I am trying to connect a UTM9 to a Cisco ASA IPSec s2s endpoint.
It seems that Phase 1 succeeds, but we never progress to Phase 2.
Log from UTM below.
Any pointers?
2014:10:23-16:21:58 sophos-router pluto[6686]: "S_ABCD-Tunnel" #1: initiating Main Mode
2014:10:23-16:21:58 sophos-router pluto[6686]: "S_ABCD-Tunnel" #1: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2014:10:23-16:21:58 sophos-router pluto[6686]: "S_ABCD-Tunnel" #1: ignoring Vendor ID payload [FRAGMENTATION c0000000]
2014:10:23-16:21:58 sophos-router pluto[6686]: "S_ABCD-Tunnel" #1: enabling possible NAT-traversal with method RFC 3947
2014:10:23-16:21:58 sophos-router pluto[6686]: "S_ABCD-Tunnel" #1: ignoring Vendor ID payload [Cisco-Unity]
2014:10:23-16:21:58 sophos-router pluto[6686]: "S_ABCD-Tunnel" #1: received Vendor ID payload [XAUTH]
2014:10:23-16:21:58 sophos-router pluto[6686]: "S_ABCD-Tunnel" #1: ignoring Vendor ID payload [6f3bb05bc8d2f5d6d5cf87f100489425]
2014:10:23-16:21:58 sophos-router pluto[6686]: "S_ABCD-Tunnel" #1: ignoring Vendor ID payload [Cisco VPN 3000 Series]
2014:10:23-16:21:58 sophos-router pluto[6686]: "S_ABCD-Tunnel" #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected
2014:10:23-16:21:58 sophos-router pluto[6686]: "S_ABCD-Tunnel" #1: received Vendor ID payload [Dead Peer Detection]
2014:10:23-16:21:58 sophos-router pluto[6686]: | protocol/port in Phase 1 ID Payload is 17/0. accepted with port_floating NAT-T
2014:10:23-16:21:58 sophos-router pluto[6686]: "S_ABCD-Tunnel" #1: Peer ID is ID_IPV4_ADDR: 'IP.REDACTED'
2014:10:23-16:21:58 sophos-router pluto[6686]: "S_ABCD-Tunnel" #1: ISAKMP SA established
2014:10:23-16:21:58 sophos-router pluto[6686]: "S_ABCD-Tunnel" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP {using isakmp#1}
2014:10:23-16:21:58 sophos-router pluto[6686]: "S_ABCD-Tunnel" #1: received Delete SA payload: deleting ISAKMP State #1
This thread was automatically locked due to age.
Guest User!
You are not Sophos Staff.
