Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Avaya 5610 > PFSense error

    IPsec
    3
    3
    3584
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rich2010 last edited by

      I'm having trouble connecting an Avaya5610SW IP Phone to our intranet via IPSEC. The phone cycles around "Exchanging Keys", "Building IPSEC Tunnels" and "Checking network connectivity" but keeps doing that through 4 Encapsulation methods. The IPSEC log of this cycle :

      Sep 2 21:23:24 racoon: INFO: generated policy, deleting it.
      Sep 2 21:23:22 racoon: ERROR: failed to pre-process packet.
      Sep 2 21:23:22 racoon: [Unknown Gateway/Dynamic]: INFO: respond new phase 2 negotiation: xx.xxx.xx.xx[0]<=>yy.yyy.yy.yyy[0]
      Sep 2 21:23:22 racoon: ERROR: failed to pre-process packet.
      Sep 2 21:23:22 racoon: [Unknown Gateway/Dynamic]: INFO: respond new phase 2 negotiation: xx.xxx.xx.xx[0]<=>yy.yyy.yy.yyy[0]
      Sep 2 21:23:22 racoon: [Unknown Gateway/Dynamic]: ERROR: such policy does not already exist: "192.168.66.0/24[0] 192.168.66.160/32[0] proto=any dir=out"
      Sep 2 21:23:22 racoon: [Unknown Gateway/Dynamic]: ERROR: such policy does not already exist: "192.168.66.160/32[0] 192.168.66.0/24[0] proto=any dir=in"
      Sep 2 21:23:22 racoon: [Unknown Gateway/Dynamic]: INFO: IPsec-SA established: ESP xx.xxx.xx.xx[0]->yy.yyy.yy.yyy[0] spi=3140960921(0xbb374299)
      Sep 2 21:23:22 racoon: [Unknown Gateway/Dynamic]: INFO: IPsec-SA established: ESP yy.yyy.yy.yyy[0]->xx.xxx.xx.xx[0] spi=137793112(0x8368e58)
      Sep 2 21:23:20 racoon: [Unknown Gateway/Dynamic]: NOTIFY: the packet is retransmitted by yy.yyy.yy.yyy[2070] (1).
      Sep 2 21:23:20 racoon: [Unknown Gateway/Dynamic]: WARNING: the packet retransmitted in a short time from yy.yyy.yy.yyy[2070]
      Sep 2 21:23:20 racoon: [Unknown Gateway/Dynamic]: NOTIFY: the packet is retransmitted by yy.yyy.yy.yyy[2070] (1).
      Sep 2 21:23:20 racoon: [Unknown Gateway/Dynamic]: INFO: no policy found, try to generate the policy : 192.168.66.160/32[0] 192.168.66.0/24[0] proto=any dir=in
      Sep 2 21:23:20 racoon: WARNING: ignore INITIAL-CONTACT notification, because it is only accepted after phase1.
      Sep 2 21:23:20 racoon: [Unknown Gateway/Dynamic]: INFO: respond new phase 2 negotiation: xx.xxx.xx.xx[0]<=>yy.yyy.yy.yyy[0]
      Sep 2 21:23:19 racoon: [Unknown Gateway/Dynamic]: INFO: ISAKMP-SA established xx.xxx.xx.xx[500]-yy.yyy.yy.yyy[2070] spi:0f83c9b76bcb3dce:5036018c0ba80702
      Sep 2 21:23:18 racoon: [Unknown Gateway/Dynamic]: NOTIFY: the packet is retransmitted by yy.yyy.yy.yyy[2070] (1).
      Sep 2 21:23:18 racoon: [Unknown Gateway/Dynamic]: WARNING: the packet retransmitted in a short time from yy.yyy.yy.yyy[2070]
      Sep 2 21:23:18 racoon: [Unknown Gateway/Dynamic]: NOTIFY: the packet is retransmitted by yy.yyy.yy.yyy[2070] (1).
      Sep 2 21:23:18 racoon: INFO: Adding xauth VID payload.
      Sep 2 21:23:18 racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
      Sep 2 21:23:18 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
      Sep 2 21:23:18 racoon: INFO: begin Aggressive mode.
      Sep 2 21:23:18 racoon: [Unknown Gateway/Dynamic]: INFO: respond new phase 1 negotiation: xx.xxx.xx.xx[500]<=>yy.yyy.yy.yyy[2070]
      Sep 2 21:23:14 racoon: INFO: generated policy, deleting it.
      Sep 2 21:22:53 racoon: ERROR: Message: '0 gm { ^ b ~F M C u] $ R! ObKd " 6 S Ed QPT 4Pr 8 p K1 sDZ { J[ d W C # % Bm b B r O m)$ aQ s v M'4 L jn _ j A_[ Tv q:|x 8 F9V 8< J ko y6c p }M d c + OyD' uj L1 &2 { '. Sep 2 21:22:53 racoon: ERROR: fatal INVALID-PAYLOAD-TYPE notify messsage, phase1 should be deleted. Sep 2 21:22:53 racoon: ERROR: Message: '1fy l . f Ty S 8 , ^ O b v l q V b w s 91 5 6g S O m~ > ' = >O % l e 'E D G " n f b < y R! /8 c fN E 9 0K Pk 8 k 8 ^ + B B '. Sep 2 21:22:53 racoon: ERROR: fatal INVALID-PAYLOAD-TYPE notify messsage, phase1 should be deleted. Sep 2 21:22:53 racoon: ERROR: Message: 'Rq~ r J%W ^ b ~F M C u] $ R! ObKd " 6 S Ed QPT 4Pr 8 p K1 sDZ { J[ d W C # % Bm b B rO m)$ aQ s v M'4 L jn _ j A_[ Tv q:|x 8 F9V 8< J ko y6c p }M d c + OyD' uj L1 &2 { '.
      Sep 2 21:22:53 racoon: ERROR: fatal INVALID-PAYLOAD-TYPE notify messsage, phase1 should be deleted.
      Sep 2 21:22:53 racoon: [Unknown Gateway/Dynamic]: ERROR: such policy does not already exist: "192.168.66.0/24[0] 192.168.66.160/32[0] proto=any dir=out"
      Sep 2 21:22:53 racoon: [Unknown Gateway/Dynamic]: ERROR: such policy does not already exist: "192.168.66.160/32[0] 192.168.66.0/24[0] proto=any dir=in"
      Sep 2 21:22:53 racoon: [Unknown Gateway/Dynamic]: INFO: IPsec-SA established: ESP xx.xxx.xx.xx[0]->yy.yyy.yy.yyy[0] spi=4294268717(0xfff5572d)
      Sep 2 21:22:53 racoon: [Unknown Gateway/Dynamic]: INFO: IPsec-SA established: ESP yy.yyy.yy.yyy[0]->xx.xxx.xx.xx[0] spi=73332466(0x45ef6f2)
      Sep 2 21:22:52 racoon: [Unknown Gateway/Dynamic]: NOTIFY: the packet is retransmitted by yy.yyy.yy.yyy[500] (1).
      Sep 2 21:22:52 racoon: [Unknown Gateway/Dynamic]: WARNING: the packet retransmitted in a short time from yy.yyy.yy.yyy[500]
      Sep 2 21:22:52 racoon: [Unknown Gateway/Dynamic]: NOTIFY: the packet is retransmitted by yy.yyy.yy.yyy[500] (1).
      Sep 2 21:22:52 racoon: [Unknown Gateway/Dynamic]: WARNING: the packet retransmitted in a short time from yy.yyy.yy.yyy[500]
      Sep 2 21:22:52 racoon: [Unknown Gateway/Dynamic]: NOTIFY: the packet is retransmitted by yy.yyy.yy.yyy[500] (1).
      Sep 2 21:22:52 racoon: [Unknown Gateway/Dynamic]: INFO: no policy found, try to generate the policy : 192.168.66.160/32[0] 192.168.66.0/24[0] proto=any dir=in
      Sep 2 21:22:52 racoon: WARNING: ignore INITIAL-CONTACT notification, because it is only accepted after phase1.
      Sep 2 21:22:52 racoon: [Unknown Gateway/Dynamic]: INFO: respond new phase 2 negotiation: xx.xxx.xx.xx[0]<=>yy.yyy.yy.yyy[0]
      Sep 2 21:22:51 racoon: [Unknown Gateway/Dynamic]: INFO: ISAKMP-SA established xx.xxx.xx.xx[500]-yy.yyy.yy.yyy[500] spi:db2cb00b07d7e1da:ddc923f25fc7f1b9
      Sep 2 21:22:49 racoon: [Unknown Gateway/Dynamic]: NOTIFY: the packet is retransmitted by yy.yyy.yy.yyy[500] (1).
      Sep 2 21:22:49 racoon: INFO: Adding xauth VID payload.
      Sep 2 21:22:49 racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt

      The IKE ID and PSK are identical on the phone and in PF, as are the IKE parameters and IPSEC parameters.

      Looking at the log above, is there anything that stands out as the problem ?

      What does invalid payload type mean ?

      Thanks

      1 Reply Last reply Reply Quote 0
      • T
        tempus6 last edited by

        Did you ever figure this out?

        1 Reply Last reply Reply Quote 0
        • K
          kholladay last edited by

          I'm having the same issue.  Would love to know if anyone has made this work.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy