Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 14 replies
  • Answers 3 answers
  • Subscribers 2 subscribers
  • Views 24189 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSec Tunnel between UTM 9 and Pfsense 2.4.1

ciwan

Hi Guys

 

I'd be appreciate if someone help me with this crazy (yet should be well easy) IPSec Tunnel between two FWs. I followed this dude's vlog, but i got no luck yet..

This is what I see from IPSEC VPN* log from Webadmin portal of UTM9 ...

 

Office1" #320503: max number of retransmissions (2) reached STATE_MAIN_I2
2017:11:14-08:53:55 89 pluto[5611]: "Office1" #320503: starting keying attempt 2 of an unlimited number
2017:11:14-08:53:55 89 pluto[5611]: "Office1" #320506: initiating Main Mode to replace #320503
2017:11:14-08:53:55 89 pluto[5611]: "Office1" #320506: received Vendor ID payload [XAUTH]
2017:11:14-08:53:55 89 pluto[5611]: "Office1" #320506: received Vendor ID payload [Dead Peer Detection]
2017:11:14-08:53:55 89 pluto[5611]: "Office1" #320506: received Vendor ID payload [RFC 3947]
2017:11:14-08:53:55 89 pluto[5611]: "Office1" #320506: enabling possible NAT-traversal with method 3
2017:11:14-08:53:55 89 pluto[5611]: "Office1" #320506: Informational Exchange message must be encrypted
 
I have other 3 active IPSec tunnels which are between other UTMs. On PFsense i have another 3 active mainly from AWS VPN.
From the pfsense this is what i see
 
 
ov 14 08:17:42 charon 11[IKE] <con8000|1055> initiating Main Mode IKE_SA con8000[1055] to 10.254.254.126
Nov 14 08:17:42 charon 11[ENC] <con8000|1055> generating ID_PROT request 0 [ SA V V V V V ]
Nov 14 08:17:42 charon 11[NET] <con8000|1055> sending packet: from 77.75.101.166[500] to 10.254.254.126[500] (180 bytes)
 
PFSense is on Connecting mode and then disconnects..
 


This thread was automatically locked due to age.
  • 0 in reply to ciwan

    The 'Responder only' checkbox was not selected in the pfSense in the document you attached above.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Yeah tried that too, same error message i am getting... so no joy.. i believe this is something to do with UTM nat'd and somehow it can't communicate with pfsense.

  • 0 in reply to ciwan

    One last thing to try.  On the 'Advanced' tab of 'IPsec', select 'VPN ID type: IP address' and use the public IP of the router in front of the UTM as the VPN ID.  Any luck with that?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Cheers Bob. If i do that then other IPSecs stops working. Anyway I guess the issue is how we set up the UTM by the look of it. I'll try your suggestion sometime and will post the result.

    Thanks 

Unfiltered HTML