Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 11 replies
  • Subscribers 1 subscriber
  • Views 16393 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

L2TP/IPSec Windows 7 - Error 789

Andreas_HP
Dear all,

we have a strange issue using L2TP/IPsec with Windows 7 and UTM 9.

Trying to connect using Certificates results in Error 789.
Additional following Errors are logged in Security Eventlog:

Event 4976

During Main Mode negotiation, IPsec received an invalid negotiation packet. If this problem persists, it could indicate a network issue or an attempt to modify or replay this negotiation.

Local Network Address: IP of Client
Remote Network Address: IP of Gateway
Keying Module Name: IKEv1


Event 4652


An IPsec Main Mode negotiation failed.

 Local Endpoint:
   Principal Name:  Name of Client
    Network Address: IP of Client
    Keying Module Port: 4500
Local Certificate:
   SHA Thumbprint: xyz
    Issuing CA:  CA of UTM
    Root CA:  dn of CA
Remote Endpoint: 
   Principal Name: - 
    Network Address: IP of Gateway
    Keying Module Port: 4500

Remote Certificate:
   SHA thumbprint:  -
    Issuing CA:  -
    Root CA:  -

Additional Information:
   Keying Module Name: IKEv1
    Authentication Method: Certificate
    Role:   Initiator
    Impersonation State: Not enabled
    Main Mode Filter ID: 69620

Failure Information:
   Failure Point:  Local Computer
    Failure Reason:  new policy invalidated sas formed with old policy    State:   Sent third (ID-) Payload
    Initiator Cookie:  %21
    Responder Cookie: %22


The strange thing is when we are switching the Interface to an internal interface and use certificates and connect over the local network it works without any Problem.

Also connecting with L2TP/IPsec using PSK is working fine over WAN.

I hope someone of you can help.

Kind regards,

Andreas


This thread was automatically locked due to age.
Parents
  • 0
    Hi, Andreas, and welcome to the User BB!

    OK, the easy things first...  Try restarting the IPsec process on the Windows machine.  Confirm that the UTM has the public IP that the client is trying to reach (not a NATted IP).  If there's a router/firewall in front of the UTM, make sure that it passes IPsec, NAT-T and keep-alive traffic.

    If you're still having no success, what happens if you disable the Windows firewall on the PC?

    Still having problems?  Please show the lines from the UTM's IPsec log for a single connection attempt.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    Hi, Andreas, and welcome to the User BB!

    OK, the easy things first...  Try restarting the IPsec process on the Windows machine.  Confirm that the UTM has the public IP that the client is trying to reach (not a NATted IP).  If there's a router/firewall in front of the UTM, make sure that it passes IPsec, NAT-T and keep-alive traffic.

    If you're still having no success, what happens if you disable the Windows firewall on the PC?

    Still having problems?  Please show the lines from the UTM's IPsec log for a single connection attempt.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML