Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 0 replies
  • Subscribers 1 subscriber
  • Views 514 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site-to-site not establishing

thomasJ
Hi.

I'm trying to set up a site-to-site tunnell between a Sophos UTM-110 and a PaloAlto PA-500.

The UTM-110 replaces a SonicWall witch had no issues connecting to the PA.

After confguring a policy identical to the PA's, a Remote Gateway with VPN ID type:IP Address (and the IP of the UTMs external interface set) and a connection using the info stated before [:)]

When viewing the status of the IPSec tunnel, it states the error 'No Connection'

WHen viewing the logs, I get the following:

2015:01:11-19:11:38 fwname-sfj-fw ipsec_starter[9398]: Starting strongSwan 4.4.1git20100610 IPsec [starter]...
2015:01:11-19:11:38 fwname-sfj-fw pluto[9410]: Starting IKEv1 pluto daemon (strongSwan 4.4.1git20100610) THREADS VENDORID CISCO_QUIRKS
2015:01:11-19:11:38 fwname-sfj-fw ipsec_starter[9404]: pluto (9410) started after 20 ms
2015:01:11-19:11:38 fwname-sfj-fw pluto[9410]: loaded plugins: curl ldap aes des blowfish serpent twofish sha1 sha2 md5 random x509 pubkey pkcs1 pgp dnskey pem sqlite hmac gmp xauth attr attr-sql resolve
2015:01:11-19:11:38 fwname-sfj-fw pluto[9410]: including NAT-Traversal patch (Version 0.6c)
2015:01:11-19:11:38 fwname-sfj-fw pluto[9410]: Using Linux 2.6 IPsec interface code
2015:01:11-19:11:39 fwname-sfj-fw pluto[9410]: loading ca certificates from '/etc/ipsec.d/cacerts'
2015:01:11-19:11:39 fwname-sfj-fw pluto[9410]: loaded ca certificate from '/etc/ipsec.d/cacerts/VPN Signing CA.pem'
2015:01:11-19:11:39 fwname-sfj-fw pluto[9410]: loading aa certificates from '/etc/ipsec.d/aacerts'
2015:01:11-19:11:39 fwname-sfj-fw pluto[9410]: loading ocsp certificates from '/etc/ipsec.d/ocspcerts'
2015:01:11-19:11:39 fwname-sfj-fw pluto[9410]: Changing to directory '/etc/ipsec.d/crls'
2015:01:11-19:11:39 fwname-sfj-fw pluto[9410]: loading attribute certificates from '/etc/ipsec.d/acerts'
2015:01:11-19:11:39 fwname-sfj-fw pluto[9410]: listening for IKE messages
2015:01:11-19:11:39 fwname-sfj-fw pluto[9410]: adding interface eth0/eth0 192.168.78.1:500
2015:01:11-19:11:39 fwname-sfj-fw pluto[9410]: adding interface eth0/eth0 192.168.78.1:4500
2015:01:11-19:11:39 fwname-sfj-fw pluto[9410]: adding interface eth1/eth1 :500
2015:01:11-19:11:39 fwname-sfj-fw pluto[9410]: adding interface eth1/eth1 :4500
2015:01:11-19:11:39 fwname-sfj-fw pluto[9410]: adding interface eth2/eth2 192.168.88.1:500
2015:01:11-19:11:39 fwname-sfj-fw pluto[9410]: adding interface eth2/eth2 192.168.88.1:4500
2015:01:11-19:11:39 fwname-sfj-fw pluto[9410]: adding interface lo/lo 127.0.0.1:500
2015:01:11-19:11:39 fwname-sfj-fw pluto[9410]: adding interface lo/lo 127.0.0.1:4500
2015:01:11-19:11:39 fwname-sfj-fw pluto[9410]: adding interface lo/lo ::1:500
2015:01:11-19:11:39 fwname-sfj-fw pluto[9410]: loading secrets from "/etc/ipsec.secrets"
2015:01:11-19:11:39 fwname-sfj-fw pluto[9410]: loaded PSK secret for  
2015:01:11-19:11:39 fwname-sfj-fw pluto[9410]: added connection description "S_Remote Site1"
2015:01:11-19:11:39 fwname-sfj-fw pluto[9410]: "S_Remote Site1" #1: initiating Main Mode 


ANd it is stuck here.....


This thread was automatically locked due to age.
Unfiltered HTML