This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problems VPN Site to Site.

Hi. Can you help me with this problem that appears in VPN configuration:

 

2018:01:23-17:04:57 shopos_amazon pluto[7027]: packet from xxx.xxx.xxx.xxx:500: Quick Mode message is for a non-existent (expired?) ISAKMP SA
2018:01:23-17:05:23 shopos_amazon pluto[7027]: "S_Conexion VPN a Bancomer" #1: cannot respond to IPsec SA request because no connection is known for xxx.xxx.xxx.xxx/32===10.10.9.7[xxx.xxx.xxx.xxx]...xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]
2018:01:23-17:05:23 shopos_amazon pluto[7027]: "S_Conexion VPN a Bancomer" #1: sending encrypted notification INVALID_ID_INFORMATION to xxx.xxx.xxx.xxx:500
2018:01:23-17:05:25 shopos_amazon pluto[7027]: "S_Conexion VPN a Bancomer" #1: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x5ccdb1b3 (perhaps this is a duplicated packet)
2018:01:23-17:05:25 shopos_amazon pluto[7027]: "S_Conexion VPN a Bancomer" #1: sending encrypted notification INVALID_MESSAGE_ID to xxx.xxx.xxx.xxx:500
2018:01:23-17:05:27 shopos_amazon pluto[7027]: "S_Conexion VPN a Bancomer" #1: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x5ccdb1b3 (perhaps this is a duplicated packet)
2018:01:23-17:05:27 shopos_amazon pluto[7027]: "S_Conexion VPN a Bancomer" #1: sending encrypted notification INVALID_MESSAGE_ID to xxx.xxx.xxx.xxx:500
2018:01:23-17:05:29 shopos_amazon pluto[7027]: "S_Conexion VPN a Bancomer" #1: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x5ccdb1b3 (perhaps this is a duplicated packet)
2018:01:23-17:05:29 shopos_amazon pluto[7027]: "S_Conexion VPN a Bancomer" #1: sending encrypted notification INVALID_MESSAGE_ID to xxx.xxx.xxx.xxx:500
2018:01:23-17:05:31 shopos_amazon pluto[7027]: "S_Conexion VPN a Bancomer" #1: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x5ccdb1b3 (perhaps this is a duplicated packet)
2018:01:23-17:05:31 shopos_amazon pluto[7027]: "S_Conexion VPN a Bancomer" #1: sending encrypted notification INVALID_MESSAGE_ID to xxx.xxx.xxx.xxx:500
2018:01:23-17:05:33 shopos_amazon pluto[7027]: "S_Conexion VPN a Bancomer" #1: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x5ccdb1b3 (perhaps this is a duplicated packet)
2018:01:23-17:05:33 shopos_amazon pluto[7027]: "S_Conexion VPN a Bancomer" #1: sending encrypted notification INVALID_MESSAGE_ID to xxx.xxx.xxx.xxx:500
2018:01:23-17:05:35 shopos_amazon pluto[7027]: "S_Conexion VPN a Bancomer" #1: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x5ccdb1b3 (perhaps this is a duplicated packet)
2018:01:23-17:05:35 shopos_amazon pluto[7027]: "S_Conexion VPN a Bancomer" #1: sending encrypted notification INVALID_MESSAGE_ID to xxx.xxx.xxx.xxx:500
2018:01:23-17:05:39 shopos_amazon pluto[7027]: "S_Conexion VPN a Bancomer" #1: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x5ccdb1b3 (perhaps this is a duplicated packet)
2018:01:23-17:05:39 shopos_amazon pluto[7027]: "S_Conexion VPN a Bancomer" #1: sending encrypted notification INVALID_MESSAGE_ID to xxx.xxx.xxx.xxx:500
2018:01:23-17:05:43 shopos_amazon pluto[7027]: "S_Conexion VPN a Bancomer" #1: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x5ccdb1b3 (perhaps this is a duplicated packet)
2018:01:23-17:05:43 shopos_amazon pluto[7027]: "S_Conexion VPN a Bancomer" #1: sending encrypted notification INVALID_MESSAGE_ID to xxx.xxx.xxx.xxx:500
2018:01:23-17:05:47 shopos_amazon pluto[7027]: "S_Conexion VPN a Bancomer" #1: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x5ccdb1b3 (perhaps this is a duplicated packet)
2018:01:23-17:05:47 shopos_amazon pluto[7027]: "S_Conexion VPN a Bancomer" #1: sending encrypted notification INVALID_MESSAGE_ID to xxx.xxx.xxx.xxx:500
2018:01:23-17:05:51 shopos_amazon pluto[7027]: "S_Conexion VPN a Bancomer" #1: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x5ccdb1b3 (perhaps this is a duplicated packet)
2018:01:23-17:05:51 shopos_amazon pluto[7027]: "S_Conexion VPN a Bancomer" #1: sending encrypted notification INVALID_MESSAGE_ID to xxx.xxx.xxx.xxx:500
2018:01:23-17:05:55 shopos_amazon pluto[7027]: "S_Conexion VPN a Bancomer" #1: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x5ccdb1b3 (perhaps this is a duplicated packet)
2018:01:23-17:05:55 shopos_amazon pluto[7027]: "S_Conexion VPN a Bancomer" #1: sending encrypted notification INVALID_MESSAGE_ID to xxx.xxx.xxx.xxx:500

 

2018:01:23-17:35:00 shopos_amazon pluto[11715]: "S_Conexion VPN a Bancomer" #4: sending encrypted notification INVALID_MESSAGE_ID to xxx.xxx.xxx.xxx:500

2018:01:23-17:35:04 shopos_amazon pluto[11715]: "S_Conexion VPN a Bancomer" #4: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xab4ecc4f (perhaps this is a duplicated packet)

2018:01:23-17:35:04 shopos_amazon pluto[11715]: "S_Conexion VPN a Bancomer" #4: sending encrypted notification INVALID_MESSAGE_ID to xxx.xxx.xxx.xxx:500

2018:01:23-17:35:22 shopos_amazon pluto[11715]: "S_Conexion VPN a Bancomer" #5: responding to Quick Mode

2018:01:23-17:35:22 shopos_amazon pluto[11715]: "S_Conexion VPN a Bancomer" #5: IPsec SA established {ESP=>0x9542e837 <0xda3db524}

2018:01:23-17:35:22 shopos_amazon pluto[11715]: "S_Conexion VPN a Bancomer" #5: discarding duplicate packet; already STATE_QUICK_R2

2018:01:23-17:35:22 shopos_amazon pluto[11715]: "S_Conexion VPN a Bancomer" #5: discarding duplicate packet; already STATE_QUICK_R2



This thread was automatically locked due to age.
Parents
  • Hola Jesus and welcome to the UTM Community!

    We need more information.  Please do the following:

    1. Confirm that Debug is not enabled.
    2. Disable the IPsec Connection.
    3. Start the IPsec Live Log and wait for it to begin to populate.
    4. Enable the IPsec Connection.
    5. Show us about 60 lines from enabling through the error.

    With that, we should be able to see where in the IPsec conversation the failure occurs and then we'll be able to look for the cause.

    Cheers - Bob
    PS Moving this thread to the VPN forum.

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hello BAlfson.

    thanks for the support.
    I send you the log:

