Hi all,
we're using a Sophos UTM220 on one side and on the other a Cisco ASA5510.
on the Sophos side there's a ISP Router, so we need NAT-T.
The tunnel is up and everything is working. But on Cisco side we get every 60 sec (NAT-T keepalive): Phase 1 failure: Mismatched attribute types for class 2x Group Description: Rcv'd Group: 5 Cfg'd Group: 2.
then: IP: x.x.x.x, Error processing payload: Payload ID: 1
(Tunnel is still up and data can pass)
Every wednesday evening the tunnel stops. I have to manually switch the tunnel off several times, reboot the utm, etc. afer some trys the tunnel comes up again.
If I change to DH group 2 the error message changes to Rcv: 2, Cfg: 2.
Tunnel is AES256 - SHA1 - PSK (also tryed AES256-MD5 - the same problem)
We're using 9 UTMs to connect to the ASA and only this one has this error.
Can you help me?
Best regards,
Kai
This thread was automatically locked due to age.
