Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 3 subscribers
  • Views 8052 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Oversight by Sophos?

Louis-M

Hi,

I was playing around with Shrewsoft VPN client and our UTM (latest version). I have a few observations with this.

1. If you purely use "Preshared key" (without Xauth), a user can connect to the UTM and it is recorded in the log file. Problem is, It does not show up in the GUI anywhere eg nothing under online users or in the reporting etc. If you switch on PSK and Xauth, it works as it should. This isn't good if you are trying to keep an eye on who connects.

2. Using Shrewsoft VPN client will result in an error " can't establish IPSEC SA because nothing is known about 0.0.0.0/0" and the vpn can't be established. However, if you place "any" into allowed local networks on the UTM for this connection, it works. Full access with no issues. Try and tighten it down a little by restricting the network eg 10.1.1.0/24, and it doesn't work.

3. By doing the above (and without adding any automatic firewall rules) the remote user has full unrestricted access to the network which isn't good either.

4. If I add a firewall rule (and place it at the top) with the vpn ipsec pool as the source, service any, destination any, BLOCK, it doesn't make any difference. Traffic still gets through. Tried all sorts of combinations here and nothing works.



This thread was automatically locked due to age.
  • 0

    I like the SSL VPN Remote Access method, so it's been a long time since I played with the Shrewsoft client.  I don't recall these problems though. I always used X509 certs, and didn't try with PSKs.

    Please insert a picture of the Edit of your 'IPsec Remote Access Rule' and of your Shrewsoft configuration.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    There's really not much to see Bob.

    On the UTM:

    Remote Access > IPSEC Client

    Name= My connection
    Interface= WAN
    Local Networks= Any   <<<< has to be set to ANY otherwise shrewsoft won't connect
    Virtual Pool= default pool
    Policy = Triple DES     <<< I've tried different combinations and they do the same
    Authentication= PSK
    PSK= **********


    And that is it. The Shrewsoft client can connect and shows in the log files. It doesn't show anywhere in the GUI so you wouldn't know it is connected.

    The worrying thing is I haven't made any firewall rules to allow access but with this config, I can reach anything on my networks. I know that placing "Any" into local networks will allow this but I thought it would be fully blocked until I put appropriate firewall rules in eg only allow ipsec vpn pool access to x host, y host, z network etc

    As for the shrewsoft client, there's nothing special on there either. Just entries to match up with the above. It's a bit of a serious flaw I think

  • 0 in reply to Louis-M

    You don't have 'Automatic Firewall Rules' selected in the IPsec Remote Access Rule?  You tried "Internet" instead of "Any" in 'Local Networks'?

    FWIW, I would use AES-128-PFS as the fastest, most secure Policy, auth with X509 certs and enable XAUTH.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob,

    no no automatic firewall rules enable for it. I made sure of that and I've checked under auto generated rules to make sure nothing is there.

    I haven't tried "internet" under local networks as i'm not sure what that would achieve?

    I did start of with AES256 and generally use that as a standard but have worked my way down to triple DES/MD5 to see if there was any difference

    I also tried with xauth. The only difference that made was to show the user in the GUI.

  • 0 in reply to Louis-M

    Louis-M said:
    I haven't tried "internet" under local networks as i'm not sure what that would achieve?

    I only use ssl vpn but generally  ...

    LOCAL NETWORKS:LAN

    Bridge VPN traffic to LAN. No firewall/masq rules required

    LOCAL Networks: Interet

    Bridge VPN traffic to Internet. Firewall and masq rules required.

    LOCAL Network: ANY

    Allow traffic to any firewall interface. LAN traffic would flow without any fireall/masq rules. However you will have to create firewall/masq rules for internet/dmz networks in addition to the UTM DNS server for any kind of functional internet experience.

    Also remember to re-establish VPN tunnel after you make any changes to routing configuration on the UTM. 

  • 0 in reply to Louis-M

    And here is the log.The top connection is a successful one (using "any" as the local interface on the UTM) and the bottom one is unsuccessful using a more restricted local network (10.10.10.0/24). Both connections are exactly the same with only the changes mentioned.

    2016:07:09-08:07:43 gw01-1 pluto[9657]: "S_My_Remote_Support"[1] xxx.xxx.xxx.xxx #45: responding to Main Mode from unknown peer xxx.xxx.xxx.xxx
    2016:07:09-08:07:43 gw01-1 pluto[9657]: "S_My_Remote_Support"[1] xxx.xxx.xxx.xxx #45: NAT-Traversal: Result using RFC 3947: peer is NATed
    2016:07:09-08:07:43 gw01-1 pluto[9657]: | NAT-T: new mapping xxx.xxx.xxx.xxx:500/4500)
    2016:07:09-08:07:43 gw01-1 pluto[9657]: "S_My_Remote_Support"[1] xxx.xxx.xxx.xxx:4500 #45: Peer ID is ID_IPV4_ADDR: '192.168.254.200'
    2016:07:09-08:07:43 gw01-1 pluto[9657]: "S_My_Remote_Support"[2] xxx.xxx.xxx.xxx:4500 #45: deleting connection "S_My_Remote_Support"[1] instance with peer xxx.xxx.xxx.xxx {isakmp=#0/ipsec=#0}
    2016:07:09-08:07:43 gw01-1 pluto[9657]: "S_My_Remote_Support"[2] xxx.xxx.xxx.xxx:4500 #45: Dead Peer Detection (RFC 3706) enabled
    2016:07:09-08:07:43 gw01-1 pluto[9657]: "S_My_Remote_Support"[2] xxx.xxx.xxx.xxx:4500 #45: sent MR3, ISAKMP SA established
    2016:07:09-08:07:43 gw01-1 pluto[9657]: "S_My_Remote_Support"[2] xxx.xxx.xxx.xxx:4500 #45: ignoring informational payload, type IPSEC_INITIAL_CONTACT
    2016:07:09-08:07:43 gw01-1 pluto[9657]: "S_My_Remote_Support"[2] xxx.xxx.xxx.xxx:4500 #45: parsing ModeCfg request
    2016:07:09-08:07:43 gw01-1 pluto[9657]: "S_My_Remote_Support"[2] xxx.xxx.xxx.xxx:4500 #45: peer requested virtual IP %any
    2016:07:09-08:07:43 gw01-1 pluto[9657]: acquired existing lease for address 10.242.4.1 in pool 'VPN Pool (IPsec)'
    2016:07:09-08:07:43 gw01-1 pluto[9657]: "S_My_Remote_Support"[2] xxx.xxx.xxx.xxx:4500 #45: assigning virtual IP 10.242.4.1 to peer
    2016:07:09-08:07:43 gw01-1 pluto[9657]: "S_My_Remote_Support"[2] xxx.xxx.xxx.xxx:4500 #45: sending ModeCfg reply
    2016:07:09-08:07:43 gw01-1 pluto[9657]: "S_My_Remote_Support"[2] xxx.xxx.xxx.xxx:4500 #45: sent ModeCfg reply, established
    2016:07:09-08:07:43 gw01-2 pluto[11604]: "S_My_Remote_Support"[2] xxx.xxx.xxx.xxx:4500: deleting connection "S_My_Remote_Support"[2] instance with peer xxx.xxx.xxx.xxx {isakmp=#0/ipsec=#0}
    2016:07:09-08:07:44 gw01-1 pluto[9657]: "S_My_Remote_Support"[2] xxx.xxx.xxx.xxx:4500 #46: responding to Quick Mode
    2016:07:09-08:07:44 gw01-1 pluto[9657]: id="2203" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN up" variant="ipsec" connection="My_Remote_Support" address="yyy.yyy.yyy.yyy" local_net="0.0.0.0/0" remote_net="10.242.4.1/32"
    2016:07:09-08:07:44 gw01-1 pluto[9657]: "S_My_Remote_Support"[2] xxx.xxx.xxx.xxx:4500 #46: IPsec SA established {ESP=>0xafa7f02b <0x6b38d5b6 NATOA=0.0.0.0 DPD}
    2016:07:09-08:07:44 gw01-2 pluto[11604]: id="2203" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN up" variant="ipsec" connection="My_Remote_Support" address="yyy.yyy.yyy.yyy" local_net="0.0.0.0/0" remote_net="10.242.4.1/32"
    2016:07:09-08:08:42 gw01-1 pluto[9657]: "S_My_Remote_Support"[2] xxx.xxx.xxx.xxx:4500 #45: received Delete SA(0xafa7f02b) payload: deleting IPSEC State #46
    2016:07:09-08:08:42 gw01-2 pluto[11604]: id="2204" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN down" variant="ipsec" connection="My_Remote_Support" address="yyy.yyy.yyy.yyy" local_net="0.0.0.0/0" remote_net="10.242.4.1/32"
    2016:07:09-08:08:42 gw01-1 pluto[9657]: id="2204" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN down" variant="ipsec" connection="My_Remote_Support" address="yyy.yyy.yyy.yyy" local_net="0.0.0.0/0" remote_net="10.242.4.1/32"
    2016:07:09-08:08:42 gw01-1 pluto[9657]: "S_My_Remote_Support"[2] xxx.xxx.xxx.xxx:4500 #45: received Delete SA payload: deleting ISAKMP State #45
    2016:07:09-08:08:42 gw01-1 pluto[9657]: "S_My_Remote_Support"[2] xxx.xxx.xxx.xxx:4500: deleting connection "S_My_Remote_Support"[2] instance with peer xxx.xxx.xxx.xxx {isakmp=#0/ipsec=#0}
    2016:07:09-08:08:42 gw01-2 pluto[11604]: "S_My_Remote_Support"[2] xxx.xxx.xxx.xxx:4500: deleting connection "S_My_Remote_Support"[2] instance with peer xxx.xxx.xxx.xxx {isakmp=#0/ipsec=#0}
    2016:07:09-08:09:16 gw01-1 pluto[9657]: forgetting secrets
    2016:07:09-08:09:16 gw01-1 pluto[9657]: loading secrets from "/etc/ipsec.secrets"
    2016:07:09-08:09:16 gw01-1 pluto[9657]: loaded private key from 'Local X509 Cert.pem'
    2016:07:09-08:09:16 gw01-1 pluto[9657]: loaded PSK secret for yyy.yyy.yyy.yyy %any
    2016:07:09-08:09:16 gw01-1 pluto[9657]: listening for IKE messages
    2016:07:09-08:09:16 gw01-1 pluto[9657]: forgetting secrets
    2016:07:09-08:09:16 gw01-1 pluto[9657]: loading secrets from "/etc/ipsec.secrets"
    2016:07:09-08:09:16 gw01-1 pluto[9657]: loaded private key from 'Local X509 Cert.pem'
    2016:07:09-08:09:16 gw01-1 pluto[9657]: loaded PSK secret for yyy.yyy.yyy.yyy %any
    2016:07:09-08:09:16 gw01-1 pluto[9657]: loading ca certificates from '/etc/ipsec.d/cacerts'
    2016:07:09-08:09:16 gw01-1 pluto[9657]: loaded ca certificate from '/etc/ipsec.d/cacerts/VPN Signing CA.pem'
    2016:07:09-08:09:16 gw01-1 pluto[9657]: loading aa certificates from '/etc/ipsec.d/aacerts'
    2016:07:09-08:09:16 gw01-1 pluto[9657]: loading ocsp certificates from '/etc/ipsec.d/ocspcerts'
    2016:07:09-08:09:16 gw01-1 pluto[9657]: loading attribute certificates from '/etc/ipsec.d/acerts'
    2016:07:09-08:09:16 gw01-1 pluto[9657]: Changing to directory '/etc/ipsec.d/crls'
    2016:07:09-08:09:16 gw01-1 pluto[9657]: "S_My_Remote_Support": deleting connection
    2016:07:09-08:09:16 gw01-1 pluto[9657]: added connection description "S_My_Remote_Support"
    2016:07:09-08:09:17 gw01-2 pluto[11604]: forgetting secrets
    2016:07:09-08:09:17 gw01-2 pluto[11604]: loading secrets from "/etc/ipsec.secrets"
    2016:07:09-08:09:17 gw01-2 pluto[11604]: loaded private key from 'Local X509 Cert.pem'
    2016:07:09-08:09:17 gw01-2 pluto[11604]: loaded PSK secret for yyy.yyy.yyy.yyy %any
    2016:07:09-08:09:17 gw01-2 pluto[11604]: HA System: not master, won't listen for IKE messages
    2016:07:09-08:09:17 gw01-2 pluto[11604]: forgetting secrets
    2016:07:09-08:09:17 gw01-2 pluto[11604]: loading secrets from "/etc/ipsec.secrets"
    2016:07:09-08:09:17 gw01-2 pluto[11604]: loaded private key from 'Local X509 Cert.pem'
    2016:07:09-08:09:17 gw01-2 pluto[11604]: loaded PSK secret for yyy.yyy.yyy.yyy %any
    2016:07:09-08:09:17 gw01-2 pluto[11604]: loading ca certificates from '/etc/ipsec.d/cacerts'
    2016:07:09-08:09:17 gw01-2 pluto[11604]: loaded ca certificate from '/etc/ipsec.d/cacerts/VPN Signing CA.pem'
    2016:07:09-08:09:17 gw01-2 pluto[11604]: loading aa certificates from '/etc/ipsec.d/aacerts'
    2016:07:09-08:09:17 gw01-2 pluto[11604]: loading ocsp certificates from '/etc/ipsec.d/ocspcerts'
    2016:07:09-08:09:17 gw01-2 pluto[11604]: loading attribute certificates from '/etc/ipsec.d/acerts'
    2016:07:09-08:09:17 gw01-2 pluto[11604]: Changing to directory '/etc/ipsec.d/crls'
    2016:07:09-08:09:17 gw01-2 pluto[11604]: "S_My_Remote_Support": deleting connection
    2016:07:09-08:09:17 gw01-2 pluto[11604]: added connection description "S_My_Remote_Support"
    2016:07:09-08:09:22 gw01-1 pluto[9657]: packet from xxx.xxx.xxx.xxx:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
    2016:07:09-08:09:22 gw01-1 pluto[9657]: packet from xxx.xxx.xxx.xxx:500: ignoring Vendor ID payload [16f6ca16e4a4066d83821a0f0aeaa862]
    2016:07:09-08:09:22 gw01-1 pluto[9657]: packet from xxx.xxx.xxx.xxx:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
    2016:07:09-08:09:22 gw01-1 pluto[9657]: packet from xxx.xxx.xxx.xxx:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
    2016:07:09-08:09:22 gw01-1 pluto[9657]: packet from xxx.xxx.xxx.xxx:500: received Vendor ID payload [RFC 3947]
    2016:07:09-08:09:22 gw01-1 pluto[9657]: packet from xxx.xxx.xxx.xxx:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
    2016:07:09-08:09:22 gw01-1 pluto[9657]: packet from xxx.xxx.xxx.xxx:500: received Vendor ID payload [Dead Peer Detection]
    2016:07:09-08:09:22 gw01-1 pluto[9657]: packet from xxx.xxx.xxx.xxx:500: ignoring Vendor ID payload [3b9031dce4fcf88b489a923963dd0c49]
    2016:07:09-08:09:22 gw01-1 pluto[9657]: packet from xxx.xxx.xxx.xxx:500: ignoring Vendor ID payload [f14b94b7bff1fef02773b8c49feded26]
    2016:07:09-08:09:22 gw01-1 pluto[9657]: packet from xxx.xxx.xxx.xxx:500: ignoring Vendor ID payload [166f932d55eb64d8e4df4fd37e2313f0d0fd8451]
    2016:07:09-08:09:22 gw01-1 pluto[9657]: packet from xxx.xxx.xxx.xxx:500: ignoring Vendor ID payload [8404adf9cda05760b2ca292e4bff537b]
    2016:07:09-08:09:22 gw01-1 pluto[9657]: packet from xxx.xxx.xxx.xxx:500: ignoring Vendor ID payload [Cisco-Unity]
    2016:07:09-08:09:22 gw01-1 pluto[9657]: "S_My_Remote_Support"[1] xxx.xxx.xxx.xxx #47: responding to Main Mode from unknown peer xxx.xxx.xxx.xxx
    2016:07:09-08:09:22 gw01-1 pluto[9657]: "S_My_Remote_Support"[1] xxx.xxx.xxx.xxx #47: NAT-Traversal: Result using RFC 3947: peer is NATed
    2016:07:09-08:09:22 gw01-1 pluto[9657]: | NAT-T: new mapping xxx.xxx.xxx.xxx:500/4500)
    2016:07:09-08:09:22 gw01-1 pluto[9657]: "S_My_Remote_Support"[1] xxx.xxx.xxx.xxx:4500 #47: Peer ID is ID_IPV4_ADDR: '192.168.254.200'
    2016:07:09-08:09:22 gw01-1 pluto[9657]: "S_My_Remote_Support"[2] xxx.xxx.xxx.xxx:4500 #47: deleting connection "S_My_Remote_Support"[1] instance with peer xxx.xxx.xxx.xxx {isakmp=#0/ipsec=#0}
    2016:07:09-08:09:22 gw01-1 pluto[9657]: "S_My_Remote_Support"[2] xxx.xxx.xxx.xxx:4500 #47: Dead Peer Detection (RFC 3706) enabled
    2016:07:09-08:09:22 gw01-1 pluto[9657]: "S_My_Remote_Support"[2] xxx.xxx.xxx.xxx:4500 #47: sent MR3, ISAKMP SA established
    2016:07:09-08:09:22 gw01-1 pluto[9657]: "S_My_Remote_Support"[2] xxx.xxx.xxx.xxx:4500 #47: ignoring informational payload, type IPSEC_INITIAL_CONTACT
    2016:07:09-08:09:22 gw01-1 pluto[9657]: "S_My_Remote_Support"[2] xxx.xxx.xxx.xxx:4500 #47: parsing ModeCfg request
    2016:07:09-08:09:22 gw01-1 pluto[9657]: "S_My_Remote_Support"[2] xxx.xxx.xxx.xxx:4500 #47: peer requested virtual IP %any
    2016:07:09-08:09:22 gw01-1 pluto[9657]: acquired existing lease for address 10.242.4.1 in pool 'VPN Pool (IPsec)'
    2016:07:09-08:09:22 gw01-1 pluto[9657]: "S_My_Remote_Support"[2] xxx.xxx.xxx.xxx:4500 #47: assigning virtual IP 10.242.4.1 to peer
    2016:07:09-08:09:22 gw01-1 pluto[9657]: "S_My_Remote_Support"[2] xxx.xxx.xxx.xxx:4500 #47: sending ModeCfg reply
    2016:07:09-08:09:22 gw01-1 pluto[9657]: "S_My_Remote_Support"[2] xxx.xxx.xxx.xxx:4500 #47: sent ModeCfg reply, established
    2016:07:09-08:09:22 gw01-2 pluto[11604]: "S_My_Remote_Support"[2] xxx.xxx.xxx.xxx:4500: deleting connection "S_My_Remote_Support"[2] instance with peer xxx.xxx.xxx.xxx {isakmp=#0/ipsec=#0}
    2016:07:09-08:09:23 gw01-1 pluto[9657]: "S_My_Remote_Support"[2] xxx.xxx.xxx.xxx:4500 #47: cannot respond to IPsec SA request because no connection is known for 0.0.0.0/0===yyy.yyy.yyy.yyy:4500[yyy.yyy.yyy.yyy]...xxx.xxx.xxx.xxx:4500[192.168.254.200]===10.242.4.1/32
    2016:07:09-08:09:23 gw01-1 pluto[9657]: "S_My_Remote_Support"[2] xxx.xxx.xxx.xxx:4500 #47: sending encrypted notification INVALID_ID_INFORMATION to xxx.xxx.xxx.xxx:4500
    2016:07:09-08:09:27 gw01-1 pluto[9657]: "S_My_Remote_Support"[2] xxx.xxx.xxx.xxx:4500 #47: cannot respond to IPsec SA request because no connection is known for 0.0.0.0/0===yyy.yyy.yyy.yyy:4500[yyy.yyy.yyy.yyy]...xxx.xxx.xxx.xxx:4500[192.168.254.200]===10.242.4.1/32
    2016:07:09-08:09:27 gw01-1 pluto[9657]: "S_My_Remote_Support"[2] xxx.xxx.xxx.xxx:4500 #47: sending encrypted notification INVALID_ID_INFORMATION to xxx.xxx.xxx.xxx:4500
    2016:07:09-08:09:28 gw01-1 pluto[9657]: "S_My_Remote_Support"[2] xxx.xxx.xxx.xxx:4500 #47: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x07c02f48 (perhaps this is a duplicated packet)
    2016:07:09-08:09:28 gw01-1 pluto[9657]: "S_My_Remote_Support"[2] xxx.xxx.xxx.xxx:4500 #47: sending encrypted notification INVALID_MESSAGE_ID to xxx.xxx.xxx.xxx:4500
    2016:07:09-08:09:32 gw01-1 pluto[9657]: "S_My_Remote_Support"[2] xxx.xxx.xxx.xxx:4500 #47: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xf3e67156 (perhaps this is a duplicated packet)
    2016:07:09-08:09:32 gw01-1 pluto[9657]: "S_My_Remote_Support"[2] xxx.xxx.xxx.xxx:4500 #47: sending encrypted notification INVALID_MESSAGE_ID to xxx.xxx.xxx.xxx:4500
    2016:07:09-08:09:33 gw01-1 pluto[9657]: "S_My_Remote_Support"[2] xxx.xxx.xxx.xxx:4500 #47: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x07c02f48 (perhaps this is a duplicated packet)
    2016:07:09-08:09:33 gw01-1 pluto[9657]: "S_My_Remote_Support"[2] xxx.xxx.xxx.xxx:4500 #47: sending encrypted notification INVALID_MESSAGE_ID to xxx.xxx.xxx.xxx:4500
    2016:07:09-08:09:37 gw01-1 pluto[9657]: "S_My_Remote_Support"[2] xxx.xxx.xxx.xxx:4500 #47: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xf3e67156 (perhaps this is a duplicated packet)
    2016:07:09-08:09:37 gw01-1 pluto[9657]: "S_My_Remote_Support"[2] xxx.xxx.xxx.xxx:4500 #47: sending encrypted notification INVALID_MESSAGE_ID to xxx.xxx.xxx.xxx:4500
    2016:07:09-08:09:38 gw01-1 pluto[9657]: "S_My_Remote_Support"[2] xxx.xxx.xxx.xxx:4500 #47: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x07c02f48 (perhaps this is a duplicated packet)
    2016:07:09-08:09:38 gw01-1 pluto[9657]: "S_My_Remote_Support"[2] xxx.xxx.xxx.xxx:4500 #47: sending encrypted notification INVALID_MESSAGE_ID to xxx.xxx.xxx.xxx:4500
    2016:07:09-08:09:42 gw01-1 pluto[9657]: "S_My_Remote_Support"[2] xxx.xxx.xxx.xxx:4500 #47: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xf3e67156 (perhaps this is a duplicated packet)
    2016:07:09-08:09:42 gw01-1 pluto[9657]: "S_My_Remote_Support"[2] xxx.xxx.xxx.xxx:4500 #47: sending encrypted notification INVALID_MESSAGE_ID to xxx.xxx.xxx.xxx:4500
    2016:07:09-08:09:43 gw01-1 pluto[9657]: "S_My_Remote_Support"[2] xxx.xxx.xxx.xxx:4500 #47: cannot respond to IPsec SA request because no connection is known for 0.0.0.0/0===yyy.yyy.yyy.yyy:4500[yyy.yyy.yyy.yyy]...xxx.xxx.xxx.xxx:4500[192.168.254.200]===10.242.4.1/32
    2016:07:09-08:09:43 gw01-1 pluto[9657]: "S_My_Remote_Support"[2] xxx.xxx.xxx.xxx:4500 #47: sending encrypted notification INVALID_ID_INFORMATION to xxx.xxx.xxx.xxx:4500
    2016:07:09-08:09:44 gw01-1 pluto[9657]: "S_My_Remote_Support"[2] xxx.xxx.xxx.xxx:4500 #47: received Delete SA payload: deleting ISAKMP State #47
    2016:07:09-08:09:44 gw01-1 pluto[9657]: "S_My_Remote_Support"[2] xxx.xxx.xxx.xxx:4500: deleting connection "S_My_Remote_Support"[2] instance with peer xxx.xxx.xxx.xxx {isakmp=#0/ipsec=#0}
    2016:07:09-08:09:44 gw01-2 pluto[11604]: "S_My_Remote_Support"[2] xxx.xxx.xxx.xxx:4500: deleting connection "S_My_Remote_Support"[2] instance with peer xxx.xxx.xxx.xxx {isakmp=#0/ipsec=#0}

Unfiltered HTML