I'm trying to set up an VPn tunnel to a Sophos UTM 9.x with the following configuration
ISAKMP SA - Phase 1
-------------------
Authentication Method : Preshard Key
Preshared Key (*) : - shared via telephone
Hash Algorithm : MD5
Encryption Algorithm : AES256
Diffie-Hellman Group : 14
Life Time (seconds) : 28800
IPSec SA - Phase 2
------------------
Hash Algorithm : MD5
Encryption Algorithm : AES256
Life Time (seconds) : 3600 sec
PFS (yes/no) : yes
PFS Group : 14
Compression (yes/no) : no
Identifier: IP
we checked the configuration on both sites an tried to change configurations like hash algorithm IKE mode and so on but we get no connection:
LOG said:
Sep 22 09:41:23 lu-fwclearos-01 pluto[29221]: "10_137_1_1_to_10_88_3_0" #30: initiating Main Mode to replace #29
Sep 22 09:41:23 lu-fwclearos-01 pluto[29221]: deleting state #29 (STATE_MAIN_I1)
Sep 22 09:42:19 lu-fwclearos-01 pluto[29221]: pending Quick Mode with 89.31.1.194 "10_137_1_1_to_10_88_3_0" took too long -- replacing phase 1
Sep 22 09:42:19 lu-fwclearos-01 pluto[29221]: "10_137_1_1_to_10_88_3_0" #31: initiating Main Mode to replace #30
Sep 22 09:42:19 lu-fwclearos-01 pluto[29221]: "10_137_1_1_to_10_88_3_0" #30: deleting state #30 (STATE_MAIN_I1)
Sep 22 09:43:23 lu-fwclearos-01 pluto[29221]: "10_137_1_1_to_10_88_3_0" #31: max number of retransmissions (8) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKEv1 message
Sep 22 09:43:23 lu-fwclearos-01 pluto[29221]: "10_137_1_1_to_10_88_3_0" #31: starting keying attempt 2 of an unlimited number
Sep 22 09:43:23 lu-fwclearos-01 pluto[29221]: "10_137_1_1_to_10_88_3_0" #32: initiating Main Mode to replace #31
Sep 22 09:43:23 lu-fwclearos-01 pluto[29221]: deleting state #31 (STATE_MAIN_I1)
Sep 22 09:44:19 lu-fwclearos-01 pluto[29221]: pending Quick Mode with 89.31.1.194 "10_137_1_1_to_10_88_3_0" took too long -- replacing phase 1
Sep 22 09:44:19 lu-fwclearos-01 pluto[29221]: "10_137_1_1_to_10_88_3_0" #33: initiating Main Mode to replace #32
Sep 22 09:44:19 lu-fwclearos-01 pluto[29221]: "10_137_1_1_to_10_88_3_0" #32: deleting state #32 (STATE_MAIN_I1)
Sep 22 09:45:23 lu-fwclearos-01 pluto[29221]: "10_137_1_1_to_10_88_3_0" #33: max number of retransmissions (8) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKEv1 message
Sep 22 09:45:23 lu-fwclearos-01 pluto[29221]: "10_137_1_1_to_10_88_3_0" #33: starting keying attempt 2 of an unlimited number
Sep 22 09:45:23 lu-fwclearos-01 pluto[29221]: "10_137_1_1_to_10_88_3_0" #34: initiating Main Mode to replace #33
Sep 22 09:45:23 lu-fwclearos-01 pluto[29221]: deleting state #33 (STATE_MAIN_I1)
ISAKMP SA - Phase 1
-------------------
Authentication Method : Preshard Key
Preshared Key (*) : - shared via telephone
Hash Algorithm : MD5
Encryption Algorithm : AES256
Diffie-Hellman Group : 14
Life Time (seconds) : 28800
IPSec SA - Phase 2
------------------
Hash Algorithm : MD5
Encryption Algorithm : AES256
Life Time (seconds) : 3600 sec
PFS (yes/no) : yes
PFS Group : 14
Compression (yes/no) : no
Identifier: IP
we checked the configuration on both sites an tried to change configurations like hash algorithm IKE mode and so on but we get no connection:
LOG said:
Sep 22 09:41:23 lu-fwclearos-01 pluto[29221]: "10_137_1_1_to_10_88_3_0" #30: initiating Main Mode to replace #29
Sep 22 09:41:23 lu-fwclearos-01 pluto[29221]: deleting state #29 (STATE_MAIN_I1)
Sep 22 09:42:19 lu-fwclearos-01 pluto[29221]: pending Quick Mode with 89.31.1.194 "10_137_1_1_to_10_88_3_0" took too long -- replacing phase 1
Sep 22 09:42:19 lu-fwclearos-01 pluto[29221]: "10_137_1_1_to_10_88_3_0" #31: initiating Main Mode to replace #30
Sep 22 09:42:19 lu-fwclearos-01 pluto[29221]: "10_137_1_1_to_10_88_3_0" #30: deleting state #30 (STATE_MAIN_I1)
Sep 22 09:43:23 lu-fwclearos-01 pluto[29221]: "10_137_1_1_to_10_88_3_0" #31: max number of retransmissions (8) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKEv1 message
Sep 22 09:43:23 lu-fwclearos-01 pluto[29221]: "10_137_1_1_to_10_88_3_0" #31: starting keying attempt 2 of an unlimited number
Sep 22 09:43:23 lu-fwclearos-01 pluto[29221]: "10_137_1_1_to_10_88_3_0" #32: initiating Main Mode to replace #31
Sep 22 09:43:23 lu-fwclearos-01 pluto[29221]: deleting state #31 (STATE_MAIN_I1)
Sep 22 09:44:19 lu-fwclearos-01 pluto[29221]: pending Quick Mode with 89.31.1.194 "10_137_1_1_to_10_88_3_0" took too long -- replacing phase 1
Sep 22 09:44:19 lu-fwclearos-01 pluto[29221]: "10_137_1_1_to_10_88_3_0" #33: initiating Main Mode to replace #32
Sep 22 09:44:19 lu-fwclearos-01 pluto[29221]: "10_137_1_1_to_10_88_3_0" #32: deleting state #32 (STATE_MAIN_I1)
Sep 22 09:45:23 lu-fwclearos-01 pluto[29221]: "10_137_1_1_to_10_88_3_0" #33: max number of retransmissions (8) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKEv1 message
Sep 22 09:45:23 lu-fwclearos-01 pluto[29221]: "10_137_1_1_to_10_88_3_0" #33: starting keying attempt 2 of an unlimited number
Sep 22 09:45:23 lu-fwclearos-01 pluto[29221]: "10_137_1_1_to_10_88_3_0" #34: initiating Main Mode to replace #33
Sep 22 09:45:23 lu-fwclearos-01 pluto[29221]: deleting state #33 (STATE_MAIN_I1)
Share this post:
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »