Welcome to the Sophos User Bulletin Board.
If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Reply
 
LinkBack Thread Tools Display Modes
Member
Join Date: Aug 2007
Posts: 99
#1 (permalink)  
Old 06-02-2008, 10:39 AM
Default VPN-Problem -> INVALID_ID_INFORMATION

Hallo,

ich bekommen zu einem Bintec R1200 leider keinen VPN-Tunnel hin.
Ich bin noch am verzweifeln
Kann mir jemand helfen?

Astaro 7.200
PreShared_Key
IKE
AES256, MD5, lifetime 28800, Group5
Ipsec
AES256, MD5, lifetime 28800, keine Group


Log:
2008:06:02-12:32:09 (none) pluto[5804]: "S_VPN to R_G_0" #542: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message
2008:06:02-12:32:09 (none) pluto[5804]: "S_VPN to R_G_0" #542: starting keying attempt 7 of an unlimited number
2008:06:02-12:32:09 (none) pluto[5804]: "S_VPN to R_G_0" #543: initiating Main Mode to replace #542
2008:06:02-12:32:09 (none) pluto[5804]: "S_VPN to R_G_0" #543: ignoring Vendor ID payload [0048e2270bea8395ed778d343cc2a076]
2008:06:02-12:32:09 (none) pluto[5804]: "S_VPN to R_G_0" #543: ignoring Vendor ID payload [5cbeb399eb835a7d7a2eb495905db061]
2008:06:02-12:32:09 (none) pluto[5804]: "S_VPN to R_G_0" #543: ignoring Vendor ID payload [810fa565f8ab14369105d706fbd57279]
2008:06:02-12:32:09 (none) pluto[5804]: "S_VPN to R_G_0" #543: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
2008:06:02-12:32:09 (none) pluto[5804]: "S_VPN to R_G_0" #543: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2008:06:02-12:32:09 (none) pluto[5804]: "S_VPN to R_G_0" #543: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
2008:06:02-12:32:09 (none) pluto[5804]: "S_VPN to R_G_0" #543: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
2008:06:02-12:32:09 (none) pluto[5804]: "S_VPN to R_G_0" #543: received Vendor ID payload [Dead Peer Detection]
2008:06:02-12:32:09 (none) pluto[5804]: "S_VPN to R_G_0" #543: enabling possible NAT-traversal with method RFC 3947
2008:06:02-12:32:09 (none) pluto[5804]: "S_VPN to R_G_0" #543: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected
2008:06:02-12:32:10 (none) pluto[5804]: "S_VPN to R_G_0" #543: Peer ID is ID_FQDN: '@rothmoser'
2008:06:02-12:32:10 (none) pluto[5804]: "S_VPN to R_G_0" #543: we require peer to have ID '87.174.94.66', but peer declares '@rothmoser'
2008:06:02-12:32:10 (none) pluto[5804]: "S_VPN to R_G_0" #543: sending encrypted notification INVALID_ID_INFORMATION to 87.174.94.66:500

mfg
nikfe
Reply With Quote
Wizard
Join Date: Feb 2007
Location: Köln, Germany
Posts: 567
#2 (permalink)  
Old 06-02-2008, 05:53 PM
Default

Quote:
...
we require peer to have ID '87.174.94.66', but peer declares '@rothmoser'
...
Der Bintec muss sich mit seiner IP melden und nicht mit mit '@rothmoser'

Gregor Kemter
Reply With Quote
Member
Join Date: Aug 2007
Posts: 99
#3 (permalink)  
Old 06-03-2008, 05:01 AM
Default

Hallo,
da stand vorher der Dyndns-Name drin, aber dann geht es auch nicht.

mfg
nikfe
Reply With Quote
Wizard
Join Date: Feb 2007
Location: Köln, Germany
Posts: 567
#4 (permalink)  
Old 06-03-2008, 09:59 AM
Default

Die VPN-ID muss auf beiden Seiten gleich sein.

Auf der Astaro Seite wird diese automatisch bei RemoteGateways durch die ferne IP bzw. DNS-Namen festgelegt.

Bei Bintec musst du schauen, wie es dort eingerichtet wird.

Gregor Kemter
Reply With Quote
Wizard
Join Date: Sep 2001
Location: Munich, GER
Posts: 747
#5 (permalink)  
Old 06-03-2008, 11:44 AM
Default

Verwende besser gleich Zertifikate, denn PSK mit dynamischer IP hat doch diverse Einschränkungen.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT. The time now is 10:22 PM.


Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2015, Jelsoft Enterprises Ltd.

These pages are specifically maintained for the discussion of firewall issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases.