I have an environment where my LAN sits behind a UTM 9.3 (inside firewall), there's a transit network (private ip addressing) to my UTM 9.3 that sits on my edge (outside firewall).
I need ipsec tunnels sourced from my inside firewall. If i set the remote end to respond only so my inside firewall initiates the connection there's no issue.
If both gateway types are set to initiate then:
2015:02:04-13:46:50 Remote_test pluto[5610]: "S_TESTL2L" #47: Peer ID is ID_IPV4_ADDR: '172.31.255.253'
2015:02:04-13:46:50 Remote_test pluto[5610]: "S_TESTL2L" #47: no suitable connection for peer '172.31.255.253'
2015:02:04-13:46:50 Remote_test pluto[5610]: "S_TESTL2L" #47: sending encrypted notification INVALID_ID_INFORMATION to 24.7.48.2:4500
2015:02:04-13:47:00 Remote_test pluto[5610]: "S_TESTL2L" #47: Peer ID is ID_IPV4_ADDR: '172.31.255.253'
2015:02:04-13:47:00 Remote_test pluto[5610]: "S_TESTL2L" #47: no suitable connection for peer '172.31.255.253'
2015:02:04-13:47:00 Remote_test pluto[5610]: "S_TESTL2L" #47: sending encrypted notification INVALID_ID_INFORMATION to 24.7.48.2:4500
Setting the vpnid to 24.7.48.2 does nothing [:)]
Respond only is one option, but is there another alternative so i do not have to change/add all these remote gateways?
thanks.
PS: using PSK's....thank you..
This thread was automatically locked due to age.
Guest User!
You are not Sophos Staff.
