3 Replies Latest reply on Sep 29, 2011 4:50 PM by rcamm

    IPSEC error messages

    JohnsIsland

      Hello everyone,

       

      I am seeing the following error messages on a SG560U with ver 4.0.10:

       

      received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 
      Sep 29 13:37:42 pluto[978]: packet from (remote IP):500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] method set to=108 
      Sep 29 13:37:42 pluto[978]: packet from (remote IP):500: received Vendor ID payload [RFC 3947] method set to=109 
      Sep 29 13:37:42 pluto[978]: packet from (remote IP):500: ignoring Vendor ID payload [FRAGMENTATION c0000000]
      Sep 29 13:37:42 pluto[978]: packet from (remote IP):500: initial Main Mode message received on (local IP):500 but no connection has been authorized with policy=PSK

       

      The tunnel is up and as far as I can tell is passing traffic.  I can't VPN out to any of my usual connections.

       

      The IPSec MTU is set to 1024.  I thought this tunnel seemed to work better with a MTU lower than the maximum. 

       

      Does the last error message have to do with the packet filter rules, or perhaps more accurately the firewall level set during initial setup (quick setup)?  Is there any way to tell what the firewall level is set to in the quick setup?

       

      Thanks,

       

      Jeff

        • 1. Re: IPSEC error messages

          this message tells us that there is an incoming main mode ipsec connection attempt from an IP address we are not expecting a connection from.

          • 2. Re: IPSEC error messages
            JohnsIsland

            Ross,

             

            Thanks for the reply.

             

            I had Googled the error and found an explanation that indicated what you said, except for the policy  portion.  I checked the setup on both ends and as far as I can tell, it's correct--which might explain why the tunnel is working.  Both ends list the keying as Aggressive mode (IKE) and I am not sure if that is correct since it's saying Main Mode in the error.

             

            The remote unit is a 570 with 3.2.2, wondering if that has some bearing.

             

            Maybe I will delete both ends of the tunnel and recreate.

             

            Any other suggestions?

            • 3. Re: IPSEC error messages

              have you confirmed that the error messages relate to your remote unit, and not some other unit ?

               

              you should see an IP address the main mode connection log attempt that it is coming from...is that an IP you expect ?