This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site to site VPN - IP Sec stop working

Hello,

I'm troubleshooting Site to Site VPN connection for 2-3 weeks already and still didn't find solution. We have S2S connection between our head office and remote site and connection was working fine for 3 years and now just stopped working.  I reached out to our ISP providers to check if they are blocking IP address on port 500 and as they confirmed everything is open on their end. 

Since we have 2 interfaces on both sites (primary internet line and slower backup line) i tried to establish connection with another interfaces and that worked without a problem. I was able to connect main office primary line with  remote office slower backup line and vice versa, but we need maximum from our tunnel and we would like to get primary lines connected.

I ran live logs on both ends and only what i notice is on remote site:

 

2018:12:03-22:13:14 gatewaycham pluto[12756]: "S_stayner respond"[1] 20.80.101.78 #2: responding to Main Mode from unknown peer 20.80.101.78
2018:12:03-22:13:44 gatewaycham pluto[12756]: "S_stayner respond"[1] 20.80.101.78 #1: max number of retransmissions (2) reached STATE_MAIN_R1
2018:12:03-22:13:54 gatewaycham pluto[12756]: packet from 20.80.101.78:500: received Vendor ID payload [strongSwan]
2018:12:03-22:13:54 gatewaycham pluto[12756]: packet from 20.80.101.78:500: ignoring Vendor ID payload [Cisco-Unity]
2018:12:03-22:13:54 gatewaycham pluto[12756]: packet from 20.80.101.78:500: received Vendor ID payload [XAUTH]
2018:12:03-22:13:54 gatewaycham pluto[12756]: packet from 20.80.101.78:500: received Vendor ID payload [Dead Peer Detection]
2018:12:03-22:13:54 gatewaycham pluto[12756]: packet from 20.80.101.78:500: received Vendor ID payload [RFC 3947]
2018:12:03-22:13:54 gatewaycham pluto[12756]: packet from 20.80.101.78:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
2018:12:03-22:13:54 gatewaycham pluto[12756]: packet from 20.80.101.78:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
2018:12:03-22:13:54 gatewaycham pluto[12756]: packet from 20.80.101.78:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2018:12:03-22:13:54 gatewaycham pluto[12756]: packet from 20.80.101.78:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
2018:12:03-22:13:54 gatewaycham pluto[12756]: "S_stayner respond"[1] 20.80.101.78 #3: responding to Main Mode from unknown peer 20.80.101.78
2018:12:03-22:14:24 gatewaycham pluto[12756]: "S_stayner respond"[1] 20.80.101.78 #2: max number of retransmissions (2) reached STATE_MAIN_R1

Thank you,

Denis

 



This thread was automatically locked due to age.
Parents Reply Children
  • Hi Alexander,

     

    Yes, UTM is on both ends.

     

    20.80.101.78 is on 9.505-4 and remote side is on 9.508-10

    Thank you,

    Denis

  • Hi Denis,

    Please show pictures of the Edits of the IPsec Connection and the Remote Gateway from both UTMs.  Also, we need to see a little more of the log.  In the remote site, try:

    1. Confirm that Debug is not enabled.
    2. Disable the IPsec Connection.
    3. Start the IPsec Live Log and wait for it to begin to populate.
    4. Enable the IPsec Connection.
    5. Show us about 60 lines from enabling through the failure to connect.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

     

    please find attached logs from both sites.

     

    2018:12:03-22:05:01 gateway pluto[6791]: loaded ca certificate from '/etc/ipsec.d/cacerts/VPN Signing CA.pem'
    2018:12:03-22:05:01 gateway pluto[6791]: loading aa certificates from '/etc/ipsec.d/aacerts'
    2018:12:03-22:05:01 gateway pluto[6791]: loading ocsp certificates from '/etc/ipsec.d/ocspcerts'
    2018:12:03-22:05:01 gateway pluto[6791]: loading attribute certificates from '/etc/ipsec.d/acerts'
    2018:12:03-22:05:01 gateway pluto[6791]: Changing to directory '/etc/ipsec.d/crls'
    2018:12:03-22:05:01 gateway ipsec_starter[6777]: no default route - cannot cope with %defaultroute!!!
    2018:12:03-22:05:01 gateway pluto[6791]: "S_initiate chambly": deleting connection
    2018:12:03-22:05:01 gateway pluto[6791]: "S_initiate chambly" #425: deleting state (STATE_MAIN_I1)
    2018:12:03-22:05:01 gateway pluto[6791]: "S_initiate chambly" #424: deleting state (STATE_QUICK_I2)
    2018:12:03-22:05:01 gateway pluto[6791]: id="2204" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN down" variant="ipsec" connection="initiate chambly" address="208.80.99.58" local_net="192.1.3.0/24" remote_net="192.168.123.0/24"
    2018:12:03-22:07:28 gateway pluto[6791]: forgetting secrets
    2018:12:03-22:07:28 gateway pluto[6791]: loading secrets from "/etc/ipsec.secrets"
    2018:12:03-22:07:28 gateway pluto[6791]: loaded PSK secret for 208.80.99.58 204.101.50.2
    2018:12:03-22:07:28 gateway pluto[6791]: loaded PSK secret for 208.80.99.58 69.159.233.98
    2018:12:03-22:07:28 gateway pluto[6791]: loaded PSK secret for 208.80.99.58 158.106.89.25
    2018:12:03-22:07:28 gateway pluto[6791]: loaded PSK secret for 208.80.99.58 %any
    2018:12:03-22:07:28 gateway pluto[6791]: listening for IKE messages
    2018:12:03-22:07:28 gateway pluto[6791]: forgetting secrets
    2018:12:03-22:07:28 gateway pluto[6791]: loading secrets from "/etc/ipsec.secrets"
    2018:12:03-22:07:28 gateway pluto[6791]: loaded PSK secret for 208.80.99.58 204.101.50.2
    2018:12:03-22:07:28 gateway pluto[6791]: loaded PSK secret for 208.80.99.58 69.159.233.98
    2018:12:03-22:07:28 gateway pluto[6791]: loaded PSK secret for 208.80.99.58 158.106.89.25
    2018:12:03-22:07:28 gateway pluto[6791]: loaded PSK secret for 208.80.99.58 %any
    2018:12:03-22:07:28 gateway pluto[6791]: loading ca certificates from '/etc/ipsec.d/cacerts'
    2018:12:03-22:07:28 gateway pluto[6791]: loaded ca certificate from '/etc/ipsec.d/cacerts/VPN Signing CA.pem'
    2018:12:03-22:07:28 gateway pluto[6791]: loading aa certificates from '/etc/ipsec.d/aacerts'
    2018:12:03-22:07:28 gateway pluto[6791]: loading ocsp certificates from '/etc/ipsec.d/ocspcerts'
    2018:12:03-22:07:28 gateway pluto[6791]: loading attribute certificates from '/etc/ipsec.d/acerts'
    2018:12:03-22:07:28 gateway pluto[6791]: Changing to directory '/etc/ipsec.d/crls'
    2018:12:03-22:07:28 gateway ipsec_starter[6777]: no default route - cannot cope with %defaultroute!!!
    2018:12:03-22:07:28 gateway pluto[6791]: added connection description "S_initiate chambly"
    2018:12:03-22:07:28 gateway pluto[6791]: "S_initiate chambly" #426: initiating Main Mode
    2018:12:03-22:11:03 gateway pluto[6791]: forgetting secrets
    2018:12:03-22:11:03 gateway pluto[6791]: loading secrets from "/etc/ipsec.secrets"
    2018:12:03-22:11:03 gateway pluto[6791]: loaded PSK secret for 208.80.99.58 204.101.50.2
    2018:12:03-22:11:03 gateway pluto[6791]: loaded PSK secret for 208.80.99.58 158.106.89.25
    2018:12:03-22:11:03 gateway pluto[6791]: loaded PSK secret for 208.80.99.58 %any
    2018:12:03-22:11:03 gateway pluto[6791]: listening for IKE messages
    2018:12:03-22:11:03 gateway pluto[6791]: forgetting secrets
    2018:12:03-22:11:03 gateway pluto[6791]: loading secrets from "/etc/ipsec.secrets"
    2018:12:03-22:11:03 gateway pluto[6791]: loaded PSK secret for 208.80.99.58 204.101.50.2
    2018:12:03-22:11:03 gateway pluto[6791]: loaded PSK secret for 208.80.99.58 158.106.89.25
    2018:12:03-22:11:03 gateway pluto[6791]: loaded PSK secret for 208.80.99.58 %any
    2018:12:03-22:11:03 gateway pluto[6791]: loading ca certificates from '/etc/ipsec.d/cacerts'
    2018:12:03-22:11:03 gateway pluto[6791]: loaded ca certificate from '/etc/ipsec.d/cacerts/VPN Signing CA.pem'
    2018:12:03-22:11:03 gateway pluto[6791]: loading aa certificates from '/etc/ipsec.d/aacerts'
    2018:12:03-22:11:03 gateway pluto[6791]: loading ocsp certificates from '/etc/ipsec.d/ocspcerts'
    2018:12:03-22:11:03 gateway pluto[6791]: loading attribute certificates from '/etc/ipsec.d/acerts'
    2018:12:03-22:11:03 gateway pluto[6791]: Changing to directory '/etc/ipsec.d/crls'
    2018:12:03-22:11:03 gateway ipsec_starter[6777]: no default route - cannot cope with %defaultroute!!!
    2018:12:03-22:11:03 gateway pluto[6791]: "S_initiate chambly": deleting connection
    2018:12:03-22:11:03 gateway pluto[6791]: "S_initiate chambly" #426: deleting state (STATE_MAIN_I1)
    2018:12:03-22:11:50 gateway pluto[6791]: shutting down interface eth1/eth1 67.71.213.242
    2018:12:03-22:11:50 gateway pluto[6791]: shutting down interface eth1/eth1 67.71.213.242
    2018:12:03-22:11:50 gateway pluto[6791]: forgetting secrets
    2018:12:03-22:11:50 gateway pluto[6791]: loading secrets from "/etc/ipsec.secrets"
    2018:12:03-22:11:50 gateway pluto[6791]: loaded PSK secret for 208.80.99.58 204.101.50.2
    2018:12:03-22:11:50 gateway pluto[6791]: loaded PSK secret for 208.80.99.58 158.106.89.25
    2018:12:03-22:11:50 gateway pluto[6791]: loaded PSK secret for 208.80.99.58 %any
    2018:12:03-22:11:50 gateway pluto[6791]: listening for IKE messages
    2018:12:03-22:11:50 gateway pluto[6791]: forgetting secrets
    2018:12:03-22:11:50 gateway pluto[6791]: loading secrets from "/etc/ipsec.secrets"
    2018:12:03-22:11:50 gateway pluto[6791]: loaded PSK secret for 208.80.99.58 204.101.50.2
    2018:12:03-22:11:50 gateway pluto[6791]: loaded PSK secret for 208.80.99.58 158.106.89.25
    2018:12:03-22:11:50 gateway pluto[6791]: loaded PSK secret for 208.80.99.58 %any
    2018:12:03-22:11:50 gateway pluto[6791]: loading ca certificates from '/etc/ipsec.d/cacerts'
    2018:12:03-22:11:50 gateway pluto[6791]: loaded ca certificate from '/etc/ipsec.d/cacerts/VPN Signing CA.pem'
    2018:12:03-22:11:50 gateway pluto[6791]: loading aa certificates from '/etc/ipsec.d/aacerts'
    2018:12:03-22:11:50 gateway pluto[6791]: loading ocsp certificates from '/etc/ipsec.d/ocspcerts'
    2018:12:03-22:11:50 gateway pluto[6791]: loading attribute certificates from '/etc/ipsec.d/acerts'
    2018:12:03-22:11:50 gateway pluto[6791]: Changing to directory '/etc/ipsec.d/crls'
    2018:12:03-22:11:50 gateway pluto[6791]: forgetting secrets
    2018:12:03-22:11:50 gateway pluto[6791]: loading secrets from "/etc/ipsec.secrets"
    2018:12:03-22:11:50 gateway pluto[6791]: loaded PSK secret for 208.80.99.58 204.101.50.2
    2018:12:03-22:11:50 gateway pluto[6791]: loaded PSK secret for 208.80.99.58 158.106.89.25
    2018:12:03-22:11:50 gateway pluto[6791]: loaded PSK secret for 208.80.99.58 %any
    2018:12:03-22:11:50 gateway pluto[6791]: listening for IKE messages
    2018:12:03-22:12:04 gateway pluto[6791]: forgetting secrets
    2018:12:03-22:12:04 gateway pluto[6791]: loading secrets from "/etc/ipsec.secrets"
    2018:12:03-22:12:04 gateway pluto[6791]: loaded PSK secret for 208.80.99.58 204.101.50.2
    2018:12:03-22:12:04 gateway pluto[6791]: loaded PSK secret for 208.80.99.58 69.159.233.98
    2018:12:03-22:12:04 gateway pluto[6791]: loaded PSK secret for 208.80.99.58 158.106.89.25
    2018:12:03-22:12:04 gateway pluto[6791]: loaded PSK secret for 208.80.99.58 %any
    2018:12:03-22:12:04 gateway pluto[6791]: listening for IKE messages
    2018:12:03-22:12:04 gateway pluto[6791]: forgetting secrets
    2018:12:03-22:12:04 gateway pluto[6791]: loading secrets from "/etc/ipsec.secrets"
    2018:12:03-22:12:04 gateway pluto[6791]: loaded PSK secret for 208.80.99.58 204.101.50.2
    2018:12:03-22:12:04 gateway pluto[6791]: loaded PSK secret for 208.80.99.58 69.159.233.98
    2018:12:03-22:12:04 gateway pluto[6791]: loaded PSK secret for 208.80.99.58 158.106.89.25
    2018:12:03-22:12:04 gateway pluto[6791]: loaded PSK secret for 208.80.99.58 %any
    2018:12:03-22:12:04 gateway pluto[6791]: loading ca certificates from '/etc/ipsec.d/cacerts'
    2018:12:03-22:12:04 gateway pluto[6791]: loaded ca certificate from '/etc/ipsec.d/cacerts/VPN Signing CA.pem'
    2018:12:03-22:12:04 gateway pluto[6791]: loading aa certificates from '/etc/ipsec.d/aacerts'
    2018:12:03-22:12:04 gateway pluto[6791]: loading ocsp certificates from '/etc/ipsec.d/ocspcerts'
    2018:12:03-22:12:04 gateway pluto[6791]: loading attribute certificates from '/etc/ipsec.d/acerts'
    2018:12:03-22:12:04 gateway pluto[6791]: Changing to directory '/etc/ipsec.d/crls'
    2018:12:03-22:12:04 gateway pluto[6791]: added connection description "S_initiate chambly"
    2018:12:03-22:12:04 gateway pluto[6791]: "S_initiate chambly" #427: initiating Main Mode
    2018:12:03-22:04:49 gatewaycham pluto[3402]: shutting down interface lo/lo 127.0.0.1
    2018:12:03-22:04:49 gatewaycham pluto[3402]: shutting down interface lo/lo 127.0.0.1
    2018:12:03-22:04:49 gatewaycham pluto[3402]: shutting down interface eth0/eth0 192.168.123.99
    2018:12:03-22:04:49 gatewaycham pluto[3402]: shutting down interface eth0/eth0 192.168.123.99
    2018:12:03-22:04:49 gatewaycham pluto[3402]: shutting down interface eth2/eth2 66.130.76.221
    2018:12:03-22:04:49 gatewaycham pluto[3402]: shutting down interface eth2/eth2 66.130.76.221
    2018:12:03-22:04:49 gatewaycham pluto[3402]: shutting down interface ppp0/ppp0 69.159.233.98
    2018:12:03-22:04:49 gatewaycham pluto[3402]: shutting down interface ppp0/ppp0 69.159.233.98
    2018:12:03-22:04:49 gatewaycham ipsec_starter[3395]: pluto stopped after 40 ms
    2018:12:03-22:04:49 gatewaycham ipsec_starter[3395]: ipsec starter stopped
    2018:12:03-22:07:35 gatewaycham ipsec_starter[11207]: Starting strongSwan 4.4.1git20100610 IPsec [starter]...
    2018:12:03-22:07:35 gatewaycham ipsec_starter[11207]: no default route - cannot cope with %defaultroute!!!
    2018:12:03-22:07:35 gatewaycham pluto[11220]: Starting IKEv1 pluto daemon (strongSwan 4.4.1git20100610) THREADS VENDORID CISCO_QUIRKS
    2018:12:03-22:07:35 gatewaycham ipsec_starter[11213]: pluto (11220) started after 20 ms
    2018:12:03-22:07:35 gatewaycham pluto[11220]: loaded plugins: curl ldap aes des blowfish serpent twofish sha1 sha2 md5 random x509 pubkey pkcs1 pgp dnskey pem sqlite hmac gmp xauth attr attr-sql resolve
    2018:12:03-22:07:35 gatewaycham pluto[11220]: including NAT-Traversal patch (Version 0.6c)
    2018:12:03-22:07:35 gatewaycham pluto[11220]: Using Linux 2.6 IPsec interface code
    2018:12:03-22:07:36 gatewaycham pluto[11220]: loading ca certificates from '/etc/ipsec.d/cacerts'
    2018:12:03-22:07:36 gatewaycham pluto[11220]: loaded ca certificate from '/etc/ipsec.d/cacerts/VPN Signing CA.pem'
    2018:12:03-22:07:36 gatewaycham pluto[11220]: loading aa certificates from '/etc/ipsec.d/aacerts'
    2018:12:03-22:07:36 gatewaycham pluto[11220]: loading ocsp certificates from '/etc/ipsec.d/ocspcerts'
    2018:12:03-22:07:36 gatewaycham pluto[11220]: Changing to directory '/etc/ipsec.d/crls'
    2018:12:03-22:07:36 gatewaycham pluto[11220]: loading attribute certificates from '/etc/ipsec.d/acerts'
    2018:12:03-22:07:36 gatewaycham pluto[11220]: adding interface ppp0/ppp0 69.159.233.98:500
    2018:12:03-22:07:36 gatewaycham pluto[11220]: adding interface ppp0/ppp0 69.159.233.98:4500
    2018:12:03-22:07:36 gatewaycham pluto[11220]: adding interface eth2/eth2 66.130.76.221:500
    2018:12:03-22:07:36 gatewaycham pluto[11220]: adding interface eth2/eth2 66.130.76.221:4500
    2018:12:03-22:07:36 gatewaycham pluto[11220]: adding interface eth0/eth0 192.168.123.99:500
    2018:12:03-22:07:36 gatewaycham pluto[11220]: adding interface eth0/eth0 192.168.123.99:4500
    2018:12:03-22:07:36 gatewaycham pluto[11220]: adding interface lo/lo 127.0.0.1:500
    2018:12:03-22:07:36 gatewaycham pluto[11220]: adding interface lo/lo 127.0.0.1:4500
    2018:12:03-22:07:36 gatewaycham pluto[11220]: adding interface lo/lo ::1:500
    2018:12:03-22:07:36 gatewaycham pluto[11220]: loading secrets from "/etc/ipsec.secrets"
    2018:12:03-22:07:36 gatewaycham pluto[11220]: loaded PSK secret for 66.130.76.221 %any
    2018:12:03-22:07:36 gatewaycham pluto[11220]: listening for IKE messages
    2018:12:03-22:07:36 gatewaycham pluto[11220]: added connection description "S_stayner respond"
    2018:12:03-22:10:54 gatewaycham pluto[11220]: shutting down
    2018:12:03-22:10:54 gatewaycham pluto[11220]: forgetting secrets
    2018:12:03-22:10:54 gatewaycham pluto[11220]: "S_stayner respond": deleting connection
    2018:12:03-22:10:54 gatewaycham pluto[11220]: shutting down interface lo/lo ::1
    2018:12:03-22:10:54 gatewaycham pluto[11220]: shutting down interface lo/lo 127.0.0.1
    2018:12:03-22:10:54 gatewaycham pluto[11220]: shutting down interface lo/lo 127.0.0.1
    2018:12:03-22:10:54 gatewaycham pluto[11220]: shutting down interface eth0/eth0 192.168.123.99
    2018:12:03-22:10:54 gatewaycham pluto[11220]: shutting down interface eth0/eth0 192.168.123.99
    2018:12:03-22:10:54 gatewaycham pluto[11220]: shutting down interface eth2/eth2 66.130.76.221
    2018:12:03-22:10:54 gatewaycham pluto[11220]: shutting down interface eth2/eth2 66.130.76.221
    2018:12:03-22:10:54 gatewaycham pluto[11220]: shutting down interface ppp0/ppp0 69.159.233.98
    2018:12:03-22:10:54 gatewaycham pluto[11220]: shutting down interface ppp0/ppp0 69.159.233.98
    2018:12:03-22:10:54 gatewaycham ipsec_starter[11213]: pluto stopped after 20 ms
    2018:12:03-22:10:54 gatewaycham ipsec_starter[11213]: ipsec starter stopped
    2018:12:03-22:12:15 gatewaycham ipsec_starter[12743]: Starting strongSwan 4.4.1git20100610 IPsec [starter]...
    2018:12:03-22:12:15 gatewaycham pluto[12756]: Starting IKEv1 pluto daemon (strongSwan 4.4.1git20100610) THREADS VENDORID CISCO_QUIRKS
