This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

no connection has been authorized with policy=PSK

2013:09:24-12:01:12 RRAS-01-2 pluto[14173]: | ******parse ISAKMP Oakley attribute:

2013:09:24-12:01:12 RRAS-01-2 pluto[14173]: | af+type: OAKLEY_AUTHENTICATION_METHOD

2013:09:24-12:01:12 RRAS-01-2 pluto[14173]: | length/value: 1

2013:09:24-12:01:12 RRAS-01-2 pluto[14173]: | ******parse ISAKMP Oakley attribute:

2013:09:24-12:01:12 RRAS-01-2 pluto[14173]: | af+type: OAKLEY_LIFE_TYPE

2013:09:24-12:01:12 RRAS-01-2 pluto[14173]: | length/value: 1

2013:09:24-12:01:12 RRAS-01-2 pluto[14173]: | ******parse ISAKMP Oakley attribute:

2013:09:24-12:01:12 RRAS-01-2 pluto[14173]: | af+type: OAKLEY_LIFE_DURATION (variable length)

2013:09:24-12:01:12 RRAS-01-2 pluto[14173]: | length/value: 4

2013:09:24-12:01:12 RRAS-01-2 pluto[14173]: | preparse_isakmp_policy: peer requests PSK authentication

2013:09:24-12:01:12 RRAS-01-2 pluto[14173]: packet from 71.194.220.141:3605: initial Main Mode message received on 192.168.168.61:500 but no connection has been authorized with policy=PSK

I get the above error whenever I try connecting with L2tp over IPsec. can someone please help me with this? Its the last thing I don't have working but most important option we need.

Thank you in advance.

I enabled Nat tranversing under IPsec and I now get the below errors

2013:09:24-12:21:57 RRAS-01-2 pluto[17788]: "L_for jimf"[2] 71.194.220.141:6939 #1: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x816c4274 (perhaps this is a duplicated packet)

2013:09:24-12:21:57 RRAS-01-2 pluto[17788]: "L_for jimf"[2] 71.194.220.141:6939 #1: sending encrypted notification INVALID_MESSAGE_ID to 71.194.220.141:6939

This thread was automatically locked due to age.

Parents

0 jimf81 over 11 years ago

Yes I am behind a nating Sonicwall its a pro 4060 we are using for testing. with debugging off I get the below.

Yes version 9.105-9

2013:09:24-12:49:23 RRAS-01-1 pluto[6832]: Changing to directory '/etc/ipsec.d/crls' 

2013:09:24-12:50:04 RRAS-01-2 pluto[22223]: packet from 71.194.220.141:13337: received Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] 

2013:09:24-12:50:04 RRAS-01-2 pluto[22223]: packet from 71.194.220.141:13337: ignoring Vendor ID payload [FRAGMENTATION] 

2013:09:24-12:50:04 RRAS-01-2 pluto[22223]: packet from 71.194.220.141:13337: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] 

2013:09:24-12:50:04 RRAS-01-2 pluto[22223]: packet from 71.194.220.141:13337: ignoring Vendor ID payload [Vid-Initial-Contact] 

2013:09:24-12:50:04 RRAS-01-2 pluto[22223]: "L_for jimf"[1] 71.194.220.141:13337 #1: responding to Main Mode from unknown peer 71.194.220.141:13337 

2013:09:24-12:50:04 RRAS-01-2 pluto[22223]: "L_for jimf"[1] 71.194.220.141:13337 #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: both are NATed 

2013:09:24-12:50:04 RRAS-01-2 pluto[22223]: "L_for jimf"[1] 71.194.220.141:13337 #1: Peer ID is ID_FQDN: 'winxp-test' 

2013:09:24-12:50:04 RRAS-01-2 pluto[22223]: "L_for jimf"[2] 71.194.220.141:13337 #1: deleting connection "L_for jimf"[1] instance with peer 71.194.220.141 {isakmp=#0/ipsec=#0} 

2013:09:24-12:50:04 RRAS-01-2 pluto[22223]: | NAT-T: new mapping 71.194.220.141:13337/14223) 

2013:09:24-12:50:04 RRAS-01-2 pluto[22223]: "L_for jimf"[2] 71.194.220.141:14223 #1: sent MR3, ISAKMP SA established 

2013:09:24-12:50:04 RRAS-01-2 pluto[22223]: "L_for jimf"[2] 71.194.220.141:14223 #1: cannot respond to IPsec SA request because no connection is known for 50.73.123.197/32===192.168.168.61:4500[192.168.168.61]:17/1701...71.194.220.141:14223[winxp-test]:17/%any 

2013:09:24-12:50:04 RRAS-01-2 pluto[22223]: "L_for jimf"[2] 71.194.220.141:14223 #1: sending encrypted notification INVALID_ID_INFORMATION to 71.194.220.141:14223

Reply

0 jimf81 over 11 years ago

Yes I am behind a nating Sonicwall its a pro 4060 we are using for testing. with debugging off I get the below.

Yes version 9.105-9

2013:09:24-12:49:23 RRAS-01-1 pluto[6832]: Changing to directory '/etc/ipsec.d/crls' 

2013:09:24-12:50:04 RRAS-01-2 pluto[22223]: packet from 71.194.220.141:13337: received Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] 

2013:09:24-12:50:04 RRAS-01-2 pluto[22223]: packet from 71.194.220.141:13337: ignoring Vendor ID payload [FRAGMENTATION] 

2013:09:24-12:50:04 RRAS-01-2 pluto[22223]: packet from 71.194.220.141:13337: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] 

2013:09:24-12:50:04 RRAS-01-2 pluto[22223]: packet from 71.194.220.141:13337: ignoring Vendor ID payload [Vid-Initial-Contact] 

2013:09:24-12:50:04 RRAS-01-2 pluto[22223]: "L_for jimf"[1] 71.194.220.141:13337 #1: responding to Main Mode from unknown peer 71.194.220.141:13337 

2013:09:24-12:50:04 RRAS-01-2 pluto[22223]: "L_for jimf"[1] 71.194.220.141:13337 #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: both are NATed 

2013:09:24-12:50:04 RRAS-01-2 pluto[22223]: "L_for jimf"[1] 71.194.220.141:13337 #1: Peer ID is ID_FQDN: 'winxp-test' 

2013:09:24-12:50:04 RRAS-01-2 pluto[22223]: "L_for jimf"[2] 71.194.220.141:13337 #1: deleting connection "L_for jimf"[1] instance with peer 71.194.220.141 {isakmp=#0/ipsec=#0} 

2013:09:24-12:50:04 RRAS-01-2 pluto[22223]: | NAT-T: new mapping 71.194.220.141:13337/14223) 

2013:09:24-12:50:04 RRAS-01-2 pluto[22223]: "L_for jimf"[2] 71.194.220.141:14223 #1: sent MR3, ISAKMP SA established 

2013:09:24-12:50:04 RRAS-01-2 pluto[22223]: "L_for jimf"[2] 71.194.220.141:14223 #1: cannot respond to IPsec SA request because no connection is known for 50.73.123.197/32===192.168.168.61:4500[192.168.168.61]:17/1701...71.194.220.141:14223[winxp-test]:17/%any 

2013:09:24-12:50:04 RRAS-01-2 pluto[22223]: "L_for jimf"[2] 71.194.220.141:14223 #1: sending encrypted notification INVALID_ID_INFORMATION to 71.194.220.141:14223

Children

No Data