This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN remote access problem with iPhone Cisco VPN client to Sophos UTM

I set up the "Cisco VPN" in my UTM under "remote access".

With my iPhone, I downloaded the vpn profile from the Sophos user portal and installed it.

I can establish the VPN connection correctly when connected to my Wifi network (the one where also the Sophos router is running), but as soon as I try it from mobile network (German LTE network O2), it fails.

The Sophos Log shows the following error:

2019:04:04-13:04:26 p5093xxx pluto[5020]: | preparse_isakmp_policy: peer requests XAUTHRSASIG+XAUTHSERVER authentication

2019:04:04-13:04:26 p5093xxx pluto[5020]: packet from 2.247.255.162:60695: initial Main Mode message received on 80.xxx.xxx.xxx:500 but no connection has been authorized

When my iPhone is in the Wifi and connects to the VPN successfully, the log shows

2019:04:04-13:24:06 p50931188 pluto[5020]: | preparse_isakmp_policy: peer requests XAUTHRSASIG+XAUTHSERVER authentication

2019:04:04-13:24:06 p50931188 pluto[5020]: | instantiated "D_for markusipad to Any-0" for 192.168.4.110

Any ideas what can be the reason that from LTE network I cannot establish the VPN connection?

thanks a lot!

This thread was automatically locked due to age.

Parents

0 BAlfson over 5 years ago

Hallo Markus and welcome to the UTM Community!

Show us the line from the IPsec log where the connection attempt failed including the 50 preceding lines.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 markus e over 5 years ago in reply to BAlfson

Hi Bob and thank you for answering!

Here is the log from line 1 up to the error message and a little beyond.

After some more testing, I can confirm that the VPN connection from my iPhone to the UTM works perfectly from any wifi (tried several different) but NOT from mobile LTE/ 3G networks (tested from German O2 LTE and Croatian Telekom LTE networks) always giving the error as shown in the log below.

Is that inherent to IPsec that it doesn't work from LTE networks?

Thanks again for your help!

2019:04:06-00:22:00 p50931188 pluto[5020]: | *received 848 bytes from 46.188.133.153:5793 on ppp0
2019:04:06-00:22:00 p50931188 pluto[5020]: | **parse ISAKMP Message:
2019:04:06-00:22:00 p50931188 pluto[5020]: | initiator cookie:
2019:04:06-00:22:00 p50931188 pluto[5020]: | 5a 52 79 15 7c a4 fe 29
2019:04:06-00:22:00 p50931188 pluto[5020]: | responder cookie:
2019:04:06-00:22:00 p50931188 pluto[5020]: | 00 00 00 00 00 00 00 00
2019:04:06-00:22:00 p50931188 pluto[5020]: | next payload type: ISAKMP_NEXT_SA
2019:04:06-00:22:00 p50931188 pluto[5020]: | ISAKMP version: ISAKMP Version 1.0
2019:04:06-00:22:00 p50931188 pluto[5020]: | exchange type: ISAKMP_XCHG_IDPROT
2019:04:06-00:22:00 p50931188 pluto[5020]: | flags: none
2019:04:06-00:22:00 p50931188 pluto[5020]: | message ID: 00 00 00 00
2019:04:06-00:22:00 p50931188 pluto[5020]: | length: 848
2019:04:06-00:22:00 p50931188 pluto[5020]: | ***parse ISAKMP Security Association Payload:
2019:04:06-00:22:00 p50931188 pluto[5020]: | next payload type: ISAKMP_NEXT_VID
2019:04:06-00:22:00 p50931188 pluto[5020]: | length: 544
2019:04:06-00:22:00 p50931188 pluto[5020]: | DOI: ISAKMP_DOI_IPSEC
2019:04:06-00:22:00 p50931188 pluto[5020]: | ***parse ISAKMP Vendor ID Payload:
2019:04:06-00:22:00 p50931188 pluto[5020]: | next payload type: ISAKMP_NEXT_VID
2019:04:06-00:22:00 p50931188 pluto[5020]: | length: 20
2019:04:06-00:22:00 p50931188 pluto[5020]: | ***parse ISAKMP Vendor ID Payload:
2019:04:06-00:22:00 p50931188 pluto[5020]: | next payload type: ISAKMP_NEXT_VID
2019:04:06-00:22:00 p50931188 pluto[5020]: | length: 20
2019:04:06-00:22:00 p50931188 pluto[5020]: | ***parse ISAKMP Vendor ID Payload:
2019:04:06-00:22:00 p50931188 pluto[5020]: | next payload type: ISAKMP_NEXT_VID
2019:04:06-00:22:00 p50931188 pluto[5020]: | length: 20
2019:04:06-00:22:00 p50931188 pluto[5020]: | ***parse ISAKMP Vendor ID Payload:
2019:04:06-00:22:00 p50931188 pluto[5020]: | next payload type: ISAKMP_NEXT_VID
2019:04:06-00:22:00 p50931188 pluto[5020]: | length: 20
2019:04:06-00:22:00 p50931188 pluto[5020]: | ***parse ISAKMP Vendor ID Payload:
2019:04:06-00:22:00 p50931188 pluto[5020]: | next payload type: ISAKMP_NEXT_VID
2019:04:06-00:22:00 p50931188 pluto[5020]: | length: 20
2019:04:06-00:22:00 p50931188 pluto[5020]: | ***parse ISAKMP Vendor ID Payload:
2019:04:06-00:22:00 p50931188 pluto[5020]: | next payload type: ISAKMP_NEXT_VID
2019:04:06-00:22:00 p50931188 pluto[5020]: | length: 20
2019:04:06-00:22:00 p50931188 pluto[5020]: | ***parse ISAKMP Vendor ID Payload:
2019:04:06-00:22:00 p50931188 pluto[5020]: | next payload type: ISAKMP_NEXT_VID
2019:04:06-00:22:00 p50931188 pluto[5020]: | length: 20
2019:04:06-00:22:00 p50931188 pluto[5020]: | ***parse ISAKMP Vendor ID Payload:
2019:04:06-00:22:00 p50931188 pluto[5020]: | next payload type: ISAKMP_NEXT_VID
2019:04:06-00:22:00 p50931188 pluto[5020]: | length: 20
2019:04:06-00:22:00 p50931188 pluto[5020]: | ***parse ISAKMP Vendor ID Payload:
2019:04:06-00:22:00 p50931188 pluto[5020]: | next payload type: ISAKMP_NEXT_VID
2019:04:06-00:22:00 p50931188 pluto[5020]: | length: 20
2019:04:06-00:22:00 p50931188 pluto[5020]: | ***parse ISAKMP Vendor ID Payload:
2019:04:06-00:22:00 p50931188 pluto[5020]: | next payload type: ISAKMP_NEXT_VID
2019:04:06-00:22:00 p50931188 pluto[5020]: | length: 20
2019:04:06-00:22:00 p50931188 pluto[5020]: | ***parse ISAKMP Vendor ID Payload:
2019:04:06-00:22:00 p50931188 pluto[5020]: | next payload type: ISAKMP_NEXT_VID
2019:04:06-00:22:00 p50931188 pluto[5020]: | length: 12
2019:04:06-00:22:00 p50931188 pluto[5020]: | ***parse ISAKMP Vendor ID Payload:
2019:04:06-00:22:00 p50931188 pluto[5020]: | next payload type: ISAKMP_NEXT_VID
2019:04:06-00:22:00 p50931188 pluto[5020]: | length: 20
2019:04:06-00:22:00 p50931188 pluto[5020]: | ***parse ISAKMP Vendor ID Payload:
2019:04:06-00:22:00 p50931188 pluto[5020]: | next payload type: ISAKMP_NEXT_VID
2019:04:06-00:22:00 p50931188 pluto[5020]: | length: 24
2019:04:06-00:22:00 p50931188 pluto[5020]: | ***parse ISAKMP Vendor ID Payload:
2019:04:06-00:22:00 p50931188 pluto[5020]: | next payload type: ISAKMP_NEXT_NONE
2019:04:06-00:22:00 p50931188 pluto[5020]: | length: 20
2019:04:06-00:22:00 p50931188 pluto[5020]: packet from 46.188.133.153:5793: ignoring Vendor ID payload [RFC 3947]
2019:04:06-00:22:00 p50931188 pluto[5020]: packet from 46.188.133.153:5793: ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]
2019:04:06-00:22:00 p50931188 pluto[5020]: packet from 46.188.133.153:5793: ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
2019:04:06-00:22:00 p50931188 pluto[5020]: packet from 46.188.133.153:5793: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
2019:04:06-00:22:00 p50931188 pluto[5020]: packet from 46.188.133.153:5793: ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
2019:04:06-00:22:00 p50931188 pluto[5020]: packet from 46.188.133.153:5793: ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
2019:04:06-00:22:00 p50931188 pluto[5020]: packet from 46.188.133.153:5793: ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
2019:04:06-00:22:00 p50931188 pluto[5020]: packet from 46.188.133.153:5793: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
2019:04:06-00:22:00 p50931188 pluto[5020]: packet from 46.188.133.153:5793: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
2019:04:06-00:22:00 p50931188 pluto[5020]: packet from 46.188.133.153:5793: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2019:04:06-00:22:00 p50931188 pluto[5020]: packet from 46.188.133.153:5793: received Vendor ID payload [XAUTH]
2019:04:06-00:22:00 p50931188 pluto[5020]: packet from 46.188.133.153:5793: ignoring Vendor ID payload [Cisco-Unity]
2019:04:06-00:22:00 p50931188 pluto[5020]: packet from 46.188.133.153:5793: ignoring Vendor ID payload [FRAGMENTATION 80000000]
2019:04:06-00:22:00 p50931188 pluto[5020]: packet from 46.188.133.153:5793: received Vendor ID payload [Dead Peer Detection]
2019:04:06-00:22:00 p50931188 pluto[5020]: | ****parse IPsec DOI SIT:
2019:04:06-00:22:00 p50931188 pluto[5020]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
2019:04:06-00:22:00 p50931188 pluto[5020]: | ****parse ISAKMP Proposal Payload:
2019:04:06-00:22:00 p50931188 pluto[5020]: | next payload type: ISAKMP_NEXT_NONE
2019:04:06-00:22:00 p50931188 pluto[5020]: | length: 532
2019:04:06-00:22:00 p50931188 pluto[5020]: | proposal number: 1
2019:04:06-00:22:00 p50931188 pluto[5020]: | protocol ID: PROTO_ISAKMP
2019:04:06-00:22:00 p50931188 pluto[5020]: | SPI size: 0
2019:04:06-00:22:00 p50931188 pluto[5020]: | number of transforms: 15
2019:04:06-00:22:00 p50931188 pluto[5020]: | *****parse ISAKMP Transform Payload (ISAKMP):
2019:04:06-00:22:00 p50931188 pluto[5020]: | next payload type: ISAKMP_NEXT_T
2019:04:06-00:22:00 p50931188 pluto[5020]: | length: 36
2019:04:06-00:22:00 p50931188 pluto[5020]: | transform number: 1
2019:04:06-00:22:00 p50931188 pluto[5020]: | transform ID: KEY_IKE
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_LIFE_TYPE
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 1
