[Solved] Some IPSec connections fail after upgrade from 2.4.x -> 2.4.3_p1
-
I think we upgraded from 2.4.1 (I know it was 2.4.x, just not sure of "x"). Half of our IPSec connections are not coming up. They were all working before the upgrade. The basic I see in the logs is AUTHENTICATION FAILURE. From a backup taken before/after the upgrade, they appear to match - only one section in the IPSec config moved, but has the same settings. Note that the other end of all the connections are "different" and various hardware FWs (I inherited all of these).
What logs or info would be helpful to troubleshoot this?
I have another post requesting how to find out the previous version, and where to download it. This is in case I can't get this worked out.
Thanks,
Frank Nicholas
+1 812 764 6494 -
This is resolved. There was a hangup with the peer identifier being returned by some FWs. By forcing all IPSec connections to use "IP address" the remaining sites connected.
The specific error message that led me to this solution was like this:
no IKE config found for 123.124.125.126...131.132.133.134, sending NO_PROPOSAL_CHOSEN
(note IP's have been changed for security reasons).Thanks,
Frank