Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 1160 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site to site VPN issue

fustyler
Trying to establish site to site VPN with remote net screen firewall.

Looks like IKE is established, but having some problem with IPSec:

initiating Main Mode
received Vendor ID payload [Dead Peer Detection]
ignoring Vendor ID payload [HeartBeat Notify 386b0100]
Peer ID is ID_IPV4_ADDR: 'x.x.x.x'
Dead Peer Detection (RFC 3706) enabled
ISAKMP SA established
initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#1}
cannot respond to IPsec SA request because no connection is known for x.x.x.x[x.x.x.x]...x.x.x.x[x.x.x.x]===x.x.x.x/32
sending encrypted notification INVALID_ID_INFORMATION to [remote vpn gateway wan IP]:500
Quick Mode I1 message is unacceptable because it uses a previously used 

Is source and destination NAT rule required in addition to creating the VPN connection?

Thanks.


This thread was automatically locked due to age.
Parents
  • 0
    are you using rsa, certificate or passphrase?

    Had a similar issue and it was due to defining a value in the advanced setting in the sophos regarding ip, hostname, or email.

    I removed the value and restablished the connection and always connects
Reply
  • 0
    are you using rsa, certificate or passphrase?

    Had a similar issue and it was due to defining a value in the advanced setting in the sophos regarding ip, hostname, or email.

    I removed the value and restablished the connection and always connects
Children
No Data
Unfiltered HTML