Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 1 subscriber
  • Views 5323 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN Site2site with Cisco 3030 unable to connect

xp3000
Hi,

We're trying to setup a VPN connection between a sophos UTM and Cisco 3030, however within our Sophos logs we're seeing the following errors:

cannot respond to IPsec SA request because no connection is known for 141.50.20.21/32===*********xx:4500[*********]...************:4500[20.10.144.172]===20.0.0.0/8

What's causing this error message? I've double checked both ends but still unable to get a connection.


This thread was automatically locked due to age.
Parents
  • 0
    NAT-T is enabled, however I'm now seeing this in the logs:

    #14678: responding to Main Mode 
    #14663: max number of retransmissions (2) reached STATE_MAIN_R2 
    #14678: ignoring Vendor ID payload [Cisco-Unity] 
    #14678: received Vendor ID payload [XAUTH] 
    #14678: ignoring Vendor ID payload [a0e1047dd3680fb2634e42c35602feb2] 
    #14678: ignoring Vendor ID payload [Cisco VPN 3000 Series] 
    #14678: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed 
    #14676: Informational Exchange message must be encrypted 
    #14671: Informational Exchange message must be encrypted 
    packet from 81.xx.xx.xx:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] 
    packet from 81.xx.xx.xx:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] 
    packet from 81.xx.xx.xx:500: ignoring Vendor ID payload [FRAGMENTATION c0000000] 
    #14679: responding to Main Mode 
    #14664: max number of retransmissions (2) reached STATE_MAIN_R2 
    #14679: ignoring Vendor ID payload [Cisco-Unity] 
    #14679: received Vendor ID payload [XAUTH] 
    #14679: ignoring Vendor ID payload [5e5c9bc2ba50f41f6caf8bb71e26110e] 
    #14679: ignoring Vendor ID payload [Cisco VPN 3000 Series] 
    #14679: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed 
    #14677: Informational Exchange message must be encrypted 
    #14672: Informational Exchange message must be encrypted
Reply
  • 0
    NAT-T is enabled, however I'm now seeing this in the logs:

    #14678: responding to Main Mode 
    #14663: max number of retransmissions (2) reached STATE_MAIN_R2 
    #14678: ignoring Vendor ID payload [Cisco-Unity] 
    #14678: received Vendor ID payload [XAUTH] 
    #14678: ignoring Vendor ID payload [a0e1047dd3680fb2634e42c35602feb2] 
    #14678: ignoring Vendor ID payload [Cisco VPN 3000 Series] 
    #14678: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed 
    #14676: Informational Exchange message must be encrypted 
    #14671: Informational Exchange message must be encrypted 
    packet from 81.xx.xx.xx:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] 
    packet from 81.xx.xx.xx:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] 
    packet from 81.xx.xx.xx:500: ignoring Vendor ID payload [FRAGMENTATION c0000000] 
    #14679: responding to Main Mode 
    #14664: max number of retransmissions (2) reached STATE_MAIN_R2 
    #14679: ignoring Vendor ID payload [Cisco-Unity] 
    #14679: received Vendor ID payload [XAUTH] 
    #14679: ignoring Vendor ID payload [5e5c9bc2ba50f41f6caf8bb71e26110e] 
    #14679: ignoring Vendor ID payload [Cisco VPN 3000 Series] 
    #14679: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed 
    #14677: Informational Exchange message must be encrypted 
    #14672: Informational Exchange message must be encrypted
Children
No Data
Unfiltered HTML