Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 16509 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSEC site-2-site with ASA...

ehofstede
Hi,

I'm trying to set up an IPSEC tunnel between an ASA and a UTM.
I don't control the ASA, so I cannot see anything on that end...

In the live log the UTM only says;

2015:08:26-13:18:04 fw01 pluto[6508]: adding interface lo/lo 127.0.0.1:500
2015:08:26-13:18:04 fw01 pluto[6508]: adding interface lo/lo ::1:500
2015:08:26-13:18:04 fw01 pluto[6508]: loading secrets from "/etc/ipsec.secrets"
2015:08:26-13:18:04 fw01 pluto[6508]: loaded PSK secret for ***.***.***.*** YYY.YYY.YYY.YYY
2015:08:26-13:18:04 fw01 pluto[6508]: added connection description "CLIENT_NAME"
2015:08:26-13:18:04 fw01 pluto[6508]: "S_CLIENT_NAME" #1: initiating Main Mode
2015:08:26-13:18:04 fw01 pluto[6508]: ERROR: "S_CLIENT_NAME" #1: sendto on eth1 to YYY.YYY.YYY.YYY:500 failed in main_outI1. Errno 1: Operation not permitted
2015:08:26-13:18:14 fw01 pluto[6508]: packet from YYY.YYY.YYY.YYY:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN
2015:08:26-13:18:34 fw01 pluto[6508]: packet from YYY.YYY.YYY.YYY:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN
2015:08:26-13:19:14 fw01 pluto[6508]: packet from YYY.YYY.YYY.YYY:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN
2015:08:26-13:19:54 fw01 pluto[6508]: packet from YYY.YYY.YYY.YYY:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN
2015:08:26-13:20:34 fw01 pluto[6508]: packet from YYY.YYY.YYY.YYY:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN
2015:08:26-13:21:14 fw01 pluto[6508]: packet from YYY.YYY.YYY.YYY:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN
2015:08:26-13:21:54 fw01 pluto[6508]: packet from YYY.YYY.YYY.YYY:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN
2015:08:26-13:22:34 fw01 pluto[6508]: packet from YYY.YYY.YYY.YYY:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN

Where ***.***.***.*** is the IP address of the UTM and YYY.YYY.YYY.YYY is the IP address of the ASA.

Can somebody tell me what's wrong here? Obviously the tunnel doesn't come up...
Thanks!


This thread was automatically locked due to age.
Parents
  • 0
    "wrong configuration" is as much as you can get with that log part.

    obviously something with the proposal not chosen. 

    Can you post screenshots of the configuration on both sides?( IPs anonymized)
Reply
  • 0
    "wrong configuration" is as much as you can get with that log part.

    obviously something with the proposal not chosen. 

    Can you post screenshots of the configuration on both sides?( IPs anonymized)
Children
No Data
Unfiltered HTML