SG-3100 IPSec –-



  • I am attempting to start a IPSec tunnel from a SG-3100 that was upgraded to a 2.4.2_1..

    Comcast – DMZ Port --  3100 WAN --- 3100 LAN --

    So first issue is the Web page never updates / refreshes when I try and enable the Link (P2 & P1) But if I try and Disable them it refreshes immed..

    I should note that this worked previously from a Comcast link with Multiple IPs and in Bridge mode, but I don't have the luxury here..

    -- My Identifier is - Dynamic DNS  With the FQN and that can be pinged and is validated.

    --  Peer Identifier - Is Peer IP Address (Is this correct ??)

    Must be missing something, but not really sure what at this point -

    Any help guidance appreciated --



  • So I forgot to mention –

    No matter how long I let the Enable Apply Spin, the Status IP Sec indicates "No IPSEC Status available"

    The Log has a number of entries --  Ending with --

    Feb 7 14:09:19 charon 00[DMN] signal of type SIGINT received. Shutting down



  • One more part –

    
    Feb 7 14:07:00	charon		13[NET] <con1000|3>sending packet: from 172.16.200.20[500] to xxx.xxxx.xxx.x[500] (180 bytes)
    Feb 7 14:07:00	charon		13[NET] <con1000|3>received packet: from xxx.xxx.xxx.x[500] to 172.16.200.20[500] (160 bytes)
    Feb 7 14:07:00	charon		13[ENC] <con1000|3>parsed ID_PROT response 0 [ SA V V V V ]
    Feb 7 14:07:00	charon		13[IKE] <con1000|3>received XAuth vendor ID
    Feb 7 14:07:00	charon		13[IKE] <con1000|3>received DPD vendor ID
    Feb 7 14:07:00	charon		13[IKE] <con1000|3>received FRAGMENTATION vendor ID
    Feb 7 14:07:00	charon		13[IKE] <con1000|3>received NAT-T (RFC 3947) vendor ID
    Feb 7 14:07:00	charon		13[ENC] <con1000|3>generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
    Feb 7 14:07:00	charon		13[NET] <con1000|3>sending packet: from 172.16.200.20[500] to xxx.xxxx.xxx.x[500] (244 bytes)
    Feb 7 14:07:00	charon		13[NET] <con1000|3>received packet: from xxx.xxx.xxx.x[500] to 172.16.200.20[500] (244 bytes)
    Feb 7 14:07:00	charon		13[ENC] <con1000|3>parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
    Feb 7 14:07:00	charon		13[IKE] <con1000|3>local host is behind NAT, sending keep alives
    Feb 7 14:07:00	charon		13[ENC] <con1000|3>generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
    Feb 7 14:07:00	charon		13[NET] <con1000|3>sending packet: from 172.16.200.20[4500] to xxx.xxx.xxx.x[4500] (108 bytes)
    Feb 7 14:07:01	charon		13[NET] <con1000|3>received packet: from xxx.xxx.xxx.x[4500] to 172.16.200.20[4500] (92 bytes)
    Feb 7 14:07:01	charon		13[ENC] <con1000|3>parsed INFORMATIONAL_V1 request 907020096 [ HASH N(AUTH_FAILED) ]
    Feb 7 14:07:01	charon		13[IKE] <con1000|3>received AUTHENTICATION_FAILED error notify
    Feb 7 14:09:19	charon		00[DMN] signal of type SIGINT received. Shutting down</con1000|3></con1000|3></con1000|3></con1000|3></con1000|3></con1000|3></con1000|3></con1000|3></con1000|3></con1000|3></con1000|3></con1000|3></con1000|3></con1000|3></con1000|3></con1000|3></con1000|3> 
    

Log in to reply