Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 1 reply
  • Subscribers 2 subscribers
  • Views 8217 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to successfully setup site-to-site VPN with peer Cisco router

astiadmin

Hi all,

I want to setup a site-to-site VPN between our ASG120 and a customers Cisco router. It seems to be fine for Phase 1 -> "ISAKMP SA established". But afterwards all I get is this:

 

2017:01:24-14:02:45 asti-2 pluto[5761]: "S_Customer" #132: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#131}
2017:01:24-14:02:45 asti-2 pluto[5761]: "S_Customer" #133: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#131}
2017:01:24-14:02:45 asti-2 pluto[5761]: "S_Customer" #134: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#131}
2017:01:24-14:02:45 asti-2 pluto[5761]: "S_Customer" #135: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#131}
2017:01:24-14:02:45 asti-2 pluto[5761]: "S_Customer" #136: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#131}
2017:01:24-14:02:45 asti-2 pluto[5761]: "S_Customer" #137: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#131}
2017:01:24-14:02:45 asti-2 pluto[5761]: "S_Customer" #131: ignoring informational payload, type NO_PROPOSAL_CHOSEN
2017:01:24-14:02:45 asti-2 pluto[5761]: "S_Customer" #131: ignoring informational payload, type NO_PROPOSAL_CHOSEN
2017:01:24-14:02:45 asti-2 pluto[5761]: "S_Customer" #131: ignoring informational payload, type NO_PROPOSAL_CHOSEN
2017:01:24-14:02:45 asti-2 pluto[5761]: "S_Customer" #131: ignoring informational payload, type NO_PROPOSAL_CHOSEN
2017:01:24-14:02:45 asti-2 pluto[5761]: "S_Customer" #131: ignoring informational payload, type NO_PROPOSAL_CHOSEN
2017:01:24-14:02:46 asti-2 pluto[5761]: "S_Customer" #131: ignoring informational payload, type NO_PROPOSAL_CHOSEN
2017:01:24-14:03:55 asti-2 pluto[5761]: "S_Customer" #137: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
2017:01:24-14:03:55 asti-2 pluto[5761]: "S_Customer" #137: starting keying attempt 2 of an unlimited number
2017:01:24-14:03:55 asti-2 pluto[5761]: "S_Customer" #138: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP to replace #137 {using isakmp#131}
2017:01:24-14:03:55 asti-2 pluto[5761]: "S_Customer" #136: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
2017:01:24-14:03:55 asti-2 pluto[5761]: "S_Customer" #136: starting keying attempt 2 of an unlimited number
2017:01:24-14:03:55 asti-2 pluto[5761]: "S_Customer" #139: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP to replace #136 {using isakmp#131}
2017:01:24-14:03:55 asti-2 pluto[5761]: "S_Customer" #135: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
2017:01:24-14:03:55 asti-2 pluto[5761]: "S_Customer" #135: starting keying attempt 2 of an unlimited number
2017:01:24-14:03:55 asti-2 pluto[5761]: "S_Customer" #140: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP to replace #135 {using isakmp#131}
2017:01:24-14:03:55 asti-2 pluto[5761]: "S_Customer" #134: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
2017:01:24-14:03:55 asti-2 pluto[5761]: "S_Customer" #134: starting keying attempt 2 of an unlimited number
2017:01:24-14:03:55 asti-2 pluto[5761]: "S_Customer" #141: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP to replace #134 {using isakmp#131}
2017:01:24-14:03:55 asti-2 pluto[5761]: "S_Customer" #133: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
2017:01:24-14:03:55 asti-2 pluto[5761]: "S_Customer" #133: starting keying attempt 2 of an unlimited number
2017:01:24-14:03:55 asti-2 pluto[5761]: "S_Customer" #142: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP to replace #133 {using isakmp#131}
2017:01:24-14:03:55 asti-2 pluto[5761]: "S_Customer" #132: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
2017:01:24-14:03:55 asti-2 pluto[5761]: "S_Customer" #132: starting keying attempt 2 of an unlimited number
2017:01:24-14:03:55 asti-2 pluto[5761]: "S_Customer" #143: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP to replace #132 {using isakmp#131}
2017:01:24-14:03:55 asti-2 pluto[5761]: "S_Customer" #131: ignoring informational payload, type NO_PROPOSAL_CHOSEN
2017:01:24-14:03:55 asti-2 pluto[5761]: "S_Customer" #131: ignoring informational payload, type NO_PROPOSAL_CHOSEN
2017:01:24-14:03:55 asti-2 pluto[5761]: "S_Customer" #131: ignoring informational payload, type NO_PROPOSAL_CHOSEN
2017:01:24-14:03:55 asti-2 pluto[5761]: "S_Customer" #131: ignoring informational payload, type NO_PROPOSAL_CHOSEN
2017:01:24-14:03:55 asti-2 pluto[5761]: "S_Customer" #131: ignoring informational payload, type NO_PROPOSAL_CHOSEN
2017:01:24-14:03:55 asti-2 pluto[5761]: "S_Customer" #131: ignoring informational payload, type NO_PROPOSAL_CHOSEN

 

We tried every possible solution even with the customer on the phone and watching me through shared desktop. But we could not find what the problem is. Actually the SG is at one of our remote sites that are connected to our main office (where I am located) through an existing site-to-site VPN and I have to be careful to not kill this connection. I already read something about disabling NAT-T but didn't dare to try.

Any help is appreciated!

Thanks
Daniel



This thread was automatically locked due to age.
Unfiltered HTML