Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 1 subscriber
  • Views 5330 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN Site2site with Cisco 3030 unable to connect

xp3000
Hi,

We're trying to setup a VPN connection between a sophos UTM and Cisco 3030, however within our Sophos logs we're seeing the following errors:

cannot respond to IPsec SA request because no connection is known for 141.50.20.21/32===*********xx:4500[*********]...************:4500[20.10.144.172]===20.0.0.0/8

What's causing this error message? I've double checked both ends but still unable to get a connection.


This thread was automatically locked due to age.
Parents
  • 0
    debug isn't on here are the results:

    2014:08:27-17:28:05 fw01 pluto[13818]: packet from 81.xx.xx.xx:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] 
    2014:08:27-17:28:05 fw01 pluto[13818]: packet from 81.xx.xx.xx:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] 
    2014:08:27-17:28:05 fw01 pluto[13818]: packet from 81.xx.xx.xx:500: ignoring Vendor ID payload [FRAGMENTATION c0000000] 
    2014:08:27-17:28:05 fw01 pluto[13818]: "S_SDS VPN"[7] 81.xx.xx.xx #4: responding to Main Mode from unknown peer 81.xx.xx.xx 
    2014:08:27-17:28:05 fw01 pluto[13818]: "S_SDS VPN"[7] 81.xx.xx.xx #4: ignoring Vendor ID payload [Cisco-Unity] 
    2014:08:27-17:28:05 fw01 pluto[13818]: "S_SDS VPN"[7] 81.xx.xx.xx #4: received Vendor ID payload [XAUTH] 
    2014:08:27-17:28:05 fw01 pluto[13818]: "S_SDS VPN"[7] 81.xx.xx.xx #4: ignoring Vendor ID payload [Cisco VPN 3000 Series] 
    2014:08:27-17:28:05 fw01 pluto[13818]: "S_SDS VPN"[7] 81.xx.xx.xx #4: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed 
    2014:08:27-17:28:05 fw01 pluto[13818]: "S_SDS VPN"[7] 81.xx.xx.xx #4: received Vendor ID payload [Dead Peer Detection] 
    2014:08:27-17:28:05 fw01 pluto[13818]: | protocol/port in Phase 1 ID Payload is 17/0. accepted with port_floating NAT-T 
    2014:08:27-17:28:05 fw01 pluto[13818]: "S_SDS VPN"[7] 81.xx.xx.xx #4: Peer ID is ID_IPV4_ADDR: '20.xx.xx.xx' 
    2014:08:27-17:28:05 fw01 pluto[13818]: "S_SDS VPN"[8] 81.xx.xx.xx #4: deleting connection "S_SDS VPN"[7] instance with peer 81.xx.xx.xx {isakmp=#0/ipsec=#0} 
    2014:08:27-17:28:05 fw01 pluto[13818]: | NAT-T: new mapping 81.xx.xx.xx:500/4500) 
    2014:08:27-17:28:05 fw01 pluto[13818]: "S_SDS VPN"[8] 81.xx.xx.xx:4500 #4: sent MR3, ISAKMP SA established 
    2014:08:27-17:28:05 fw01 pluto[13818]: "S_SDS VPN"[8] 81.xx.xx.xx:4500 #4: ignoring informational payload, type IPSEC_INITIAL_CONTACT 
    2014:08:27-17:28:05 fw01 pluto[13818]: "S_SDS VPN"[8] 81.xx.xx.xx:4500 #4: cannot respond to IPsec SA request because no connection is known for 172.xx.xx.xx/32===91.xx.xx.xx:4500[91.xx.xx.xx]...81.xx.xx.xx:4500[20.xx.xx.xx]===20.0.0.0/8
Reply
  • 0
    debug isn't on here are the results:

    2014:08:27-17:28:05 fw01 pluto[13818]: packet from 81.xx.xx.xx:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] 
    2014:08:27-17:28:05 fw01 pluto[13818]: packet from 81.xx.xx.xx:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] 
    2014:08:27-17:28:05 fw01 pluto[13818]: packet from 81.xx.xx.xx:500: ignoring Vendor ID payload [FRAGMENTATION c0000000] 
    2014:08:27-17:28:05 fw01 pluto[13818]: "S_SDS VPN"[7] 81.xx.xx.xx #4: responding to Main Mode from unknown peer 81.xx.xx.xx 
    2014:08:27-17:28:05 fw01 pluto[13818]: "S_SDS VPN"[7] 81.xx.xx.xx #4: ignoring Vendor ID payload [Cisco-Unity] 
    2014:08:27-17:28:05 fw01 pluto[13818]: "S_SDS VPN"[7] 81.xx.xx.xx #4: received Vendor ID payload [XAUTH] 
    2014:08:27-17:28:05 fw01 pluto[13818]: "S_SDS VPN"[7] 81.xx.xx.xx #4: ignoring Vendor ID payload [Cisco VPN 3000 Series] 
    2014:08:27-17:28:05 fw01 pluto[13818]: "S_SDS VPN"[7] 81.xx.xx.xx #4: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed 
    2014:08:27-17:28:05 fw01 pluto[13818]: "S_SDS VPN"[7] 81.xx.xx.xx #4: received Vendor ID payload [Dead Peer Detection] 
    2014:08:27-17:28:05 fw01 pluto[13818]: | protocol/port in Phase 1 ID Payload is 17/0. accepted with port_floating NAT-T 
    2014:08:27-17:28:05 fw01 pluto[13818]: "S_SDS VPN"[7] 81.xx.xx.xx #4: Peer ID is ID_IPV4_ADDR: '20.xx.xx.xx' 
    2014:08:27-17:28:05 fw01 pluto[13818]: "S_SDS VPN"[8] 81.xx.xx.xx #4: deleting connection "S_SDS VPN"[7] instance with peer 81.xx.xx.xx {isakmp=#0/ipsec=#0} 
    2014:08:27-17:28:05 fw01 pluto[13818]: | NAT-T: new mapping 81.xx.xx.xx:500/4500) 
    2014:08:27-17:28:05 fw01 pluto[13818]: "S_SDS VPN"[8] 81.xx.xx.xx:4500 #4: sent MR3, ISAKMP SA established 
    2014:08:27-17:28:05 fw01 pluto[13818]: "S_SDS VPN"[8] 81.xx.xx.xx:4500 #4: ignoring informational payload, type IPSEC_INITIAL_CONTACT 
    2014:08:27-17:28:05 fw01 pluto[13818]: "S_SDS VPN"[8] 81.xx.xx.xx:4500 #4: cannot respond to IPsec SA request because no connection is known for 172.xx.xx.xx/32===91.xx.xx.xx:4500[91.xx.xx.xx]...81.xx.xx.xx:4500[20.xx.xx.xx]===20.0.0.0/8
Children
No Data