Why I can't connet if I use main mode~!!!!
-
Why I can't connet if I use main mode~!!!!
Thank You Very Much!!!!Log file:
racoon: INFO: begin Identity Protection mode.
Feb 1 02:52:20 racoon: [pfsense_xmn]: INFO: respond new phase 1 negotiation: xxx.xxx.xx.xx[500]<=>xxx.xxx.xxx.xxx[500]
Feb 1 02:39:10 racoon: ERROR: phase1 negotiation failed due to time up. c4a04a025296c190:9ff4672d9e4528fc
Feb 1 02:39:10 racoon: ERROR: invalid ID payload.
Feb 1 02:39:10 racoon: ERROR: Expecting IP address type in main mode, but User_FQDN.
Feb 1 02:39:10 racoon: WARNING: ignore INITIAL-CONTACT notification, because it is only accepted after phase1.
Feb 1 02:19:38 racoon: ERROR: invalid ID payload.
Feb 1 02:19:38 racoon: ERROR: Expecting IP address type in main mode, but User_FQDN.
Feb 1 02:19:38 racoon: WARNING: ignore INITIAL-CONTACT notification, because it is only accepted after phase1 -
can you give us more information about your setup
-
I use diffferent firewall, one is pfsense, one is ZyXEL,
ZyXEL Config:
Encryption Algorithm: 3DES
Authentication Algorithm: MD5
SA Life Time (Seconds): 28800
Key Group: DH2
Pre-Shared Key: it is the key
Enable Replay Detection: Yes
Enable Multiple Proposals: Yespfsense Config:
Encryption algorithm: 3DES
Hash algorithm: MD5
DH key group: 2
Authentication method: Pre-shared Key
Pre-Shared Key: it is the key
Protocol: ESP
Encryption algorithms: 3DES
Hash algorithms: MD5
PFS key group: 2ps: if Aggressive, use same config, is ok~~~
-
Your log indicates mismatch identifier types. Can you to tell us about id type setup on both zyxel and pfsense sides?
-
both use "User FQDN" "abc@gmail.com" (the email address is ture)
-
I had issues with this also. I ended up using MY IP Address and it all worked
Good luck
-
True. Or you may wish to obtain a certificate of that FQDN and use certificate instead of PSK authentication.
IKE main mode with PSK allow id type = IP address only.
-
O…....thx!!!! when i use my IP address, is ok!!!!!!!
thank you very much