Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 16507 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSEC site-2-site with ASA...

ehofstede
Hi,

I'm trying to set up an IPSEC tunnel between an ASA and a UTM.
I don't control the ASA, so I cannot see anything on that end...

In the live log the UTM only says;

2015:08:26-13:18:04 fw01 pluto[6508]: adding interface lo/lo 127.0.0.1:500
2015:08:26-13:18:04 fw01 pluto[6508]: adding interface lo/lo ::1:500
2015:08:26-13:18:04 fw01 pluto[6508]: loading secrets from "/etc/ipsec.secrets"
2015:08:26-13:18:04 fw01 pluto[6508]: loaded PSK secret for ***.***.***.*** YYY.YYY.YYY.YYY
2015:08:26-13:18:04 fw01 pluto[6508]: added connection description "CLIENT_NAME"
2015:08:26-13:18:04 fw01 pluto[6508]: "S_CLIENT_NAME" #1: initiating Main Mode
2015:08:26-13:18:04 fw01 pluto[6508]: ERROR: "S_CLIENT_NAME" #1: sendto on eth1 to YYY.YYY.YYY.YYY:500 failed in main_outI1. Errno 1: Operation not permitted
2015:08:26-13:18:14 fw01 pluto[6508]: packet from YYY.YYY.YYY.YYY:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN
2015:08:26-13:18:34 fw01 pluto[6508]: packet from YYY.YYY.YYY.YYY:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN
2015:08:26-13:19:14 fw01 pluto[6508]: packet from YYY.YYY.YYY.YYY:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN
2015:08:26-13:19:54 fw01 pluto[6508]: packet from YYY.YYY.YYY.YYY:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN
2015:08:26-13:20:34 fw01 pluto[6508]: packet from YYY.YYY.YYY.YYY:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN
2015:08:26-13:21:14 fw01 pluto[6508]: packet from YYY.YYY.YYY.YYY:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN
2015:08:26-13:21:54 fw01 pluto[6508]: packet from YYY.YYY.YYY.YYY:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN
2015:08:26-13:22:34 fw01 pluto[6508]: packet from YYY.YYY.YYY.YYY:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN

Where ***.***.***.*** is the IP address of the UTM and YYY.YYY.YYY.YYY is the IP address of the ASA.

Can somebody tell me what's wrong here? Obviously the tunnel doesn't come up...
Thanks!


This thread was automatically locked due to age.
  • 0
    "wrong configuration" is as much as you can get with that log part.

    obviously something with the proposal not chosen. 

    Can you post screenshots of the configuration on both sides?( IPs anonymized)
  • 0
    Some, but not all, possibilities:
      Your Host definition used as the 'Gateway' in the Remote Gateway violates #3 in Rulz.
    • The PSK is not the same in both devices or you already have another connection with a different PSK and you haven't selected 'Enable probing of preshared keys' on the 'Advanced' tab.
    • One of the endpoints is behind a NAT.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML