Thread Info
  • State Verified Answer
  • +3 person also asked this people also asked this
  • Locked Locked
  • Replies 12 replies
  • Answers 2 answers
  • Subscribers 8 subscribers
  • Views 12129 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cisco VPN Client not route after update 9.409-9

tcassano

Hi,

i have updated my Sophos UTM SG310 to the version in subject.

Before i did the update I could get access on every network devices over Ipesc Cisco with the iPhone of my company.

Now after the update I'm not able to do it anymore.

The Connecting and the authentication are ok (VPN Connected) but I can't ping any device on any network (Request timeout).

SSL and PPTP works fine.

 

Can somebody help me about this issue ?

 

Tommaso

 



This thread was automatically locked due to age.
Parents
  • 0

    Hi Tommaso,

    Try the suggestion made by Alex and let us know if that helps. It is reported as a BUG in the latest version under the ID NUTM-6375.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    Hi sachingurung,

    I tried the suggestion of Alex whitout any success. In the firewall log I don't see any drop packet from my connection. In the IPSec VPN log I've only seen the following error:

    ------
    executing down-client: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='down-client' PLUTO_CONNECTION='D_for MYNAME to Internal (Network)-1' PLUTO_NEXT_HOP='PUBLIC IP ASSIGNED TO MY DEVICE' PLUTO_INTERFACE='eth1' PLUTO_REQID='16817' PLUTO_ME='PUBLIC-IP-OF-MYCOMPANY' PLUTO_MY_ID='example.com' PLUTO_MY_CLIENT='MYLANIP/23' PLUTO_MY_CLIENT_NET='MYNETIP' PLUTO_MY_CLIENT_MASK='255.255.254.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='PUBLIC IP ASSIGNED TO MY DEVICE' PLUTO_PEER_ID='C=it, L=Limbiate (MI), O=AM Instruments Srl, CN=Tommaso Cassano, E=MYEMAIL' PLUTO_PEER_CLIENT='MY-LOCAL-VIRTUAL-IP/32' PLUTO_PEER_CLIENT_NET='MY-LOCAL-VIRTUAL-IP' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=it, L=Limbiate (MI), O=AM Instruments Srl, CN=AM Instruments Srl VPN CA, E=@' /usr/libexec/ipsec/updown classic
    2017:01:02-09:54:34 fw-2 pluto[1928]: "D_for MYNAME to Internal (Network)-1"[2] PUBLIC IP ASSIGNED TO MY DEVICE:14061 #8: ERROR: netlink response for Add SA esp.9a04d59a@PUBLIC-IP-OF-MYCOMPANY included errno 22: Invalid argument
    2017:01:02-09:54:34 fw-2 pluto[1928]: | NAT-T: new mapping PUBLIC IP ASSIGNED TO MY DEVICE:14031/14061)
    2017:01:02-09:54:34 fw-2 pluto[1928]: "D_for MYNAME to Internal (Network)-1"[2] PUBLIC IP ASSIGNED TO MY DEVICE:14061 #8: ERROR: netlink response for Add SA esp.9a04d59a@PUBLIC-IP-OF-MYCOMPANY included errno 22: Invalid argument
    2017:01:02-09:54:34 fw-2 pluto[1928]: "D_for MYNAME to Internal (Network)-4"[2] PUBLIC IP ASSIGNED TO MY DEVICE:14061 #7: received Delete SA(0x00f67c8c) payload: deleting IPSEC State #8
    ------
     
    Other than that, everything looks good and also the routing table are correcty created.
     
    It seems that my connection ends up in a black hole :-)
     
Reply
  • 0 in reply to sachingurung

    Hi sachingurung,

    I tried the suggestion of Alex whitout any success. In the firewall log I don't see any drop packet from my connection. In the IPSec VPN log I've only seen the following error:

    ------
    executing down-client: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='down-client' PLUTO_CONNECTION='D_for MYNAME to Internal (Network)-1' PLUTO_NEXT_HOP='PUBLIC IP ASSIGNED TO MY DEVICE' PLUTO_INTERFACE='eth1' PLUTO_REQID='16817' PLUTO_ME='PUBLIC-IP-OF-MYCOMPANY' PLUTO_MY_ID='example.com' PLUTO_MY_CLIENT='MYLANIP/23' PLUTO_MY_CLIENT_NET='MYNETIP' PLUTO_MY_CLIENT_MASK='255.255.254.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='PUBLIC IP ASSIGNED TO MY DEVICE' PLUTO_PEER_ID='C=it, L=Limbiate (MI), O=AM Instruments Srl, CN=Tommaso Cassano, E=MYEMAIL' PLUTO_PEER_CLIENT='MY-LOCAL-VIRTUAL-IP/32' PLUTO_PEER_CLIENT_NET='MY-LOCAL-VIRTUAL-IP' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=it, L=Limbiate (MI), O=AM Instruments Srl, CN=AM Instruments Srl VPN CA, E=@' /usr/libexec/ipsec/updown classic
    2017:01:02-09:54:34 fw-2 pluto[1928]: "D_for MYNAME to Internal (Network)-1"[2] PUBLIC IP ASSIGNED TO MY DEVICE:14061 #8: ERROR: netlink response for Add SA esp.9a04d59a@PUBLIC-IP-OF-MYCOMPANY included errno 22: Invalid argument
    2017:01:02-09:54:34 fw-2 pluto[1928]: | NAT-T: new mapping PUBLIC IP ASSIGNED TO MY DEVICE:14031/14061)
    2017:01:02-09:54:34 fw-2 pluto[1928]: "D_for MYNAME to Internal (Network)-1"[2] PUBLIC IP ASSIGNED TO MY DEVICE:14061 #8: ERROR: netlink response for Add SA esp.9a04d59a@PUBLIC-IP-OF-MYCOMPANY included errno 22: Invalid argument
    2017:01:02-09:54:34 fw-2 pluto[1928]: "D_for MYNAME to Internal (Network)-4"[2] PUBLIC IP ASSIGNED TO MY DEVICE:14061 #7: received Delete SA(0x00f67c8c) payload: deleting IPSEC State #8
    ------
     
    Other than that, everything looks good and also the routing table are correcty created.
     
    It seems that my connection ends up in a black hole :-)
     
Children
No Data
Unfiltered HTML