Pfsense Racoon Error Failed To Get Proposal For Responder
Contents |
« previous next » Print Pages: [1] Go Down Author Topic: Failed to get sainfo - Sonicwall NSA240 (Read 17177 times) 0 Members and 2 Guests are viewing this topic. geewhz01 Jr. Member Posts: 67 Karma: +0/-0 Failed to get sainfo
Pfsense Ipsec Firewall Rules
- Sonicwall NSA240 « on: December 03, 2008, 01:52:38 pm » I have a msg: failed to get sainfo. tunnel setup to a NSA240 that comes up but does not work. I have other Sonicwall devices connected with no problem strongswan received no_proposal_chosen error notify but it appears this new unit must be a little different in how they are handling ipsec. On the pfsense 1.21 box it shows:Dec 3 14:48:11 racoon: ERROR: failed to pre-process packet.Dec 3 14:48:11 racoon:
Error: Notification No-proposal-chosen Received In Informational Exchange.
ERROR: failed to get sainfo.Dec 3 14:48:11 racoon: ERROR: failed to get sainfo.Dec 3 14:48:11 racoon: [Royal Sonic]: INFO: respond new phase 2 negotiation: X.X.X.X[0]<=>X.X.X.X[0]Dec 3 14:47:55 racoon: ERROR: failed to pre-process packet.Dec 3 14:47:55 racoon: ERROR: failed to get sainfo.Dec 3 14:47:55 racoon: ERROR: failed to get sainfo.Dec 3 14:47:55 racoon: [Royal Sonic]: INFO: respond new phase 2 negotiation: X.X.X.X[0]<=>X.X.X.X[0]On the Sonic box it shows:12/03/2008 11:49:49.368InfoVPN IKEIKE Initiator: Start
Id_prot Request With Message Id 0 Processing Failed
Quick Mode (Phase 2).I have the lifetimes set for 28800 on both boxes on Phase 1 and 2. Both boxes show the tunnel as up but I can't pass any traffic across the vpn.Any ideas?Thanks,Andy Logged geewhz01 Jr. Member Posts: 67 Karma: +0/-0 Re: Failed to get sainfo - Sonicwall NSA240 « Reply #1 on: December 04, 2008, 07:08:38 pm » What I have found is that even though I have the interface of the vpn setup for my 1st carp address and the remote end setup to connect to the carp address that it doesn't work. The Sonicwall sees the packets coming from the carp address but inside the packet it's showing my wan address. The only way I can get this to connect is via the wan address. Is it not possible to use a carp address for the vpn connections or am I missing something else?Andy Logged brbubba Newbie Posts: 3 Karma: +0/-0 Re: Failed to get sainfo - Sonicwall NSA240 « Reply #2 on: January 11, 2009, 09:59:03 am » Quote from: geewhz01 on December 04, 2008, 07:08:38 pmWhat I have found is that even though I have the interface of the vpn setup for my 1st carp address and the remote end set
AdministrationSite-to-site VPNAccess Control and Splash PageCellularClient VPNContent Filtering and Threat ProtectionDeployment GuidesDHCPFirewall and Traffic ShapingGroup Policies and BlacklistingInstallation GuidesMonitoring and ReportingMX Quick StartNAT and Port ForwardingNetworks and failed to pre-process ph2 packet RoutingOther TopicsSite-to-site VPNWirelessZ1 Quick StartTroubleshooting Non-Meraki Site-to-site VPN PeersAutomatic
Invalid Hash_v1 Payload Length, Decryption Failed?