    2018:01:24-15:39:18 shopos_amazon ipsec_starter[28291]: ipsec starter stopped
    2018:01:24-15:39:42 shopos_amazon ipsec_starter[28647]: Starting strongSwan 4.4.1git20100610 IPsec [starter]...
    2018:01:24-15:39:42 shopos_amazon pluto[28663]: Starting IKEv1 pluto daemon (strongSwan 4.4.1git20100610) THREADS VENDORID CISCO_QUIRKS
    2018:01:24-15:39:42 shopos_amazon ipsec_starter[28653]: pluto (28663) started after 20 ms
    2018:01:24-15:39:42 shopos_amazon pluto[28663]: loaded plugins: curl ldap aes des blowfish serpent twofish sha1 sha2 md5 random x509 pubkey pkcs1 pgp dnskey pem sqlite hmac gmp xauth attr attr-sql resolve
    2018:01:24-15:39:42 shopos_amazon pluto[28663]: including NAT-Traversal patch (Version 0.6c)
    2018:01:24-15:39:42 shopos_amazon pluto[28663]: Using Linux 2.6 IPsec interface code
    2018:01:24-15:39:42 shopos_amazon pluto[28663]: loading ca certificates from '/etc/ipsec.d/cacerts'
    2018:01:24-15:39:42 shopos_amazon pluto[28663]: loaded ca certificate from '/etc/ipsec.d/cacerts/VPN Signing CA.pem'
    2018:01:24-15:39:42 shopos_amazon pluto[28663]: loading aa certificates from '/etc/ipsec.d/aacerts'
    2018:01:24-15:39:42 shopos_amazon pluto[28663]: loading ocsp certificates from '/etc/ipsec.d/ocspcerts'
    2018:01:24-15:39:42 shopos_amazon pluto[28663]: Changing to directory '/etc/ipsec.d/crls'
    2018:01:24-15:39:42 shopos_amazon pluto[28663]: loading attribute certificates from '/etc/ipsec.d/acerts'
    2018:01:24-15:39:42 shopos_amazon pluto[28663]: adding interface eth1/eth1 xxx.xxx.xxx.xxx:500
    2018:01:24-15:39:42 shopos_amazon pluto[28663]: adding interface eth1/eth1 xxx.xxx.xxx.xxx:4500
    2018:01:24-15:39:42 shopos_amazon pluto[28663]: adding interface eth0/eth0 xxx.xxx.xxx.xxx:500
    2018:01:24-15:39:42 shopos_amazon pluto[28663]: adding interface eth0/eth0 xxx.xxx.xxx.xxx:4500
    2018:01:24-15:39:42 shopos_amazon pluto[28663]: adding interface lo/lo 127.0.0.1:500
    2018:01:24-15:39:42 shopos_amazon pluto[28663]: adding interface lo/lo 127.0.0.1:4500
    2018:01:24-15:39:42 shopos_amazon pluto[28663]: adding interface lo/lo ::1:500
    2018:01:24-15:39:42 shopos_amazon pluto[28663]: loading secrets from "/etc/ipsec.secrets"
    2018:01:24-15:39:42 shopos_amazon pluto[28663]: loaded PSK secret for xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
    2018:01:24-15:39:42 shopos_amazon pluto[28663]: listening for IKE messages
    2018:01:24-15:39:42 shopos_amazon pluto[28663]: added connection description "S_Conexion VPN a Bancomer"
    2018:01:24-15:39:42 shopos_amazon pluto[28663]: "S_Conexion VPN a Bancomer" #1: initiating Main Mode
    2018:01:24-15:39:42 shopos_amazon pluto[28663]: "S_Conexion VPN a Bancomer" #1: ignoring Vendor ID payload [FRAGMENTATION]
    2018:01:24-15:39:42 shopos_amazon pluto[28663]: "S_Conexion VPN a Bancomer" #1: Peer ID is ID_IPV4_ADDR: 'xxx.xxx.xxx.xxx'
    2018:01:24-15:39:42 shopos_amazon pluto[28663]: "S_Conexion VPN a Bancomer" #1: ISAKMP SA established
    2018:01:24-15:39:42 shopos_amazon pluto[28663]: "S_Conexion VPN a Bancomer" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#1}
    2018:01:24-15:39:43 shopos_amazon pluto[28663]: id="2203" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN up" variant="ipsec" connection="Conexion VPN a Bancomer" address="xxx.xxx.xxx.xxx" local_net="10.10.9.20/32" remote_net="150.205.88.84/32"
    2018:01:24-15:39:43 shopos_amazon pluto[28663]: "S_Conexion VPN a Bancomer" #2: sent QI2, IPsec SA established {ESP=>0xaee24255 <0x177fa781}
    2018:01:24-15:39:46 shopos_amazon pluto[28663]: packet from xxx.xxx.xxx.xxx:500: Main Mode message is part of an unknown exchange
    2018:01:24-15:39:50 shopos_amazon pluto[28663]: packet from xxx.xxx.xxx.xxx:500: Main Mode message is part of an unknown exchange
    2018:01:24-15:40:36 shopos_amazon pluto[28663]: "S_Conexion VPN a Bancomer" #1: cannot respond to IPsec SA request because no connection is known for xxx.xxx.xxx.xxx/32===xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]...xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]
    2018:01:24-15:40:36 shopos_amazon pluto[28663]: "S_Conexion VPN a Bancomer" #1: sending encrypted notification INVALID_ID_INFORMATION to xxx.xxx.xxx.xxx:500
    2018:01:24-15:40:38 shopos_amazon pluto[28663]: "S_Conexion VPN a Bancomer" #1: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xcc024bf2 (perhaps this is a duplicated packet)
    2018:01:24-15:40:38 shopos_amazon pluto[28663]: "S_Conexion VPN a Bancomer" #1: sending encrypted notification INVALID_MESSAGE_ID to xxx.xxx.xxx.xxx:500
    2018:01:24-15:40:40 shopos_amazon pluto[28663]: "S_Conexion VPN a Bancomer" #1: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xcc024bf2 (perhaps this is a duplicated packet)
    2018:01:24-15:40:40 shopos_amazon pluto[28663]: "S_Conexion VPN a Bancomer" #1: sending encrypted notification INVALID_MESSAGE_ID to xxx.xxx.xxx.xxx:500
    2018:01:24-15:40:42 shopos_amazon pluto[28663]: "S_Conexion VPN a Bancomer" #1: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xcc024bf2 (perhaps this is a duplicated packet)
    2018:01:24-15:40:42 shopos_amazon pluto[28663]: "S_Conexion VPN a Bancomer" #1: sending encrypted notification INVALID_MESSAGE_ID to xxx.xxx.xxx.xxx:500
    2018:01:24-15:40:44 shopos_amazon pluto[28663]: "S_Conexion VPN a Bancomer" #1: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xcc024bf2 (perhaps this is a duplicated packet)
    2018:01:24-15:40:44 shopos_amazon pluto[28663]: "S_Conexion VPN a Bancomer" #1: sending encrypted notification INVALID_MESSAGE_ID to xxx.xxx.xxx.xxx:500
    2018:01:24-15:40:46 shopos_amazon pluto[28663]: "S_Conexion VPN a Bancomer" #1: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xcc024bf2 (perhaps this is a duplicated packet)
    2018:01:24-15:40:46 shopos_amazon pluto[28663]: "S_Conexion VPN a Bancomer" #1: sending encrypted notification INVALID_MESSAGE_ID to xxx.xxx.xxx.xxx:500
    2018:01:24-15:40:48 shopos_amazon pluto[28663]: "S_Conexion VPN a Bancomer" #1: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xcc024bf2 (perhaps this is a duplicated packet)
    2018:01:24-15:40:48 shopos_amazon pluto[28663]: "S_Conexion VPN a Bancomer" #1: sending encrypted notification INVALID_MESSAGE_ID to xxx.xxx.xxx.xxx:500
    2018:01:24-15:40:52 shopos_amazon pluto[28663]: "S_Conexion VPN a Bancomer" #1: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xcc024bf2 (perhaps this is a duplicated packet)
    2018:01:24-15:40:52 shopos_amazon pluto[28663]: "S_Conexion VPN a Bancomer" #1: sending encrypted notification INVALID_MESSAGE_ID to xxx.xxx.xxx.xxx:500

  • Jesus, instead of completely erasing the IPs, obfuscate them leaving enough information so the picture is clear.  Edit the log above to use 201.x.y.162 instead of xxx.xxx.xxx.xxx.

    Also, please show pictures of the Edits of the IPsec Connection and the Remote Gateway along with the corresponding configuration from the other side.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hello BAlfson.

    I send you the complete information:

     

    2018:01:25-11:52:11 shopos_amazon ipsec_starter[1122]: Starting strongSwan 4.4.1git20100610 IPsec [starter]...
    2018:01:25-11:52:11 shopos_amazon pluto[1139]: Starting IKEv1 pluto daemon (strongSwan 4.4.1git20100610) THREADS VENDORID CISCO_QUIRKS
    2018:01:25-11:52:11 shopos_amazon ipsec_starter[1129]: pluto (1139) started after 20 ms
    2018:01:25-11:52:11 shopos_amazon pluto[1139]: loaded plugins: curl ldap aes des blowfish serpent twofish sha1 sha2 md5 random x509 pubkey pkcs1 pgp dnskey pem sqlite hmac gmp xauth attr attr-sql resolve
    2018:01:25-11:52:11 shopos_amazon pluto[1139]: including NAT-Traversal patch (Version 0.6c)
    2018:01:25-11:52:11 shopos_amazon pluto[1139]: Using Linux 2.6 IPsec interface code
    2018:01:25-11:52:11 shopos_amazon pluto[1139]: loading ca certificates from '/etc/ipsec.d/cacerts'
    2018:01:25-11:52:11 shopos_amazon pluto[1139]: loaded ca certificate from '/etc/ipsec.d/cacerts/VPN Signing CA.pem'
    2018:01:25-11:52:11 shopos_amazon pluto[1139]: loading aa certificates from '/etc/ipsec.d/aacerts'
    2018:01:25-11:52:11 shopos_amazon pluto[1139]: loading ocsp certificates from '/etc/ipsec.d/ocspcerts'
    2018:01:25-11:52:11 shopos_amazon pluto[1139]: Changing to directory '/etc/ipsec.d/crls'
    2018:01:25-11:52:11 shopos_amazon pluto[1139]: loading attribute certificates from '/etc/ipsec.d/acerts'
    2018:01:25-11:52:11 shopos_amazon pluto[1139]: adding interface eth1/eth1 10.10.9.8:500
    2018:01:25-11:52:11 shopos_amazon pluto[1139]: adding interface eth1/eth1 10.10.9.8:4500
    2018:01:25-11:52:11 shopos_amazon pluto[1139]: adding interface eth0/eth0 10.10.9.7:500
    2018:01:25-11:52:11 shopos_amazon pluto[1139]: adding interface eth0/eth0 10.10.9.7:4500
    2018:01:25-11:52:11 shopos_amazon pluto[1139]: adding interface lo/lo 127.0.0.1:500
    2018:01:25-11:52:11 shopos_amazon pluto[1139]: adding interface lo/lo 127.0.0.1:4500
    2018:01:25-11:52:11 shopos_amazon pluto[1139]: adding interface lo/lo ::1:500
    2018:01:25-11:52:11 shopos_amazon pluto[1139]: loading secrets from "/etc/ipsec.secrets"
    2018:01:25-11:52:11 shopos_amazon pluto[1139]: loaded PSK secret for 10.10.9.7 148.244.43.160
    2018:01:25-11:52:11 shopos_amazon pluto[1139]: listening for IKE messages
    2018:01:25-11:52:11 shopos_amazon pluto[1139]: added connection description "S_Conexion VPN a Bancomer"
    2018:01:25-11:52:11 shopos_amazon pluto[1139]: "S_Conexion VPN a Bancomer" #1: initiating Main Mode
    2018:01:25-11:52:11 shopos_amazon pluto[1139]: "S_Conexion VPN a Bancomer" #1: ignoring Vendor ID payload [FRAGMENTATION]
    2018:01:25-11:52:12 shopos_amazon pluto[1139]: "S_Conexion VPN a Bancomer" #1: Peer ID is ID_IPV4_ADDR: '148.244.43.160'
    2018:01:25-11:52:12 shopos_amazon pluto[1139]: "S_Conexion VPN a Bancomer" #1: ISAKMP SA established
    2018:01:25-11:52:12 shopos_amazon pluto[1139]: "S_Conexion VPN a Bancomer" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#1}
    2018:01:25-11:52:12 shopos_amazon pluto[1139]: id="2203" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN up" variant="ipsec" connection="Conexion VPN a Bancomer" address="10.10.9.7" local_net="10.10.9.20/32" remote_net="150.205.88.84/32"
    2018:01:25-11:52:12 shopos_amazon pluto[1139]: "S_Conexion VPN a Bancomer" #2: sent QI2, IPsec SA established {ESP=>0x35ef8af1 <0xe5bd57c7}
