Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 16 replies
  • Subscribers 1 subscriber
  • Views 6106 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

iOS 7 IPSec client not connecting to UTM 9.1

MarCow
Hi everyone,

I recently upgraded my iPhone 5 to iOS 7, which previously had a working VPN profile for the native Cisco IPSec client to my UTM 9.105-9 gateway (software appliance for home use running on a reprovisioned ASG-220 Rev 4).  Since the GM of iOS 7, it appears my iPhone can no longer establish a connection to my UTM.  Just in case the profile hadn't made its way over to iOS 7 completely intact, I deleted it and then reinstalled it via the UTM user site.  I saw the same behavior after that.

An excerpt from the VPN log follows.  Not sure if this is an incompatibility issue with iOS 7, or if Verizon FIOS has suddenly started interfering with inbound VPN traffic.  Any thoughts or suggestions?

Thanks,
Martin.

2013:09:20-09:08:52 gateway pluto[5595]: packet from 198.228.199.242:36983: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2013:09:20-09:08:52 gateway pluto[5595]: packet from 198.228.199.242:36983: received Vendor ID payload [XAUTH]
2013:09:20-09:08:52 gateway pluto[5595]: packet from 198.228.199.242:36983: ignoring Vendor ID payload [Cisco-Unity]
2013:09:20-09:08:52 gateway pluto[5595]: packet from 198.228.199.242:36983: ignoring Vendor ID payload [FRAGMENTATION 80000000]
2013:09:20-09:08:52 gateway pluto[5595]: packet from 198.228.199.242:36983: received Vendor ID payload [Dead Peer Detection]
2013:09:20-09:08:52 gateway pluto[5595]: "D_for bilbo to Internal (Network)"[7] 198.228.199.242:36983 #9: responding to Main Mode from unknown peer 198.228.199.242:36983
2013:09:20-09:08:52 gateway pluto[5595]: "D_for bilbo to Internal (Network)"[7] 198.228.199.242:36983 #9: NAT-Traversal: Result using RFC 3947: both are NATed
2013:09:20-09:08:53 gateway pluto[5595]: "D_for bilbo to Internal (Network)"[7] 198.228.199.242:36983 #8: max number of retransmissions (2) reached STATE_MAIN_R2
2013:09:20-09:10:03 gateway pluto[5595]: "D_for bilbo to Internal (Network)"[7] 198.228.199.242:36983 #9: max number of retransmissions (2) reached STATE_MAIN_R2
2013:09:20-09:10:03 gateway pluto[5595]: "D_for bilbo to Internal (Network)"[7] 198.228.199.242:36983: deleting connection "D_for bilbo to Internal (Network)"[7] instance with peer 198.228.199.242 {isakmp=#0/ipsec=#0


This thread was automatically locked due to age.
Parents
  • 0
    If it would be useful/interesting for me to posting the live log when this connection is established just let me know. 

    Thanks for your efforts, Martin - I didn't know that that could work.  I did a test with an instance in Amazon EC2, and it worked!  I watched the Live Log and saw that it's apparent that the client is configured to ignore the mismatch with the private IP on the interface of the instance.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    If it would be useful/interesting for me to posting the live log when this connection is established just let me know. 

    Thanks for your efforts, Martin - I didn't know that that could work.  I did a test with an instance in Amazon EC2, and it worked!  I watched the Live Log and saw that it's apparent that the client is configured to ignore the mismatch with the private IP on the interface of the instance.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML