Ipsec Error Failed To Get Sainfo
Contents |
« previous next » Print Pages: [1] Go Down Author Topic: Failed to get sainfo - Sonicwall NSA240 (Read 17146 times) 0 Members and 1 Guest are viewing this topic. geewhz01 failed to get sainfo meraki Jr. Member Posts: 67 Karma: +0/-0 Failed to get sainfo - Sonicwall
Failed To Pre-process Ph2 Packet
NSA240 « on: December 03, 2008, 01:52:38 pm » I have a tunnel setup to a NSA240 that comes phase1 negotiation failed due to time up mikrotik up but does not work. I have other Sonicwall devices connected with no problem but it appears this new unit must be a little different in how they are handling error: exchange identity protection not allowed in any applicable rmconf. ipsec. On the pfsense 1.21 box it shows:Dec 3 14:48:11 racoon: ERROR: failed to pre-process packet.Dec 3 14:48:11 racoon: ERROR: failed to get sainfo.Dec 3 14:48:11 racoon: ERROR: failed to get sainfo.Dec 3 14:48:11 racoon: [Royal Sonic]: INFO: respond new phase 2 negotiation: X.X.X.X[0]<=>X.X.X.X[0]Dec 3 14:47:55 racoon: ERROR: failed to pre-process packet.Dec 3 14:47:55 racoon: ERROR: failed to get sainfo.Dec
Phase1 Negotiation Failed Due To Send Error
3 14:47:55 racoon: ERROR: failed to get sainfo.Dec 3 14:47:55 racoon: [Royal Sonic]: INFO: respond new phase 2 negotiation: X.X.X.X[0]<=>X.X.X.X[0]On the Sonic box it shows:12/03/2008 11:49:49.368InfoVPN IKEIKE Initiator: Start Quick Mode (Phase 2).I have the lifetimes set for 28800 on both boxes on Phase 1 and 2. Both boxes show the tunnel as up but I can't pass any traffic across the vpn.Any ideas?Thanks,Andy Logged geewhz01 Jr. Member Posts: 67 Karma: +0/-0 Re: Failed to get sainfo - Sonicwall NSA240 « Reply #1 on: December 04, 2008, 07:08:38 pm » What I have found is that even though I have the interface of the vpn setup for my 1st carp address and the remote end setup to connect to the carp address that it doesn't work. The Sonicwall sees the packets coming from the carp address but inside the packet it's showing my wan address. The only way I can get this to connect is via the wan address. Is it not possible to use a carp address for the vpn connections or am I missing something else?Andy Logged brbubb
AdministrationSite-to-site VPNAccess Control and Splash PageCellularClient VPNContent Filtering and Threat ProtectionDeployment GuidesDHCPFirewall and Traffic ShapingGroup Policies and BlacklistingInstallation GuidesMonitoring and ReportingMX Quick StartNAT and Port pfsense ipsec firewall rules ForwardingNetworks and RoutingOther TopicsSite-to-site VPNWirelessZ1 Quick StartTroubleshooting Non-Meraki Site-to-site received no_proposal_chosen error notify VPN PeersAutomatic NAT Traversal for IPsec Tunneling between Cisco Meraki PeersCisco ASA Site-to-site
Meraki Phase1 Negotiation Failed Due To Send Error
VPN with MX SeriesConfiguring Cisco 2811 router for Site-to-site VPN with MX Series Appliance using the Command Line InterfaceConfiguring Cisco ASA for https://forum.pfsense.org/index.php?topic=12934.0 Site-to-site VPN with MX Series Appliances using the Command Line InterfaceConfiguring Hub-and-spoke VPN Connections on the MX Security ApplianceConfiguring Site-to-site VPN between MX Appliances in Different OrganizationsConfiguring Site-to-site VPN over MPLSCustom IPsec policies with Site-to-site VPNIPsec VPN LifetimesMX to Sonicwall Site-to-Site VPN SetupNetgear Prosafe Site-to-site https://documentation.meraki.com/MX-Z/Site-to-site_VPN/Troubleshooting_Non-Meraki_Site-to-site_VPN_Peers VPN with MX SeriesOne-Armed VPN Concentrator Deployment GuideSite-to-site Firewall Rule behaviorSite-to-Site VPN Failover BehaviorSite-to-site VPN SettingsSmall Remote or Home Office VPN OptionsSubnetting large-scale Z1 deployments for route summarizationTroubleshooting Automatic NAT Traversal for Meraki Auto-VPNTroubleshooting Non-Meraki Site-to-site VPN PeersTroubleshooting VPN Registration for Meraki Auto-VPNUplink Used For Site-to-Site VPNUsing OSPF to Advertise Remote VPN SubnetsUsing VPN Translation With Overlapping SubnetsVPN Status Blank when Site-to-Site VPN is WorkingWatchguard XTM Site-to-site VPN with MX Series Home > Security Appliances > Site-to-site VPN > Troubleshooting Non-Meraki Site-to-site VPN Peers Troubleshooting Non-Meraki Site-to-site VPN Peers Table of contentsCisco Meraki VPN Settings and RequirementsTroubleshooting with the Event LogEvent Log: "no-proposal-chosen received" (Phase 1)Event Log: "no-proposal-chosen received" (Phase 2)Event Log: "failed to pre-process ph2 packet/failed to get sainfo"Event Log: "invalid flag 0x08"Event Log: "exchange Aggressive not allowed in any applicable rmconf"Eve
get sainfo" From: Marc Haber