    2018:01:25-11:52:13 shopos_amazon pluto[1139]: packet from 148.244.43.160:500: Quick Mode message is for a non-existent (expired?) ISAKMP SA
    2018:01:25-11:52:17 shopos_amazon pluto[1139]: packet from 148.244.43.160:500: Quick Mode message is for a non-existent (expired?) ISAKMP SA
    2018:01:25-11:52:23 shopos_amazon pluto[1139]: packet from 148.244.43.160:500: Quick Mode message is for a non-existent (expired?) ISAKMP SA
    2018:01:25-11:52:27 shopos_amazon pluto[1139]: packet from 148.244.43.160:500: Quick Mode message is for a non-existent (expired?) ISAKMP SA
    2018:01:25-11:52:31 shopos_amazon pluto[1139]: packet from 148.244.43.160:500: Quick Mode message is for a non-existent (expired?) ISAKMP SA
    2018:01:25-11:52:57 shopos_amazon pluto[1139]: "S_Conexion VPN a Bancomer" #1: cannot respond to IPsec SA request because no connection is known for 35.161.239.196/32===10.10.9.7[10.10.9.7]...148.244.43.160[148.244.43.160]
    2018:01:25-11:52:57 shopos_amazon pluto[1139]: "S_Conexion VPN a Bancomer" #1: sending encrypted notification INVALID_ID_INFORMATION to 148.244.43.160:500
    2018:01:25-11:52:59 shopos_amazon pluto[1139]: "S_Conexion VPN a Bancomer" #1: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xd04480ba (perhaps this is a duplicated packet)
    2018:01:25-11:52:59 shopos_amazon pluto[1139]: "S_Conexion VPN a Bancomer" #1: sending encrypted notification INVALID_MESSAGE_ID to 148.244.43.160:500
    2018:01:25-11:53:01 shopos_amazon pluto[1139]: "S_Conexion VPN a Bancomer" #1: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xd04480ba (perhaps this is a duplicated packet)
    2018:01:25-11:53:01 shopos_amazon pluto[1139]: "S_Conexion VPN a Bancomer" #1: sending encrypted notification INVALID_MESSAGE_ID to 148.244.43.160:500
    2018:01:25-11:53:03 shopos_amazon pluto[1139]: "S_Conexion VPN a Bancomer" #1: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xd04480ba (perhaps this is a duplicated packet)
    2018:01:25-11:53:03 shopos_amazon pluto[1139]: "S_Conexion VPN a Bancomer" #1: sending encrypted notification INVALID_MESSAGE_ID to 148.244.43.160:500
    2018:01:25-11:53:05 shopos_amazon pluto[1139]: "S_Conexion VPN a Bancomer" #1: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xd04480ba (perhaps this is a duplicated packet)
    2018:01:25-11:53:05 shopos_amazon pluto[1139]: "S_Conexion VPN a Bancomer" #1: sending encrypted notification INVALID_MESSAGE_ID to 148.244.43.160:500
    2018:01:25-11:53:07 shopos_amazon pluto[1139]: "S_Conexion VPN a Bancomer" #1: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xd04480ba (perhaps this is a duplicated packet)
    2018:01:25-11:53:07 shopos_amazon pluto[1139]: "S_Conexion VPN a Bancomer" #1: sending encrypted notification INVALID_MESSAGE_ID to 148.244.43.160:500

  • We need to look at the pictures I mentioned.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hello BAlfson

    What are the images you need?

  • I added the following in my post above, but I bet you'd already seen the original version. [;)]

    Also, please show pictures of the Edits of the IPsec Connection and the Remote Gateway along with the corresponding configuration from the other side.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • the device that has to connect with a Checkpoint R77.

  • Make sure that the subnets you have in 'Remote Networks' and 'Local Networks' are the ones the Checkpoint is configured for.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Make sure that the subnets you have in 'Remote Networks' and 'Local Networks' are the ones the Checkpoint is configured for.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data