IPSEC Site-to-Site VPN (tunnel does not close)



  • Hello everyone, good afternoon!

    I'm having trouble closing the tunnel between site A and site B.

    My Settings:

    Site A:
    Wan Interface: xxx.xxx.xx.58
    Lan network: 192.168.15.0/24

    Branch:
    Wan Interface: xxx.xxx.xx.65
    Lan network: 192.168.20.0/24
    Matrix Side:

    VPN Configuration:
    Phase 1
    Protocol: IKEv1
    Interface: Wan
    Remote Gateway: xxxx.xxx.xxx.65
    Description: VPN-SITE-A

    Auten Method: Mutual PSK
    Trading mode: main
    My Identifier: My IP Address
    Partner ID: peer IP address
    Pre-Shered Key: xxxxxxx
    Algorithm: AES / 256
    Hash: Sha256
    DH Group: 14 (2048)
    Life Span: 28800

    Level 2:
    Mode: IPv4
    Local network: Lan subnet
    Remote network: 192.168.20.0/24

    Protocol: ESP
    Encryption Algorithm: AES / 256 bits
    Hash: SHA256
    PFS KEY GROUP: 14 (2048)
    Life Span: 3600

    Site B:
    VPN Configuration:
    Phase 1
    Protocol: IKEv1
    Interface: Wan
    Remote Gateway: xxxx.xxx.xxx.58
    Description: VPN-SITE-A

    Auten Method: Mutual PSK
    Trading mode: main
    My Identifier: My IP Address
    Partner ID: peer IP address
    Pre-Shered Key: xxxxxxx
    Algorithm: AES / 256
    Hash: Sha256
    DH Group: 14 (2048)
    Life Span: 28800

    Level 2:
    Mode: IPv4
    Local network: Lan subnet
    Remote network: 192.168.15.0/24

    Protocol: ESP
    Encryption Algorithm: AES / 256 bits
    Hash: SHA256
    PFS KEY GROUP: 14 (2048)
    Life Span: 3600

    Logs:
    20 jun 12:39:42 charon 11 [NET] <con1000 | 23> enviando pacote: de 192.168.0.100 [4500] para xxx.xxx.xxx ..65 [4500] (108 bytes)
    20 de jun 12:39 : 42 charon 11 [NET] <con1000 | 23> pacote recebido: de xxx.xxxx.xxx.65 [4500] para 192.168.0.100 [4500] (108 bytes)
    20 de junho 12:39:42 charon 11 [ENC] < con1000 | 23> parsed INFORMATIONAL_V1 pedido 1017745080 [HASH N (AUTH_FAILED)]
    20 jun 12:39:42 charon 11 [IKE] <con1000 | 23> recebeu erro AUTHENTICATION_FAILED notificar
    Jun 20 12:39:42 charon 11 [IKE] <con1000 | 23> IKE_SA con1000 [23] mudança de estado: CONEXÃO => DESTRUIR

    un 20 12:42:25 charon 05 [ENC] <con1000 | 23> gerando a solicitação ID_PROT 0 [ID HASH N (INITIAL_CONTACT)]
    20 de junho 12:42:25 charon 05 [NET] <con1000 | 23> enviando pacote: de 192.168.25.20 [4500] para xxx.xxxx.xxx.58 [4500] (108 bytes)
    20 de junho 12:42:25 charon 05 [NET] <con1000 | 23> pacote recebido: de xxx.xxx.xxx.58 [ 4500] para 192.168.25.20 [4500] (108 bytes)
    20 de junho 12:42:25 charon 05 [ENC] <con1000 | 23> pedido INFORMATIONAL_V1 analisado 2429608356 [HASH N (AUTH_FAILED)]
    20 de junho 12:42:25 charon 05 [IKE] <con1000 | 23> notificou o erro AUTHENTICATION_FAILED recebido

    87b10c9d-37ed-494f-9173-979c8f7a4dd3-image.png

    c430d316-32b8-4f6d-a9b6-d16c1d1f7899-image.png

    0c2ba47e-9735-415c-b440-fcc000aeb671-image.png

    c1626027-5838-4d8b-99b6-d1477dcfedba-image.png



  • @PedroBelliato said in IPSEC Site-to-Site VPN (tunnel does not close):

    [HASH N (AUTH_FAILED)]
    2

    Whenever you receive an AUTH_FAILED notify you should check the other peer's log file. There should be an explanation there why the authentication failed.

    afdc166c-f4cc-428f-9511-a65d93e37fa9-image.png


Log in to reply