IPSEC Site-to-Site VPN (tunnel does not close)

PedroBelliato

Hello everyone, good afternoon!

I'm having trouble closing the tunnel between site A and site B.

My Settings:

Site A:
Wan Interface: xxx.xxx.xx.58
Lan network: 192.168.15.0/24

Branch:
Wan Interface: xxx.xxx.xx.65
Lan network: 192.168.20.0/24
Matrix Side:

VPN Configuration:
Phase 1
Protocol: IKEv1
Interface: Wan
Remote Gateway: xxxx.xxx.xxx.65
Description: VPN-SITE-A

Auten Method: Mutual PSK
Trading mode: main
My Identifier: My IP Address
Partner ID: peer IP address
Pre-Shered Key: xxxxxxx
Algorithm: AES / 256
Hash: Sha256
DH Group: 14 (2048)
Life Span: 28800

Level 2:
Mode: IPv4
Local network: Lan subnet
Remote network: 192.168.20.0/24

Protocol: ESP
Encryption Algorithm: AES / 256 bits
Hash: SHA256
PFS KEY GROUP: 14 (2048)
Life Span: 3600

Site B:
VPN Configuration:
Phase 1
Protocol: IKEv1
Interface: Wan
Remote Gateway: xxxx.xxx.xxx.58
Description: VPN-SITE-A

Auten Method: Mutual PSK
Trading mode: main
My Identifier: My IP Address
Partner ID: peer IP address
Pre-Shered Key: xxxxxxx
Algorithm: AES / 256
Hash: Sha256
DH Group: 14 (2048)
Life Span: 28800

Level 2:
Mode: IPv4
Local network: Lan subnet
Remote network: 192.168.15.0/24

Protocol: ESP
Encryption Algorithm: AES / 256 bits
Hash: SHA256
PFS KEY GROUP: 14 (2048)
Life Span: 3600

Logs:
20 jun 12:39:42 charon 11 [NET] <con1000 | 23> enviando pacote: de 192.168.0.100 [4500] para xxx.xxx.xxx ..65 [4500] (108 bytes)
20 de jun 12:39 : 42 charon 11 [NET] <con1000 | 23> pacote recebido: de xxx.xxxx.xxx.65 [4500] para 192.168.0.100 [4500] (108 bytes)
20 de junho 12:39:42 charon 11 [ENC] < con1000 | 23> parsed INFORMATIONAL_V1 pedido 1017745080 [HASH N (AUTH_FAILED)]
20 jun 12:39:42 charon 11 [IKE] <con1000 | 23> recebeu erro AUTHENTICATION_FAILED notificar
Jun 20 12:39:42 charon 11 [IKE] <con1000 | 23> IKE_SA con1000 [23] mudança de estado: CONEXÃO => DESTRUIR

un 20 12:42:25 charon 05 [ENC] <con1000 | 23> gerando a solicitação ID_PROT 0 [ID HASH N (INITIAL_CONTACT)]
20 de junho 12:42:25 charon 05 [NET] <con1000 | 23> enviando pacote: de 192.168.25.20 [4500] para xxx.xxxx.xxx.58 [4500] (108 bytes)
20 de junho 12:42:25 charon 05 [NET] <con1000 | 23> pacote recebido: de xxx.xxx.xxx.58 [ 4500] para 192.168.25.20 [4500] (108 bytes)
20 de junho 12:42:25 charon 05 [ENC] <con1000 | 23> pedido INFORMATIONAL_V1 analisado 2429608356 [HASH N (AUTH_FAILED)]
20 de junho 12:42:25 charon 05 [IKE] <con1000 | 23> notificou o erro AUTHENTICATION_FAILED recebido

87b10c9d-37ed-494f-9173-979c8f7a4dd3-image.png

c430d316-32b8-4f6d-a9b6-d16c1d1f7899-image.png

0c2ba47e-9735-415c-b440-fcc000aeb671-image.png

c1626027-5838-4d8b-99b6-d1477dcfedba-image.png

Konstanti

@PedroBelliato said in IPSEC Site-to-Site VPN (tunnel does not close):

[HASH N (AUTH_FAILED)]
2

Whenever you receive an AUTH_FAILED notify you should check the other peer's log file. There should be an explanation there why the authentication failed.