IPsec com duas VPNs



  • Boa tarde,

    Pessoal o meu problema e o seguinte, montei no meu trabalho um pfsense 2.4.4-RELEASE-p2 para fechar duas VPNs pelo IPsec. Quando configurei as VPNs na primeira vez tudo funcionou perfeito, acessei as sub-redes configuradas.

    Só que agora só uma VPN que esta funcionando a outra não fecha comunicação. Em contato com administrador da outra ponta fala que não fez nada para ter parado de funcionar. Se não me engano o Firewall utilizado pelo outro administrador de rede e fortinet.

    Gostaria de saber se existe alguma incompatibilidade entre o pfsense e o fortinet que possa estar causando isso, ou se existe algum bug em executar duas VPNs ao mesmo tempo nessa versão do pfsense.



  • Esta e a informação que esta dando no Log

    Mar 15 17:34:42 charon 11[IKE] <con2000|27> sending DPD vendor ID
    Mar 15 17:34:42 charon 11[IKE] <con2000|27> sending FRAGMENTATION vendor ID
    Mar 15 17:34:42 charon 11[IKE] <con2000|27> sending NAT-T (RFC 3947) vendor ID
    Mar 15 17:34:42 charon 11[IKE] <con2000|27> sending draft-ietf-ipsec-nat-t-ike-02\n vendor ID
    Mar 15 17:34:42 charon 11[IKE] <con2000|27> initiating Main Mode IKE_SA con2000[27] to 170.x.x.x
    Mar 15 17:34:42 charon 11[IKE] <con2000|27> IKE_SA con2000[27] state change: CREATED => CONNECTING
    Mar 15 17:34:42 charon 11[CFG] <con2000|27> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024
    Mar 15 17:34:42 charon 11[ENC] <con2000|27> generating ID_PROT request 0 [ SA V V V V V ]
    Mar 15 17:34:42 charon 13[CFG] received stroke: initiate 'con2001'
    Mar 15 17:34:42 charon 10[IKE] <con2000|28> queueing ISAKMP_VENDOR task
    Mar 15 17:34:42 charon 10[IKE] <con2000|28> queueing ISAKMP_CERT_PRE task
    Mar 15 17:34:42 charon 10[IKE] <con2000|28> queueing MAIN_MODE task
    Mar 15 17:34:42 charon 10[IKE] <con2000|28> queueing ISAKMP_CERT_POST task
    Mar 15 17:34:42 charon 10[IKE] <con2000|28> queueing ISAKMP_NATD task
    Mar 15 17:34:42 charon 10[IKE] <con2000|28> queueing QUICK_MODE task
    Mar 15 17:34:42 charon 10[IKE] <con2000|28> activating new tasks
    Mar 15 17:34:42 charon 10[IKE] <con2000|28> activating ISAKMP_VENDOR task
    Mar 15 17:34:42 charon 10[IKE] <con2000|28> activating ISAKMP_CERT_PRE task
    Mar 15 17:34:42 charon 10[IKE] <con2000|28> activating MAIN_MODE task
    Mar 15 17:34:42 charon 10[IKE] <con2000|28> activating ISAKMP_CERT_POST task
    Mar 15 17:34:42 charon 10[IKE] <con2000|28> activating ISAKMP_NATD task
    Mar 15 17:34:42 charon 10[IKE] <con2000|28> sending XAuth vendor ID
    Mar 15 17:34:42 charon 10[IKE] <con2000|28> sending DPD vendor ID
    Mar 15 17:34:42 charon 10[IKE] <con2000|28> sending FRAGMENTATION vendor ID
    Mar 15 17:34:42 charon 10[IKE] <con2000|28> sending NAT-T (RFC 3947) vendor ID
    Mar 15 17:34:42 charon 10[IKE] <con2000|28> sending draft-ietf-ipsec-nat-t-ike-02\n vendor ID
    Mar 15 17:34:42 charon 10[IKE] <con2000|28> initiating Main Mode IKE_SA con2000[28] to 170.x.x.x
    Mar 15 17:34:42 charon 10[IKE] <con2000|28> IKE_SA con2000[28] state change: CREATED => CONNECTING
    Mar 15 17:34:42 charon 10[CFG] <con2000|28> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024
    Mar 15 17:34:42 charon 11[NET] <con2000|27> sending packet: from 168.x.x.x[500] to 170.x.x.x[500] (180 bytes)
    Mar 15 17:34:42 charon 10[ENC] <con2000|28> generating ID_PROT request 0 [ SA V V V V V ]
    Mar 15 17:34:42 charon 10[NET] <con2000|28> sending packet: from 168.x.x.x[500] to 170.x.x.x[500] (180 bytes)
    Mar 15 17:34:42 charon 10[CFG] received stroke: terminate 'con2002'
    Mar 15 17:34:42 charon 10[CFG] no IKE_SA named 'con2002' found
    Mar 15 17:34:42 charon 10[CFG] received stroke: initiate 'con2002'
    Mar 15 17:34:42 charon 11[IKE] <con2000|28> queueing QUICK_MODE task
    Mar 15 17:34:42 charon 11[IKE] <con2000|28> delaying task initiation, ID_PROT exchange in progress
    Mar 15 17:34:42 charon 09[CFG] received stroke: terminate 'con2003'
    Mar 15 17:34:42 charon 09[CFG] no IKE_SA named 'con2003' found
    Mar 15 17:34:42 charon 11[CFG] received stroke: initiate 'con2003'
    Mar 15 17:34:42 charon 09[IKE] <con2000|28> queueing QUICK_MODE task
    Mar 15 17:34:42 charon 09[IKE] <con2000|28> delaying task initiation, ID_PROT exchange in progress
    Mar 15 17:34:42 charon 08[CFG] vici client 2715 connected
    Mar 15 17:34:42 charon 08[CFG] vici client 2715 registered for: list-sa
    Mar 15 17:34:42 charon 08[CFG] vici client 2715 requests: list-sas
    Mar 15 17:34:42 charon 06[CFG] vici client 2715 disconnected
    Mar 15 17:34:46 charon 06[IKE] <con2000|27> sending retransmit 1 of request message ID 0, seq 1
    Mar 15 17:34:46 charon 08[IKE] <con2000|28> sending retransmit 1 of request message ID 0, seq 1
    Mar 15 17:34:46 charon 06[NET] <con2000|27> sending packet: from 168.x.x.x[500] to 170.x.x.x[500] (180 bytes)
    Mar 15 17:34:46 charon 08[NET] <con2000|28> sending packet: from 168.x.x.x[500] to 170.x.x.x[500] (180 bytes)


Log in to reply