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_LIFE_DURATION
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 3600
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 7
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_KEY_LENGTH
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 256
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_AUTHENTICATION_METHOD
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 65005
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_HASH_ALGORITHM
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 4
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_GROUP_DESCRIPTION
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 14
2019:04:06-00:22:00 p50931188 pluto[5020]: | *****parse ISAKMP Transform Payload (ISAKMP):
2019:04:06-00:22:00 p50931188 pluto[5020]: | next payload type: ISAKMP_NEXT_T
2019:04:06-00:22:00 p50931188 pluto[5020]: | length: 36
2019:04:06-00:22:00 p50931188 pluto[5020]: | transform number: 2
2019:04:06-00:22:00 p50931188 pluto[5020]: | transform ID: KEY_IKE
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_LIFE_TYPE
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 1
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_LIFE_DURATION
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 3600
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 7
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_KEY_LENGTH
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 256
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_AUTHENTICATION_METHOD
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 65005
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_HASH_ALGORITHM
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 2
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_GROUP_DESCRIPTION
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 14
2019:04:06-00:22:00 p50931188 pluto[5020]: | *****parse ISAKMP Transform Payload (ISAKMP):
2019:04:06-00:22:00 p50931188 pluto[5020]: | next payload type: ISAKMP_NEXT_T
2019:04:06-00:22:00 p50931188 pluto[5020]: | length: 36
2019:04:06-00:22:00 p50931188 pluto[5020]: | transform number: 3
2019:04:06-00:22:00 p50931188 pluto[5020]: | transform ID: KEY_IKE
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_LIFE_TYPE
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 1
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_LIFE_DURATION
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 3600
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 7
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_KEY_LENGTH
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 256
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_AUTHENTICATION_METHOD
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 65005
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_HASH_ALGORITHM
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 1
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_GROUP_DESCRIPTION
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 14
2019:04:06-00:22:00 p50931188 pluto[5020]: | *****parse ISAKMP Transform Payload (ISAKMP):
2019:04:06-00:22:00 p50931188 pluto[5020]: | next payload type: ISAKMP_NEXT_T
2019:04:06-00:22:00 p50931188 pluto[5020]: | length: 36
2019:04:06-00:22:00 p50931188 pluto[5020]: | transform number: 4
2019:04:06-00:22:00 p50931188 pluto[5020]: | transform ID: KEY_IKE
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_LIFE_TYPE
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 1
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_LIFE_DURATION
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 3600
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 7
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_KEY_LENGTH
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 256
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_AUTHENTICATION_METHOD
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 65005
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_HASH_ALGORITHM
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 6
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_GROUP_DESCRIPTION
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 14
2019:04:06-00:22:00 p50931188 pluto[5020]: | *****parse ISAKMP Transform Payload (ISAKMP):
2019:04:06-00:22:00 p50931188 pluto[5020]: | next payload type: ISAKMP_NEXT_T
2019:04:06-00:22:00 p50931188 pluto[5020]: | length: 36
2019:04:06-00:22:00 p50931188 pluto[5020]: | transform number: 5
2019:04:06-00:22:00 p50931188 pluto[5020]: | transform ID: KEY_IKE
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_LIFE_TYPE
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 1
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_LIFE_DURATION
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 3600
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 7
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_KEY_LENGTH
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 256
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_AUTHENTICATION_METHOD
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 65005
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_HASH_ALGORITHM
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 4
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_GROUP_DESCRIPTION
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 5
2019:04:06-00:22:00 p50931188 pluto[5020]: | *****parse ISAKMP Transform Payload (ISAKMP):
2019:04:06-00:22:00 p50931188 pluto[5020]: | next payload type: ISAKMP_NEXT_T
2019:04:06-00:22:00 p50931188 pluto[5020]: | length: 36
2019:04:06-00:22:00 p50931188 pluto[5020]: | transform number: 6
2019:04:06-00:22:00 p50931188 pluto[5020]: | transform ID: KEY_IKE
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_LIFE_TYPE
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 1
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_LIFE_DURATION
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 3600
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 7
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_KEY_LENGTH
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 256
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_AUTHENTICATION_METHOD
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 65005
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_HASH_ALGORITHM
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 2
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_GROUP_DESCRIPTION
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 5
2019:04:06-00:22:00 p50931188 pluto[5020]: | *****parse ISAKMP Transform Payload (ISAKMP):
2019:04:06-00:22:00 p50931188 pluto[5020]: | next payload type: ISAKMP_NEXT_T
2019:04:06-00:22:00 p50931188 pluto[5020]: | length: 36
2019:04:06-00:22:00 p50931188 pluto[5020]: | transform number: 7
2019:04:06-00:22:00 p50931188 pluto[5020]: | transform ID: KEY_IKE
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_LIFE_TYPE
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 1
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_LIFE_DURATION
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 3600
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 7
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_KEY_LENGTH
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 256
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_AUTHENTICATION_METHOD
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 65005
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_HASH_ALGORITHM
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 1
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_GROUP_DESCRIPTION
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 5
2019:04:06-00:22:00 p50931188 pluto[5020]: | *****parse ISAKMP Transform Payload (ISAKMP):
2019:04:06-00:22:00 p50931188 pluto[5020]: | next payload type: ISAKMP_NEXT_T
2019:04:06-00:22:00 p50931188 pluto[5020]: | length: 36
2019:04:06-00:22:00 p50931188 pluto[5020]: | transform number: 8
2019:04:06-00:22:00 p50931188 pluto[5020]: | transform ID: KEY_IKE
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_LIFE_TYPE
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 1
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_LIFE_DURATION
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 3600
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 7
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_KEY_LENGTH
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 256
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_AUTHENTICATION_METHOD
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 65005
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_HASH_ALGORITHM
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 2
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_GROUP_DESCRIPTION
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 2
2019:04:06-00:22:00 p50931188 pluto[5020]: | *****parse ISAKMP Transform Payload (ISAKMP):
2019:04:06-00:22:00 p50931188 pluto[5020]: | next payload type: ISAKMP_NEXT_T
2019:04:06-00:22:00 p50931188 pluto[5020]: | length: 36
2019:04:06-00:22:00 p50931188 pluto[5020]: | transform number: 9
2019:04:06-00:22:00 p50931188 pluto[5020]: | transform ID: KEY_IKE
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_LIFE_TYPE
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 1
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_LIFE_DURATION
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 3600
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 7
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_KEY_LENGTH
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 256
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_AUTHENTICATION_METHOD
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 65005
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_HASH_ALGORITHM
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 1
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_GROUP_DESCRIPTION
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 2
2019:04:06-00:22:00 p50931188 pluto[5020]: | *****parse ISAKMP Transform Payload (ISAKMP):
2019:04:06-00:22:00 p50931188 pluto[5020]: | next payload type: ISAKMP_NEXT_T
2019:04:06-00:22:00 p50931188 pluto[5020]: | length: 36
2019:04:06-00:22:00 p50931188 pluto[5020]: | transform number: 10
2019:04:06-00:22:00 p50931188 pluto[5020]: | transform ID: KEY_IKE
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_LIFE_TYPE
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 1
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_LIFE_DURATION
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 3600
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 7
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_KEY_LENGTH
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 128
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_AUTHENTICATION_METHOD
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 65005
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_HASH_ALGORITHM
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 2
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_GROUP_DESCRIPTION
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 2
2019:04:06-00:22:00 p50931188 pluto[5020]: | *****parse ISAKMP Transform Payload (ISAKMP):
2019:04:06-00:22:00 p50931188 pluto[5020]: | next payload type: ISAKMP_NEXT_T
2019:04:06-00:22:00 p50931188 pluto[5020]: | length: 36
2019:04:06-00:22:00 p50931188 pluto[5020]: | transform number: 11
2019:04:06-00:22:00 p50931188 pluto[5020]: | transform ID: KEY_IKE
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_LIFE_TYPE
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 1
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_LIFE_DURATION
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 3600
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 7
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_KEY_LENGTH
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 128
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_AUTHENTICATION_METHOD
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 65005
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_HASH_ALGORITHM
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 1
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_GROUP_DESCRIPTION
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 2
2019:04:06-00:22:00 p50931188 pluto[5020]: | *****parse ISAKMP Transform Payload (ISAKMP):
2019:04:06-00:22:00 p50931188 pluto[5020]: | next payload type: ISAKMP_NEXT_T
2019:04:06-00:22:00 p50931188 pluto[5020]: | length: 32
2019:04:06-00:22:00 p50931188 pluto[5020]: | transform number: 12
2019:04:06-00:22:00 p50931188 pluto[5020]: | transform ID: KEY_IKE
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_LIFE_TYPE
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 1
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_LIFE_DURATION
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 3600
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 5
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_AUTHENTICATION_METHOD
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 65005
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_HASH_ALGORITHM
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 2
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_GROUP_DESCRIPTION
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 2
2019:04:06-00:22:00 p50931188 pluto[5020]: | *****parse ISAKMP Transform Payload (ISAKMP):
2019:04:06-00:22:00 p50931188 pluto[5020]: | next payload type: ISAKMP_NEXT_T
2019:04:06-00:22:00 p50931188 pluto[5020]: | length: 32
2019:04:06-00:22:00 p50931188 pluto[5020]: | transform number: 13
2019:04:06-00:22:00 p50931188 pluto[5020]: | transform ID: KEY_IKE
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_LIFE_TYPE
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 1
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_LIFE_DURATION
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 3600
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 5
