Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 4 subscribers
  • Views 1714 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSec with Cisco ASA second phase not established

Prateek S

Hey all, been working through this issue for so long with the remote party and cant see to have any progress on it so needing to see if can get some expert advise from the group as to where to proceed from this - 

We manage Sophos UTM9 and trying to establish IPsec pair with Cisco ASA 3000 series firewall on the remote end that we don't have access to. We were asked to configure our end with their configuration.

Here are the logs to the connection - 

2023:07:21-10:43:05 <OURFW> pluto[49112]: | *time to handle event
2023:07:21-10:43:05 <OURFW> pluto[49112]: | event after this is EVENT_DPD_UPDATE in 0 seconds
2023:07:21-10:43:05 <OURFW> pluto[49112]: | handling event EVENT_RETRANSMIT for x.x.x.x "S_<VPN NAME>" #52736
2023:07:21-10:43:05 <OURFW> pluto[49112]: | inserting event EVENT_RETRANSMIT, timeout in 20 seconds for #52736
2023:07:21-10:43:05 <OURFW> pluto[49112]: | next event EVENT_DPD_UPDATE in 0 seconds for #52732
2023:07:21-10:43:05 <OURFW> pluto[49112]: |
2023:07:21-10:43:05 <OURFW> pluto[49112]: | *time to handle event
2023:07:21-10:43:05 <OURFW> pluto[49112]: | event after this is EVENT_DPD_UPDATE in 0 seconds
2023:07:21-10:43:05 <OURFW> pluto[49112]: | inserting event EVENT_DPD_UPDATE, timeout in 30 seconds for #52732
2023:07:21-10:43:05 <OURFW> pluto[49112]: | next event EVENT_DPD_UPDATE in 0 seconds for #52730
2023:07:21-10:43:05 <OURFW> pluto[49112]: |
2023:07:21-10:43:05 <OURFW> pluto[49112]: | *time to handle event
2023:07:21-10:43:05 <OURFW> pluto[49112]: | event after this is EVENT_DPD_UPDATE in 2 seconds
2023:07:21-10:43:05 <OURFW> pluto[49112]: | inserting event EVENT_DPD_UPDATE, timeout in 30 seconds for #52730
2023:07:21-10:43:05 <OURFW> pluto[49112]: | next event EVENT_DPD_UPDATE in 2 seconds for #52686
2023:07:21-10:43:05 <OURFW> pluto[49112]: |
2023:07:21-10:43:05 <OURFW> pluto[49112]: | *received 124 bytes from x.x.x.x:500 on eth1
2023:07:21-10:43:05 <OURFW> pluto[49112]: | ICOOKIE: 65 d5 90 8b 32 9c f9 8d
2023:07:21-10:43:05 <OURFW> pluto[49112]: | RCOOKIE: 00 5e da 18 eb 73 0d b0
2023:07:21-10:43:05 <OURFW> pluto[49112]: | peer: b7 51 80 22
2023:07:21-10:43:05 <OURFW> pluto[49112]: | state hash entry 6
2023:07:21-10:43:05 <OURFW> pluto[49112]: | state object not found
2023:07:21-10:43:05 <OURFW> pluto[49112]: | ICOOKIE: 65 d5 90 8b 32 9c f9 8d
2023:07:21-10:43:05 <OURFW> pluto[49112]: | RCOOKIE: 00 00 00 00 00 00 00 00
2023:07:21-10:43:05 <OURFW> pluto[49112]: | peer: b7 51 80 22
2023:07:21-10:43:05 <OURFW> pluto[49112]: | state hash entry 31
2023:07:21-10:43:05 <OURFW> pluto[49112]: | state object #52736 found, in STATE_MAIN_I1
2023:07:21-10:43:05 <OURFW> pluto[49112]: "S_<VPN NAME>" #52736: received Vendor ID payload [RFC 3947]
2023:07:21-10:43:05 <OURFW> pluto[49112]: "S_<VPN NAME>" #52736: ignoring Vendor ID payload [FRAGMENTATION c0000000]
2023:07:21-10:43:05 <OURFW> pluto[49112]: "S_<VPN NAME>" #52736: enabling possible NAT-traversal with method 3
2023:07:21-10:43:05 <OURFW> pluto[49112]: | ICOOKIE: 65 d5 90 8b 32 9c f9 8d
2023:07:21-10:43:05 <OURFW> pluto[49112]: | RCOOKIE: 00 00 00 00 00 00 00 00
2023:07:21-10:43:05 <OURFW> pluto[49112]: | peer: b7 51 80 22
2023:07:21-10:43:05 <OURFW> pluto[49112]: | state hash entry 31
2023:07:21-10:43:05 <OURFW> pluto[49112]: | ICOOKIE: 65 d5 90 8b 32 9c f9 8d
2023:07:21-10:43:05 <OURFW> pluto[49112]: | RCOOKIE: 00 5e da 18 eb 73 0d b0
2023:07:21-10:43:05 <OURFW> pluto[49112]: | peer: b7 51 80 22
2023:07:21-10:43:05 <OURFW> pluto[49112]: | state hash entry 6
2023:07:21-10:43:05 <OURFW> pluto[49112]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #52736
2023:07:21-10:43:05 <OURFW> pluto[49112]: | next event EVENT_DPD_UPDATE in 2 seconds for #52686
2023:07:21-10:43:05 <OURFW> pluto[49112]: |
2023:07:21-10:43:05 <OURFW> pluto[49112]: | *received 296 bytes from x.x.x.x:500 on eth1
2023:07:21-10:43:05 <OURFW> pluto[49112]: | ICOOKIE: 65 d5 90 8b 32 9c f9 8d
2023:07:21-10:43:05 <OURFW> pluto[49112]: | RCOOKIE: 00 5e da 18 eb 73 0d b0
2023:07:21-10:43:05 <OURFW> pluto[49112]: | peer: b7 51 80 22
2023:07:21-10:43:05 <OURFW> pluto[49112]: | state hash entry 6
2023:07:21-10:43:05 <OURFW> pluto[49112]: | state object #52736 found, in STATE_MAIN_I2
2023:07:21-10:43:05 <OURFW> pluto[49112]: "S_<VPN NAME>" #52736: ignoring Vendor ID payload [Cisco-Unity]
2023:07:21-10:43:05 <OURFW> pluto[49112]: "S_<VPN NAME>" #52736: received Vendor ID payload [XAUTH]
2023:07:21-10:43:05 <OURFW> pluto[49112]: "S_<VPN NAME>" #52736: ignoring Vendor ID payload [f5997d05eb720db0362c917a214a6e6b]
2023:07:21-10:43:05 <OURFW> pluto[49112]: "S_<VPN NAME>" #52736: ignoring Vendor ID payload [Cisco VPN 3000 Series]
2023:07:21-10:43:05 <OURFW> pluto[49112]: "S_<VPN NAME>" #52736: NAT-Traversal: Result using RFC 3947: no NAT detected
2023:07:21-10:43:05 <OURFW> pluto[49112]: | inserting event EVENT_NAT_T_KEEPALIVE, timeout in 60 seconds
2023:07:21-10:43:05 <OURFW> pluto[49112]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #52736
2023:07:21-10:43:05 <OURFW> pluto[49112]: | next event EVENT_DPD_UPDATE in 2 seconds for #52686
2023:07:21-10:43:05 <OURFW> pluto[49112]: |
2023:07:21-10:43:05 <OURFW> pluto[49112]: | *received 84 bytes from x.x.x.x:500 on eth1
2023:07:21-10:43:05 <OURFW> pluto[49112]: | ICOOKIE: 65 d5 90 8b 32 9c f9 8d
2023:07:21-10:43:05 <OURFW> pluto[49112]: | RCOOKIE: 00 5e da 18 eb 73 0d b0
2023:07:21-10:43:05 <OURFW> pluto[49112]: | peer: b7 51 80 22
2023:07:21-10:43:05 <OURFW> pluto[49112]: | state hash entry 6
2023:07:21-10:43:05 <OURFW> pluto[49112]: | state object #52736 found, in STATE_MAIN_I3
2023:07:21-10:43:05 <OURFW> pluto[49112]: "S_<VPN NAME>" #52736: received Vendor ID payload [Dead Peer Detection]
2023:07:21-10:43:05 <OURFW> pluto[49112]: | protocol/port in Phase 1 ID Payload is 17/0. accepted with port_floating NAT-T
2023:07:21-10:43:05 <OURFW> pluto[49112]: "S_<VPN NAME>" #52736: Peer ID is ID_IPV4_ADDR: 'x.x.x.x'
2023:07:21-10:43:05 <OURFW> pluto[49112]: | peer CA: %none
2023:07:21-10:43:05 <OURFW> pluto[49112]: | required CA: %none
2023:07:21-10:43:05 <OURFW> pluto[49112]: "S_<VPN NAME>" #52736: Dead Peer Detection (RFC 3706) enabled
2023:07:21-10:43:05 <OURFW> pluto[49112]: | inserting event EVENT_DPD, timeout in 38 seconds for #52736
2023:07:21-10:43:05 <OURFW> pluto[49112]: | inserting event EVENT_SA_REPLACE, timeout in 2567 seconds for #52736
2023:07:21-10:43:05 <OURFW> pluto[49112]: "S_<VPN NAME>" #52736: ISAKMP SA established
2023:07:21-10:43:05 <OURFW> pluto[49112]: | unqueuing pending Quick Mode with x.x.x.x "S_<VPN NAME>"
2023:07:21-10:43:05 <OURFW> pluto[49112]: | duplicating state object #52736
2023:07:21-10:43:05 <OURFW> pluto[49112]: | creating state object #52739 at 0x9a2e658
2023:07:21-10:43:05 <OURFW> pluto[49112]: | ICOOKIE: 65 d5 90 8b 32 9c f9 8d
2023:07:21-10:43:05 <OURFW> pluto[49112]: | RCOOKIE: 00 5e da 18 eb 73 0d b0
2023:07:21-10:43:05 <OURFW> pluto[49112]: | peer: b7 51 80 22
2023:07:21-10:43:05 <OURFW> pluto[49112]: | state hash entry 6
2023:07:21-10:43:05 <OURFW> pluto[49112]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #52739
2023:07:21-10:43:05 <OURFW> pluto[49112]: "S_<VPN NAME>" #52739: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP {using isakmp#52736}
2023:07:21-10:43:05 <OURFW> pluto[49112]: | esp proposal: 3DES_CBC/HMAC_MD5,
2023:07:21-10:43:05 <OURFW> pluto[49112]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #52739
2023:07:21-10:43:05 <OURFW> pluto[49112]: | unqueuing pending Quick Mode with x.x.x.x "S_<VPN NAME>"
2023:07:21-10:43:05 <OURFW> pluto[49112]: | duplicating state object #52736
2023:07:21-10:43:05 <OURFW> pluto[49112]: | creating state object #52740 at 0x9a8dca8
2023:07:21-10:43:05 <OURFW> pluto[49112]: | ICOOKIE: 65 d5 90 8b 32 9c f9 8d
2023:07:21-10:43:05 <OURFW> pluto[49112]: | RCOOKIE: 00 5e da 18 eb 73 0d b0
2023:07:21-10:43:05 <OURFW> pluto[49112]: | peer: b7 51 80 22
2023:07:21-10:43:05 <OURFW> pluto[49112]: | state hash entry 6
2023:07:21-10:43:05 <OURFW> pluto[49112]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #52740
2023:07:21-10:43:05 <OURFW> pluto[49112]: "S_<VPN NAME>" #52740: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP {using isakmp#52736}
2023:07:21-10:43:05 <OURFW> pluto[49112]: | esp proposal: 3DES_CBC/HMAC_MD5,
2023:07:21-10:43:05 <OURFW> pluto[49112]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #52740
2023:07:21-10:43:05 <OURFW> pluto[49112]: | unqueuing pending Quick Mode with x.x.x.x "S_<VPN NAME>"
2023:07:21-10:43:05 <OURFW> pluto[49112]: | duplicating state object #52736
2023:07:21-10:43:05 <OURFW> pluto[49112]: | creating state object #52741 at 0x9a0a270
2023:07:21-10:43:05 <OURFW> pluto[49112]: | ICOOKIE: 65 d5 90 8b 32 9c f9 8d
2023:07:21-10:43:05 <OURFW> pluto[49112]: | RCOOKIE: 00 5e da 18 eb 73 0d b0
2023:07:21-10:43:05 <OURFW> pluto[49112]: | peer: b7 51 80 22
2023:07:21-10:43:05 <OURFW> pluto[49112]: | state hash entry 6
2023:07:21-10:43:05 <OURFW> pluto[49112]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #52741
2023:07:21-10:43:05 <OURFW> pluto[49112]: "S_<VPN NAME>" #52741: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP {using isakmp#52736}
2023:07:21-10:43:05 <OURFW> pluto[49112]: | esp proposal: 3DES_CBC/HMAC_MD5,
2023:07:21-10:43:05 <OURFW> pluto[49112]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #52741
2023:07:21-10:43:05 <OURFW> pluto[49112]: | unqueuing pending Quick Mode with x.x.x.x "S_<VPN NAME>"
2023:07:21-10:43:05 <OURFW> pluto[49112]: | duplicating state object #52736
2023:07:21-10:43:05 <OURFW> pluto[49112]: | creating state object #52742 at 0x9a0e178
2023:07:21-10:43:05 <OURFW> pluto[49112]: | ICOOKIE: 65 d5 90 8b 32 9c f9 8d
2023:07:21-10:43:05 <OURFW> pluto[49112]: | RCOOKIE: 00 5e da 18 eb 73 0d b0
2023:07:21-10:43:05 <OURFW> pluto[49112]: | peer: b7 51 80 22
2023:07:21-10:43:05 <OURFW> pluto[49112]: | state hash entry 6
2023:07:21-10:43:05 <OURFW> pluto[49112]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #52742
2023:07:21-10:43:05 <OURFW> pluto[49112]: "S_<VPN NAME>" #52742: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP {using isakmp#52736}
2023:07:21-10:43:05 <OURFW> pluto[49112]: | esp proposal: 3DES_CBC/HMAC_MD5,
2023:07:21-10:43:05 <OURFW> pluto[49112]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #52742
2023:07:21-10:43:05 <OURFW> pluto[49112]: | unqueuing pending Quick Mode with x.x.x.x "S_<VPN NAME>"
2023:07:21-10:43:05 <OURFW> pluto[49112]: | duplicating state object #52736
2023:07:21-10:43:05 <OURFW> pluto[49112]: | creating state object #52743 at 0x9a17da0
2023:07:21-10:43:05 <OURFW> pluto[49112]: | ICOOKIE: 65 d5 90 8b 32 9c f9 8d
2023:07:21-10:43:05 <OURFW> pluto[49112]: | RCOOKIE: 00 5e da 18 eb 73 0d b0
2023:07:21-10:43:05 <OURFW> pluto[49112]: | peer: b7 51 80 22
2023:07:21-10:43:05 <OURFW> pluto[49112]: | state hash entry 6
2023:07:21-10:43:05 <OURFW> pluto[49112]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #52743
2023:07:21-10:43:05 <OURFW> pluto[49112]: "S_<VPN NAME>" #52743: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP {using isakmp#52736}
2023:07:21-10:43:05 <OURFW> pluto[49112]: | esp proposal: 3DES_CBC/HMAC_MD5,
2023:07:21-10:43:05 <OURFW> pluto[49112]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #52743
2023:07:21-10:43:05 <OURFW> pluto[49112]: | unqueuing pending Quick Mode with x.x.x.x "S_<VPN NAME>"
2023:07:21-10:43:05 <OURFW> pluto[49112]: | duplicating state object #52736
2023:07:21-10:43:05 <OURFW> pluto[49112]: | creating state object #52744 at 0x9a8ed48
2023:07:21-10:43:05 <OURFW> pluto[49112]: | ICOOKIE: 65 d5 90 8b 32 9c f9 8d
2023:07:21-10:43:05 <OURFW> pluto[49112]: | RCOOKIE: 00 5e da 18 eb 73 0d b0
2023:07:21-10:43:05 <OURFW> pluto[49112]: | peer: b7 51 80 22
2023:07:21-10:43:05 <OURFW> pluto[49112]: | state hash entry 6
2023:07:21-10:43:05 <OURFW> pluto[49112]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #52744
2023:07:21-10:43:05 <OURFW> pluto[49112]: "S_<VPN NAME>" #52744: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP {using isakmp#52736}
2023:07:21-10:43:05 <OURFW> pluto[49112]: | esp proposal: 3DES_CBC/HMAC_MD5,
2023:07:21-10:43:05 <OURFW> pluto[49112]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #52744
2023:07:21-10:43:05 <OURFW> pluto[49112]: | next event EVENT_DPD_UPDATE in 2 seconds for #52686
2023:07:21-10:43:05 <OURFW> pluto[49112]: |
2023:07:21-10:43:05 <OURFW> pluto[49112]: | *received 84 bytes from x.x.x.x:500 on eth1
2023:07:21-10:43:05 <OURFW> pluto[49112]: | ICOOKIE: 65 d5 90 8b 32 9c f9 8d
2023:07:21-10:43:05 <OURFW> pluto[49112]: | RCOOKIE: 00 5e da 18 eb 73 0d b0
2023:07:21-10:43:05 <OURFW> pluto[49112]: | peer: b7 51 80 22
2023:07:21-10:43:05 <OURFW> pluto[49112]: | state hash entry 6
2023:07:21-10:43:05 <OURFW> pluto[49112]: | state object #52736 found, in STATE_MAIN_I4
2023:07:21-10:43:05 <OURFW> pluto[49112]: "S_<VPN NAME>" #52736: ignoring informational payload, type NO_PROPOSAL_CHOSEN
2023:07:21-10:43:05 <OURFW> pluto[49112]: | next event EVENT_DPD_UPDATE in 2 seconds for #52686
2023:07:21-10:43:05 <OURFW> pluto[49112]: |
2023:07:21-10:43:05 <OURFW> pluto[49112]: | *received 76 bytes from x.x.x.x:500 on eth1
2023:07:21-10:43:05 <OURFW> pluto[49112]: | ICOOKIE: 65 d5 90 8b 32 9c f9 8d
2023:07:21-10:43:05 <OURFW> pluto[49112]: | RCOOKIE: 00 5e da 18 eb 73 0d b0
2023:07:21-10:43:05 <OURFW> pluto[49112]: | peer: b7 51 80 22
2023:07:21-10:43:05 <OURFW> pluto[49112]: | state hash entry 6
2023:07:21-10:43:05 <OURFW> pluto[49112]: | state object #52736 found, in STATE_MAIN_I4
2023:07:21-10:43:05 <OURFW> pluto[49112]: | ICOOKIE: 65 d5 90 8b 32 9c f9 8d
2023:07:21-10:43:05 <OURFW> pluto[49112]: | RCOOKIE: 00 5e da 18 eb 73 0d b0
2023:07:21-10:43:05 <OURFW> pluto[49112]: | peer: b7 51 80 22
2023:07:21-10:43:05 <OURFW> pluto[49112]: | state hash entry 6
2023:07:21-10:43:05 <OURFW> pluto[49112]: | state object #52736 found, in STATE_MAIN_I4
2023:07:21-10:43:05 <OURFW> pluto[49112]: "S_<VPN NAME>" #52736: received Delete SA payload: deleting ISAKMP State #52736
2023:07:21-10:43:05 <OURFW> pluto[49112]: | deleting unestablished phase2 state #52744
2023:07:21-10:43:05 <OURFW> pluto[49112]: | ICOOKIE: 65 d5 90 8b 32 9c f9 8d
2023:07:21-10:43:05 <OURFW> pluto[49112]: | RCOOKIE: 00 5e da 18 eb 73 0d b0
2023:07:21-10:43:05 <OURFW> pluto[49112]: | peer: b7 51 80 22
2023:07:21-10:43:05 <OURFW> pluto[49112]: | state hash entry 6
2023:07:21-10:43:05 <OURFW> pluto[49112]: | deleting unestablished phase2 state #52743
2023:07:21-10:43:05 <OURFW> pluto[49112]: | ICOOKIE: 65 d5 90 8b 32 9c f9 8d
2023:07:21-10:43:05 <OURFW> pluto[49112]: | RCOOKIE: 00 5e da 18 eb 73 0d b0
2023:07:21-10:43:05 <OURFW> pluto[49112]: | peer: b7 51 80 22
2023:07:21-10:43:05 <OURFW> pluto[49112]: | state hash entry 6
2023:07:21-10:43:05 <OURFW> pluto[49112]: | deleting unestablished phase2 state #52742
2023:07:21-10:43:05 <OURFW> pluto[49112]: | ICOOKIE: 65 d5 90 8b 32 9c f9 8d
2023:07:21-10:43:05 <OURFW> pluto[49112]: | RCOOKIE: 00 5e da 18 eb 73 0d b0
2023:07:21-10:43:05 <OURFW> pluto[49112]: | peer: b7 51 80 22
2023:07:21-10:43:05 <OURFW> pluto[49112]: | state hash entry 6
2023:07:21-10:43:05 <OURFW> pluto[49112]: | deleting unestablished phase2 state #52741
2023:07:21-10:43:05 <OURFW> pluto[49112]: | ICOOKIE: 65 d5 90 8b 32 9c f9 8d
2023:07:21-10:43:05 <OURFW> pluto[49112]: | RCOOKIE: 00 5e da 18 eb 73 0d b0
2023:07:21-10:43:05 <OURFW> pluto[49112]: | peer: b7 51 80 22
2023:07:21-10:43:05 <OURFW> pluto[49112]: | state hash entry 6
2023:07:21-10:43:05 <OURFW> pluto[49112]: | deleting unestablished phase2 state #52740
2023:07:21-10:43:05 <OURFW> pluto[49112]: | ICOOKIE: 65 d5 90 8b 32 9c f9 8d
2023:07:21-10:43:05 <OURFW> pluto[49112]: | RCOOKIE: 00 5e da 18 eb 73 0d b0
2023:07:21-10:43:05 <OURFW> pluto[49112]: | peer: b7 51 80 22
2023:07:21-10:43:05 <OURFW> pluto[49112]: | state hash entry 6
2023:07:21-10:43:05 <OURFW> pluto[49112]: | deleting unestablished phase2 state #52739
2023:07:21-10:43:05 <OURFW> pluto[49112]: | ICOOKIE: 65 d5 90 8b 32 9c f9 8d
2023:07:21-10:43:05 <OURFW> pluto[49112]: | RCOOKIE: 00 5e da 18 eb 73 0d b0
2023:07:21-10:43:05 <OURFW> pluto[49112]: | peer: b7 51 80 22
2023:07:21-10:43:05 <OURFW> pluto[49112]: | state hash entry 6
2023:07:21-10:43:05 <OURFW> pluto[49112]: | next event EVENT_DPD_UPDATE in 2 seconds for #52686
2023:07:21-10:43:06 <OURFW> pluto[49112]: |
2023:07:21-10:43:06 <OURFW> pluto[49112]: | *received whack message
2023:07:21-10:43:06 <OURFW> pluto[49112]: | next event EVENT_DPD_UPDATE in 1 seconds for #52686
2023:07:21-10:43:06 <OURFW> pluto[49112]: |
2023:07:21-10:43:06 <OURFW> pluto[49112]: | *received whack message
2023:07:21-10:43:06 <OURFW> pluto[49112]: | next event EVENT_DPD_UPDATE in 1 seconds for #52686
2023:07:21-10:43:07 <OURFW> pluto[49112]: |
2023:07:21-10:43:07 <OURFW> pluto[49112]: | *time to handle event
2023:07:21-10:43:07 <OURFW> pluto[49112]: | event after this is EVENT_RETRANSMIT in 0 seconds
2023:07:21-10:43:07 <OURFW> pluto[49112]: | inserting event EVENT_DPD_UPDATE, timeout in 30 seconds for #52686
2023:07:21-10:43:07 <OURFW> pluto[49112]: | next event EVENT_RETRANSMIT in 0 seconds for #52727
2023:07:21-10:43:07 <OURFW> pluto[49112]: |

I have seen other similar issues were people have suggested they disabled NAT-T and DPD but I am reluctant to do this as there are other tunnels active and may risk impacting those.



This thread was automatically locked due to age.
  • 0

    Hello,

    Good day and thanks for reaching out to Sophos Community

    Does UTM sits behind a NAT device? in that case NAT-T should be set and UTM side initiates connection and ASA's end should be set to Respond: https://support.sophos.com/support/s/article/KB-000036832?language=en_US

    Could they share with you their IPSec config? If yes, could you share it with us?

    Many thanks for your time and patience and thank you for choosing Sophos.

    Cheers,

    Raphael Alganes
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • 0

     , the given logs on UTM does not suggest any reason why Phase2 (Child SA) is not successful. DPD seems working between UTM and CiscoASA as DPD is applicable to IKE level, DPD kicks in as soon as IKE session is up. One thing to check is if the Phase2 profile details are same/compatible on UTM and ASA.

  • 0 in reply to Raphael Alganes

    Hey Raphael

    Thanks for your reply. I have got a copy of the config from their end of the ASA to see if there is anything we can find out at about it.

    I have obscured the information with different names and IPs are different as well for local objects.

    crypto map OUTSIDE-CRYPTO 915 match address <HiddenObject1>
    crypto map OUTSIDE-CRYPTO 915 set pfs
    crypto map OUTSIDE-CRYPTO 915 set peer <OurGWIP>
    crypto map OUTSIDE-CRYPTO 915 set ikev1 transform-set ESP-3DES-MD5
    crypto map OUTSIDE-CRYPTO 915 set security-association lifetime seconds 3600
    crypto map OUTSIDE-CRYPTO 915 set security-association lifetime kilobytes unlimited
    tunnel-group <OurGWIP> type ipsec-l2l
    tunnel-group <OurGWIP> ipsec-attributes
    ikev1 pre-shared-key <securedkey>

    object-group network <ourlocalserver1>
    object-group network <ourlocalserver2>

    access-list <HiddenObject1> extended permit ip object-group <ourlocalserver1> object-group <HiddenObject1>

    nat (vpnzone,outside) source static <ourlocalserver1> <ourlocalserver1> destination static <HiddenObject1> <HiddenObject1>

    object-group network <ourlocalserver1>
    network-object 192.168.1.1 255.255.255.255
    network-object 192.168.1.2 255.255.255.255
    network-object 192.168.1.5 255.255.255.255

    object-group network <ourlocalserver2>
    network-object host 192.168.6.1
    network-object host 192.168.6.5

Unfiltered HTML