4. Avaya 5610 > PFSense error

Avaya 5610 > PFSense error

  • R

    I'm having trouble connecting an Avaya5610SW IP Phone to our intranet via IPSEC. The phone cycles around "Exchanging Keys", "Building IPSEC Tunnels" and "Checking network connectivity" but keeps doing that through 4 Encapsulation methods. The IPSEC log of this cycle :

    Sep 2 21:23:24 racoon: INFO: generated policy, deleting it.
    Sep 2 21:23:22 racoon: ERROR: failed to pre-process packet.
    Sep 2 21:23:22 racoon: [Unknown Gateway/Dynamic]: INFO: respond new phase 2 negotiation: xx.xxx.xx.xx[0]<=>yy.yyy.yy.yyy[0]
    Sep 2 21:23:22 racoon: ERROR: failed to pre-process packet.
    Sep 2 21:23:22 racoon: [Unknown Gateway/Dynamic]: INFO: respond new phase 2 negotiation: xx.xxx.xx.xx[0]<=>yy.yyy.yy.yyy[0]
    Sep 2 21:23:22 racoon: [Unknown Gateway/Dynamic]: ERROR: such policy does not already exist: "192.168.66.0/24[0] 192.168.66.160/32[0] proto=any dir=out"
    Sep 2 21:23:22 racoon: [Unknown Gateway/Dynamic]: ERROR: such policy does not already exist: "192.168.66.160/32[0] 192.168.66.0/24[0] proto=any dir=in"
    Sep 2 21:23:22 racoon: [Unknown Gateway/Dynamic]: INFO: IPsec-SA established: ESP xx.xxx.xx.xx[0]->yy.yyy.yy.yyy[0] spi=3140960921(0xbb374299)
    Sep 2 21:23:22 racoon: [Unknown Gateway/Dynamic]: INFO: IPsec-SA established: ESP yy.yyy.yy.yyy[0]->xx.xxx.xx.xx[0] spi=137793112(0x8368e58)
    Sep 2 21:23:20 racoon: [Unknown Gateway/Dynamic]: NOTIFY: the packet is retransmitted by yy.yyy.yy.yyy[2070] (1).
    Sep 2 21:23:20 racoon: [Unknown Gateway/Dynamic]: WARNING: the packet retransmitted in a short time from yy.yyy.yy.yyy[2070]
    Sep 2 21:23:20 racoon: [Unknown Gateway/Dynamic]: NOTIFY: the packet is retransmitted by yy.yyy.yy.yyy[2070] (1).
    Sep 2 21:23:20 racoon: [Unknown Gateway/Dynamic]: INFO: no policy found, try to generate the policy : 192.168.66.160/32[0] 192.168.66.0/24[0] proto=any dir=in
    Sep 2 21:23:20 racoon: WARNING: ignore INITIAL-CONTACT notification, because it is only accepted after phase1.
    Sep 2 21:23:20 racoon: [Unknown Gateway/Dynamic]: INFO: respond new phase 2 negotiation: xx.xxx.xx.xx[0]<=>yy.yyy.yy.yyy[0]
    Sep 2 21:23:19 racoon: [Unknown Gateway/Dynamic]: INFO: ISAKMP-SA established xx.xxx.xx.xx[500]-yy.yyy.yy.yyy[2070] spi:0f83c9b76bcb3dce:5036018c0ba80702
    Sep 2 21:23:18 racoon: [Unknown Gateway/Dynamic]: NOTIFY: the packet is retransmitted by yy.yyy.yy.yyy[2070] (1).
    Sep 2 21:23:18 racoon: [Unknown Gateway/Dynamic]: WARNING: the packet retransmitted in a short time from yy.yyy.yy.yyy[2070]
    Sep 2 21:23:18 racoon: [Unknown Gateway/Dynamic]: NOTIFY: the packet is retransmitted by yy.yyy.yy.yyy[2070] (1).
    Sep 2 21:23:18 racoon: INFO: Adding xauth VID payload.
    Sep 2 21:23:18 racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
    Sep 2 21:23:18 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
    Sep 2 21:23:18 racoon: INFO: begin Aggressive mode.
    Sep 2 21:23:18 racoon: [Unknown Gateway/Dynamic]: INFO: respond new phase 1 negotiation: xx.xxx.xx.xx[500]<=>yy.yyy.yy.yyy[2070]
    Sep 2 21:23:14 racoon: INFO: generated policy, deleting it.
    Sep 2 21:22:53 racoon: ERROR: Message: '0 gm { ^ b ~F M C u] $ R! ObKd " 6 S Ed QPT 4Pr 8 p K1 sDZ { J[ d W C # % Bm bB r O m)$ aQ s v M'4 L jn _ j A_[ Tv q:|x 8 F9V 8< J ko y6c p }M d c + OyD' uj L1 &2 { '. Sep 2 21:22:53 racoon: ERROR: fatal INVALID-PAYLOAD-TYPE notify messsage, phase1 should be deleted. Sep 2 21:22:53 racoon: ERROR: Message: '1fy l . f Ty S 8 , ^ O b v l q V b w s 91 5 6g S O m~ > ' = >O % l e 'E D G " n f b < y R! /8 c fN E 9 0K Pk 8 k 8 ^ + B B '. Sep 2 21:22:53 racoon: ERROR: fatal INVALID-PAYLOAD-TYPE notify messsage, phase1 should be deleted. Sep 2 21:22:53 racoon: ERROR: Message: 'Rq~ r J%W ^ b ~F M C u] $ R! ObKd " 6 S Ed QPT 4Pr 8 p K1 sDZ { J[ d W C # % Bm b B rO m)$ aQ s v M'4 L jn _ j A_[ Tv q:|x 8 F9V 8< J ko y6c p }M d c + OyD' uj L1 &2 { '.
    Sep 2 21:22:53 racoon: ERROR: fatal INVALID-PAYLOAD-TYPE notify messsage, phase1 should be deleted.
    Sep 2 21:22:53 racoon: [Unknown Gateway/Dynamic]: ERROR: such policy does not already exist: "192.168.66.0/24[0] 192.168.66.160/32[0] proto=any dir=out"
    Sep 2 21:22:53 racoon: [Unknown Gateway/Dynamic]: ERROR: such policy does not already exist: "192.168.66.160/32[0] 192.168.66.0/24[0] proto=any dir=in"
    Sep 2 21:22:53 racoon: [Unknown Gateway/Dynamic]: INFO: IPsec-SA established: ESP xx.xxx.xx.xx[0]->yy.yyy.yy.yyy[0] spi=4294268717(0xfff5572d)
    Sep 2 21:22:53 racoon: [Unknown Gateway/Dynamic]: INFO: IPsec-SA established: ESP yy.yyy.yy.yyy[0]->xx.xxx.xx.xx[0] spi=73332466(0x45ef6f2)
    Sep 2 21:22:52 racoon: [Unknown Gateway/Dynamic]: NOTIFY: the packet is retransmitted by yy.yyy.yy.yyy[500] (1).
    Sep 2 21:22:52 racoon: [Unknown Gateway/Dynamic]: WARNING: the packet retransmitted in a short time from yy.yyy.yy.yyy[500]
    Sep 2 21:22:52 racoon: [Unknown Gateway/Dynamic]: NOTIFY: the packet is retransmitted by yy.yyy.yy.yyy[500] (1).
    Sep 2 21:22:52 racoon: [Unknown Gateway/Dynamic]: WARNING: the packet retransmitted in a short time from yy.yyy.yy.yyy[500]
    Sep 2 21:22:52 racoon: [Unknown Gateway/Dynamic]: NOTIFY: the packet is retransmitted by yy.yyy.yy.yyy[500] (1).
    Sep 2 21:22:52 racoon: [Unknown Gateway/Dynamic]: INFO: no policy found, try to generate the policy : 192.168.66.160/32[0] 192.168.66.0/24[0] proto=any dir=in
    Sep 2 21:22:52 racoon: WARNING: ignore INITIAL-CONTACT notification, because it is only accepted after phase1.
    Sep 2 21:22:52 racoon: [Unknown Gateway/Dynamic]: INFO: respond new phase 2 negotiation: xx.xxx.xx.xx[0]<=>yy.yyy.yy.yyy[0]
    Sep 2 21:22:51 racoon: [Unknown Gateway/Dynamic]: INFO: ISAKMP-SA established xx.xxx.xx.xx[500]-yy.yyy.yy.yyy[500] spi:db2cb00b07d7e1da:ddc923f25fc7f1b9
    Sep 2 21:22:49 racoon: [Unknown Gateway/Dynamic]: NOTIFY: the packet is retransmitted by yy.yyy.yy.yyy[500] (1).
    Sep 2 21:22:49 racoon: INFO: Adding xauth VID payload.
    Sep 2 21:22:49 racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt

    The IKE ID and PSK are identical on the phone and in PF, as are the IKE parameters and IPSEC parameters.

    Looking at the log above, is there anything that stands out as the problem ?

    What does invalid payload type mean ?

    Thanks

    0
  • T

    Did you ever figure this out?

    0
  • K

    I'm having the same issue.  Would love to know if anyone has made this work.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy