would have time wrong by almost five minutes, so I was concerned that we weren't seeing the same session.  Before we activate debugging, let's check the Intrusion Prevention log for the session above to see if Anti-DoS Flooding is blocking some of the conversation. 

    When you configured the laptop, did you connect to the External interface or did you have a different Remote access rule for a LAN interface?

    Cheers - Bob

    Sorry for any short responses.  Posted from my iPhone.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    It seems unusual that one of the devices would have time wrong by almost five minutes, so I was concerned that we weren't seeing the same session.  Before we activate debugging, let's check the Intrusion Prevention log for the session above to see if Anti-DoS Flooding is blocking some of the conversation. 

    When you configured the laptop, did you connect to the External interface or did you have a different Remote access rule for a LAN interface?

    Cheers - Bob

    Sorry for any short responses.  Posted from my iPhone.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML