Thread Info
  • Locked Locked
  • Replies 1 reply
  • Subscribers 3 subscribers
  • Views 3357 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSEC tunnel between sophos XG firewall and pf sense

pavan kumar2

the connection is getting established and disconnected in few second, can any one please check the logs sujest me resolution

 

logs form sophos end

 

------------------

[GARNER-LOGGING] (child_alert) ALERT: IKE message (66E04278) retransmission to 104.184.118.83 timed out
2018-04-17 13:08:34 30[DMN] <India_dallas-1|160> [GARNER-LOGGING] (child_alert) ALERT: peer did not respond to initial message 9
2018-04-17 13:08:34 30[IKE] <India_dallas-1|160> peer not responding, trying again (11/0)
2018-04-17 13:08:34 30[IKE] <India_dallas-1|160> initiating Main Mode IKE_SA India_dallas-1[160] to 104.184.118.83
2018-04-17 13:08:34 30[ENC] <India_dallas-1|160> generating ID_PROT request 0 [ SA V V V V V V ]
2018-04-17 13:08:34 30[NET] <India_dallas-1|160> sending packet: from 203.129.196.59[500] to 104.184.118.83[500] (256 bytes)
2018-04-17 13:08:34 06[NET] <India_dallas-1|160> received packet: from 104.184.118.83[500] to 203.129.196.59[500] (156 bytes)
2018-04-17 13:08:34 06[ENC] <India_dallas-1|160> parsed ID_PROT response 0 [ SA V V V V ]
2018-04-17 13:08:34 06[IKE] <India_dallas-1|160> received XAuth vendor ID
2018-04-17 13:08:34 06[IKE] <India_dallas-1|160> received DPD vendor ID
2018-04-17 13:08:34 06[IKE] <India_dallas-1|160> received FRAGMENTATION vendor ID
2018-04-17 13:08:34 06[IKE] <India_dallas-1|160> received NAT-T (RFC 3947) vendor ID
2018-04-17 13:08:35 06[ENC] <India_dallas-1|160> generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
2018-04-17 13:08:35 06[NET] <India_dallas-1|160> sending packet: from 203.129.196.59[500] to 104.184.118.83[500] (236 bytes)
2018-04-17 13:08:35 23[NET] <India_dallas-1|160> received packet: from 104.184.118.83[500] to 203.129.196.59[500] (236 bytes)
2018-04-17 13:08:35 23[ENC] <India_dallas-1|160> parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
2018-04-17 13:08:35 23[ENC] <India_dallas-1|160> generating ID_PROT request 0 [ ID HASH ]
2018-04-17 13:08:35 23[NET] <India_dallas-1|160> sending packet: from 203.129.196.59[4500] to 104.184.118.83[4500] (68 bytes)
2018-04-17 13:08:39 10[IKE] <India_dallas-1|160> sending retransmit 1 of request message ID 0, seq 3
2018-04-17 13:08:39 10[NET] <India_dallas-1|160> sending packet: from 203.129.196.59[4500] to 104.184.118.83[4500] (68 bytes)
2018-04-17 13:08:46 19[IKE] <India_dallas-1|160> sending retransmit 2 of request message ID 0, seq 3
2018-04-17 13:08:46 19[NET] <India_dallas-1|160> sending packet: from 203.129.196.59[4500] to 104.184.118.83[4500] (68 bytes)
2018-04-17 13:08:59 17[IKE] <India_dallas-1|160> sending retransmit 3 of request message ID 0, seq 3
2018-04-17 13:08:59 17[NET] <India_dallas-1|160> sending packet: from 203.129.196.59[4500] to 104.184.118.83[4500] (68 bytes)
2018-04-17 13:09:22 19[IKE] <India_dallas-1|160> sending retransmit 4 of request message ID 0, seq 3
2018-04-17 13:09:22 19[NET] <India_dallas-1|160> sending packet: from 203.129.196.59[4500] to 104.184.118.83[4500] (68 bytes)
2018-04-17 13:10:04 32[IKE] <India_dallas-1|160> sending retransmit 5 of request message ID 0, seq 3
2018-04-17 13:10:04 32[NET] <India_dallas-1|160> sending packet: from 203.129.196.59[4500] to 104.184.118.83[4500] (68 bytes)

----------------------------------------------------

logs from pfsense

parsed ID_PROT request 0 [ SA V V V V V V ]
Apr 17 02:41:31 charon   05[IKE] <1059> received XAuth vendor ID
Apr 17 02:41:31 charon   05[IKE] <1059> received DPD vendor ID
Apr 17 02:41:31 charon   05[IKE] <1059> received Cisco Unity vendor ID
Apr 17 02:41:31 charon   05[IKE] <1059> received FRAGMENTATION vendor ID
Apr 17 02:41:31 charon   05[IKE] <1059> received NAT-T (RFC 3947) vendor ID
Apr 17 02:41:31 charon   05[IKE] <1059> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Apr 17 02:41:31 charon   05[IKE] <1059> 203.129.196.59 is initiating a Main Mode IKE_SA
Apr 17 02:41:31 charon   05[ENC] <1059> generating ID_PROT response 0 [ SA V V V V ]
Apr 17 02:41:31 charon   05[NET] <1059> sending packet: from 192.168.7.198[500] to 203.129.196.59[500] (156 bytes)
Apr 17 02:41:31 charon   15[NET] <1059> received packet: from 203.129.196.59[500] to 192.168.7.198[500] (236 bytes)
Apr 17 02:41:31 charon   15[ENC] <1059> parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
Apr 17 02:41:31 charon   15[IKE] <1059> local host is behind NAT, sending keep alives
Apr 17 02:41:31 charon   15[ENC] <1059> generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
Apr 17 02:41:31 charon   15[NET] <1059> sending packet: from 192.168.7.198[500] to 203.129.196.59[500] (236 bytes)
Apr 17 02:41:51 charon   07[IKE] <1059> sending keep alive to 203.129.196.59[500]
Apr 17 02:42:01 charon   06[JOB] <1059> deleting half open IKE_SA after timeout


This thread was automatically locked due to age.

  • Hi Paven,

    You will want to post this in the XG Community - this is the UTM Community.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML