Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 3 subscribers
  • Views 1572 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Remote access IPSEC VPN Setup

Keshav DAWOO1

Hi,

I am setting up an IPSEC Remote Access VPN and I am having some strange issues can you help please ?

The remote access profile is set, using a Preshared key! 

On the UTM in the "Local Networks" section I have added the specific Network 172.20.8.0/24 to which I want the VPN to access... but I kept getting this error

cannot respond to IPsec SA request because no connection is known for 0.0.0.0/0===217.*.*.*:4500[217.*.*.*]...80.*.*.*:4500===10.242.4.5/32

 

Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xbb0d9c44 (perhaps this is a duplicated packet)

sending encrypted notification INVALID_MESSAGE_ID to 80.*.*.*:4500

When adding "Any" to the "Local Networks" everything is working... But is very dangerous...

On the Firewall section I created a rule allowing

test_user >>>> any >>>> 172.20.8.0/24    ALLOW    ( test_user is the user that I using to authentify the VPN access)

Can please help me I'm stuck since 3 days on this issue... ;-O

Regards



This thread was automatically locked due to age.
Parents
  • 0

    Salut Keshav and welcome to the UTM Community!

    Please show us a picture of the Edit of the IPsec Remote Access rule and of the Network object for 172.20.8.0/24 with 'Advanced' open.  Also, try the following:

    1. Confirm that Debug is not enabled.
    2. Disable the IPsec Remote Access Rule.
    3. Start the IPsec Live Log and wait for it to begin to populate.
    4. Enable the IPsec Remote Access Rule.
    5. Connect with the IPsec client.

    Show us about 60 lines from enabling through the error.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0

    Salut Keshav and welcome to the UTM Community!

    Please show us a picture of the Edit of the IPsec Remote Access rule and of the Network object for 172.20.8.0/24 with 'Advanced' open.  Also, try the following:

    1. Confirm that Debug is not enabled.
    2. Disable the IPsec Remote Access Rule.
    3. Start the IPsec Live Log and wait for it to begin to populate.
    4. Enable the IPsec Remote Access Rule.
    5. Connect with the IPsec client.

    Show us about 60 lines from enabling through the error.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML