Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 4 subscribers
  • Views 701 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM - Remote acces via IpSec failed

Steve Scholl

Hi,

I hope someboy has an idea and can help me out:

I already have users connecting to my Sophos UTM with IpSec using Sophos Connect client. Now I set up a new user, added him to the appropriate group and downloaded his connection details and the certificate from the user portal.

But Sophos connect is not able to connect to the firewall and alwas says: Child SA could not be established.

Has anybody an idea?

Here is the log:

2022:02:21-13:43:25 gateway pluto[6160]: added connection description "D_REF_IpsRoaIpsecvpn_AaaUseDispo2-0"
2022:02:21-13:47:13 gateway pluto[6160]: packet from XXX:3104: length of ISAKMP Message is smaller than minimum
2022:02:21-13:47:13 gateway pluto[6160]: packet from XXX:3104: sending notification PAYLOAD_MALFORMED to XXX:3104
2022:02:21-13:47:13 gateway pluto[6160]: packet from XXX:3105: received Vendor ID payload [XAUTH]
2022:02:21-13:47:13 gateway pluto[6160]: packet from XXX:3105: received Vendor ID payload [Dead Peer Detection]
2022:02:21-13:47:13 gateway pluto[6160]: packet from XXX:3105: ignoring Vendor ID payload [FRAGMENTATION 80000000]
2022:02:21-13:47:13 gateway pluto[6160]: packet from XXX:3105: received Vendor ID payload [RFC 3947]
2022:02:21-13:47:13 gateway pluto[6160]: packet from XXX:3105: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2022:02:21-13:47:13 gateway pluto[6160]: "D_REF_IpsRoaIpsecvpn_AaaUseDispo2-0"[1] XXX:3105 #6: responding to Main Mode from unknown peer XXX:3105
2022:02:21-13:47:13 gateway pluto[6160]: "D_REF_IpsRoaIpsecvpn_AaaUseDispo2-0"[1] XXX:3105 #6: NAT-Traversal: Result using RFC 3947: peer is NATed
2022:02:21-13:47:14 gateway pluto[6160]: | NAT-T: new mapping XXX:3105/3106)
2022:02:21-13:47:14 gateway pluto[6160]: "D_REF_IpsRoaIpsecvpn_AaaUseDispo2-0"[1] XXX:3106 #6: ignoring informational payload, type AUTHENTICATION_FAILED
2022:02:21-13:48:24 gateway pluto[6160]: "D_REF_IpsRoaIpsecvpn_AaaUseDispo2-0"[1] XXX:3106 #6: max number of retransmissions (2) reached STATE_MAIN_R2
2022:02:21-13:48:24 gateway pluto[6160]: "D_REF_IpsRoaIpsecvpn_AaaUseDispo2-0"[1] XXX:3106: deleting connection "D_REF_IpsRoaIpsecvpn_AaaUseDispo2-0"[1] instance with peer XXX {isakmp=#0/ipsec=#0}

Thanks in advance

Best

Steve



This thread was automatically locked due to age.
Parents
  • +1

    Together with Sophos Support we finally found the issue: It was not possible to have an user called dispo and a second user called dispo2... somehow the SG firewall was not able to handle that. Just renaming the dispo2 user fixed the issue. Very strange behaviour and for me totally unexpected. Anyway now it works...

    Best

    Steve

Reply
  • +1

    Together with Sophos Support we finally found the issue: It was not possible to have an user called dispo and a second user called dispo2... somehow the SG firewall was not able to handle that. Just renaming the dispo2 user fixed the issue. Very strange behaviour and for me totally unexpected. Anyway now it works...

    Best

    Steve

Children
No Data
Unfiltered HTML