Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 0 replies
  • Subscribers 1 subscriber
  • Views 3122 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SITE to SITE IPSEC VPN UDP 500 dropped

helpmesir
I updated to firmware version 9.113001 last night

Now the Site to Site VPN using IPSec is not working
In the logs i am seeing UDP 500 is getting dropped

I have edited the IP in the log to 137.117.***.***: 
The VPN dropped at 10:55 today.  



014:07:09-09:14:56 vpn-0 pluto[6012]: "S_REF_IpsSitAzureVpn_1" #414: initiating Main Mode
2014:07:09-09:14:56 vpn-0 pluto[6012]: "S_REF_IpsSitAzureVpn_1" #414: received Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000009]
2014:07:09-09:14:56 vpn-0 pluto[6012]: "S_REF_IpsSitAzureVpn_1" #414: received Vendor ID payload [RFC 3947]
2014:07:09-09:14:56 vpn-0 pluto[6012]: "S_REF_IpsSitAzureVpn_1" #414: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2014:07:09-09:14:56 vpn-0 pluto[6012]: "S_REF_IpsSitAzureVpn_1" #414: ignoring Vendor ID payload [FRAGMENTATION]
2014:07:09-09:14:56 vpn-0 pluto[6012]: "S_REF_IpsSitAzureVpn_1" #414: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
2014:07:09-09:14:56 vpn-0 pluto[6012]: "S_REF_IpsSitAzureVpn_1" #414: ignoring Vendor ID payload [IKE CGA version 1]
2014:07:09-09:14:56 vpn-0 pluto[6012]: "S_REF_IpsSitAzureVpn_1" #414: enabling possible NAT-traversal with method 3
2014:07:09-09:14:56 vpn-0 pluto[6012]: "S_REF_IpsSitAzureVpn_1" #414: NAT-Traversal: Result using RFC 3947: i am NATed
2014:07:09-09:14:56 vpn-0 pluto[6012]: "S_REF_IpsSitAzureVpn_1" #414: Peer ID is ID_IPV4_ADDR: '137.117.***.***'
2014:07:09-09:14:56 vpn-0 pluto[6012]: "S_REF_IpsSitAzureVpn_1" #414: ISAKMP SA established
2014:07:09-09:14:56 vpn-0 pluto[6012]: "S_REF_IpsSitAzureVpn_1" #415: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP {using isakmp#414}
2014:07:09-09:14:56 vpn-0 pluto[6012]: "S_REF_IpsSitAzureVpn_1" #415: IKE message has the Commit Flag set but Pluto doesn't implement this feature; ignoring flag
2014:07:09-09:14:56 vpn-0 pluto[6012]: "S_REF_IpsSitAzureVpn_1" #415: sent QI2, IPsec SA established {ESP=>0x63e2d568 0x2977f5ba 0xc2491e3a 


This thread was automatically locked due to age.
Unfiltered HTML