This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN Site2site with Cisco 3030 unable to connect

Hi,

We're trying to setup a VPN connection between a sophos UTM and Cisco 3030, however within our Sophos logs we're seeing the following errors:

cannot respond to IPsec SA request because no connection is known for 141.50.20.21/32===*********xx:4500[*********]...************:4500[20.10.144.172]===20.0.0.0/8

What's causing this error message? I've double checked both ends but still unable to get a connection.

This thread was automatically locked due to age.

Parents

0 xp3000 over 10 years ago

These are the 10 lines before that error message, please note XX.XX.XX.XX is their VPN IP, the original ip's in my first post isn't the correct IP's I changed them for this topic [:)].

2014:08:27-15:05:25 hostname pluto[13039]: "VPN NAME"[33831] XX.XX.XX.XX #17138: ignoring Vendor ID payload [Cisco-Unity]

2014:08:27-15:05:25 hostname pluto[13039]: "VPN NAME"[33831] XX.XX.XX.XX #17138: received Vendor ID payload [XAUTH]

2014:08:27-15:05:25 hostname pluto[13039]: "VPN NAME"[33831] XX.XX.XX.XX #17138: ignoring Vendor ID payload [Cisco VPN 3000 Series]

2014:08:27-15:05:25 hostname pluto[13039]: "VPN NAME"[33831] XX.XX.XX.XX #17138: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed

2014:08:27-15:05:25 hostname pluto[13039]: "VPN NAME"[33831] XX.XX.XX.XX #17138: received Vendor ID payload [Dead Peer Detection]

2014:08:27-15:05:25 hostname pluto[13039]: | protocol/port in Phase 1 ID Payload is 17/0. accepted with port_floating NAT-T

2014:08:27-15:05:25 hostname pluto[13039]: "VPN NAME"[33831] XX.XX.XX.XX #17138: Peer ID is ID_IPV4_ADDR: '20.XX.XX.XX'

2014:08:27-15:05:25 hostname pluto[13039]: "VPN NAME"[33832] XX.XX.XX.XX #17138: deleting connection "VPN NAME"[33831] instance with peer XX.XX.XX.XX {isakmp=#0/ipsec=#0}

2014:08:27-15:05:25 hostname pluto[13039]: | NAT-T: new mapping XX.XX.XX.XX:500/4500)

2014:08:27-15:05:25 hostname pluto[13039]: "VPN NAME"[33832] XX.XX.XX.XX:4500 #17138: sent MR3, ISAKMP SA established

2014:08:27-15:05:25 hostname pluto[13039]: "VPN NAME"[33832] XX.XX.XX.XX:4500 #17138: ignoring informational payload, type IPSEC_INITIAL_CONTACT
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 xp3000 over 10 years ago

These are the 10 lines before that error message, please note XX.XX.XX.XX is their VPN IP, the original ip's in my first post isn't the correct IP's I changed them for this topic [:)].

2014:08:27-15:05:25 hostname pluto[13039]: "VPN NAME"[33831] XX.XX.XX.XX #17138: ignoring Vendor ID payload [Cisco-Unity]

2014:08:27-15:05:25 hostname pluto[13039]: "VPN NAME"[33831] XX.XX.XX.XX #17138: received Vendor ID payload [XAUTH]

2014:08:27-15:05:25 hostname pluto[13039]: "VPN NAME"[33831] XX.XX.XX.XX #17138: ignoring Vendor ID payload [Cisco VPN 3000 Series]

2014:08:27-15:05:25 hostname pluto[13039]: "VPN NAME"[33831] XX.XX.XX.XX #17138: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed

2014:08:27-15:05:25 hostname pluto[13039]: "VPN NAME"[33831] XX.XX.XX.XX #17138: received Vendor ID payload [Dead Peer Detection]

2014:08:27-15:05:25 hostname pluto[13039]: | protocol/port in Phase 1 ID Payload is 17/0. accepted with port_floating NAT-T

2014:08:27-15:05:25 hostname pluto[13039]: "VPN NAME"[33831] XX.XX.XX.XX #17138: Peer ID is ID_IPV4_ADDR: '20.XX.XX.XX'

2014:08:27-15:05:25 hostname pluto[13039]: "VPN NAME"[33832] XX.XX.XX.XX #17138: deleting connection "VPN NAME"[33831] instance with peer XX.XX.XX.XX {isakmp=#0/ipsec=#0}

2014:08:27-15:05:25 hostname pluto[13039]: | NAT-T: new mapping XX.XX.XX.XX:500/4500)

2014:08:27-15:05:25 hostname pluto[13039]: "VPN NAME"[33832] XX.XX.XX.XX:4500 #17138: sent MR3, ISAKMP SA established

2014:08:27-15:05:25 hostname pluto[13039]: "VPN NAME"[33832] XX.XX.XX.XX:4500 #17138: ignoring informational payload, type IPSEC_INITIAL_CONTACT
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data