cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 10
Report Inappropriate Content
Message 1 of 11

Sidewinder V8 VPN -invalid id information-

Jump to solution

Hi to everyone,

i'm testing the sidewinder version8 in a vmware.

I configured a vpn sa and tried to establish a connection with shrewsoft 2.1.5, 2.1.6 and safenet 10.8.5.

Now my Problem:

I only get the vpn established when the remote identity has only 1 character.

Otherwise i get the error:

information: [detailed info]
  [delete]
    protocol: IKE
    spi(16): |65b2f1cfe5def50a1e4f570e6b820412|
  [error]
    AGGRESSIVE_MODE exchange terminated - AGGRESSIVE_MODE exchange processing failed
  [error]
    AGGRESSIVE_MODE processing encountered error, exchange aborted
  [error]
    No IKE (phase 1) policy configured for peer
    [local gateway]
      IPV4_ADDR-x.x.x.x:500
    [remote gateway]
      IPV4_ADDR-x.x.x.x:992
    [remote identity]
      USER_FQDN-test@testdomain.com
  [notify]
    protocol: IKE, type: INVALID_ID_INFO

Does anybody know that problem?

regards

Seebvey

1 Solution

Accepted Solutions
Highlighted
Level 10
Report Inappropriate Content
Message 8 of 11

Re: Sidewinder V8 VPN -invalid id information-

Jump to solution

I wasn't lying when I said v8.0.1 would be out in the near future. It was just released this afternoon.

I just confirmed with the 'check updates' in the Admin Console that 8.0.1 is now available for download from the updates server.This is a maintenance release for v8.0 and contains many bug fixes (including the VPN issue)

If you are using Control Center v5 to manage your v8 firewalls you will have to install Control Center v500p2.

Release notes for v8.0.1 can be found here:

http://www.securecomputing.com/pdf/fe_801_rn_7002621A00_en-us.pdf

Hope the 8.0.1 release addresses your VPN issues.

View solution in original post

10 Replies
Highlighted

Re: Sidewinder V8 VPN -invalid id information-

Jump to solution

Hi,

I have simmilar issue. I reported it in incident 3-1094427781, I also have problem to give static IP to VPN users reported on incident 3-1098376539 few weeks ago. I still do not have a reply when it will be fixed.

Concerning the identity I discovered it only works with star - * which matches everything. I will try with single character identity too.

Regards

Highlighted
Level 10
Report Inappropriate Content
Message 3 of 11

Re: Sidewinder V8 VPN -invalid id information-

Jump to solution

What type of remote identity are you using? I believe 8.0.0 had a known issue with certain types of identities and character lengths. Certificate based VPN should still work. If this is the same issue it should be fixed in 8.0.1 which is due out very soon.

Highlighted

Re: Sidewinder V8 VPN -invalid id information-

Jump to solution

Could You say what are the identities problem in the blog or support to reply in the ticket number above? I really need to create more than one VPN with identities but I do not know what identities are working. I think we both talk to not certificate VPNs

Highlighted
Level 10
Report Inappropriate Content
Message 5 of 11

Re: Sidewinder V8 VPN -invalid id information-

Jump to solution

For technical details I would contact support on your ticket number. I just spoke with support and I believe this is the same issue that will be fixed in 8.0.1. The issue was related to remote identities that were of type E-mail, IP Address of Domain Name and longer than a single character. I believe DN should still work, or identities that are only 1 character. 8.0.1 will be available in the near future, but work with support for details or if you need a patch.

Highlighted
Level 10
Report Inappropriate Content
Message 6 of 11

Re: Sidewinder V8 VPN -invalid id information-

Jump to solution

hi dave and martin,

i haven´t tested with a certificate.

I  tested only with identities like these:

cert add id name=RID-001 fqdn=1
cert add id name=RID-003 fqdn=3
cert add id name=RID-002 fqdn=2

cert add id name=RID-SV email=test@test.com

The email id is working too when the vpn client is sending only the first character as id ("t").

So i hope that dave is right and 8.0.1. will solve this problem.

regards

Highlighted
Level 10
Report Inappropriate Content
Message 7 of 11

Re: Sidewinder V8 VPN -invalid id information-

Jump to solution

Yes, the issue is that the remote identities are being trunacted in the IKE.conf file, so only the first character of the string gets parsed correctly. I have confirmed that this is fixed in v8.0.1.

Highlighted
Level 10
Report Inappropriate Content
Message 8 of 11

Re: Sidewinder V8 VPN -invalid id information-

Jump to solution

I wasn't lying when I said v8.0.1 would be out in the near future. It was just released this afternoon.

I just confirmed with the 'check updates' in the Admin Console that 8.0.1 is now available for download from the updates server.This is a maintenance release for v8.0 and contains many bug fixes (including the VPN issue)

If you are using Control Center v5 to manage your v8 firewalls you will have to install Control Center v500p2.

Release notes for v8.0.1 can be found here:

http://www.securecomputing.com/pdf/fe_801_rn_7002621A00_en-us.pdf

Hope the 8.0.1 release addresses your VPN issues.

View solution in original post

Highlighted
Level 10
Report Inappropriate Content
Message 9 of 11

Re: Sidewinder V8 VPN -invalid id information-

Jump to solution

Hi,

i tested 8.0.1 and the problem is solved.

thanks and regards

seeebvey

Highlighted
Level 10
Report Inappropriate Content
Message 10 of 11

Re: Sidewinder V8 VPN -invalid id information-

Jump to solution

Thanks for posting your results. Glad to hear the issues are resolved with 8.0.1.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community