NAT Traversal for IPsec Tunneling between Cisco Meraki PeersCisco ASA Site-to-site VPN with MX error: exchange identity protection not allowed in any applicable rmconf. SeriesConfiguring Cisco 2811 router for Site-to-site VPN with MX Series Appliance using the Command Line InterfaceConfiguring Cisco ASA for Site-to-site VPN with MX Series https://forum.pfsense.org/index.php?topic=12934.0 Appliances using the Command Line InterfaceConfiguring Hub-and-spoke VPN Connections on the MX Security ApplianceConfiguring Site-to-site VPN between MX Appliances in Different OrganizationsConfiguring Site-to-site VPN over MPLSCustom IPsec policies with Site-to-site VPNIPsec VPN LifetimesMX to Sonicwall Site-to-Site VPN SetupNetgear Prosafe Site-to-site VPN with MX SeriesOne-Armed VPN Concentrator Deployment https://documentation.meraki.com/MX-Z/Site-to-site_VPN/Troubleshooting_Non-Meraki_Site-to-site_VPN_Peers GuideSite-to-site Firewall Rule behaviorSite-to-Site VPN Failover BehaviorSite-to-site VPN SettingsSmall Remote or Home Office VPN OptionsSubnetting large-scale Z1 deployments for route summarizationTroubleshooting Automatic NAT Traversal for Meraki Auto-VPNTroubleshooting Non-Meraki Site-to-site VPN PeersTroubleshooting VPN Registration for Meraki Auto-VPNUplink Used For Site-to-Site VPNUsing OSPF to Advertise Remote VPN SubnetsUsing VPN Translation With Overlapping SubnetsVPN Status Blank when Site-to-Site VPN is WorkingWatchguard XTM Site-to-site VPN with MX Series Home > Security Appliances > Site-to-site VPN > Troubleshooting Non-Meraki Site-to-site VPN Peers Troubleshooting Non-Meraki Site-to-site VPN Peers Table of contentsCisco Meraki VPN Settings and RequirementsTroubleshooting with the Event LogEvent Log: "no-proposal-chosen received" (Phase 1)Event Log: "no-proposal-chosen received" (Phase 2)Event Log: "failed to pre-process ph2 packet/failed to get sainfo"Event Log: "invalid flag 0x08"Event Log: "exchange Aggressive not allowed in any applicable rmconf"Event Log: "exchange Identity Protection not allowed in any applicable rmconf."Event Log: "phase1 n
Visited Search Results View More Blog Recent Blog Posts View More Photos Recent Photos My Favorites View More Photo Galleries https://forum.fortinet.com/tm.aspx?m=119677 PMs Unread PMs Inbox Send New PM View More Page Extras Menu Forum Themes Elegant Mobile Member ListOnline User ListUser Groups Videos, Cookbook, KBVideo LibraryKnowledge BaseFortinet Cookbook Home » All Forums » [Other FortiGate and FortiOS Topics] » VPN » vpn ipsec between Fortigate 5.2.2 and pfSense Mark Thread UnreadFlat Reading Mode❐ Answeredvpn ipsec between Fortigate failed to 5.2.2 and pfSense Author Post Essentials Only Full Version amatteo78 New Member Total Posts : 13 Scores: 0 Reward points: 0 Joined: 2014/11/24 15:54:20 Status: offline 2015/02/01 04:21:58 (permalink) 0 vpn ipsec between Fortigate 5.2.2 and pfSense Hello,I try in every mode to come up vpn tunnel between Fortigate with 5.2.2 and pfSense, I receive error before failed to get phase 1, with message "ignoring ike request, no policy configured" but I check 100 times... every is correct on both side. This is first time I do vpn to pfSense, I have other vpn with Cisco and Watchguard without problem, then I try change pfSense with Sophos but same result, I know that both use vpn based on openswan.ThanksM. #1 See best answer 15 Replies Related Threads emnoc Expert Member Total Posts : 3757 Scores: 205 Reward points: 0 Joined: 2008/03/20 13:30:33 Status: offline Re: vpn ipsec between Fortigate 5.2.2 and pfSense 2015/02/01 06:42:46 (permalink) 0 On your fortigate I'm assuming interface mode, but the cfg is simple and straight-forward regardless. Just ensure you have correct policies on both sides and narrow the proposals to exact what you want.Just be careful of your policies and the ipsec configuration & proposals.You might get luckly on the pfSense side with; cat /var/etc/ipsec/racoon.conf your config should very similar.# This file is automatically generated. Do not editpath pre_shared_key "/var/etc/ipsec/psk.txt";path certificate "/var/etc/ipsec";listen{ adminsock "/var/db/racoon/racoon.s