Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 1437 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

iOS IPsec configuration

autumnwalker
I am trying to configure an iOS profile to connect to my network via IPsec using certificates vs. traditional L2TP / PSK.

I have set up the profile and am able to hit the UTM, but the VPN never establishes a connection. Following is an excerpt from my IPsec log.

2014:05:21-21:50:18 awutm01 pluto[25287]: packet from IP: received Vendor ID payload [RFC 3947]
2014:05:21-21:50:18 awutm01 pluto[25287]: packet from IP: ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]
2014:05:21-21:50:18 awutm01 pluto[25287]: packet from IP: ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
2014:05:21-21:50:18 awutm01 pluto[25287]: packet from IP: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
2014:05:21-21:50:18 awutm01 pluto[25287]: packet from IP: ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
2014:05:21-21:50:18 awutm01 pluto[25287]: packet from IP: ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
2014:05:21-21:50:18 awutm01 pluto[25287]: packet from IP: ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
2014:05:21-21:50:18 awutm01 pluto[25287]: packet from IP: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
2014:05:21-21:50:18 awutm01 pluto[25287]: packet from IP: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
2014:05:21-21:50:18 awutm01 pluto[25287]: packet from IP: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2014:05:21-21:50:18 awutm01 pluto[25287]: packet from IP: ignoring Vendor ID payload [FRAGMENTATION 80000000]
2014:05:21-21:50:18 awutm01 pluto[25287]: packet from IP: received Vendor ID payload [Dead Peer Detection]
2014:05:21-21:50:18 awutm01 pluto[25287]: "D_Public Key"[4] IP #44: responding to Main Mode from unknown peer IP
2014:05:21-21:50:18 awutm01 pluto[25287]: "D_Public Key"[4] IP #44: NAT-Traversal: Result using RFC 3947: peer is NATed
2014:05:21-21:50:18 awutm01 pluto[25287]: "D_Public Key"[4] IP #44: ignoring informational payload, type IPSEC_INITIAL_CONTACT
2014:05:21-21:50:18 awutm01 pluto[25287]: "D_Public Key"[4] IP #44: Peer ID is ID_DER_ASN1_DN: 'C=xx, ST=xx, L=xx, O=xx, OU=xx, CN=xx, E=xx'
2014:05:21-21:50:18 awutm01 pluto[25287]: "D_Public Key"[4] IP #44: crl not found
2014:05:21-21:50:18 awutm01 pluto[25287]: "D_Public Key"[4] IP #44: certificate status unknown
2014:05:21-21:50:18 awutm01 pluto[25287]: "D_Public Key"[4] IP #44: no suitable connection for peer 'C=xx, ST=xx, L=xx, O=xx, OU=xx, CN=xx, E=xx'
2014:05:21-21:50:18 awutm01 pluto[25287]: "D_Public Key"[4] IP #44: sending encrypted notification INVALID_ID_INFORMATION to IP


Thoughts?


This thread was automatically locked due to age.
Parents
  • 0
    hmm - appears to have been an issue with the certificates in the end.

    I had both Cisco and IPsec VPNs enabled - disabled the IPsec one and then I started seeing issues with certificates - regenerated all certs (users / server) and it connected.

    Time for phase 2 - persistent iOS VPN.
Reply
  • 0
    hmm - appears to have been an issue with the certificates in the end.

    I had both Cisco and IPsec VPNs enabled - disabled the IPsec one and then I started seeing issues with certificates - regenerated all certs (users / server) and it connected.

    Time for phase 2 - persistent iOS VPN.
Children
No Data
Unfiltered HTML