This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site to site VPN issue

Trying to establish site to site VPN with remote net screen firewall.

Looks like IKE is established, but having some problem with IPSec:

initiating Main Mode
received Vendor ID payload [Dead Peer Detection]
ignoring Vendor ID payload [HeartBeat Notify 386b0100]
Peer ID is ID_IPV4_ADDR: 'x.x.x.x'
Dead Peer Detection (RFC 3706) enabled
ISAKMP SA established
initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#1}
cannot respond to IPsec SA request because no connection is known for x.x.x.x[x.x.x.x]...x.x.x.x[x.x.x.x]===x.x.x.x/32
sending encrypted notification INVALID_ID_INFORMATION to [remote vpn gateway wan IP]:500
Quick Mode I1 message is unacceptable because it uses a previously used

Is source and destination NAT rule required in addition to creating the VPN connection?

Thanks.

This thread was automatically locked due to age.

0 aza2001 over 10 years ago

are you using rsa, certificate or passphrase?

Had a similar issue and it was due to defining a value in the advanced setting in the sophos regarding ip, hostname, or email.

I removed the value and restablished the connection and always connects
Cancel
Vote Up 0 Vote Down

Cancel
0 fustyler over 10 years ago

I am using passphrase.

Does anyone know if you need to manually define source and destination NAT for site to site VPN?
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 10 years ago

Fustyler, no manual NAT creation should be required. If that helps something, then you have another configuration error requiring it. Try a simple PSK like abcd1234. Are you sure that neither endpoint is behind a NATting router?

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel