Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 3 subscribers
  • Views 18663 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM9 (9.404-5) Cisco VPN to MacOS 10.11

MircoSchmiidt

Hi all,

at a client-Site we've setup Cisco-IPSec VPN and can connect with the iPhone's to that connection. But when trying to connect to that same setup with the MacOS 10.11.5 builtin Cisco VPN Client all I get is the following error:

in the live-view on UTM9 I see the following:

2016:07:07-18:03:35 fw pluto[6306]: packet from IP-ADDRESS:500: received Vendor ID payload [RFC 3947]
2016:07:07-18:03:35 fw pluto[6306]: packet from IP-ADDRESS:500: ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]
2016:07:07-18:03:35 fw pluto[6306]: packet from IP-ADDRESS:500: ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
2016:07:07-18:03:35 fw pluto[6306]: packet from IP-ADDRESS:500: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
2016:07:07-18:03:35 fw pluto[6306]: packet from IP-ADDRESS:500: ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
2016:07:07-18:03:35 fw pluto[6306]: packet from IP-ADDRESS:500: ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
2016:07:07-18:03:35 fw pluto[6306]: packet from IP-ADDRESS:500: ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
2016:07:07-18:03:35 fw pluto[6306]: packet from IP-ADDRESS:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
2016:07:07-18:03:35 fw pluto[6306]: packet from IP-ADDRESS:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
2016:07:07-18:03:35 fw pluto[6306]: packet from IP-ADDRESS:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2016:07:07-18:03:35 fw pluto[6306]: packet from IP-ADDRESS:500: received Vendor ID payload [XAUTH]
2016:07:07-18:03:35 fw pluto[6306]: packet from IP-ADDRESS:500: ignoring Vendor ID payload [Cisco-Unity]
2016:07:07-18:03:35 fw pluto[6306]: packet from IP-ADDRESS:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
2016:07:07-18:03:35 fw pluto[6306]: packet from IP-ADDRESS:500: received Vendor ID payload [Dead Peer Detection]
2016:07:07-18:03:35 fw pluto[6306]: "D_for VPN erlauben to Internal (Network)-1"[14] IP-ADDRESS #417: responding to Main Mode from unknown peer IP-ADDRESS
2016:07:07-18:03:35 fw pluto[6306]: "D_for VPN erlauben to Internal (Network)-1"[14] IP-ADDRESS #417: NAT-Traversal: Result using RFC 3947: peer is NATed

I'm aware of some posts:

https://community.sophos.com/products/unified-threat-management/f/58/t/55493

https://community.sophos.com/products/unified-threat-management/f/68/t/61522

but none of them solves the issue or has specific hints

and I also tried https://community.sophos.com/kb/de-de/116132 but even that didn't work...

I could use some help to get it to work



This thread was automatically locked due to age.
Parents
  • 0

    Hi, Mirco, and welcome to the UTM Community!

    Please insert a picture of the Einstellungen in the MacOS client.  Also, show us the next few lines from the IPsec log after those above.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi hi,

    here's the Settings I've in macOS:

    and here's a longer log from the last connect:

    2016:07:10-09:53:39 fw pluto[6306]: packet from theotherip:500: received Vendor ID payload [RFC 3947]
    2016:07:10-09:53:39 fw pluto[6306]: packet from theotherip:500: ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]
    2016:07:10-09:53:39 fw pluto[6306]: packet from theotherip:500: ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
    2016:07:10-09:53:39 fw pluto[6306]: packet from theotherip:500: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
    2016:07:10-09:53:39 fw pluto[6306]: packet from theotherip:500: ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
    2016:07:10-09:53:39 fw pluto[6306]: packet from theotherip:500: ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
    2016:07:10-09:53:39 fw pluto[6306]: packet from theotherip:500: ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
    2016:07:10-09:53:39 fw pluto[6306]: packet from theotherip:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
    2016:07:10-09:53:39 fw pluto[6306]: packet from theotherip:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
    2016:07:10-09:53:39 fw pluto[6306]: packet from theotherip:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
    2016:07:10-09:53:39 fw pluto[6306]: packet from theotherip:500: received Vendor ID payload [XAUTH]
    2016:07:10-09:53:39 fw pluto[6306]: packet from theotherip:500: ignoring Vendor ID payload [Cisco-Unity]
    2016:07:10-09:53:39 fw pluto[6306]: packet from theotherip:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
    2016:07:10-09:53:39 fw pluto[6306]: packet from theotherip:500: received Vendor ID payload [Dead Peer Detection]
    2016:07:10-09:53:39 fw pluto[6306]: "D_User IPsec-0"[1] theotherip #538: responding to Main Mode from unknown peer theotherip
    2016:07:10-09:53:39 fw pluto[6306]: "D_User IPsec-0"[1] theotherip #538: NAT-Traversal: Result using RFC 3947: peer is NATed
    2016:07:10-09:54:50 fw pluto[6306]: "D_User IPsec-0"[1] theotherip #538: max number of retransmissions (2) reached STATE_MAIN_R2
    2016:07:10-09:54:50 fw pluto[6306]: "D_User IPsec-0"[1] theotherip: deleting connection "D_User IPsec-0"[1] instance with peer theotherip {isakmp=#0/ipsec=#0

  • 0 in reply to MircoSchmiidt

    Come on guys no one able to help?

  • 0 in reply to MircoSchmiidt

    I think we need to see what's behind [Weitere Optionen].

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob,

    I don't think that will help:

    THX anyway

  • 0 in reply to MircoSchmiidt

    This is an interesting puzzle!  I just now noticed that about 70 seconds pass before "max number of retransmissions (2) reached STATE_MAIN_R2" is logged.  That makes your situation identical to the one described by fireb in the German Forum linked to in your first post above.  There was no resolution there, nor did Google lead me to any other answer.

    The IPsec conversation dies at a point that makes me suspect the topology of your test - where was your Mac when the test occured?  Have you tried connecting back to the UTM when using your Mac at a public hotspot?  Can we get a log from the Mac for a failed Cisco connection attempt?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to MircoSchmiidt

    This is an interesting puzzle!  I just now noticed that about 70 seconds pass before "max number of retransmissions (2) reached STATE_MAIN_R2" is logged.  That makes your situation identical to the one described by fireb in the German Forum linked to in your first post above.  There was no resolution there, nor did Google lead me to any other answer.

    The IPsec conversation dies at a point that makes me suspect the topology of your test - where was your Mac when the test occured?  Have you tried connecting back to the UTM when using your Mac at a public hotspot?  Can we get a log from the Mac for a failed Cisco connection attempt?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
Unfiltered HTML