Hi All,
We replaced our clients cisco router with a HUAWEI AR2220E, but we are now unable to utililse the IPSEC VPN that was working previously. It looks to not even initiate Phase 1 - the IPSEC VPN is being initiated on a Sophos UTM.
Here is output of the log from the UTM (not debug), but can provide that is it will assist;
2017:12:14-09:11:55 bcmutm-2 pluto[3417]: adding interface eth0/eth0 10.10.0.254:4500
2017:12:14-09:11:55 bcmutm-2 pluto[3417]: adding interface lo/lo 127.0.0.1:500
2017:12:14-09:11:55 bcmutm-2 pluto[3417]: adding interface lo/lo 127.0.0.1:4500
2017:12:14-09:11:55 bcmutm-2 pluto[3417]: adding interface lo/lo ::1:500
2017:12:14-09:11:55 bcmutm-2 pluto[3417]: loading secrets from "/etc/ipsec.secrets"
2017:12:14-09:11:55 bcmutm-2 pluto[3417]: loaded PSK secret for 220.x.x.227 59.x.x.130
2017:12:14-09:11:55 bcmutm-2 pluto[3417]: HA System: not master, won't listen for IKE messages
2017:12:14-09:11:55 bcmutm-2 pluto[3417]: added connection description "S_Bxx IpSec Connection"
2017:12:14-09:11:55 bcmutm-2 pluto[3417]: added connection description "S_Bxx IpSec Connection"
2017:12:14-09:11:55 bcmutm-2 pluto[3417]: Pluto is now in slave mode
2017:12:14-09:12:05 bcmutm-1 pluto[18859]: "S_BxxIpSec Connection" #1: discarding duplicate packet; already STATE_MAIN_I3
2017:12:14-09:12:13 bcmutm-1 pluto[18859]: "S_Bxx IpSec Connection" #1: discarding duplicate packet; already STATE_MAIN_I3
2017:12:14-09:12:21 bcmutm-1 pluto[18859]: "S_Bxx IpSec Connection" #1: discarding duplicate packet; already STATE_MAIN_I3
2017:12:14-09:12:29 bcmutm-1 pluto[18859]: "S_Bxx IpSec Connection" #1: next payload type of ISAKMP Hash Payload has an unknown value: 254
2017:12:14-09:12:29 bcmutm-1 pluto[18859]: "S_Bxx IpSec Connection" #1: malformed payload in packet
2017:12:14-09:13:05 bcmutm-1 pluto[18859]: "S_Bxx IpSec Connection" #1: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message
2017:12:14-09:13:05 bcmutm-1 pluto[18859]: "S_Bxx IpSec Connection" #1: starting keying attempt 2 of an unlimited number
2017:12:14-09:13:05 bcmutm-1 pluto[18859]: "S_Bxx IpSec Connection" #2: initiating Main Mode to replace #1
2017:12:14-09:13:05 bcmutm-1 pluto[18859]: "S_Bxx IpSec Connection" #2: ignoring Vendor ID payload [FRAGMENTATION c0000000]
2017:12:14-09:13:05 bcmutm-1 pluto[18859]: "S_Bxx IpSec Connection" #2: ignoring Vendor ID payload [Cisco-Unity]
2017:12:14-09:13:05 bcmutm-1 pluto[18859]: "S_Bxx IpSec Connection" #2: received Vendor ID payload [XAUTH]
2017:12:14-09:13:05 bcmutm-1 pluto[18859]: "S_Bxx IpSec Connection" #2: ignoring Vendor ID payload [6f0421e63bb04ef80cdca67d290aa0a6]
2017:12:14-09:13:05 bcmutm-1 pluto[18859]: "S_Bxx IpSec Connection" #2: ignoring Vendor ID payload [Cisco VPN 3000 Series]
2017:12:14-09:13:15 bcmutm-1 pluto[18859]: "S_Bxx IpSec Connection" #2: discarding duplicate packet; already STATE_MAIN_I3
2017:12:14-09:13:23 bcmutm-1 pluto[18859]: "S_Bxx IpSec Connection" #2: discarding duplicate packet; already STATE_MAIN_I3
Any suggestions would be great!!
Thanks,
Daniel
AR2220 IPSEC VPN Issues
Created: Dec 13, 2017 23:17:10Latest reply: Dec 14, 2017 09:22:40
2846
1
0
0
0
- x
- convention:
|
|
Comment
Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
- Politically sensitive content
- Content concerning pornography, gambling, and drug abuse
- Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
