Site to Site with checkpoint
-
I'm trying to establish a connection with a Checkpoint and I receive an error in phase2.
Feb 15 15:56:00 charon: 13[IKE] <con1000|1>initiating Main Mode IKE_SA con1000[2] to 189.80.206.227
Feb 15 15:56:00 charon: 13[ENC] <con1000|1>generating ID_PROT request 0 [ SA V V V V V V ]
Feb 15 15:56:00 charon: 13[NET] <con1000|1>sending packet: from 10.10.10.254[500] to 189.80.206.227[500] (200 bytes)
Feb 15 15:56:00 charon: 10[NET] <con1000|2>received packet: from 189.80.206.227[500] to 10.10.10.254[500] (104 bytes)
Feb 15 15:56:00 charon: 10[ENC] <con1000|2>parsed ID_PROT response 0 [ SA V ]
Feb 15 15:56:00 charon: 10[IKE] <con1000|2>received FRAGMENTATION vendor ID
Feb 15 15:56:00 charon: 10[ENC] <con1000|2>generating ID_PROT request 0 [ KE No ]
Feb 15 15:56:00 charon: 10[NET] <con1000|2>sending packet: from 10.10.10.254[500] to 189.80.206.227[500] (196 bytes)
Feb 15 15:56:01 charon: 10[NET] <con1000|2>received packet: from 189.80.206.227[500] to 10.10.10.254[500] (184 bytes)
Feb 15 15:56:01 charon: 10[ENC] <con1000|2>parsed ID_PROT response 0 [ KE No ]
Feb 15 15:56:01 charon: 10[ENC] <con1000|2>generating ID_PROT request 0 [ ID HASH ]
Feb 15 15:56:01 charon: 10[NET] <con1000|2>sending packet: from 10.10.10.254[500] to 189.80.206.227[500] (68 bytes)
Feb 15 15:56:01 charon: 10[NET] <con1000|2>received packet: from 189.80.206.227[500] to 10.10.10.254[500] (68 bytes)
Feb 15 15:56:01 charon: 10[ENC] <con1000|2>parsed ID_PROT response 0 [ ID HASH ]
Feb 15 15:56:01 charon: 10[IKE] <con1000|2>IKE_SA con1000[2] established between 10.10.10.254[186.215.87.106]…189.80.206.227[189.80.206.227]
Feb 15 15:56:01 charon: 10[IKE] <con1000|2>scheduling reauthentication in 85551s
Feb 15 15:56:01 charon: 10[IKE] <con1000|2>maximum IKE_SA lifetime 86091s
Feb 15 15:56:01 charon: 10[ENC] <con1000|2>generating QUICK_MODE request 2053976290 [ HASH SA No KE ID ID ]
Feb 15 15:56:01 charon: 10[NET] <con1000|2>sending packet: from 10.10.10.254[500] to 189.80.206.227[500] (308 bytes)
Feb 15 15:56:01 charon: 10[NET] <con1000|2>received packet: from 189.80.206.227[500] to 10.10.10.254[500] (76 bytes)
Feb 15 15:56:01 charon: 10[ENC] <con1000|2>parsed INFORMATIONAL_V1 request 1024665332 [ HASH N(INVAL_KE) ]
Feb 15 15:56:01 charon: 10[IKE] <con1000|2>received INVALID_KE_PAYLOAD error notify
Feb 15 15:56:05 charon: 16[IKE] <con1000|2>sending retransmit 1 of request message ID 2053976290, seq 4
Feb 15 15:56:05 charon: 16[NET] <con1000|2>sending packet: from 10.10.10.254[500] to 189.80.206.227[500] (308 bytes)
Feb 15 15:56:12 charon: 11[IKE] <con1000|2>sending retransmit 2 of request message ID 2053976290, seq 4
Feb 15 15:56:12 charon: 11[NET] <con1000|2>sending packet: from 10.10.10.254[500] to 189.80.206.227[500] (308 bytes)
Feb 15 15:56:25 charon: 11[IKE] <con1000|2>sending retransmit 3 of request message ID 2053976290, seq 4
Feb 15 15:56:25 charon: 11[NET] <con1000|2>sending packet: from 10.10.10.254[500] to 189.80.206.227[500] (308 bytes)
Feb 15 15:56:48 charon: 10[IKE] <con1000|2>sending retransmit 4 of request message ID 2053976290, seq 4
Feb 15 15:56:48 charon: 10[NET] <con1000|2>sending packet: from 10.10.10.254[500] to 189.80.206.227[500] (308 bytes)
Feb 15 15:57:30 charon: 10[IKE] <con1000|2>sending retransmit 5 of request message ID 2053976290, seq 4
Feb 15 15:57:30 charon: 10[NET] <con1000|2>sending packet: from 10.10.10.254[500] to 189.80.206.227[500] (308 bytes)</con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|2></con1000|1></con1000|1></con1000|1> -
You have a mismatch of some sort on the phase 2. Maybe the PFS key group, but check it all.