I'm trying to connect an Sophos Sophos ASG220 appliance v8.3.11 with a SonicWALL TZ 215
For some reason that escapes me the tunnel, named "Dev-VPN" fails to establish.
Perhaps someone here can make sense of the log:
[FONT="Courier New"]
21:43:05 Sophos: "S_Dev-VPN" #1291: starting keying attempt 70 of an unlimited number
21:43:05 Sophos: "S_Dev-VPN" #1296: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP to replace #1291 {using isakmp#1294}
21:43:05 Sophos: "S_Dev-VPN" #1294: Informational Exchange message must be encrypted
21:43:11 Sophos: "S_Dev-VPN" #1289: Informational Exchange message must be encrypted
21:43:11 Sophos: "S_Dev-VPN" #1294: Informational Exchange message must be encrypted
21:43:13 Sophos: "S_Dev-VPN" #1292: Informational Exchange message must be encrypted
21:43:15 Sophos: "S_Dev-VPN" #1294: Informational Exchange message must be encrypted
21:43:17 Sophos: packet from {Sonicwall-Public-IP}:500: ignoring Vendor ID payload [5b362bc820f60008]
21:43:17 Sophos: packet from {Sonicwall-Public-IP}:500: received Vendor ID payload [RFC 3947]
21:43:17 Sophos: packet from {Sonicwall-Public-IP}:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
21:43:17 Sophos: packet from {Sonicwall-Public-IP}:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
21:43:17 Sophos: packet from {Sonicwall-Public-IP}:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
21:43:17 Sophos: "S_Dev-VPN" #1297: responding to Main Mode
21:43:17 Sophos: "S_Dev-VPN" #1297: ignoring Vendor ID payload [404bf439522ca3f6]
21:43:17 Sophos: "S_Dev-VPN" #1297: received Vendor ID payload [XAUTH]
21:43:17 Sophos: "S_Dev-VPN" #1297: ignoring Vendor ID payload [da8e937880010000]
21:43:17 Sophos: "S_Dev-VPN" #1297: received Vendor ID payload [Dead Peer Detection]
21:43:17 Sophos: "S_Dev-VPN" #1297: NAT-Traversal: Result using RFC 3947: no NAT detected
21:43:17 Sophos: "S_Dev-VPN" #1297: ignoring informational payload, type IPSEC_INITIAL_CONTACT
21:43:17 Sophos: "S_Dev-VPN" #1297: Peer ID is ID_IPV4_ADDR: '{Sonicwall-Public-IP}'
21:43:17 Sophos: "S_Dev-VPN" #1297: Dead Peer Detection (RFC 3706) enabled
21:43:17 Sophos: "S_Dev-VPN" #1297: sent MR3, ISAKMP SA established
21:43:17 Sophos: "S_Dev-VPN" #1298: we require PFS but Quick I1 SA specifies no GROUP_DESCRIPTION
21:43:17 Sophos: "S_Dev-VPN" #1298: sending encrypted notification NO_PROPOSAL_CHOSEN to {Sonicwall-Public-IP}:500
21:43:29 Sophos: "S_Dev-VPN" #1287: Informational Exchange message must be encrypted
21:43:35 Sophos: "S_Dev-VPN" #1294: Informational Exchange message must be encrypted
21:43:38 Sophos: packet from {Sonicwall-Public-IP}:500: ignoring Vendor ID payload [5b362bc820f60008]
21:43:38 Sophos: packet from {Sonicwall-Public-IP}:500: received Vendor ID payload [RFC 3947]
21:43:38 Sophos: packet from {Sonicwall-Public-IP}:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
21:43:38 Sophos: packet from {Sonicwall-Public-IP}:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
21:43:38 Sophos: packet from {Sonicwall-Public-IP}:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
21:43:38 Sophos: "S_Dev-VPN" #1299: responding to Main Mode
21:43:38 Sophos: "S_Dev-VPN" #1299: ignoring Vendor ID payload [404bf439522ca3f6]
21:43:38 Sophos: "S_Dev-VPN" #1299: received Vendor ID payload [XAUTH]
21:43:38 Sophos: "S_Dev-VPN" #1299: ignoring Vendor ID payload [da8e937880010000]
21:43:38 Sophos: "S_Dev-VPN" #1299: received Vendor ID payload [Dead Peer Detection]
21:43:38 Sophos: "S_Dev-VPN" #1299: NAT-Traversal: Result using RFC 3947: no NAT detected
21:43:38 Sophos: "S_Dev-VPN" #1299: ignoring informational payload, type IPSEC_INITIAL_CONTACT
21:43:38 Sophos: "S_Dev-VPN" #1299: Peer ID is ID_IPV4_ADDR: '{Sonicwall-Public-IP}'
21:43:38 Sophos: "S_Dev-VPN" #1299: Dead Peer Detection (RFC 3706) enabled
21:43:38 Sophos: "S_Dev-VPN" #1299: sent MR3, ISAKMP SA established
21:43:38 Sophos: "S_Dev-VPN" #1300: we require PFS but Quick I1 SA specifies no GROUP_DESCRIPTION
21:43:38 Sophos: "S_Dev-VPN" #1300: sending encrypted notification NO_PROPOSAL_CHOSEN to {Sonicwall-Public-IP}:500
21:43:41 Sophos: "S_Dev-VPN" #1294: Informational Exchange message must be encrypted
21:43:41 Sophos: "S_Dev-VPN" #1289: Informational Exchange message must be encrypted
21:43:43 Sophos: "S_Dev-VPN" #1292: Informational Exchange message must be encrypted
21:43:47 Sophos: "S_Dev-VPN" #1297: Informational Exchange message must be encrypted
21:43:59 Sophos: "S_Dev-VPN" #1287: DPD: Phase1 state #1287 has been superseded by #1299 - timeout ignored
21:44:04 Sophos: "S_Dev-VPN" #1299: Informational Exchange message must be encrypted
21:44:11 Sophos: "S_Dev-VPN" #1289: DPD: Phase1 state #1289 has been superseded by #1299 - timeout ignored
21:44:11 Sophos: "S_Dev-VPN" #1294: Informational Exchange message must be encrypted
21:44:13 Sophos: "S_Dev-VPN" #1292: Informational Exchange message must be encrypted
21:44:15 Sophos: "S_Dev-VPN" #1296: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal[/FONT]
In the SonicWALL log I see messages like:
[FONT="Courier New"]
Sophos >> SonicWALL: RECEIVED> Sophos: IKE Initiator: Start Main Mode negotiation (Phase 1)
SonicWALL >> Sophos: NAT Discovery : No NAT/NAPT device detected between IPsec Security gateways
SonicWALL >> Sophos: IKE Initiator: Main Mode complete (Phase 1)
SonicWALL >> Sophos: IKE Initiator: Start Quick Mode (Phase 2).
Sophos >> SonicWALL: *Warning* Received notify. NO_PROPOSAL_CHOSEN[/FONT]
This thread was automatically locked due to age.
Guest User!
You are not Sophos Staff.
