Hey there,
i have the following problem. We have most of our servers in network 172.17.0.0/16 but one server which has to be reachable over VPN tunnel is in 172.18.0.0/16 network. So i looked at the configuration of the VPN client and i can see that there is 172.17.0.0/16 configured as split tunnel. So as far as i understand it only the traffic for this network will be routed over the VPN tunnel.
So i first tried to add the 172.18.0.0 network. The tunnel is established but when i try to connect to the 172.18.XX.XX server i get this errors:
18.08.2017 14:04:36 - IpsDial: creating_more_networks: srcadr=5.145.145.112,srcmsk=255.255.255.255,dstnet=172.18.0.0,dstmsk=255.255.0.0
18.08.2017 14:04:37 - IkeQuick: XMIT_MSG1_QUICK - REF_XXXX
18.08.2017 14:04:37 - Ike: NOTIFY : REF_XXXXe : RECEIVED : INVALID_ID_INFORMATION : 18
18.08.2017 14:04:39 - IpsDial: creating_more_networks already in progress
18.08.2017 14:04:42 - Ike: NOTIFY : REF_XXXXWe : RECEIVED : INVALID_MESSAGE_ID : 9
18.08.2017 14:04:45 - IpsDial: creating_more_networks already in progress
18.08.2017 14:04:48 - Ike: NOTIFY : REF_XXXXWe : RECEIVED : INVALID_MESSAGE_ID : 9
18.08.2017 14:04:54 - Ike: NOTIFY : REF_XXXXe : RECEIVED : INVALID_MESSAGE_ID : 9
18.08.2017 14:05:00 - IkeQuick: phase2:name(REF_XXXXWe) - error - retry timeout - max retries
18.08.2017 14:05:00 - IpsDial: From Ikemgr - Remote is denied request for an IPSec SA, AdapterIndex=204
18.08.2017 14:05:00 - IpsDial: resetting connect pending for idx=29
On the UTM logfile i see:
2017:08:18-14:04:36 XXX[11656]: "D_REF_XXX_TvlpYAZDet-2"[12] 172.17.60.88:10952 #10301: cannot respond to IPsec SA request because no connection is known for 172.18.0.0/16===XXX.XXX.XXX.XXX[XXX]...172.17.60.88:10952[XXX@XXX.XX]==={5.145.145.112/32}
When i try to not configure a split tunnel network it wont connect at all:
18.08.2017 14:12:55 - IkeQuick: phase2:name(REF_XXXXe) - error - cleared by phase1
18.08.2017 14:12:55 - ERROR - 4037: IKE(phase2):Waiting for message2, cleared by phase1 - REF_XXXXe.
18.08.2017 14:12:55 - IpsDial: From Ikemgr - Remote is denied request for an IPSec SA, AdapterIndex=204
18.08.2017 14:12:55 - IPSec: Disconnected from REF_XXXXe on channel 1.
18.08.2017 14:12:55 - FW: Deleting pathfinder rules
18.08.2017 14:12:55 - FW: Deleting pathfinder rules
18.08.2017 14:12:55 - FW: Deleting pathfinder rules
18.08.2017 14:12:55 - FW: Deleting pathfinder rules
On the UTM log it says:
2017:08:18-14:12:35 XXX-1 XXX[11656]: "D_REF_fjDXXXXet-2"[13] 172.17.60.88:10952 #10366: cannot respond to IPsec SA request because no connection is known for 0.0.0.0/0===XXX.XXX.XXX.XXX[XXX]...172.17.60.88:10952[XXX@XXX.de]==={5.145.145.112/32}
Any idea what could be wrong?
Greetings
Bernd
This thread was automatically locked due to age.