IPSEC pfSense to PaloAlto
-
Hello guys,
I am trying to set up Site to Site IPSEC VPN between pfSense to PaloAlto.
getting the logs below.
any idea?
thanks in advance,
MichaelApr 10 15:41:50 charon 01[IKE] <con1000|7> sending NAT-T (RFC 3947) vendor ID
Apr 10 15:41:50 charon 01[IKE] <con1000|7> sending draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Apr 10 15:41:50 charon 01[IKE] <con1000|7> initiating Main Mode IKE_SA con1000[7] to 212.143.216.82
Apr 10 15:41:50 charon 01[IKE] <con1000|7> IKE_SA con1000[7] state change: CREATED => CONNECTING
Apr 10 15:41:50 charon 01[CFG] <con1000|7> configured proposals: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Apr 10 15:41:50 charon 01[ENC] <con1000|7> generating ID_PROT request 0 [ SA V V V V V ]
Apr 10 15:41:50 charon 01[NET] <con1000|7> sending packet: from 192.168.1.254[500] to 212.143.216.82[500] (180 bytes)
Apr 10 15:41:50 charon 01[NET] <con1000|7> received packet: from 212.143.216.82[500] to 192.168.1.254[500] (160 bytes)
Apr 10 15:41:50 charon 01[ENC] <con1000|7> parsed ID_PROT response 0 [ SA V V V V ]
Apr 10 15:41:50 charon 01[IKE] <con1000|7> received XAuth vendor ID
Apr 10 15:41:50 charon 01[IKE] <con1000|7> received DPD vendor ID
Apr 10 15:41:50 charon 01[IKE] <con1000|7> received FRAGMENTATION vendor ID
Apr 10 15:41:50 charon 01[ENC] <con1000|7> received unknown vendor ID: a9:b9:b1:03:4f:7e:50:a2:51:3b:47:b1:00:bb:85:a9
Apr 10 15:41:50 charon 01[CFG] <con1000|7> selecting proposal:
Apr 10 15:41:50 charon 01[CFG] <con1000|7> proposal matches
Apr 10 15:41:50 charon 01[CFG] <con1000|7> received proposals: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Apr 10 15:41:50 charon 01[CFG] <con1000|7> configured proposals: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Apr 10 15:41:50 charon 01[CFG] <con1000|7> selected proposal: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Apr 10 15:41:50 charon 01[IKE] <con1000|7> reinitiating already active tasks
Apr 10 15:41:50 charon 01[IKE] <con1000|7> ISAKMP_VENDOR task
Apr 10 15:41:50 charon 01[IKE] <con1000|7> MAIN_MODE task
Apr 10 15:41:50 charon 01[ENC] <con1000|7> generating ID_PROT request 0 [ KE No ]
Apr 10 15:41:50 charon 01[NET] <con1000|7> sending packet: from 192.168.1.254[500] to 212.143.216.82[500] (324 bytes)
Apr 10 15:41:50 charon 01[NET] <con1000|7> received packet: from 212.143.216.82[500] to 192.168.1.254[500] (308 bytes)
Apr 10 15:41:50 charon 01[ENC] <con1000|7> parsed ID_PROT response 0 [ KE No ]
Apr 10 15:41:50 charon 01[IKE] <con1000|7> reinitiating already active tasks
Apr 10 15:41:50 charon 01[IKE] <con1000|7> ISAKMP_VENDOR task
Apr 10 15:41:50 charon 01[IKE] <con1000|7> MAIN_MODE task
Apr 10 15:41:50 charon 01[ENC] <con1000|7> generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
Apr 10 15:41:50 charon 01[NET] <con1000|7> sending packet: from 192.168.1.254[500] to 212.143.216.82[500] (108 bytes)
Apr 10 15:41:51 charon 01[NET] <con1000|7> received packet: from 212.143.216.82[500] to 192.168.1.254[500] (308 bytes)
Apr 10 15:41:51 charon 01[IKE] <con1000|7> received retransmit of response with ID 0, but next request already sent
Apr 10 15:41:53 charon 01[NET] <con1000|7> received packet: from 212.143.216.82[500] to 192.168.1.254[500] (308 bytes)
Apr 10 15:41:53 charon 01[IKE] <con1000|7> received retransmit of response with ID 0, but next request already sent
Apr 10 15:41:54 charon 08[IKE] <con1000|7> sending retransmit 1 of request message ID 0, seq 3
Apr 10 15:41:54 charon 08[NET] <con1000|7> sending packet: from 192.168.1.254[500] to 212.143.216.82[500] (108 bytes)
Apr 10 15:41:56 charon 08[NET] <con1000|7> received packet: from 212.143.216.82[500] to 192.168.1.254[500] (308 bytes)
Apr 10 15:41:56 charon 08[IKE] <con1000|7> received retransmit of response with ID 0, but next request already sent
Apr 10 15:42:01 charon 08[NET] <con1000|7> received packet: from 212.143.216.82[500] to 192.168.1.254[500] (308 bytes)
Apr 10 15:42:01 charon 08[IKE] <con1000|7> received retransmit of response with ID 0, but next request already sent
Apr 10 15:42:01 charon 08[IKE] <con1000|7> sending retransmit 2 of request message ID 0, seq 3
Apr 10 15:42:01 charon 08[NET] <con1000|7> sending packet: from 192.168.1.254[500] to 212.143.216.82[500] (108 bytes)
Apr 10 15:42:09 charon 01[NET] <con1000|7> received packet: from 212.143.216.82[500] to 192.168.1.254[500] (308 bytes)
Apr 10 15:42:09 charon 01[IKE] <con1000|7> received retransmit of response with ID 0, but next request already sent
Apr 10 15:42:14 charon 01[IKE] <con1000|7> sending retransmit 3 of request message ID 0, seq 3
Apr 10 15:42:14 charon 01[NET] <con1000|7> sending packet: from 192.168.1.254[500] to 212.143.216.82[500] (108 bytes)
Apr 10 15:42:38 charon 01[IKE] <con1000|7> sending retransmit 4 of request message ID 0, seq 3
Apr 10 15:42:38 charon 01[NET] <con1000|7> sending packet: from 192.168.1.254[500] to 212.143.216.82[500] (108 bytes)
Apr 10 15:43:20 charon 01[IKE] <con1000|7> sending retransmit 5 of request message ID 0, seq 3
Apr 10 15:43:20 charon 01[NET] <con1000|7> sending packet: from 192.168.1.254[500] to 212.143.216.82[500] (108 bytes) -
just forgotten one thing - the pfSense located on behind router with forwarding UDP ports 500,4500 to it..