Phase 1 Negotiation failed due to time up



  • I've been at this for sometime now and I can't seem to figure out how to fix this.  This a PoC for tunneling between a branch and the HQ after which we will be trying to connect about a dozen tunnels to the HQ.

    The details of the connection are EXACTLY the same (I've checked it about a dozen times already) here they are:

    HQ - Phase 1

    Negotiation mode             Main
    My identifier             My IP Address (blank)
    Encryption algorithm     3DES
    Hash algorithm             MD5 (I'd prefer SHA-1 but anything to make a connection at the moment)
    DH key group             2
    Lifetime                     86400 seconds
    Authentication method     Pre-Shared Key
    Pre-Shared Key             (Trust me, its the same on both sides)

    HQ - Phase 2

    Protocol                 AH
    Encryption algorithms 3DES
    Hash algorithms MD5
    PFS key group off
    Lifetime              3600

    Branch - Phase 1

    Negotiation mode             Main
    My identifier             My IP Address (blank)
    Encryption algorithm     3DES
    Hash algorithm             MD5
    DH key group             2
    Lifetime                     86400 seconds
    Authentication method     Pre-Shared Key
    Pre-Shared Key             (Yep, still the same here)

    Branch - Phase 2

    Protocol                 AH
    Encryption algorithms 3DES
    Hash algorithms MD5
    PFS key group off
    Lifetime              3600

    This exercise just double checked (for the umpteenth time) that both details one either branch are the same. What's Ironic is that I'm monitoring both firewalls at the same time because I've VPNed (PPTP) to both sites to make sure that they're one and the same.

    I've tried ESP and AH (Currently AH but this needs to be moved to ESP as soon as the PoC works).  Both sides operate on pfSense 1.2.3

    If anyone can shed light on this, I'll be VERY grateful.

    Cheers,
    SM


Log in to reply