VPN IPSEC Site-to-Site(Tunel não sobe)



  • Olá galera, boa tarde!

    Estou com dificuldade para fechamento do tunel ente Matriz e Filial.

    Minhas Configurações:

    Matriz:
    Interface Wan: xxx.xxx.xx.58
    Rede lan: 192.168.15.0/24

    Filial:
    Interface Wan: xxx.xxx.xx.65
    Rede lan: 192.168.20.0/24

    Lado Matriz:

    Config da VPN:
    Fase 1
    Protocolo: IKEv1
    Interface: Wan
    Gateway Remoto: xxxx.xxx.xxx.65
    Descrição:VPN-SITE-A

    Metodo de Auten: PSK Mutuo
    Modo d/Negocia: Main
    My Identifier: My IP Address
    Peer Identifier: Peer Ip Address
    Pre-Shered Key: xxxxxxx
    Algoritimo : AES/256
    Hash: Sha256
    DH Group:14(2048)
    Lifetime: 28800

    Fase 2:
    Mode: IPv4
    Local Network: Lan subnet
    Remote Network: 192.168.20.0/24

    Protocol: ESP
    Encryption Alg: AES/256 bits
    Hash: SHA256
    PFS KEY GROUP:14(2048)
    Lifetime:3600

    Lado Filial:
    Config da VPN:
    Fase 1
    Protocolo: IKEv1
    Interface: Wan
    Gateway Remoto: xxxx.xxx.xxx.58
    Descrição:VPN-SITE-A

    Metodo de Auten: PSK Mutuo
    Modo d/Negocia: Main
    My Identifier: My IP Address
    Peer Identifier: Peer Ip Address
    Pre-Shered Key: xxxxxxx
    Algoritimo : AES/256
    Hash: Sha256
    DH Group:14(2048)
    Lifetime: 28800

    Fase 2:
    Mode: IPv4
    Local Network: Lan subnet
    Remote Network: 192.168.15.0/24

    Protocol: ESP
    Encryption Alg: AES/256 bits
    Hash: SHA256
    PFS KEY GROUP:14(2048)
    Lifetime:3600

    Logs:
    Jun 20 12:39:42 charon 11[NET] <con1000|23> sending packet: from 192.168.0.100[4500] to xxx.xxx.xxx..65[4500] (108 bytes)
    Jun 20 12:39:42 charon 11[NET] <con1000|23> received packet: from xxx.xxxx.xxx.65[4500] to 192.168.0.100[4500] (108 bytes)
    Jun 20 12:39:42 charon 11[ENC] <con1000|23> parsed INFORMATIONAL_V1 request 1017745080 [ HASH N(AUTH_FAILED) ]
    Jun 20 12:39:42 charon 11[IKE] <con1000|23> received AUTHENTICATION_FAILED error notify
    Jun 20 12:39:42 charon 11[IKE] <con1000|23> IKE_SA con1000[23] state change: CONNECTING => DESTROYING

    un 20 12:42:25 charon 05[ENC] <con1000|23> generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
    Jun 20 12:42:25 charon 05[NET] <con1000|23> sending packet: from 192.168.25.20[4500] to xxx.xxxx.xxx.58[4500] (108 bytes)
    Jun 20 12:42:25 charon 05[NET] <con1000|23> received packet: from xxx.xxx.xxx.58[4500] to 192.168.25.20[4500] (108 bytes)
    Jun 20 12:42:25 charon 05[ENC] <con1000|23> parsed INFORMATIONAL_V1 request 2429608356 [ HASH N(AUTH_FAILED) ]
    Jun 20 12:42:25 charon 05[IKE] <con1000|23> received AUTHENTICATION_FAILED error notify

    e0a4a911-0275-4383-ae6b-773f9f5df201-image.png

    87b10c9d-37ed-494f-9173-979c8f7a4dd3-image.png

    c430d316-32b8-4f6d-a9b6-d16c1d1f7899-image.png

    0c2ba47e-9735-415c-b440-fcc000aeb671-image.png

    c1626027-5838-4d8b-99b6-d1477dcfedba-image.png



  • @PedroBelliato said in VPN IPSEC Site-to-Site(Tunel não sobe):

    received AUTHENTICATION_FAILED error notify

    "received AUTHENTICATION_FAILED error notify".

    Amigo, erro na autenticação!

    Abraços



  • @pskinfra já validei as configurações estão corretas e a chave compartilhada esta correta em ambos os lados.


Log in to reply