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_AUTHENTICATION_METHOD
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 65005
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_HASH_ALGORITHM
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 1
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_GROUP_DESCRIPTION
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 2
2019:04:06-00:22:00 p50931188 pluto[5020]: | *****parse ISAKMP Transform Payload (ISAKMP):
2019:04:06-00:22:00 p50931188 pluto[5020]: | next payload type: ISAKMP_NEXT_T
2019:04:06-00:22:00 p50931188 pluto[5020]: | length: 32
2019:04:06-00:22:00 p50931188 pluto[5020]: | transform number: 14
2019:04:06-00:22:00 p50931188 pluto[5020]: | transform ID: KEY_IKE
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_LIFE_TYPE
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 1
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_LIFE_DURATION
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 3600
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 1
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_AUTHENTICATION_METHOD
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 65005
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_HASH_ALGORITHM
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 2
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_GROUP_DESCRIPTION
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 2
2019:04:06-00:22:00 p50931188 pluto[5020]: | *****parse ISAKMP Transform Payload (ISAKMP):
2019:04:06-00:22:00 p50931188 pluto[5020]: | next payload type: ISAKMP_NEXT_NONE
2019:04:06-00:22:00 p50931188 pluto[5020]: | length: 32
2019:04:06-00:22:00 p50931188 pluto[5020]: | transform number: 15
2019:04:06-00:22:00 p50931188 pluto[5020]: | transform ID: KEY_IKE
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_LIFE_TYPE
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 1
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_LIFE_DURATION
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 3600
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 1
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_AUTHENTICATION_METHOD
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 65005
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_HASH_ALGORITHM
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 1
2019:04:06-00:22:00 p50931188 pluto[5020]: | ******parse ISAKMP Oakley attribute:
2019:04:06-00:22:00 p50931188 pluto[5020]: | af+type: OAKLEY_GROUP_DESCRIPTION
2019:04:06-00:22:00 p50931188 pluto[5020]: | length/value: 2
2019:04:06-00:22:00 p50931188 pluto[5020]: | preparse_isakmp_policy: peer requests XAUTHRSASIG+XAUTHSERVER authentication
2019:04:06-00:22:00 p50931188 pluto[5020]: packet from 46.188.133.153:5793: initial Main Mode message received on 80.xxx.xxx.xxx:500 but no connection has been authorized with policy=XAUTHRSASIG+XAUTHSERVER
2019:04:06-00:22:00 p50931188 pluto[5020]: | next event EVENT_DPD in 8 seconds for #127
2019:04:06-00:22:03 p50931188 pluto[5020]: |
2019:04:06-00:22:03 p50931188 pluto[5020]: | *received 848 bytes from 46.188.133.153:5793 on ppp0
2019:04:06-00:22:03 p50931188 pluto[5020]: | **parse ISAKMP Message:
2019:04:06-00:22:03 p50931188 pluto[5020]: | initiator cookie:
2019:04:06-00:22:03 p50931188 pluto[5020]: | 5a 52 79 15 7c a4 fe 29
2019:04:06-00:22:03 p50931188 pluto[5020]: | responder cookie:
2019:04:06-00:22:03 p50931188 pluto[5020]: | 00 00 00 00 00 00 00 00
2019:04:06-00:22:03 p50931188 pluto[5020]: | next payload type: ISAKMP_NEXT_SA
2019:04:06-00:22:03 p50931188 pluto[5020]: | ISAKMP version: ISAKMP Version 1.0
2019:04:06-00:22:03 p50931188 pluto[5020]: | exchange type: ISAKMP_XCHG_IDPROT
2019:04:06-00:22:03 p50931188 pluto[5020]: | flags: none
2019:04:06-00:22:03 p50931188 pluto[5020]: | message ID: 00 00 00 00
2019:04:06-00:22:03 p50931188 pluto[5020]: | length: 848
2019:04:06-00:22:03 p50931188 pluto[5020]: | ***parse ISAKMP Security Association Payload:
2019:04:06-00:22:03 p50931188 pluto[5020]: | next payload type: ISAKMP_NEXT_VID
2019:04:06-00:22:03 p50931188 pluto[5020]: | length: 544
2019:04:06-00:22:03 p50931188 pluto[5020]: | DOI: ISAKMP_DOI_IPSEC
2019:04:06-00:22:03 p50931188 pluto[5020]: | ***parse ISAKMP Vendor ID Payload:
2019:04:06-00:22:03 p50931188 pluto[5020]: | next payload type: ISAKMP_NEXT_VID
2019:04:06-00:22:03 p50931188 pluto[5020]: | length: 20
2019:04:06-00:22:03 p50931188 pluto[5020]: | ***parse ISAKMP Vendor ID Payload:
2019:04:06-00:22:03 p50931188 pluto[5020]: | next payload type: ISAKMP_NEXT_VID
2019:04:06-00:22:03 p50931188 pluto[5020]: | length: 20
2019:04:06-00:22:03 p50931188 pluto[5020]: | ***parse ISAKMP Vendor ID Payload:
2019:04:06-00:22:03 p50931188 pluto[5020]: | next payload type: ISAKMP_NEXT_VID
2019:04:06-00:22:03 p50931188 pluto[5020]: | length: 20
2019:04:06-00:22:03 p50931188 pluto[5020]: | ***parse ISAKMP Vendor ID Payload:
2019:04:06-00:22:03 p50931188 pluto[5020]: | next payload type: ISAKMP_NEXT_VID
2019:04:06-00:22:03 p50931188 pluto[5020]: | length: 20
2019:04:06-00:22:03 p50931188 pluto[5020]: | ***parse ISAKMP Vendor ID Payload:
2019:04:06-00:22:03 p50931188 pluto[5020]: | next payload type: ISAKMP_NEXT_VID
2019:04:06-00:22:03 p50931188 pluto[5020]: | length: 20
2019:04:06-00:22:03 p50931188 pluto[5020]: | ***parse ISAKMP Vendor ID Payload:
2019:04:06-00:22:03 p50931188 pluto[5020]: | next payload type: ISAKMP_NEXT_VID
2019:04:06-00:22:03 p50931188 pluto[5020]: | length: 20
2019:04:06-00:22:03 p50931188 pluto[5020]: | ***parse ISAKMP Vendor ID Payload:
2019:04:06-00:22:03 p50931188 pluto[5020]: | next payload type: ISAKMP_NEXT_VID
2019:04:06-00:22:03 p50931188 pluto[5020]: | length: 20
2019:04:06-00:22:03 p50931188 pluto[5020]: | ***parse ISAKMP Vendor ID Payload:
2019:04:06-00:22:03 p50931188 pluto[5020]: | next payload type: ISAKMP_NEXT_VID
2019:04:06-00:22:03 p50931188 pluto[5020]: | length: 20
2019:04:06-00:22:03 p50931188 pluto[5020]: | ***parse ISAKMP Vendor ID Payload:
2019:04:06-00:22:03 p50931188 pluto[5020]: | next payload type: ISAKMP_NEXT_VID
2019:04:06-00:22:03 p50931188 pluto[5020]: | length: 20
2019:04:06-00:22:03 p50931188 pluto[5020]: | ***parse ISAKMP Vendor ID Payload:
2019:04:06-00:22:03 p50931188 pluto[5020]: | next payload type: ISAKMP_NEXT_VID
2019:04:06-00:22:03 p50931188 pluto[5020]: | length: 20
2019:04:06-00:22:03 p50931188 pluto[5020]: | ***parse ISAKMP Vendor ID Payload:
2019:04:06-00:22:03 p50931188 pluto[5020]: | next payload type: ISAKMP_NEXT_VID
2019:04:06-00:22:03 p50931188 pluto[5020]: | length: 12
2019:04:06-00:22:03 p50931188 pluto[5020]: | ***parse ISAKMP Vendor ID Payload:
2019:04:06-00:22:03 p50931188 pluto[5020]: | next payload type: ISAKMP_NEXT_VID
2019:04:06-00:22:03 p50931188 pluto[5020]: | length: 20
2019:04:06-00:22:03 p50931188 pluto[5020]: | ***parse ISAKMP Vendor ID Payload:
2019:04:06-00:22:03 p50931188 pluto[5020]: | next payload type: ISAKMP_NEXT_VID
2019:04:06-00:22:03 p50931188 pluto[5020]: | length: 24
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 5 years ago in reply to markus e