    2018:12:03-22:12:16 gatewaycham ipsec_starter[12749]: pluto (12756) started after 20 ms
    2018:12:03-22:12:16 gatewaycham pluto[12756]: loaded plugins: curl ldap aes des blowfish serpent twofish sha1 sha2 md5 random x509 pubkey pkcs1 pgp dnskey pem sqlite hmac gmp xauth attr attr-sql resolve
    2018:12:03-22:12:16 gatewaycham pluto[12756]: including NAT-Traversal patch (Version 0.6c)
    2018:12:03-22:12:16 gatewaycham pluto[12756]: Using Linux 2.6 IPsec interface code
    2018:12:03-22:12:16 gatewaycham pluto[12756]: loading ca certificates from '/etc/ipsec.d/cacerts'
    2018:12:03-22:12:16 gatewaycham pluto[12756]: loaded ca certificate from '/etc/ipsec.d/cacerts/VPN Signing CA.pem'
    2018:12:03-22:12:16 gatewaycham pluto[12756]: loading aa certificates from '/etc/ipsec.d/aacerts'
    2018:12:03-22:12:16 gatewaycham pluto[12756]: loading ocsp certificates from '/etc/ipsec.d/ocspcerts'
    2018:12:03-22:12:16 gatewaycham pluto[12756]: Changing to directory '/etc/ipsec.d/crls'
    2018:12:03-22:12:16 gatewaycham pluto[12756]: loading attribute certificates from '/etc/ipsec.d/acerts'
    2018:12:03-22:12:16 gatewaycham pluto[12756]: adding interface ppp0/ppp0 69.159.233.98:500
    2018:12:03-22:12:16 gatewaycham pluto[12756]: adding interface ppp0/ppp0 69.159.233.98:4500
    2018:12:03-22:12:16 gatewaycham pluto[12756]: adding interface eth0/eth0 192.168.123.99:500
    2018:12:03-22:12:16 gatewaycham pluto[12756]: adding interface eth0/eth0 192.168.123.99:4500
    2018:12:03-22:12:16 gatewaycham pluto[12756]: adding interface lo/lo 127.0.0.1:500
    2018:12:03-22:12:16 gatewaycham pluto[12756]: adding interface lo/lo 127.0.0.1:4500
    2018:12:03-22:12:16 gatewaycham pluto[12756]: adding interface lo/lo ::1:500
    2018:12:03-22:12:16 gatewaycham pluto[12756]: loading secrets from "/etc/ipsec.secrets"
    2018:12:03-22:12:16 gatewaycham pluto[12756]: loaded PSK secret for 69.159.233.98 %any
    2018:12:03-22:12:16 gatewaycham pluto[12756]: listening for IKE messages
    2018:12:03-22:12:16 gatewaycham pluto[12756]: added connection description "S_stayner respond"
    2018:12:03-22:12:34 gatewaycham pluto[12756]: packet from 208.80.99.58:500: received Vendor ID payload [strongSwan]
    2018:12:03-22:12:34 gatewaycham pluto[12756]: packet from 208.80.99.58:500: ignoring Vendor ID payload [Cisco-Unity]
    2018:12:03-22:12:34 gatewaycham pluto[12756]: packet from 208.80.99.58:500: received Vendor ID payload [XAUTH]
    2018:12:03-22:12:34 gatewaycham pluto[12756]: packet from 208.80.99.58:500: received Vendor ID payload [Dead Peer Detection]
    2018:12:03-22:12:34 gatewaycham pluto[12756]: packet from 208.80.99.58:500: received Vendor ID payload [RFC 3947]
    2018:12:03-22:12:34 gatewaycham pluto[12756]: packet from 208.80.99.58:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
    2018:12:03-22:12:34 gatewaycham pluto[12756]: packet from 208.80.99.58:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
    2018:12:03-22:12:34 gatewaycham pluto[12756]: packet from 208.80.99.58:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
    2018:12:03-22:12:34 gatewaycham pluto[12756]: packet from 208.80.99.58:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
    2018:12:03-22:12:34 gatewaycham pluto[12756]: "S_stayner respond"[1] 208.80.99.58 #1: responding to Main Mode from unknown peer 208.80.99.58
    2018:12:03-22:13:14 gatewaycham pluto[12756]: packet from 208.80.99.58:500: received Vendor ID payload [strongSwan]
    2018:12:03-22:13:14 gatewaycham pluto[12756]: packet from 208.80.99.58:500: ignoring Vendor ID payload [Cisco-Unity]
    2018:12:03-22:13:14 gatewaycham pluto[12756]: packet from 208.80.99.58:500: received Vendor ID payload [XAUTH]
    2018:12:03-22:13:14 gatewaycham pluto[12756]: packet from 208.80.99.58:500: received Vendor ID payload [Dead Peer Detection]
    2018:12:03-22:13:14 gatewaycham pluto[12756]: packet from 208.80.99.58:500: received Vendor ID payload [RFC 3947]
    2018:12:03-22:13:14 gatewaycham pluto[12756]: packet from 208.80.99.58:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
    2018:12:03-22:13:14 gatewaycham pluto[12756]: packet from 208.80.99.58:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
    2018:12:03-22:13:14 gatewaycham pluto[12756]: packet from 208.80.99.58:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
    2018:12:03-22:13:14 gatewaycham pluto[12756]: packet from 208.80.99.58:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
    2018:12:03-22:13:14 gatewaycham pluto[12756]: "S_stayner respond"[1] 208.80.99.58 #2: responding to Main Mode from unknown peer 208.80.99.58
    2018:12:03-22:13:44 gatewaycham pluto[12756]: "S_stayner respond"[1] 208.80.99.58 #1: max number of retransmissions (2) reached STATE_MAIN_R1
    2018:12:03-22:13:54 gatewaycham pluto[12756]: packet from 208.80.99.58:500: received Vendor ID payload [strongSwan]
    2018:12:03-22:13:54 gatewaycham pluto[12756]: packet from 208.80.99.58:500: ignoring Vendor ID payload [Cisco-Unity]
    2018:12:03-22:13:54 gatewaycham pluto[12756]: packet from 208.80.99.58:500: received Vendor ID payload [XAUTH]
    2018:12:03-22:13:54 gatewaycham pluto[12756]: packet from 208.80.99.58:500: received Vendor ID payload [Dead Peer Detection]
    2018:12:03-22:13:54 gatewaycham pluto[12756]: packet from 208.80.99.58:500: received Vendor ID payload [RFC 3947]
    2018:12:03-22:13:54 gatewaycham pluto[12756]: packet from 208.80.99.58:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
    2018:12:03-22:13:54 gatewaycham pluto[12756]: packet from 208.80.99.58:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
    2018:12:03-22:13:54 gatewaycham pluto[12756]: packet from 208.80.99.58:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
    2018:12:03-22:13:54 gatewaycham pluto[12756]: packet from 208.80.99.58:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
    2018:12:03-22:13:54 gatewaycham pluto[12756]: "S_stayner respond"[1] 208.80.99.58 #3: responding to Main Mode from unknown peer 208.80.99.58
    2018:12:03-22:14:24 gatewaycham pluto[12756]: "S_stayner respond"[1] 208.80.99.58 #2: max number of retransmissions (2) reached STATE_MAIN_R1

  • Bob,

     

    Is it possible that tunnel stopped working because debug (inbound packets) were turned on?? 

     

  • Salut Denis,

    I don't think that could be a part of this issue.  Is either UTM behind a NATting router?

    We would need to look at the Edits of the IPsec Connection and Remote Gateway from each UTM.  That's just to confirm that it's not something other than a mismatched PSK.

    I prefer to NOT use PSKs.  For companies with only two locations, using RSA keys is secure enough (How to Establish Site-to-Site VPN Connection using RSA Keys).  For companies with multiple locations or that have VPNs with clients/suppliers, the secure solution is X509 certificates (How to create an X509 key based Site-to-Site VPN).

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA