UTM9 (9.404-5) Cisco VPN to MacOS 10.11

Hi, Mirco, and welcome to the UTM Community!

Please insert a picture of the Einstellungen in the MacOS client.  Also, show us the next few lines from the IPsec log after those above.

Cheers - Bob

Hi hi,

here's the Settings I've in macOS:

and here's a longer log from the last connect:

2016:07:10-09:53:39 fw pluto[6306]: packet from theotherip:500: received Vendor ID payload [RFC 3947]
2016:07:10-09:53:39 fw pluto[6306]: packet from theotherip:500: ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]
2016:07:10-09:53:39 fw pluto[6306]: packet from theotherip:500: ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
2016:07:10-09:53:39 fw pluto[6306]: packet from theotherip:500: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
2016:07:10-09:53:39 fw pluto[6306]: packet from theotherip:500: ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
2016:07:10-09:53:39 fw pluto[6306]: packet from theotherip:500: ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
2016:07:10-09:53:39 fw pluto[6306]: packet from theotherip:500: ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
2016:07:10-09:53:39 fw pluto[6306]: packet from theotherip:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
2016:07:10-09:53:39 fw pluto[6306]: packet from theotherip:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
2016:07:10-09:53:39 fw pluto[6306]: packet from theotherip:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2016:07:10-09:53:39 fw pluto[6306]: packet from theotherip:500: received Vendor ID payload [XAUTH]
2016:07:10-09:53:39 fw pluto[6306]: packet from theotherip:500: ignoring Vendor ID payload [Cisco-Unity]
2016:07:10-09:53:39 fw pluto[6306]: packet from theotherip:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
2016:07:10-09:53:39 fw pluto[6306]: packet from theotherip:500: received Vendor ID payload [Dead Peer Detection]
2016:07:10-09:53:39 fw pluto[6306]: "D_User IPsec-0"[1] theotherip #538: responding to Main Mode from unknown peer theotherip
2016:07:10-09:53:39 fw pluto[6306]: "D_User IPsec-0"[1] theotherip #538: NAT-Traversal: Result using RFC 3947: peer is NATed
2016:07:10-09:54:50 fw pluto[6306]: "D_User IPsec-0"[1] theotherip #538: max number of retransmissions (2) reached STATE_MAIN_R2
2016:07:10-09:54:50 fw pluto[6306]: "D_User IPsec-0"[1] theotherip: deleting connection "D_User IPsec-0"[1] instance with peer theotherip {isakmp=#0/ipsec=#0

Hi hi,

here's the Settings I've in macOS:

and here's a longer log from the last connect:

2016:07:10-09:53:39 fw pluto[6306]: packet from theotherip:500: received Vendor ID payload [RFC 3947]
2016:07:10-09:53:39 fw pluto[6306]: packet from theotherip:500: ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]
2016:07:10-09:53:39 fw pluto[6306]: packet from theotherip:500: ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
2016:07:10-09:53:39 fw pluto[6306]: packet from theotherip:500: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
2016:07:10-09:53:39 fw pluto[6306]: packet from theotherip:500: ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
2016:07:10-09:53:39 fw pluto[6306]: packet from theotherip:500: ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
2016:07:10-09:53:39 fw pluto[6306]: packet from theotherip:500: ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
2016:07:10-09:53:39 fw pluto[6306]: packet from theotherip:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
2016:07:10-09:53:39 fw pluto[6306]: packet from theotherip:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
2016:07:10-09:53:39 fw pluto[6306]: packet from theotherip:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2016:07:10-09:53:39 fw pluto[6306]: packet from theotherip:500: received Vendor ID payload [XAUTH]
2016:07:10-09:53:39 fw pluto[6306]: packet from theotherip:500: ignoring Vendor ID payload [Cisco-Unity]
2016:07:10-09:53:39 fw pluto[6306]: packet from theotherip:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
2016:07:10-09:53:39 fw pluto[6306]: packet from theotherip:500: received Vendor ID payload [Dead Peer Detection]
2016:07:10-09:53:39 fw pluto[6306]: "D_User IPsec-0"[1] theotherip #538: responding to Main Mode from unknown peer theotherip
2016:07:10-09:53:39 fw pluto[6306]: "D_User IPsec-0"[1] theotherip #538: NAT-Traversal: Result using RFC 3947: peer is NATed
2016:07:10-09:54:50 fw pluto[6306]: "D_User IPsec-0"[1] theotherip #538: max number of retransmissions (2) reached STATE_MAIN_R2
2016:07:10-09:54:50 fw pluto[6306]: "D_User IPsec-0"[1] theotherip: deleting connection "D_User IPsec-0"[1] instance with peer theotherip {isakmp=#0/ipsec=#0

Come on guys no one able to help?

I think we need to see what's behind [Weitere Optionen].

Cheers - Bob

Hi Bob,

I don't think that will help:

THX anyway

This is an interesting puzzle!  I just now noticed that about 70 seconds pass before "max number of retransmissions (2) reached STATE_MAIN_R2" is logged.  That makes your situation identical to the one described by fireb in the German Forum linked to in your first post above.  There was no resolution there, nor did Google lead me to any other answer.

The IPsec conversation dies at a point that makes me suspect the topology of your test - where was your Mac when the test occured?  Have you tried connecting back to the UTM when using your Mac at a public hotspot?  Can we get a log from the Mac for a failed Cisco connection attempt?

Cheers - Bob

Is there any solution for this problem now? I have the same, I also can't connect via macOS Cisco VPN.