Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Avaya 5610 > PFSense error

    IPsec
    3
    3
    3.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rich2010
      last edited by

      I'm having trouble connecting an Avaya5610SW IP Phone to our intranet via IPSEC. The phone cycles around "Exchanging Keys", "Building IPSEC Tunnels" and "Checking network connectivity" but keeps doing that through 4 Encapsulation methods. The IPSEC log of this cycle :

      Sep 2 21:23:24 racoon: INFO: generated policy, deleting it.
      Sep 2 21:23:22 racoon: ERROR: failed to pre-process packet.
      Sep 2 21:23:22 racoon: [Unknown Gateway/Dynamic]: INFO: respond new phase 2 negotiation: xx.xxx.xx.xx[0]<=>yy.yyy.yy.yyy[0]
      Sep 2 21:23:22 racoon: ERROR: failed to pre-process packet.
      Sep 2 21:23:22 racoon: [Unknown Gateway/Dynamic]: INFO: respond new phase 2 negotiation: xx.xxx.xx.xx[0]<=>yy.yyy.yy.yyy[0]
      Sep 2 21:23:22 racoon: [Unknown Gateway/Dynamic]: ERROR: such policy does not already exist: "192.168.66.0/24[0] 192.168.66.160/32[0] proto=any dir=out"
      Sep 2 21:23:22 racoon: [Unknown Gateway/Dynamic]: ERROR: such policy does not already exist: "192.168.66.160/32[0] 192.168.66.0/24[0] proto=any dir=in"
      Sep 2 21:23:22 racoon: [Unknown Gateway/Dynamic]: INFO: IPsec-SA established: ESP xx.xxx.xx.xx[0]->yy.yyy.yy.yyy[0] spi=3140960921(0xbb374299)
      Sep 2 21:23:22 racoon: [Unknown Gateway/Dynamic]: INFO: IPsec-SA established: ESP yy.yyy.yy.yyy[0]->xx.xxx.xx.xx[0] spi=137793112(0x8368e58)
      Sep 2 21:23:20 racoon: [Unknown Gateway/Dynamic]: NOTIFY: the packet is retransmitted by yy.yyy.yy.yyy[2070] (1).
      Sep 2 21:23:20 racoon: [Unknown Gateway/Dynamic]: WARNING: the packet retransmitted in a short time from yy.yyy.yy.yyy[2070]
      Sep 2 21:23:20 racoon: [Unknown Gateway/Dynamic]: NOTIFY: the packet is retransmitted by yy.yyy.yy.yyy[2070] (1).
      Sep 2 21:23:20 racoon: [Unknown Gateway/Dynamic]: INFO: no policy found, try to generate the policy : 192.168.66.160/32[0] 192.168.66.0/24[0] proto=any dir=in
      Sep 2 21:23:20 racoon: WARNING: ignore INITIAL-CONTACT notification, because it is only accepted after phase1.
      Sep 2 21:23:20 racoon: [Unknown Gateway/Dynamic]: INFO: respond new phase 2 negotiation: xx.xxx.xx.xx[0]<=>yy.yyy.yy.yyy[0]
      Sep 2 21:23:19 racoon: [Unknown Gateway/Dynamic]: INFO: ISAKMP-SA established xx.xxx.xx.xx[500]-yy.yyy.yy.yyy[2070] spi:0f83c9b76bcb3dce:5036018c0ba80702
      Sep 2 21:23:18 racoon: [Unknown Gateway/Dynamic]: NOTIFY: the packet is retransmitted by yy.yyy.yy.yyy[2070] (1).
      Sep 2 21:23:18 racoon: [Unknown Gateway/Dynamic]: WARNING: the packet retransmitted in a short time from yy.yyy.yy.yyy[2070]
      Sep 2 21:23:18 racoon: [Unknown Gateway/Dynamic]: NOTIFY: the packet is retransmitted by yy.yyy.yy.yyy[2070] (1).
      Sep 2 21:23:18 racoon: INFO: Adding xauth VID payload.
      Sep 2 21:23:18 racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
      Sep 2 21:23:18 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
      Sep 2 21:23:18 racoon: INFO: begin Aggressive mode.
      Sep 2 21:23:18 racoon: [Unknown Gateway/Dynamic]: INFO: respond new phase 1 negotiation: xx.xxx.xx.xx[500]<=>yy.yyy.yy.yyy[2070]
      Sep 2 21:23:14 racoon: INFO: generated policy, deleting it.
      Sep 2 21:22:53 racoon: ERROR: Message: '0 gm { ^ b ~F M C u] $ R! ObKd " 6 S Ed QPT 4Pr 8 p K1 sDZ { J[ d W C # % Bm b B r O m)$ aQ s v M'4 L jn _ j A_[ Tv q:|x 8 F9V 8< J ko y6c p }M d c + OyD' uj L1 &2 { '. Sep 2 21:22:53 racoon: ERROR: fatal INVALID-PAYLOAD-TYPE notify messsage, phase1 should be deleted. Sep 2 21:22:53 racoon: ERROR: Message: '1fy l . f Ty S 8 , ^ O b v l q V b w s 91 5 6g S O m~ > ' = >O % l e 'E D G " n f b < y R! /8 c fN E 9 0K Pk 8 k 8 ^ + B B '. Sep 2 21:22:53 racoon: ERROR: fatal INVALID-PAYLOAD-TYPE notify messsage, phase1 should be deleted. Sep 2 21:22:53 racoon: ERROR: Message: 'Rq~ r J%W ^ b ~F M C u] $ R! ObKd " 6 S Ed QPT 4Pr 8 p K1 sDZ { J[ d W C # % Bm b B rO m)$ aQ s v M'4 L jn _ j A_[ Tv q:|x 8 F9V 8< J ko y6c p }M d c + OyD' uj L1 &2 { '.
      Sep 2 21:22:53 racoon: ERROR: fatal INVALID-PAYLOAD-TYPE notify messsage, phase1 should be deleted.
      Sep 2 21:22:53 racoon: [Unknown Gateway/Dynamic]: ERROR: such policy does not already exist: "192.168.66.0/24[0] 192.168.66.160/32[0] proto=any dir=out"
      Sep 2 21:22:53 racoon: [Unknown Gateway/Dynamic]: ERROR: such policy does not already exist: "192.168.66.160/32[0] 192.168.66.0/24[0] proto=any dir=in"
      Sep 2 21:22:53 racoon: [Unknown Gateway/Dynamic]: INFO: IPsec-SA established: ESP xx.xxx.xx.xx[0]->yy.yyy.yy.yyy[0] spi=4294268717(0xfff5572d)
      Sep 2 21:22:53 racoon: [Unknown Gateway/Dynamic]: INFO: IPsec-SA established: ESP yy.yyy.yy.yyy[0]->xx.xxx.xx.xx[0] spi=73332466(0x45ef6f2)
      Sep 2 21:22:52 racoon: [Unknown Gateway/Dynamic]: NOTIFY: the packet is retransmitted by yy.yyy.yy.yyy[500] (1).
      Sep 2 21:22:52 racoon: [Unknown Gateway/Dynamic]: WARNING: the packet retransmitted in a short time from yy.yyy.yy.yyy[500]
      Sep 2 21:22:52 racoon: [Unknown Gateway/Dynamic]: NOTIFY: the packet is retransmitted by yy.yyy.yy.yyy[500] (1).
      Sep 2 21:22:52 racoon: [Unknown Gateway/Dynamic]: WARNING: the packet retransmitted in a short time from yy.yyy.yy.yyy[500]
      Sep 2 21:22:52 racoon: [Unknown Gateway/Dynamic]: NOTIFY: the packet is retransmitted by yy.yyy.yy.yyy[500] (1).
      Sep 2 21:22:52 racoon: [Unknown Gateway/Dynamic]: INFO: no policy found, try to generate the policy : 192.168.66.160/32[0] 192.168.66.0/24[0] proto=any dir=in
      Sep 2 21:22:52 racoon: WARNING: ignore INITIAL-CONTACT notification, because it is only accepted after phase1.
      Sep 2 21:22:52 racoon: [Unknown Gateway/Dynamic]: INFO: respond new phase 2 negotiation: xx.xxx.xx.xx[0]<=>yy.yyy.yy.yyy[0]
      Sep 2 21:22:51 racoon: [Unknown Gateway/Dynamic]: INFO: ISAKMP-SA established xx.xxx.xx.xx[500]-yy.yyy.yy.yyy[500] spi:db2cb00b07d7e1da:ddc923f25fc7f1b9
      Sep 2 21:22:49 racoon: [Unknown Gateway/Dynamic]: NOTIFY: the packet is retransmitted by yy.yyy.yy.yyy[500] (1).
      Sep 2 21:22:49 racoon: INFO: Adding xauth VID payload.
      Sep 2 21:22:49 racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt

      The IKE ID and PSK are identical on the phone and in PF, as are the IKE parameters and IPSEC parameters.

      Looking at the log above, is there anything that stands out as the problem ?

      What does invalid payload type mean ?

      Thanks

      1 Reply Last reply Reply Quote 0
      • T
        tempus6
        last edited by

        Did you ever figure this out?

        1 Reply Last reply Reply Quote 0
        • K
          kholladay
          last edited by

          I'm having the same issue.  Would love to know if anyone has made this work.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.