OK, that's what I get for not being more precise!

1. Confirm that Debug is not enabled.
2. Start the IPsec Live Log and wait for it to begin to populate.
4. Start the connection from the iPhone.
5. Show us about 50+ lines from the initialization of the connection through the error.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 5 years ago in reply to markus e

OK, that's what I get for not being more precise!

1. Confirm that Debug is not enabled.
2. Start the IPsec Live Log and wait for it to begin to populate.
4. Start the connection from the iPhone.
5. Show us about 50+ lines from the initialization of the connection through the error.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 markus e over 5 years ago in reply to BAlfson

Hi Bob

many thanks, I hope I understood right, went to Remote Access->Cisco VPN->Debug and unchecked all 5 checkboxes, then logged again as you requested. Here is the output from start until the error message:

2019:04:07-22:01:04 p50931188 pluto[29445]: packet from 46.188.144.147:18186: ignoring Vendor ID payload [RFC 3947]
2019:04:07-22:01:04 p50931188 pluto[29445]: packet from 46.188.144.147:18186: ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]
2019:04:07-22:01:04 p50931188 pluto[29445]: packet from 46.188.144.147:18186: ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
2019:04:07-22:01:04 p50931188 pluto[29445]: packet from 46.188.144.147:18186: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
2019:04:07-22:01:04 p50931188 pluto[29445]: packet from 46.188.144.147:18186: ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
2019:04:07-22:01:04 p50931188 pluto[29445]: packet from 46.188.144.147:18186: ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
2019:04:07-22:01:04 p50931188 pluto[29445]: packet from 46.188.144.147:18186: ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
2019:04:07-22:01:04 p50931188 pluto[29445]: packet from 46.188.144.147:18186: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
2019:04:07-22:01:04 p50931188 pluto[29445]: packet from 46.188.144.147:18186: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
2019:04:07-22:01:04 p50931188 pluto[29445]: packet from 46.188.144.147:18186: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2019:04:07-22:01:04 p50931188 pluto[29445]: packet from 46.188.144.147:18186: received Vendor ID payload [XAUTH]
2019:04:07-22:01:04 p50931188 pluto[29445]: packet from 46.188.144.147:18186: ignoring Vendor ID payload [Cisco-Unity]
2019:04:07-22:01:04 p50931188 pluto[29445]: packet from 46.188.144.147:18186: ignoring Vendor ID payload [FRAGMENTATION 80000000]
2019:04:07-22:01:04 p50931188 pluto[29445]: packet from 46.188.144.147:18186: received Vendor ID payload [Dead Peer Detection]
2019:04:07-22:01:04 p50931188 pluto[29445]: packet from 46.188.144.147:18186: initial Main Mode message received on 80.xxx.xxx.xxx:500 but no connection has been authorized with policy=XAUTHRSASIG+XAUTHSERVER
2019:04:07-22:01:08 p50931188 pluto[29445]: packet from 46.188.144.147:18186: ignoring Vendor ID payload [RFC 3947]
2019:04:07-22:01:08 p50931188 pluto[29445]: packet from 46.188.144.147:18186: ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]
2019:04:07-22:01:08 p50931188 pluto[29445]: packet from 46.188.144.147:18186: ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
2019:04:07-22:01:08 p50931188 pluto[29445]: packet from 46.188.144.147:18186: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
2019:04:07-22:01:08 p50931188 pluto[29445]: packet from 46.188.144.147:18186: ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
2019:04:07-22:01:08 p50931188 pluto[29445]: packet from 46.188.144.147:18186: ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
2019:04:07-22:01:08 p50931188 pluto[29445]: packet from 46.188.144.147:18186: ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
2019:04:07-22:01:08 p50931188 pluto[29445]: packet from 46.188.144.147:18186: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
2019:04:07-22:01:08 p50931188 pluto[29445]: packet from 46.188.144.147:18186: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
2019:04:07-22:01:08 p50931188 pluto[29445]: packet from 46.188.144.147:18186: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2019:04:07-22:01:08 p50931188 pluto[29445]: packet from 46.188.144.147:18186: received Vendor ID payload [XAUTH]
2019:04:07-22:01:08 p50931188 pluto[29445]: packet from 46.188.144.147:18186: ignoring Vendor ID payload [Cisco-Unity]
2019:04:07-22:01:08 p50931188 pluto[29445]: packet from 46.188.144.147:18186: ignoring Vendor ID payload [FRAGMENTATION 80000000]
2019:04:07-22:01:08 p50931188 pluto[29445]: packet from 46.188.144.147:18186: received Vendor ID payload [Dead Peer Detection]
2019:04:07-22:01:08 p50931188 pluto[29445]: packet from 46.188.144.147:18186: initial Main Mode message received on 80.xxx.xxx.xxx:500 but no connection has been authorized with policy=XAUTHRSASIG+XAUTHSERVER
2019:04:07-22:01:11 p50931188 pluto[29445]: packet from 46.188.144.147:18186: ignoring Vendor ID payload [RFC 3947]
2019:04:07-22:01:11 p50931188 pluto[29445]: packet from 46.188.144.147:18186: ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]
2019:04:07-22:01:11 p50931188 pluto[29445]: packet from 46.188.144.147:18186: ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
2019:04:07-22:01:11 p50931188 pluto[29445]: packet from 46.188.144.147:18186: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
2019:04:07-22:01:11 p50931188 pluto[29445]: packet from 46.188.144.147:18186: ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
2019:04:07-22:01:11 p50931188 pluto[29445]: packet from 46.188.144.147:18186: ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
2019:04:07-22:01:11 p50931188 pluto[29445]: packet from 46.188.144.147:18186: ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
2019:04:07-22:01:11 p50931188 pluto[29445]: packet from 46.188.144.147:18186: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
2019:04:07-22:01:11 p50931188 pluto[29445]: packet from 46.188.144.147:18186: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
2019:04:07-22:01:11 p50931188 pluto[29445]: packet from 46.188.144.147:18186: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2019:04:07-22:01:11 p50931188 pluto[29445]: packet from 46.188.144.147:18186: received Vendor ID payload [XAUTH]
2019:04:07-22:01:11 p50931188 pluto[29445]: packet from 46.188.144.147:18186: ignoring Vendor ID payload [Cisco-Unity]
2019:04:07-22:01:11 p50931188 pluto[29445]: packet from 46.188.144.147:18186: ignoring Vendor ID payload [FRAGMENTATION 80000000]
2019:04:07-22:01:11 p50931188 pluto[29445]: packet from 46.188.144.147:18186: received Vendor ID payload [Dead Peer Detection]
2019:04:07-22:01:11 p50931188 pluto[29445]: packet from 46.188.144.147:18186: initial Main Mode message received on 80.xxx.xxx.xxx:500 but no connection has been authorized with policy=XAUTHRSASIG+XAUTHSERVER
2019:04:07-22:01:14 p50931188 pluto[29445]: packet from 46.188.144.147:18186: ignoring Vendor ID payload [RFC 3947]
2019:04:07-22:01:14 p50931188 pluto[29445]: packet from 46.188.144.147:18186: ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]
2019:04:07-22:01:14 p50931188 pluto[29445]: packet from 46.188.144.147:18186: ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
2019:04:07-22:01:14 p50931188 pluto[29445]: packet from 46.188.144.147:18186: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
2019:04:07-22:01:14 p50931188 pluto[29445]: packet from 46.188.144.147:18186: ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
2019:04:07-22:01:14 p50931188 pluto[29445]: packet from 46.188.144.147:18186: ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
2019:04:07-22:01:14 p50931188 pluto[29445]: packet from 46.188.144.147:18186: ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
2019:04:07-22:01:14 p50931188 pluto[29445]: packet from 46.188.144.147:18186: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
2019:04:07-22:01:14 p50931188 pluto[29445]: packet from 46.188.144.147:18186: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
2019:04:07-22:01:14 p50931188 pluto[29445]: packet from 46.188.144.147:18186: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2019:04:07-22:01:14 p50931188 pluto[29445]: packet from 46.188.144.147:18186: received Vendor ID payload [XAUTH]
2019:04:07-22:01:14 p50931188 pluto[29445]: packet from 46.188.144.147:18186: ignoring Vendor ID payload [Cisco-Unity]
2019:04:07-22:01:14 p50931188 pluto[29445]: packet from 46.188.144.147:18186: ignoring Vendor ID payload [FRAGMENTATION 80000000]
2019:04:07-22:01:14 p50931188 pluto[29445]: packet from 46.188.144.147:18186: received Vendor ID payload [Dead Peer Detection]
2019:04:07-22:01:14 p50931188 pluto[29445]: packet from 46.188.144.147:18186: initial Main Mode message received on 80.xxx.xxx.xxx:500 but no connection has been authorized with policy=XAUTHRSASIG+XAUTHSERVER
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 5 years ago in reply to markus e

Markus, are you certain that the UTM has a public IP and is not behind a NAT'ing router?

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 markus e over 5 years ago in reply to BAlfson

Hi Bob

yes it is directly connected to the internet with a static IP.

We are also running several site to site VPNs without a problem, and the Cisco remote VPN also works fine from remote wifi networks with my iPhone, but NOT from mobile networks.

Thats what I do not understand.

It seems to be a restriction by the mobile operators, however I do not understand why others do not seem to have that problem?
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 5 years ago in reply to markus e

Keine Ahnung, Markus. I'll be interested in learning what Sophos Support has to say about this. I was unable to reproduce your issue. Here's the log from a connection a few minutes ago. I inserted a blank line where I disconnected from my iPhone. iPhoneXS on iOS 12.2 connecting over LTE to UTM V9.601.

Cheers - Bob

2019:04:10-13:47:41 secure pluto[7698]: packet from 166.xxx.yyy.124:31560: received Vendor ID payload [RFC 3947]
2019:04:10-13:47:41 secure pluto[7698]: packet from 166.xxx.yyy.124:31560: ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]
2019:04:10-13:47:41 secure pluto[7698]: packet from 166.xxx.yyy.124:31560: ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
2019:04:10-13:47:41 secure pluto[7698]: packet from 166.xxx.yyy.124:31560: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
2019:04:10-13:47:41 secure pluto[7698]: packet from 166.xxx.yyy.124:31560: ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
2019:04:10-13:47:41 secure pluto[7698]: packet from 166.xxx.yyy.124:31560: ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
2019:04:10-13:47:41 secure pluto[7698]: packet from 166.xxx.yyy.124:31560: ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
2019:04:10-13:47:41 secure pluto[7698]: packet from 166.xxx.yyy.124:31560: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
2019:04:10-13:47:41 secure pluto[7698]: packet from 166.xxx.yyy.124:31560: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
2019:04:10-13:47:41 secure pluto[7698]: packet from 166.xxx.yyy.124:31560: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2019:04:10-13:47:41 secure pluto[7698]: packet from 166.xxx.yyy.124:31560: received Vendor ID payload [XAUTH]
2019:04:10-13:47:41 secure pluto[7698]: packet from 166.xxx.yyy.124:31560: ignoring Vendor ID payload [Cisco-Unity]
2019:04:10-13:47:41 secure pluto[7698]: packet from 166.xxx.yyy.124:31560: ignoring Vendor ID payload [FRAGMENTATION 80000000]
2019:04:10-13:47:41 secure pluto[7698]: packet from 166.xxx.yyy.124:31560: received Vendor ID payload [Dead Peer Detection]
2019:04:10-13:47:41 secure pluto[7698]: "D_for AlanT to Internal (Network)-2"[7] 166.xxx.yyy.124:31560 #89726: responding to Main Mode from unknown peer 166.xxx.yyy.124:31560
2019:04:10-13:47:42 secure pluto[7698]: "D_for olduser to Internal (Network)-2"[7] 166.xxx.yyy.124:31560 #89726: NAT-Traversal: Result using RFC 3947: peer is NATed
2019:04:10-13:47:42 secure pluto[7698]: | NAT-T: new mapping 166.xxx.yyy.124:31560/4832)
2019:04:10-13:47:42 secure pluto[7698]: "D_for olduser to Internal (Network)-2"[7] 166.xxx.yyy.124:4832 #89726: ignoring informational payload, type IPSEC_INITIAL_CONTACT
2019:04:10-13:47:42 secure pluto[7698]: "D_for olduser to Internal (Network)-2"[7] 166.xxx.yyy.124:4832 #89726: Peer ID is ID_DER_ASN1_DN: 'C=us, L=Oklahoma City, O=MyCompany, CN=MyName, E=MyEmail@MyCompany.com'
2019:04:10-13:47:42 secure pluto[7698]: "D_for olduser to Internal (Network)-2"[7] 166.xxx.yyy.124:4832 #89726: crl not found
2019:04:10-13:47:42 secure pluto[7698]: "D_for olduser to Internal (Network)-2"[7] 166.xxx.yyy.124:4832 #89726: certificate status unknown
2019:04:10-13:47:42 secure pluto[7698]: "D_for olduser to Internal (Network)-2"[1] 166.xxx.yyy.124:4832 #89726: deleting connection "D_for olduser to Internal (Network)-2"[7] instance with peer 166.xxx.yyy.124 {isakmp=#0/ipsec=#0}
2019:04:10-13:47:42 secure pluto[7698]: "D_for olduser to Internal (Network)-2"[1] 166.xxx.yyy.124:4832 #89726: we have a cert and are sending it
2019:04:10-13:47:42 secure pluto[7698]: "D_for olduser to Internal (Network)-2"[1] 166.xxx.yyy.124:4832 #89726: Dead Peer Detection (RFC 3706) enabled
2019:04:10-13:47:42 secure pluto[7698]: "D_for olduser to Internal (Network)-2"[1] 166.xxx.yyy.124:4832 #89726: sent MR3, ISAKMP SA established
2019:04:10-13:47:42 secure pluto[7698]: "D_for olduser to Internal (Network)-2"[1] 166.xxx.yyy.124:4832 #89726: sending XAUTH request
2019:04:10-13:47:42 secure pluto[7698]: "D_for olduser to Internal (Network)-2"[1] 166.xxx.yyy.124:4832 #89726: parsing XAUTH reply
2019:04:10-13:47:42 secure pluto[7698]: "D_for olduser to Internal (Network)-2"[1] 166.xxx.yyy.124:4832 #89726: extended authentication was successful
2019:04:10-13:47:42 secure pluto[7698]: "D_for olduser to Internal (Network)-2"[1] 166.xxx.yyy.124:4832 #89726: sending XAUTH status
2019:04:10-13:47:43 secure pluto[7698]: "D_for olduser to Internal (Network)-2"[1] 166.xxx.yyy.124:4832 #89726: parsing XAUTH ack
2019:04:10-13:47:43 secure pluto[7698]: "D_for olduser to Internal (Network)-2"[1] 166.xxx.yyy.124:4832 #89726: received XAUTH ack, established
2019:04:10-13:47:43 secure pluto[7698]: "D_for olduser to Internal (Network)-2"[1] 166.xxx.yyy.124:4832 #89726: parsing ModeCfg request
2019:04:10-13:47:43 secure pluto[7698]: "D_for olduser to Internal (Network)-2"[1] 166.xxx.yyy.124:4832 #89726: unknown attribute type (28683)
2019:04:10-13:47:43 secure pluto[7698]: "D_for olduser to Internal (Network)-2"[1] 166.xxx.yyy.124:4832 #89726: peer requested virtual IP %any
2019:04:10-13:47:43 secure pluto[7698]: acquired new lease for address 10.242.5.1 in pool 'VPN Pool (Cisco)'
2019:04:10-13:47:43 secure pluto[7698]: "D_for olduser to Internal (Network)-2"[1] 166.xxx.yyy.124:4832 #89726: assigning virtual IP 10.242.5.1 to peer
2019:04:10-13:47:43 secure pluto[7698]: "D_for olduser to Internal (Network)-2"[1] 166.xxx.yyy.124:4832 #89726: sending ModeCfg reply
2019:04:10-13:47:43 secure pluto[7698]: "D_for olduser to Internal (Network)-2"[1] 166.xxx.yyy.124:4832 #89726: sent ModeCfg reply, established
2019:04:10-13:47:44 secure pluto[7698]: "D_for olduser to Internal (Network)-1"[1] 166.xxx.yyy.124:4832 #89727: responding to Quick Mode
2019:04:10-13:47:44 secure pluto[7698]: id="2201" severity="info" sys="SecureNet" sub="vpn" event="Connection started" username="MyUserNmae" variant="ipsec" srcip="166.xxx.yyy.124" virtual_ip="10.242.5.1"
2019:04:10-13:47:45 secure pluto[7698]: "D_for olduser to Internal (Network)-1"[1] 166.xxx.yyy.124:4832 #89727: IPsec SA established {ESP=>0x075c8f75 <0x0af61521 NATOA=0.0.0.0 DPD}
2019:04:10-13:47:56 secure pluto[7698]: "S_secure in AWS"[3] 54.209.14.114:4500 #89728: responding to Quick Mode
2019:04:10-13:47:56 secure pluto[7698]: "S_secure in AWS"[3] 54.209.14.114:4500 #89728: IPsec SA established {ESP=>0x55a523fe <0xbbfe208d NATOA=0.0.0.0 DPD}

2019:04:10-13:48:41 secure pluto[7698]: "D_for olduser to Internal (Network)-2"[1] 166.xxx.yyy.124:4832 #89726: received Delete SA(0x075c8f75) payload: deleting IPSEC State #89727
2019:04:10-13:48:41 secure pluto[7698]: id="2202" severity="info" sys="SecureNet" sub="vpn" event="Connection terminated" username="MyUserNmae" variant="ipsec" srcip="166.xxx.yyy.124" virtual_ip="10.242.5.1"
2019:04:10-13:48:42 secure pluto[7698]: "D_for olduser to Internal (Network)-2"[1] 166.xxx.yyy.124:4832 #89726: deleting connection "D_for olduser to Internal (Network)-1"[1] instance with peer 166.xxx.yyy.124 {isakmp=#0/ipsec=#0}
2019:04:10-13:48:42 secure pluto[7698]: ERROR: asynchronous network error report on eth1 for message to 166.xxx.yyy.124 port 4832, complainant 166.xxx.yyy.124: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
2019:04:10-13:48:42 secure pluto[7698]: "D_for olduser to Internal (Network)-2"[1] 166.xxx.yyy.124:4832 #89726: received Delete SA payload: deleting ISAKMP State #89726
2019:04:10-13:48:42 secure pluto[7698]: "D_for olduser to Internal (Network)-2"[1] 166.xxx.yyy.124:4832: deleting connection "D_for olduser to Internal (Network)-2"[1] instance with peer 166.xxx.yyy.124 {isakmp=#0/ipsec=#0}
2019:04:10-13:48:42 secure pluto[7698]: ERROR: asynchronous network error report on eth1 for message to 166.xxx.yyy.124 port 4832, complainant 166.xxx.yyy.124: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 markus e over 5 years ago in reply to BAlfson

Hi Bob

thanks a lot for your mails.

I am using a base license, and although that is not really cheap, it does not include any support except the forum and knowledgebase, which do not bring a solution.

Instead of paying extra for support and wasting lot of time, I will buy a 100 EUR German FritzBox router which includes free support but I won't need it because I know it does what I need without any problem. It's sold in 100Thsds of units here and very well tested with all those commonly needed applications.

Thanks and best regards!

Markus
Cancel
Vote Up 0 Vote Down

Cancel