Avaya 5610 > PFSense error



  • I'm having trouble connecting an Avaya5610SW IP Phone to our intranet via IPSEC. The phone cycles around "Exchanging Keys", "Building IPSEC Tunnels" and "Checking network connectivity" but keeps doing that through 4 Encapsulation methods. The IPSEC log of this cycle :

    Sep 2 21:23:24 racoon: INFO: generated policy, deleting it.
    Sep 2 21:23:22 racoon: ERROR: failed to pre-process packet.
    Sep 2 21:23:22 racoon: [Unknown Gateway/Dynamic]: INFO: respond new phase 2 negotiation: xx.xxx.xx.xx[0]<=>yy.yyy.yy.yyy[0]
    Sep 2 21:23:22 racoon: ERROR: failed to pre-process packet.
    Sep 2 21:23:22 racoon: [Unknown Gateway/Dynamic]: INFO: respond new phase 2 negotiation: xx.xxx.xx.xx[0]<=>yy.yyy.yy.yyy[0]
    Sep 2 21:23:22 racoon: [Unknown Gateway/Dynamic]: ERROR: such policy does not already exist: "192.168.66.0/24[0] 192.168.66.160/32[0] proto=any dir=out"
    Sep 2 21:23:22 racoon: [Unknown Gateway/Dynamic]: ERROR: such policy does not already exist: "192.168.66.160/32[0] 192.168.66.0/24[0] proto=any dir=in"
    Sep 2 21:23:22 racoon: [Unknown Gateway/Dynamic]: INFO: IPsec-SA established: ESP xx.xxx.xx.xx[0]->yy.yyy.yy.yyy[0] spi=3140960921(0xbb374299)
    Sep 2 21:23:22 racoon: [Unknown Gateway/Dynamic]: INFO: IPsec-SA established: ESP yy.yyy.yy.yyy[0]->xx.xxx.xx.xx[0] spi=137793112(0x8368e58)
    Sep 2 21:23:20 racoon: [Unknown Gateway/Dynamic]: NOTIFY: the packet is retransmitted by yy.yyy.yy.yyy[2070] (1).
    Sep 2 21:23:20 racoon: [Unknown Gateway/Dynamic]: WARNING: the packet retransmitted in a short time from yy.yyy.yy.yyy[2070]
    Sep 2 21:23:20 racoon: [Unknown Gateway/Dynamic]: NOTIFY: the packet is retransmitted by yy.yyy.yy.yyy[2070] (1).
    Sep 2 21:23:20 racoon: [Unknown Gateway/Dynamic]: INFO: no policy found, try to generate the policy : 192.168.66.160/32[0] 192.168.66.0/24[0] proto=any dir=in
    Sep 2 21:23:20 racoon: WARNING: ignore INITIAL-CONTACT notification, because it is only accepted after phase1.
    Sep 2 21:23:20 racoon: [Unknown Gateway/Dynamic]: INFO: respond new phase 2 negotiation: xx.xxx.xx.xx[0]<=>yy.yyy.yy.yyy[0]
    Sep 2 21:23:19 racoon: [Unknown Gateway/Dynamic]: INFO: ISAKMP-SA established xx.xxx.xx.xx[500]-yy.yyy.yy.yyy[2070] spi:0f83c9b76bcb3dce:5036018c0ba80702
    Sep 2 21:23:18 racoon: [Unknown Gateway/Dynamic]: NOTIFY: the packet is retransmitted by yy.yyy.yy.yyy[2070] (1).
    Sep 2 21:23:18 racoon: [Unknown Gateway/Dynamic]: WARNING: the packet retransmitted in a short time from yy.yyy.yy.yyy[2070]
    Sep 2 21:23:18 racoon: [Unknown Gateway/Dynamic]: NOTIFY: the packet is retransmitted by yy.yyy.yy.yyy[2070] (1).
    Sep 2 21:23:18 racoon: INFO: Adding xauth VID payload.
    Sep 2 21:23:18 racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
    Sep 2 21:23:18 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
    Sep 2 21:23:18 racoon: INFO: begin Aggressive mode.
    Sep 2 21:23:18 racoon: [Unknown Gateway/Dynamic]: INFO: respond new phase 1 negotiation: xx.xxx.xx.xx[500]<=>yy.yyy.yy.yyy[2070]
    Sep 2 21:23:14 racoon: INFO: generated policy, deleting it.
    Sep 2 21:22:53 racoon: ERROR: Message: '0 gm { ^ b ~F M C u] $ R! ObKd " 6 S Ed QPT 4Pr 8 p K1 sDZ { J[ d W C # % Bm bB r O m)$ aQ s v M'4 L jn _ j A_[ Tv q:|x 8 F9V 8< J ko y6c p }M d c + OyD' uj L1 &2 { '. Sep 2 21:22:53 racoon: ERROR: fatal INVALID-PAYLOAD-TYPE notify messsage, phase1 should be deleted. Sep 2 21:22:53 racoon: ERROR: Message: '1fy l . f Ty S 8 , ^ O b v l q V b w s 91 5 6g S O m~ > ' = >O % l e 'E D G " n f b < y R! /8 c fN E 9 0K Pk 8 k 8 ^ + B B '. Sep 2 21:22:53 racoon: ERROR: fatal INVALID-PAYLOAD-TYPE notify messsage, phase1 should be deleted. Sep 2 21:22:53 racoon: ERROR: Message: 'Rq~ r J%W ^ b ~F M C u] $ R! ObKd " 6 S Ed QPT 4Pr 8 p K1 sDZ { J[ d W C # % Bm b B rO m)$ aQ s v M'4 L jn _ j A_[ Tv q:|x 8 F9V 8< J ko y6c p }M d c + OyD' uj L1 &2 { '.
    Sep 2 21:22:53 racoon: ERROR: fatal INVALID-PAYLOAD-TYPE notify messsage, phase1 should be deleted.
    Sep 2 21:22:53 racoon: [Unknown Gateway/Dynamic]: ERROR: such policy does not already exist: "192.168.66.0/24[0] 192.168.66.160/32[0] proto=any dir=out"
    Sep 2 21:22:53 racoon: [Unknown Gateway/Dynamic]: ERROR: such policy does not already exist: "192.168.66.160/32[0] 192.168.66.0/24[0] proto=any dir=in"
    Sep 2 21:22:53 racoon: [Unknown Gateway/Dynamic]: INFO: IPsec-SA established: ESP xx.xxx.xx.xx[0]->yy.yyy.yy.yyy[0] spi=4294268717(0xfff5572d)
    Sep 2 21:22:53 racoon: [Unknown Gateway/Dynamic]: INFO: IPsec-SA established: ESP yy.yyy.yy.yyy[0]->xx.xxx.xx.xx[0] spi=73332466(0x45ef6f2)
    Sep 2 21:22:52 racoon: [Unknown Gateway/Dynamic]: NOTIFY: the packet is retransmitted by yy.yyy.yy.yyy[500] (1).
    Sep 2 21:22:52 racoon: [Unknown Gateway/Dynamic]: WARNING: the packet retransmitted in a short time from yy.yyy.yy.yyy[500]
    Sep 2 21:22:52 racoon: [Unknown Gateway/Dynamic]: NOTIFY: the packet is retransmitted by yy.yyy.yy.yyy[500] (1).
    Sep 2 21:22:52 racoon: [Unknown Gateway/Dynamic]: WARNING: the packet retransmitted in a short time from yy.yyy.yy.yyy[500]
    Sep 2 21:22:52 racoon: [Unknown Gateway/Dynamic]: NOTIFY: the packet is retransmitted by yy.yyy.yy.yyy[500] (1).
    Sep 2 21:22:52 racoon: [Unknown Gateway/Dynamic]: INFO: no policy found, try to generate the policy : 192.168.66.160/32[0] 192.168.66.0/24[0] proto=any dir=in
    Sep 2 21:22:52 racoon: WARNING: ignore INITIAL-CONTACT notification, because it is only accepted after phase1.
    Sep 2 21:22:52 racoon: [Unknown Gateway/Dynamic]: INFO: respond new phase 2 negotiation: xx.xxx.xx.xx[0]<=>yy.yyy.yy.yyy[0]
    Sep 2 21:22:51 racoon: [Unknown Gateway/Dynamic]: INFO: ISAKMP-SA established xx.xxx.xx.xx[500]-yy.yyy.yy.yyy[500] spi:db2cb00b07d7e1da:ddc923f25fc7f1b9
    Sep 2 21:22:49 racoon: [Unknown Gateway/Dynamic]: NOTIFY: the packet is retransmitted by yy.yyy.yy.yyy[500] (1).
    Sep 2 21:22:49 racoon: INFO: Adding xauth VID payload.
    Sep 2 21:22:49 racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt

    The IKE ID and PSK are identical on the phone and in PF, as are the IKE parameters and IPSEC parameters.

    Looking at the log above, is there anything that stands out as the problem ?

    What does invalid payload type mean ?

    Thanks



  • Did you ever figure this out?



  • I'm having the same issue.  Would love to know if anyone has made this work.


Log in to reply