VPN IPSec - Sophos x Sonicwall

2014:04:08-14:11:43 UTM-VM-SECG67 pluto[10714]: listening for IKE messages

2014:04:08-14:11:43 UTM-VM-SECG67 pluto[10714]: forgetting secrets

2014:04:08-14:11:43 UTM-VM-SECG67 pluto[10714]: loading secrets from "/etc/ipsec.secrets"

2014:04:08-14:11:43 UTM-VM-SECG67 pluto[10714]: loaded PSK secret for 200.194.106.246 %any

2014:04:08-14:11:43 UTM-VM-SECG67 pluto[10714]: loaded PSK secret for 200.194.106.246 %any

2014:04:08-14:11:43 UTM-VM-SECG67 pluto[10714]: loaded PSK secret for 200.194.106.246 %any

2014:04:08-14:11:43 UTM-VM-SECG67 pluto[10714]: loaded PSK secret for 200.194.106.246 201.20.105.146

2014:04:08-14:11:43 UTM-VM-SECG67 pluto[10714]: forgetting secrets

2014:04:08-14:11:43 UTM-VM-SECG67 pluto[10714]: loading secrets from "/etc/ipsec.secrets"

2014:04:08-14:11:43 UTM-VM-SECG67 pluto[10714]: loaded PSK secret for 200.194.106.246 %any

2014:04:08-14:11:43 UTM-VM-SECG67 pluto[10714]: loaded PSK secret for 200.194.106.246 %any

2014:04:08-14:11:43 UTM-VM-SECG67 pluto[10714]: loaded PSK secret for 200.194.106.246 %any

2014:04:08-14:11:43 UTM-VM-SECG67 pluto[10714]: loaded PSK secret for 200.194.106.246 201.20.105.146

2014:04:08-14:11:43 UTM-VM-SECG67 pluto[10714]: loading ca certificates from '/etc/ipsec.d/cacerts'

2014:04:08-14:11:43 UTM-VM-SECG67 pluto[10714]: loaded ca certificate from '/etc/ipsec.d/cacerts/VPN Signing CA (Fri Apr 27 12:26:36 2012).pem'

2014:04:08-14:11:43 UTM-VM-SECG67 pluto[10714]: loaded ca certificate from '/etc/ipsec.d/cacerts/VPN Signing CA.pem'

2014:04:08-14:11:43 UTM-VM-SECG67 pluto[10714]: loading aa certificates from '/etc/ipsec.d/aacerts'

2014:04:08-14:11:43 UTM-VM-SECG67 pluto[10714]: loading ocsp certificates from '/etc/ipsec.d/ocspcerts'

2014:04:08-14:11:43 UTM-VM-SECG67 pluto[10714]: loading attribute certificates from '/etc/ipsec.d/acerts'

2014:04:08-14:11:43 UTM-VM-SECG67 pluto[10714]: Changing to directory '/etc/ipsec.d/crls'

2014:04:08-14:11:43 UTM-VM-SECG67 pluto[10714]: added connection description "S_ENERGY"

2014:04:08-14:12:22 UTM-VM-SECG67 pluto[10714]: "S_ENERGY"[1] 177.184.130.52 #11: responding to Quick Mode

2014:04:08-14:12:22 UTM-VM-SECG67 pluto[10714]: id="2203" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN up" variant="ipsec" connection="ENERGY" address="200.194.106.246" local_net="200.194.96.32/32" remote_net="172.16.10.0/24"

2014:04:08-14:12:22 UTM-VM-SECG67 pluto[10714]: "S_ENERGY"[1] 177.184.130.52 #11: IPsec SA established {ESP=>0x1765fef9 

SA:	200.194.96.32/32=200.194.106.246		177.184.130.52=172.16.10.0/24

VPN ID: 200.194.106.246

IKE: Auth PSK / Enc 3DES_CBC / Hash HMAC_MD5 / Lifetime 7800s / DPD

ESP: Enc AES_CBC_256 / Hash HMAC_MD5 / Lifetime 3600s

The interesting thing is that after a while is that the problem occurs, and have several messages stating:

2014:04:08-22:53:46 UTM-VM-SECG67 pluto[10714]: "S_REF_IpsSitEnergy_0"[5] 177.158.115.10 #353: next payload type of ISAKMP Hash Payload has an unknown value: 208

2014:04:08-22:53:46 UTM-VM-SECG67 pluto[10714]: "S_REF_IpsSitEnergy_0"[5] 177.158.115.10 #353: malformed payload in packet

2014:04:08-22:53:46 UTM-VM-SECG67 pluto[10714]: "S_REF_IpsSitEnergy_0"[5] 177.158.115.10 #353: discarding duplicate packet; already STATE_MAIN_I3

2014:04:08-22:53:59 UTM-VM-SECG67 pluto[10714]: packet from 177.184.130.52:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN

Until disconnection occurs and the process only reconnects after deactivate and activate several times the setting to its Peer.

The Sophos UTM is operating as ANSWER ONLY and the SonicWall is initiating the connection.

I don't detect any problem or connectivity links between both clients.

2014:04:08-14:11:43 UTM-VM-SECG67 pluto[10714]: listening for IKE messages

2014:04:08-14:11:43 UTM-VM-SECG67 pluto[10714]: forgetting secrets

2014:04:08-14:11:43 UTM-VM-SECG67 pluto[10714]: loading secrets from "/etc/ipsec.secrets"

2014:04:08-14:11:43 UTM-VM-SECG67 pluto[10714]: loaded PSK secret for 200.194.106.246 %any

2014:04:08-14:11:43 UTM-VM-SECG67 pluto[10714]: loaded PSK secret for 200.194.106.246 %any

2014:04:08-14:11:43 UTM-VM-SECG67 pluto[10714]: loaded PSK secret for 200.194.106.246 %any

2014:04:08-14:11:43 UTM-VM-SECG67 pluto[10714]: loaded PSK secret for 200.194.106.246 201.20.105.146

2014:04:08-14:11:43 UTM-VM-SECG67 pluto[10714]: forgetting secrets

2014:04:08-14:11:43 UTM-VM-SECG67 pluto[10714]: loading secrets from "/etc/ipsec.secrets"

2014:04:08-14:11:43 UTM-VM-SECG67 pluto[10714]: loaded PSK secret for 200.194.106.246 %any

2014:04:08-14:11:43 UTM-VM-SECG67 pluto[10714]: loaded PSK secret for 200.194.106.246 %any

2014:04:08-14:11:43 UTM-VM-SECG67 pluto[10714]: loaded PSK secret for 200.194.106.246 %any

2014:04:08-14:11:43 UTM-VM-SECG67 pluto[10714]: loaded PSK secret for 200.194.106.246 201.20.105.146

2014:04:08-14:11:43 UTM-VM-SECG67 pluto[10714]: loading ca certificates from '/etc/ipsec.d/cacerts'

2014:04:08-14:11:43 UTM-VM-SECG67 pluto[10714]: loaded ca certificate from '/etc/ipsec.d/cacerts/VPN Signing CA (Fri Apr 27 12:26:36 2012).pem'

2014:04:08-14:11:43 UTM-VM-SECG67 pluto[10714]: loaded ca certificate from '/etc/ipsec.d/cacerts/VPN Signing CA.pem'

2014:04:08-14:11:43 UTM-VM-SECG67 pluto[10714]: loading aa certificates from '/etc/ipsec.d/aacerts'

2014:04:08-14:11:43 UTM-VM-SECG67 pluto[10714]: loading ocsp certificates from '/etc/ipsec.d/ocspcerts'

2014:04:08-14:11:43 UTM-VM-SECG67 pluto[10714]: loading attribute certificates from '/etc/ipsec.d/acerts'

2014:04:08-14:11:43 UTM-VM-SECG67 pluto[10714]: Changing to directory '/etc/ipsec.d/crls'

2014:04:08-14:11:43 UTM-VM-SECG67 pluto[10714]: added connection description "S_ENERGY"

2014:04:08-14:12:22 UTM-VM-SECG67 pluto[10714]: "S_ENERGY"[1] 177.184.130.52 #11: responding to Quick Mode

2014:04:08-14:12:22 UTM-VM-SECG67 pluto[10714]: id="2203" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN up" variant="ipsec" connection="ENERGY" address="200.194.106.246" local_net="200.194.96.32/32" remote_net="172.16.10.0/24"

2014:04:08-14:12:22 UTM-VM-SECG67 pluto[10714]: "S_ENERGY"[1] 177.184.130.52 #11: IPsec SA established {ESP=>0x1765fef9 

SA:	200.194.96.32/32=200.194.106.246		177.184.130.52=172.16.10.0/24

VPN ID: 200.194.106.246

IKE: Auth PSK / Enc 3DES_CBC / Hash HMAC_MD5 / Lifetime 7800s / DPD

ESP: Enc AES_CBC_256 / Hash HMAC_MD5 / Lifetime 3600s

The interesting thing is that after a while is that the problem occurs, and have several messages stating:

2014:04:08-22:53:46 UTM-VM-SECG67 pluto[10714]: "S_REF_IpsSitEnergy_0"[5] 177.158.115.10 #353: next payload type of ISAKMP Hash Payload has an unknown value: 208

2014:04:08-22:53:46 UTM-VM-SECG67 pluto[10714]: "S_REF_IpsSitEnergy_0"[5] 177.158.115.10 #353: malformed payload in packet

2014:04:08-22:53:46 UTM-VM-SECG67 pluto[10714]: "S_REF_IpsSitEnergy_0"[5] 177.158.115.10 #353: discarding duplicate packet; already STATE_MAIN_I3

2014:04:08-22:53:59 UTM-VM-SECG67 pluto[10714]: packet from 177.184.130.52:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN

Until disconnection occurs and the process only reconnects after deactivate and activate several times the setting to its Peer.

The Sophos UTM is operating as ANSWER ONLY and the SonicWall is initiating the connection.

I don't detect any problem or connectivity links between both clients.