Got it

AR2220 IPSEC VPN Issues

Latest reply: Dec 14, 2017 09:22:40 2748 1 0 0 0
Hi All,

We replaced our clients cisco router with a HUAWEI AR2220E, but we are now unable to utililse the IPSEC VPN that was working previously. It looks to not even initiate Phase 1 - the IPSEC VPN is being initiated on a Sophos UTM.

Here is output of the log from the UTM (not debug), but can provide that is it will assist;

2017:12:14-09:11:55 bcmutm-2 pluto[3417]: adding interface eth0/eth0 10.10.0.254:4500
2017:12:14-09:11:55 bcmutm-2 pluto[3417]: adding interface lo/lo 127.0.0.1:500
2017:12:14-09:11:55 bcmutm-2 pluto[3417]: adding interface lo/lo 127.0.0.1:4500
2017:12:14-09:11:55 bcmutm-2 pluto[3417]: adding interface lo/lo ::1:500
2017:12:14-09:11:55 bcmutm-2 pluto[3417]: loading secrets from "/etc/ipsec.secrets"
2017:12:14-09:11:55 bcmutm-2 pluto[3417]: loaded PSK secret for 220.x.x.227 59.x.x.130
2017:12:14-09:11:55 bcmutm-2 pluto[3417]: HA System: not master, won't listen for IKE messages
2017:12:14-09:11:55 bcmutm-2 pluto[3417]: added connection description "S_Bxx IpSec Connection"
2017:12:14-09:11:55 bcmutm-2 pluto[3417]: added connection description "S_Bxx IpSec Connection"
2017:12:14-09:11:55 bcmutm-2 pluto[3417]: Pluto is now in slave mode
2017:12:14-09:12:05 bcmutm-1 pluto[18859]: "S_BxxIpSec Connection" #1: discarding duplicate packet; already STATE_MAIN_I3
2017:12:14-09:12:13 bcmutm-1 pluto[18859]: "S_Bxx IpSec Connection" #1: discarding duplicate packet; already STATE_MAIN_I3
2017:12:14-09:12:21 bcmutm-1 pluto[18859]: "S_Bxx IpSec Connection" #1: discarding duplicate packet; already STATE_MAIN_I3
2017:12:14-09:12:29 bcmutm-1 pluto[18859]: "S_Bxx IpSec Connection" #1: next payload type of ISAKMP Hash Payload has an unknown value: 254
2017:12:14-09:12:29 bcmutm-1 pluto[18859]: "S_Bxx IpSec Connection" #1: malformed payload in packet
2017:12:14-09:13:05 bcmutm-1 pluto[18859]: "S_Bxx IpSec Connection" #1: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message
2017:12:14-09:13:05 bcmutm-1 pluto[18859]: "S_Bxx IpSec Connection" #1: starting keying attempt 2 of an unlimited number
2017:12:14-09:13:05 bcmutm-1 pluto[18859]: "S_Bxx IpSec Connection" #2: initiating Main Mode to replace #1
2017:12:14-09:13:05 bcmutm-1 pluto[18859]: "S_Bxx IpSec Connection" #2: ignoring Vendor ID payload [FRAGMENTATION c0000000]
2017:12:14-09:13:05 bcmutm-1 pluto[18859]: "S_Bxx IpSec Connection" #2: ignoring Vendor ID payload [Cisco-Unity]
2017:12:14-09:13:05 bcmutm-1 pluto[18859]: "S_Bxx IpSec Connection" #2: received Vendor ID payload [XAUTH]
2017:12:14-09:13:05 bcmutm-1 pluto[18859]: "S_Bxx IpSec Connection" #2: ignoring Vendor ID payload [6f0421e63bb04ef80cdca67d290aa0a6]
2017:12:14-09:13:05 bcmutm-1 pluto[18859]: "S_Bxx IpSec Connection" #2: ignoring Vendor ID payload [Cisco VPN 3000 Series]
2017:12:14-09:13:15 bcmutm-1 pluto[18859]: "S_Bxx IpSec Connection" #2: discarding duplicate packet; already STATE_MAIN_I3
2017:12:14-09:13:23 bcmutm-1 pluto[18859]: "S_Bxx IpSec Connection" #2: discarding duplicate packet; already STATE_MAIN_I3

Any suggestions would be great!!

Thanks,

Daniel

  • x
  • convention:

WoodWood
Created Dec 14, 2017 09:22:40

waiting for help
View more
  • x
  • convention:

Comment

You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.