ich verzweifle gerade etwas bei der Einrichtung einer S2S IPSEC Verbindung via IKEv1. Die Gegenstelle zum LANCOM Router ist eine Securepoint Firewall. Ich habe alle Parameter mehrfach geprüft. ID, PSK, Proposals, Lifetimes, Modi, etc.
Ich weiß ehrlich nicht mehr weiter. :/ Vielleicht kann jemand anhand des Trace einen Ansatzpunkt geben.
Code: Alles auswählen
[VPN-IKE] 2023/11/26 10:16:28,354
[<UNKNOWN>] Received packet:
IKE 1.0 Header:
Source/Port : SECUREPOINT_IP:500
Destination/Port : LANCOM_IP:500
Routing-tag : 0
Com-channel : 0
| Initiator cookie : E7 93 2A 19 40 C1 8B 66
| Responder cookie : 00 00 00 00 00 00 00 00
| Next Payload : SA
| Version : 1.0
| Exchange type : ID_PROT
| Flags : 0x00
| Msg-ID : 0
| Length : 240 Bytes
SA Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 116 Bytes
| DOI : 1
| Situation : 1
| PROPOSAL Payload
| | Next Payload : NONE
| | Reserved : 0x00
| | Length : 104 Bytes
| | Proposal number : 1
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 3
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 36 Bytes
| | | Transform# : 1
| | | Transform ID : KEY_IKE
| | | Reserved2 : 0x0000
| | | Attribute 0
| | | | Type : Basic, ENCRYPTION_ALGORITHM
| | | | Value : 7
| | | Attribute 1
| | | | Type : Basic, KEY_LENGTH
| | | | Value : 128
| | | Attribute 2
| | | | Type : Basic, HASH_ALGORITHM
| | | | Value : 4
| | | Attribute 3
| | | | Type : Basic, GROUP_DESCRIPTION
| | | | Value : 14
| | | Attribute 4
| | | | Type : Basic, AUTHENTICATION_METHOD
| | | | Value : 1
| | | Attribute 5
| | | | Type : Basic, LIFE_TYPE
| | | | Value : 1
| | | Attribute 6
| | | | Type : Basic, LIFE_DURATION
| | | | Value : 3600
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 36 Bytes
| | | Transform# : 2
| | | Transform ID : KEY_IKE
| | | Reserved2 : 0x0000
| | | Attribute 0
| | | | Type : Basic, ENCRYPTION_ALGORITHM
| | | | Value : 7
| | | Attribute 1
| | | | Type : Basic, KEY_LENGTH
| | | | Value : 128
| | | Attribute 2
| | | | Type : Basic, HASH_ALGORITHM
| | | | Value : 4
| | | Attribute 3
| | | | Type : Basic, GROUP_DESCRIPTION
| | | | Value : 19
| | | Attribute 4
| | | | Type : Basic, AUTHENTICATION_METHOD
| | | | Value : 1
| | | Attribute 5
| | | | Type : Basic, LIFE_TYPE
| | | | Value : 1
| | | Attribute 6
| | | | Type : Basic, LIFE_DURATION
| | | | Value : 3600
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 24 Bytes
| | | Transform# : 3
| | | Transform ID : KEY_IKE
| | | Reserved2 : 0x0000
| | | Attribute 0
| | | | Type : Basic, GROUP_DESCRIPTION
| | | | Value : 19
| | | Attribute 1
| | | | Type : Basic, AUTHENTICATION_METHOD
| | | | Value : 1
| | | Attribute 2
| | | | Type : Basic, LIFE_TYPE
| | | | Value : 1
| | | Attribute 3
| | | | Type : Basic, LIFE_DURATION
| | | | Value : 3600
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 12 Bytes
| Vendor ID : 09 00 26 89 DF D6 B7 12
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : AF CA D7 13 68 A1 F1 C9 6B 86 96 FC 77 57 01 00
<Unknown 43> Payload
| Next Payload : VENDOR
| CRITICAL : NO
| Reserved : 0x00
| Length : 24 Bytes
| Vendor ID : 40 48 B7 D5 6E BC E8 85 25 E7 DE 7F 00 D6 C2 D3
| 80 00 00 00
VENDOR Payload
| Next Payload : VENDOR
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : 4A 13 1C 81 07 03 58 45 5C 57 28 F2 0E 95 45 2F
VENDOR Payload
| Next Payload : NONE
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : 90 CB 80 91 3E BB 69 6E 08 63 81 B5 EC 42 7B 1F
[VPN-Status] 2023/11/26 10:16:28,355
IKE info: Phase-1 negotiation failed: no configuration found for incoming peer SECUREPOINT_IP
[VPN-Debug] 2023/11/26 10:16:28,355
LCVPEI: IKE-R-No-rule-matched-ID
[VPN-Debug] 2023/11/26 10:16:28,355
QUB-DATA: LANCOM_IP:500<---SECUREPOINT_IP:500 rtg_tag 0 physical-channel WAN(1)
transport: [id: 7701, UDP (17) {incoming unicast, fixed source address}, dst: SECUREPOINT_IP, tag 0 (U), src: LANCOM_IP, hop limit: 64, DSCP: CS6, ECN: Not-ECT, pmtu: 1492, iface: INTERNET (5)], local port: 500, remote port: 500
Counting consumed licenses by active channels...
Consumed connected licenses : 0
Negotiating connections : 0
IKE negotiations : 0
MPPE connections : 0
LTA licenses : 0
Licenses in use : 0 < 5
+Passive connection request accepted (43 micro seconds)
IKE-TRANSPORT freed