This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

user account not working for VPN using IPsec Sophos connect but is working using SSL VPN

Hi,

I hope this is in the correct Group.

I have a new user set up in AD exactly the same as any other user, member of the AD SSO VPN group.

the UTM is running Firmware 9.703-3.

when I tried to set up his VPN (IPSEC) the Sophos connect client wouldn't connect it says failed to establish child  SA (security Association)

I have checked and its not his location or equipment as his account does not work on another machine where I have tested other users accounts as working and my test account is working from this machine.

If I go back to the Sophos user portal on the UTM and install the SSL client on the users machine then the user can connect using the SSL VPN (traffic Lights) so his account is being authenticated. just not working on IPsec Sophos connect.

I have created another user since and that user works on IPsec VPN.

any help would be appreciated as we need to get the user moved on to IPsec client.



This thread was automatically locked due to age.
  • Are the some special things within the username or password?

    Special characters / very long / ...

    Check userauthentication live log for errors.

    Try to remove the user from SG and resync from AD.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • Unfortunately after more investigation its not the # in the password as I got hold of the user and changed the password to something else and the failure still occurs but on a test user on the same machine with the same password the connection is established. looking at the ipsec live logs the thing i can see when i am trying to connect and using my IP as a reference when searching the log as it means very little to me. the error i can see is

    length of the ISAKMP message is smaller than the Minimum,

    sending notification PAYLOAD_MALFORMED

    i have removed my ip from the image

    help greatly aprecuiated

  • Do you try to delete/resync the user from UTM already?

    Possible the automatically generated user-certificate is not OK.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • Hi and welcome to the UTM Community!

    Instead of a picture, please copy and paste the resultant lines in your response:

    1. Confirm that Debug is not enabled.
    2. Disable/Enable the IPsec Remote Access Rule.
    3. Start the IPsec Live Log and wait for it to begin to populate.
    4. Have the user attempt to connect
    5. Copy here about 60 lines from the beginning of the connection through the error.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi,

    thanks removed the user from the FW and allowed the account to be re-added from AD by the nightly prefetch rather than syncing manually

    redownloaded his keys this morning. first connection attempt failed but typical then when i did it while looking at the logs to get a capture it worked. have tried again since and seems to now be OK, have managed to connect to the users machine and install the keys and that is also working so the issue seems to be resolved

    Thanks for you assistance