I've set up a few Site-to-Site VPNs using Astaro and Sophos product in my time and it's always been a slam-dunk experience.
Until now. I'm having a problem connecting an SG210 to a UTM110 via IPsec and it's really getting to my head! Hopefully another set of eyes on this issue will reveal some stupid fat-finger mistake or something.
I don't have time to go screenshot everything in the config right now but here's the logs off the SG210 at the head-office:
2014:07:08-11:49:23 pluto[6069]: "L_for admin"[228] :4500 #378: max number of retransmissions (2) reached STATE_MAIN_R2
2014:07:08-11:49:23 pluto[6069]: "L_for admin"[228] :4500: deleting connection "L_for admin"[228] instance with peer {isakmp=#0/ipsec=#0}
2014:07:08-11:49:23 pluto[6069]: packet from :4500: received Vendor ID payload [strongSwan]
2014:07:08-11:49:23 pluto[6069]: packet from :4500: ignoring Vendor ID payload [Cisco-Unity]
2014:07:08-11:49:23 pluto[6069]: packet from :4500: received Vendor ID payload [XAUTH]
2014:07:08-11:49:23 pluto[6069]: packet from :4500: received Vendor ID payload [Dead Peer Detection]
2014:07:08-11:49:23 pluto[6069]: packet from :4500: received Vendor ID payload [RFC 3947]
2014:07:08-11:49:23 pluto[6069]: packet from :4500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
2014:07:08-11:49:23 pluto[6069]: packet from :4500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
2014:07:08-11:49:23 pluto[6069]: packet from :4500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2014:07:08-11:49:23 pluto[6069]: packet from :4500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
2014:07:08-11:49:23 pluto[6069]: "L_for admin"[229] :4500 #379: responding to Main Mode from unknown peer :4500
2014:07:08-11:49:23 pluto[6069]: "L_for admin"[229] :4500 #379: NAT-Traversal: Result using RFC 3947: peer is NATed
2014:07:08-11:49:23 pluto[6069]: "L_for admin"[229] :4500 #379: next payload type of ISAKMP Identification Payload has an unknown value: 28
2014:07:08-11:49:23 pluto[6069]: "L_for admin"[229] :4500 #379: malformed payload in packet. Probable authentication failure (mismatch of preshared secrets?)
2014:07:08-11:49:23 pluto[6069]: "L_for admin"[229] :4500 #379: sending encrypted notification PAYLOAD_MALFORMED to :4500
2014:07:08-11:49:33 pluto[6069]: "L_for admin"[229] :4500 #379: next payload type of ISAKMP Identification Payload has an unknown value: 28
2014:07:08-11:49:33 pluto[6069]: "L_for admin"[229] :4500 #379: malformed payload in packet. Probable authentication failure (mismatch of preshared secrets?)
2014:07:08-11:49:33 pluto[6069]: "L_for admin"[229] :4500 #379: sending encrypted notification PAYLOAD_MALFORMED to :4500
I'll post the log from the remote unit in the next post.
Before anyone suggests it: YES! I've made sure the secrets match. (replaced the 30+ character randomly generated key with something much simpler)
This thread was automatically locked due to age.
