This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM - Remote acces via IpSec failed

Hi,

I hope someboy has an idea and can help me out:

I already have users connecting to my Sophos UTM with IpSec using Sophos Connect client. Now I set up a new user, added him to the appropriate group and downloaded his connection details and the certificate from the user portal.

But Sophos connect is not able to connect to the firewall and alwas says: Child SA could not be established.

Has anybody an idea?

Here is the log:

2022:02:21-13:43:25 gateway pluto[6160]: added connection description "D_REF_IpsRoaIpsecvpn_AaaUseDispo2-0"
2022:02:21-13:47:13 gateway pluto[6160]: packet from XXX:3104: length of ISAKMP Message is smaller than minimum
2022:02:21-13:47:13 gateway pluto[6160]: packet from XXX:3104: sending notification PAYLOAD_MALFORMED to XXX:3104
2022:02:21-13:47:13 gateway pluto[6160]: packet from XXX:3105: received Vendor ID payload [XAUTH]
2022:02:21-13:47:13 gateway pluto[6160]: packet from XXX:3105: received Vendor ID payload [Dead Peer Detection]
2022:02:21-13:47:13 gateway pluto[6160]: packet from XXX:3105: ignoring Vendor ID payload [FRAGMENTATION 80000000]
2022:02:21-13:47:13 gateway pluto[6160]: packet from XXX:3105: received Vendor ID payload [RFC 3947]
2022:02:21-13:47:13 gateway pluto[6160]: packet from XXX:3105: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2022:02:21-13:47:13 gateway pluto[6160]: "D_REF_IpsRoaIpsecvpn_AaaUseDispo2-0"[1] XXX:3105 #6: responding to Main Mode from unknown peer XXX:3105
2022:02:21-13:47:13 gateway pluto[6160]: "D_REF_IpsRoaIpsecvpn_AaaUseDispo2-0"[1] XXX:3105 #6: NAT-Traversal: Result using RFC 3947: peer is NATed
2022:02:21-13:47:14 gateway pluto[6160]: | NAT-T: new mapping XXX:3105/3106)
2022:02:21-13:47:14 gateway pluto[6160]: "D_REF_IpsRoaIpsecvpn_AaaUseDispo2-0"[1] XXX:3106 #6: ignoring informational payload, type AUTHENTICATION_FAILED
2022:02:21-13:48:24 gateway pluto[6160]: "D_REF_IpsRoaIpsecvpn_AaaUseDispo2-0"[1] XXX:3106 #6: max number of retransmissions (2) reached STATE_MAIN_R2
2022:02:21-13:48:24 gateway pluto[6160]: "D_REF_IpsRoaIpsecvpn_AaaUseDispo2-0"[1] XXX:3106: deleting connection "D_REF_IpsRoaIpsecvpn_AaaUseDispo2-0"[1] instance with peer XXX {isakmp=#0/ipsec=#0}

Thanks in advance

Best

Steve



This thread was automatically locked due to age.
  • Have you tried with the OpenVPN client?  I would recommend using Sophos Connect when 2.2 is released.

    UTM - 9.713-19 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SATA HDD | GB Ethernet x5

  • Hallo Steve and welcome to the UTM Community!

         AUTHENTICATION_FAILED

    Is it possible the user 's password was changed?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Together with Sophos Support we finally found the issue: It was not possible to have an user called dispo and a second user called dispo2... somehow the SG firewall was not able to handle that. Just renaming the dispo2 user fixed the issue. Very strange behaviour and for me totally unexpected. Anyway now it works...

    Best

    Steve