Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SG-3100 IPSec –-

    Scheduled Pinned Locked Moved IPsec
    3 Posts 1 Posters 624 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      Phonebuff
      last edited by

      I am attempting to start a IPSec tunnel from a SG-3100 that was upgraded to a 2.4.2_1..

      Comcast – DMZ Port --  3100 WAN --- 3100 LAN --

      So first issue is the Web page never updates / refreshes when I try and enable the Link (P2 & P1) But if I try and Disable them it refreshes immed..

      I should note that this worked previously from a Comcast link with Multiple IPs and in Bridge mode, but I don't have the luxury here..

      -- My Identifier is - Dynamic DNS  With the FQN and that can be pinged and is validated.

      --  Peer Identifier - Is Peer IP Address (Is this correct ??)

      Must be missing something, but not really sure what at this point -

      Any help guidance appreciated --

      1 Reply Last reply Reply Quote 0
      • P
        Phonebuff
        last edited by

        So I forgot to mention –

        No matter how long I let the Enable Apply Spin, the Status IP Sec indicates "No IPSEC Status available"

        The Log has a number of entries --  Ending with --

        Feb 7 14:09:19 charon 00[DMN] signal of type SIGINT received. Shutting down

        1 Reply Last reply Reply Quote 0
        • P
          Phonebuff
          last edited by

          One more part –

          
Feb 7 14:07:00	charon		13[NET] <con1000|3>sending packet: from 172.16.200.20[500] to xxx.xxxx.xxx.x[500] (180 bytes)
Feb 7 14:07:00	charon		13[NET] <con1000|3>received packet: from xxx.xxx.xxx.x[500] to 172.16.200.20[500] (160 bytes)
Feb 7 14:07:00	charon		13[ENC] <con1000|3>parsed ID_PROT response 0 [ SA V V V V ]
Feb 7 14:07:00	charon		13[IKE] <con1000|3>received XAuth vendor ID
Feb 7 14:07:00	charon		13[IKE] <con1000|3>received DPD vendor ID
Feb 7 14:07:00	charon		13[IKE] <con1000|3>received FRAGMENTATION vendor ID
Feb 7 14:07:00	charon		13[IKE] <con1000|3>received NAT-T (RFC 3947) vendor ID
Feb 7 14:07:00	charon		13[ENC] <con1000|3>generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
Feb 7 14:07:00	charon		13[NET] <con1000|3>sending packet: from 172.16.200.20[500] to xxx.xxxx.xxx.x[500] (244 bytes)
Feb 7 14:07:00	charon		13[NET] <con1000|3>received packet: from xxx.xxx.xxx.x[500] to 172.16.200.20[500] (244 bytes)
Feb 7 14:07:00	charon		13[ENC] <con1000|3>parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Feb 7 14:07:00	charon		13[IKE] <con1000|3>local host is behind NAT, sending keep alives
Feb 7 14:07:00	charon		13[ENC] <con1000|3>generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
Feb 7 14:07:00	charon		13[NET] <con1000|3>sending packet: from 172.16.200.20[4500] to xxx.xxx.xxx.x[4500] (108 bytes)
Feb 7 14:07:01	charon		13[NET] <con1000|3>received packet: from xxx.xxx.xxx.x[4500] to 172.16.200.20[4500] (92 bytes)
Feb 7 14:07:01	charon		13[ENC] <con1000|3>parsed INFORMATIONAL_V1 request 907020096 [ HASH N(AUTH_FAILED) ]
Feb 7 14:07:01	charon		13[IKE] <con1000|3>received AUTHENTICATION_FAILED error notify
Feb 7 14:09:19	charon		00[DMN] signal of type SIGINT received. Shutting down</con1000|3></con1000|3></con1000|3></con1000|3></con1000|3></con1000|3></con1000|3></con1000|3></con1000|3></con1000|3></con1000|3></con1000|3></con1000|3></con1000|3></con1000|3></con1000|3></con1000|3>
          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.