Locked out of webadmin. Help!

December 7, 2013, 3:07 pm

≫ Next: SSL OSX VPN troubleshooting

≪ Previous: Endpoint Protection

$

0

0

I changed my internal interface to a vlan, and now I am locked out of webadmin. What do I do?

My hardware is Astaro 110/220. Running v8.

The only other active interface is my cable modem. I also can't get in through the console. Never have been able to. Not sure why. It doesn't take my credentials.

And apparently I don't know how the vlan setup works.

---

SSL OSX VPN troubleshooting

December 8, 2013, 7:06 am

≫ Next: Astaro behind Router VPN IPSEC

≪ Previous: Locked out of webadmin. Help!

$

0

0

Good Morning,

I am trying to configure OSX (10.9) to connect back to Sophos UTM (9.106-17). I have tried playing around with the SSL module in UTM and have tried connecting using the Viscosity(openvpn) client. I am able to connect but receive the following errors (and cannot browse to the Internet or any local services when connected). In addition the tunnel periodically terminates then reestablishes itself every 1-2 minutes. Any thoughts or recommendations are greatly appreciated. I am also interested in what VPN client(s) this forum would recommend.

UTM Log:

2013:12:08-09:54:20 ISPa openvpn[3723]: remoteUser/10.x.x.x:53251 Authenticate/Decrypt packet error: cipher final failed

Client Log:

Dec 08 09:53:06: Viscosity OpenVPN Engine Started
Dec 08 09:53:06: Running on Mac OS X 10.9.0
Dec 08 09:53:06: ---------
Dec 08 09:53:06: Checking reachability status of connection...
Dec 08 09:53:07: Connection is reachable. Starting connection attempt.
Dec 08 09:53:10: OpenVPN 2.3.2 i386-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Jun 7 2013
Dec 08 09:53:30: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Dec 08 09:53:34: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Dec 08 09:53:34: UDPv4 link local: [undef]
Dec 08 09:53:34: UDPv4 link remote: [AF_INET]72.x.x.x:443
Dec 08 09:53:35: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1542', remote='link-mtu 1558'
Dec 08 09:53:35: WARNING: 'cipher' is used inconsistently, local='cipher BF-CBC', remote='cipher AES-256-CBC'
Dec 08 09:53:35: WARNING: 'keysize' is used inconsistently, local='keysize 128', remote='keysize 256'
Dec 08 09:53:35: [User-DynDNS.com] Peer Connection Initiated with [AF_INET]72.x.x.x:443
Dec 08 09:53:38: TUN/TAP device /dev/tun0 opened
Dec 08 09:53:38: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Dec 08 09:53:38: /sbin/ifconfig tun0 delete
Dec 08 09:53:38: NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
Dec 08 09:53:38: /sbin/ifconfig tun0 10.242.2.6 10.242.2.5 mtu 1500 netmask 255.255.255.255 up
Dec 08 09:53:38: Initialization Sequence Completed
Dec 08 09:53:48: Authenticate/Decrypt packet error: cipher final failed
Dec 08 09:53:58: Authenticate/Decrypt packet error: cipher final failed
Dec 08 09:54:08: Authenticate/Decrypt packet error: cipher final failed

Astaro behind Router VPN IPSEC

December 8, 2013, 8:13 am

≫ Next: [9.180][BUG]dns-resolver.pl memory problems

≪ Previous: SSL OSX VPN troubleshooting

$

0

0

How to set policy or NAT ?
If i set vpn at router front off Astaro firewall.
NAT or Policy only?

Customer ==>router vpn==>internet==>router vpn==>firewall==>Me

[9.180][BUG]dns-resolver.pl memory problems

December 8, 2013, 8:33 am

≫ Next: vdsl 50 an utm

≪ Previous: Astaro behind Router VPN IPSEC

$

0

0

Hi, I installed a clean 9.180 iso and imported backup from the earlier beta. I have noticed that the dns-resolver.pl uses extremely high amounts of ram. It starts out real small (around 10megs) but in a couple of days reaches 100s of megabytes.
Sorry, I didn't see any errors in the system logs or confd log to narrow down the problem.
Screenshots attached
1. dns-resolver.pl after restart (/var/mdw/scripts/dns-resolver restart) and
2. after a few days of usage

Regards
Bill

P.S. I will update to 9.185 and see if the problem is still there.

Attached Images

	dns3.jpg (99.0 KB)
	dns1.JPG (89.1 KB)

vdsl 50 an utm

December 8, 2013, 8:50 am

≫ Next: There are no such firewall rules defined.

≪ Previous: [9.180][BUG]dns-resolver.pl memory problems

$

0

0

Hallo,

Hat jemand einen Tipp welches modem ich nutzen kann um einen vdsl 50 anschluss annex j direkt an die utm zu binden?

Bisher nutze ich eine fritzbox als router davor. eigentlich möchte ich eine direkte verbindung, da die fritzbox in der aktuellen Firmware nicht mehr als modem funktioniert.

Aber ich finde kein modem dafür. Bin ich der einzige der so ein Problem hat ??

There are no such firewall rules defined.

December 8, 2013, 9:14 am

≫ Next: ssl vpn and admin right on win 7

≪ Previous: vdsl 50 an utm

$

0

0

Under Network Protection>Firewall>Rules, when I try to list the Automatic Firewall Rules, I get error "There are no such firewall rules defined."
Hopefully this is a bug that will get quickly fixed.

Thanks, Don

ssl vpn and admin right on win 7

December 8, 2013, 9:59 am

≫ Next: [9.185][BUG]Changing AV Scanners cause memory spikes in http proxy and cssd

≪ Previous: There are no such firewall rules defined.

$

0

0

hello,

I use utm sophos 9.1 (last release) and windows 7 with local standard user.

When i run ssl sophos vpn, access to server don't work because i have a route problem due to admin right with route.exe

what is the solution ?

The link 'Installing Astaro SSL VPN client under Windows 7 without full administrative user rights' don't work
404 - Sophos
http://www.sophos.com/en-us/support/...00/115949.aspx
thanks
regards

[9.185][BUG]Changing AV Scanners cause memory spikes in http proxy and cssd

December 8, 2013, 10:41 am

≫ Next: LAN an RED50 nicht erreichbar

≪ Previous: ssl vpn and admin right on win 7

$

0

0

Hi, I am using single scan (sophos) for my system. I also have endpoint protection enabled.
Screenshots
1. Initial http proxy memory usage with sophos as av scan engine.

2. If however I change scan settings (screenshot2) from sophos to avira, http starts using a lot more memory (screenshot 3). Also notice the cssd daemon using an additional 60 megs or so.

3.Changing the scan settings back to sophos doesn't fix the problem in http proxy. In fact, it increases the ram usage even more. CSSD daemon however goes back to normal (screenshot 4)

Any further toggling doesn't change the usage after this point. However that is about 400+ megs just for changing the av scanner:eek:

Regards
Bill

Attached Images

	sophosinitial.jpg (88.8 KB)
	settings.jpg (55.4 KB)
	sophos_to_avira.jpg (76.7 KB)
	avira_to_sophos.JPG (92.4 KB)

---

LAN an RED50 nicht erreichbar

December 8, 2013, 1:54 pm

≫ Next: Kind of a delay before opening webpages

≪ Previous: [9.185][BUG]Changing AV Scanners cause memory spikes in http proxy and cssd

$

0

0

Hallo,
ich hab wieder einmal ein Problem mit einer RED50 und bin schon ein wenig enttäuscht über diese neue Hardware; die RED10 läuft definitiv stabiler.
Folgendes Problem: In einer Aussenstelle steht eine RED50 die mit einem VPN-Tunnel an eine UTM120 angebunden ist.
Der Tunnel steht, die LAN-Schnittstelle der RED50 kann ich anpingen, aber alles dahinter mit fester IP-Adresse ist nicht erreichbar. Die LAN-Schnittstellen hab ich schon mal komplett durchprobiert --> kein Erfolg.
Den Zugang zur RED50 hab ich auch schon mehrmals neu aufgesetzt; der Tunnel wird immer wieder schön aufgebaut, aber Zugriff auf Geräte an der LAN-Schnitstelle sind nicht möglich bzw. die Geräte sind nicht erreichbar.
Auf der UTM ist die Version 9.106-17 installiert.
Ist dieses Problem irgendwie schon mal aufgetreten bzw. bekannt?
Ich weiß im Moment nicht mehr weiter und werde übergangsweise eine RED10 dort aufstellen --> die funtkioniert :-)

mfg.
Hartmut

Kind of a delay before opening webpages

December 9, 2013, 12:16 am

≫ Next: IPSec problems after modem change

≪ Previous: LAN an RED50 nicht erreichbar

$

0

0

This weekend my ISP upgraded my connection to 150Mbps down / 15Mbps up.
That of course is great, but unfortunately I had to use another modem for this which they also sent me.
The modem is a Cisco EPC3928AD. It looks like it's not possible to configure this device as a bridge so I may be stucked with my UTM behind this NAT device.
I have already given my UTM a static IP in the range of the modem and setup the modem to use this address as a DMZ but some strange things are happening:

One of these problems is that when opening webpages it takes several seconds (4-20) before anything starts to happen and then all of a sudden the pages load very quickly.
I don't see anything suspicious in firewall, IPS or webfiltering logs which would explain this.

I'm using UTM 9.2 beta 9.185-3 but these problems weren't there before my ISP upgraded my connection so I don't yet suspect the beta firmware to be the culprit.

IPSec problems after modem change

December 9, 2013, 12:37 am

≫ Next: utm proxy refrencing external proxy

≪ Previous: Kind of a delay before opening webpages

$

0

0

Last week my ISP sent me a new modem and I have installed it this weekend. It's a Cisco EPC3928AD that doesn't seem to allow bridge-mode (at least I cannot find it in the config pages). It starts to look like I have to put my UTM behind a NAT device.
So for now I have given my UTM a fixed IP-address and setup the modem to use that IP-addres as DMZ address.
After that only 1 of 3 IPSec connections came back up. The 2 not re-establishing are both UTM's using RSA authentication, the other one is a PSK site-to-site connection to a Sonicwall firewall device.
For now I was able to switch to SSL site-to-site for the other 2 connections, but I would rather switch back to IPSEC.
Here's part of the log file from one of these attempts (log file is from my own UTM)

Code:

---

2013:12:08-10:14:06 utm pluto[19106]: listening for IKE messages
2013:12:08-10:14:06 utm pluto[19106]: adding interface tun1/tun1 10.242.2.46:500
2013:12:08-10:14:06 utm pluto[19106]: adding interface tun1/tun1 10.242.2.46:4500
2013:12:08-10:14:06 utm pluto[19106]: forgetting secrets
2013:12:08-10:14:06 utm pluto[19106]: loading secrets from "/etc/ipsec.secrets"
2013:12:08-10:14:06 utm pluto[19106]:  loaded PSK secret for 172.16.178.2 188.x.y.z
2013:12:08-10:14:06 utm pluto[19106]: forgetting secrets
2013:12:08-10:14:06 utm pluto[19106]: loading secrets from "/etc/ipsec.secrets"
2013:12:08-10:14:06 utm pluto[19106]:  loaded PSK secret for 172.16.178.2 188.x.y.z
2013:12:08-10:14:06 utm pluto[19106]: loading ca certificates from '/etc/ipsec.d/cacerts'
2013:12:08-10:14:06 utm pluto[19106]:  loaded ca certificate from '/etc/ipsec.d/cacerts/REF_CaSigVpnSigniCa.pem'
2013:12:08-10:14:06 utm pluto[19106]:  loaded ca certificate from '/etc/ipsec.d/cacerts/REF_CaVerStartVerifCa2.pem'
2013:12:08-10:14:06 utm pluto[19106]:  loaded ca certificate from '/etc/ipsec.d/cacerts/REF_CaVerStartVerifCa.pem'
2013:12:08-10:14:06 utm pluto[19106]: loading aa certificates from '/etc/ipsec.d/aacerts'
2013:12:08-10:14:06 utm pluto[19106]: loading ocsp certificates from '/etc/ipsec.d/ocspcerts'
2013:12:08-10:14:06 utm pluto[19106]: loading attribute certificates from '/etc/ipsec.d/acerts'
2013:12:08-10:14:06 utm pluto[19106]: Changing to directory '/etc/ipsec.d/crls'
2013:12:08-10:14:06 utm ipsec_starter[19100]: no default route - cannot cope with %defaultroute!!!
2013:12:08-10:14:06 utm pluto[19106]: added connection description "S_REF_IpsSitAceLummen_0"
2013:12:08-10:14:06 utm pluto[19106]: "S_REF_IpsSitAceLummen_0" #77: initiating Main Mode
2013:12:08-10:14:06 utm pluto[19106]: ERROR: "S_REF_IpsSitAceLummen_0" #77: sendto on eth1 to 81.x.y.z:500 failed in main_outI1. Errno 1: Operation not permitted
2013:12:08-10:14:06 utm pluto[19106]: added connection description "S_REF_IpsSitAceLummen_1"
2013:12:08-10:14:06 utm pluto[19106]: added connection description "S_REF_IpsSitAceLummen_2"
2013:12:08-10:14:16 utm pluto[19106]: "S_REF_IpsSitAceLummen_0" #77: received Vendor ID payload [strongSwan]
2013:12:08-10:14:16 utm pluto[19106]: "S_REF_IpsSitAceLummen_0" #77: ignoring Vendor ID payload [Cisco-Unity]
2013:12:08-10:14:16 utm pluto[19106]: "S_REF_IpsSitAceLummen_0" #77: received Vendor ID payload [XAUTH]
2013:12:08-10:14:16 utm pluto[19106]: "S_REF_IpsSitAceLummen_0" #77: received Vendor ID payload [Dead Peer Detection]
2013:12:08-10:14:16 utm pluto[19106]: "S_REF_IpsSitAceLummen_0" #77: received Vendor ID payload [RFC 3947]
2013:12:08-10:14:16 utm pluto[19106]: "S_REF_IpsSitAceLummen_0" #77: enabling possible NAT-traversal with method 3
2013:12:08-10:14:17 utm pluto[19106]: "S_REF_IpsSitAceLummen_0" #77: NAT-Traversal: Result using RFC 3947: i am NATed
2013:12:08-10:14:17 utm pluto[19106]: "S_REF_IpsSitAceLummen_0" #77: we don't have a cert
2013:12:08-10:14:17 utm pluto[19106]: "S_REF_IpsSitAceLummen_0" #77: ignoring informational payload, type INVALID_KEY_INFORMATION
2013:12:08-10:14:24 utm pluto[19106]: packet from 81.x.y.z:4500: ISAKMP version of ISAKMP Message has an unknown value: 0
2013:12:08-10:14:24 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification INVALID_MAJOR_VERSION to 81.x.y.z:4500
2013:12:08-10:14:24 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:24 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:24 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:24 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:24 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:24 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:24 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:24 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:24 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:24 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:24 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:24 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:24 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:24 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:24 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:24 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:24 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:24 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:24 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:24 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:24 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:24 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:24 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:24 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:24 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:24 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:25 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:26 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:27 utm pluto[19106]: "S_REF_IpsSitAceLummen_0" #77: discarding duplicate packet; already STATE_MAIN_I3
2013:12:08-10:14:27 utm pluto[19106]: "S_REF_IpsSitAceLummen_0" #77: next payload type of ISAKMP Hash Payload has an unknown value: 85
2013:12:08-10:14:27 utm pluto[19106]: "S_REF_IpsSitAceLummen_0" #77: malformed payload in packet
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:27 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:28 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:28 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:28 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:28 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:28 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:28 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:28 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:28 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:28 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:28 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500
2013:12:08-10:14:28 utm pluto[19106]: packet from 81.x.y.z:4500: length of ISAKMP Message is smaller than minimum
2013:12:08-10:14:28 utm pluto[19106]: packet from 81.x.y.z:4500: sending notification PAYLOAD_MALFORMED to 81.x.y.z:4500

etc.
etc.

---

Someone a clue on how I could make this work again?

utm proxy refrencing external proxy

December 9, 2013, 12:54 am

≫ Next: Location of the backup of config files.

≪ Previous: IPSec problems after modem change

$

0

0

Hi all,

Been trying to find out how to do this as I know you can do this with squid.

Is there any way to refrence another proxy server in the utm config and when it breaks disable the external and refrence only the internal?

Location of the backup of config files.

December 9, 2013, 12:56 am

≫ Next: DHCP Server mit UTM 9 separieren

≪ Previous: utm proxy refrencing external proxy

$

0

0

Hi,

I have UTM 9 running in a VM, problem is the disk that its running on has broken down. Right now i am only able to get into a shell on the astaro, some sort of maintenence shell. I am wondering if there is a path where he stores the backups he already made of the config file so i can try to get it off the vm.

thanks in advance.

DHCP Server mit UTM 9 separieren

December 9, 2013, 12:57 am

≫ Next: UTM9 Home User Endpoint-Protection für Mac

≪ Previous: Location of the backup of config files.

$

0

0

Hallo

Ich habe in meinem vorhandenen LAN (Netzwerk 192.168.120.0, DHCP-Server läuft auf einem Lancom 1611+ Router mit Adresse 192.168.120.1) eine Maschine mit ESXi 5.5 aufgesetzt.

Aus Sicht meines bestehenden LANs ist die ESXi Maschine unter 192.168.120.132 zu erreichen.

Auf der ESXi Maschine gibt es momentan 2 virtuelle Instanzen: Sophos UTM9 und ein Windows namens W7_Template.

Die Schnittstellen der UTM9 sind wie folgt definiert:
External (WAN) an eth1 [192.168.120.132/24], Default GW 192.168.120.1
Internal an eth0 [192.168.122.1/24]

Der UTM9 DHCP Server ist so parametrisiert:
Internal [Bereich 192.168.122.200 bis 192.168.122.239] DNS1: 192.168.122.1 Standatdgateway 192.168.122.1, WINS: 0.0.0.0

Mein Problem ist nun: in meinem LAN (192.168.120.0) antworten jetzt zwei DHCP Server auf DHCP Anfragen:
192.168.120.1 und
192.168.122.1

Beide DHCP Server antworten jetzt auch ebenso auf der virtuellen Maschine W7_Template auf DHCP Anfragen!

Meine Frage: wie muss ich die Sophos UTM9 konfigurieren, damit
* in meinem LAN nur der DHCP Server 192.168.120.1 Adressen zuteilt
* innerhalb der EXSi Maschine nur der Sophos UTM9 DHCP Server 192.168.122.1 Adressen zuteilt?

Über Eure Hilfe würde ich mich sehr freuen!

Danke und Gruss
Ben

PS: die UTM9 Firmware wird mit 9.106-17 als aktuell ausgewiesen

UTM9 Home User Endpoint-Protection für Mac

December 9, 2013, 1:25 am

≫ Next: Hardware for home firewall

≪ Previous: DHCP Server mit UTM 9 separieren

$

0

0

Hallo,

Habe mal eine Frage zur Endpoint-Protection.
Funktioniert das ganze auch für Mac?

Gruss

Marc

---

Hardware for home firewall

December 9, 2013, 1:39 am

≫ Next: Publishing Microsoft Remote Desktops Server Gateway with Sophos UTM

≪ Previous: UTM9 Home User Endpoint-Protection für Mac

$

0

0

Hello everyone
I have one virtualized UTM running at my current home but I am also planning to have one on a second location I live

Any suggestions for check hardware that does the job?

It should be low energy, 3 NiCs (two would work too using VLAN), silent (WAF required ;) ) and of course support activation off all UTM features (+ future new features), so not too slow.

Looking forward to hearing what you guys use at home

Best regards

Publishing Microsoft Remote Desktops Server Gateway with Sophos UTM

December 9, 2013, 2:35 am

≫ Next: Kein Flash auf diversen Seiten, obwohl nur Firewall-Modul aktiv

≪ Previous: Hardware for home firewall

$

0

0

Hello.

We had an old ISA Server from Microsoft to publish our Remotedesktopserver(-gateway) and replaced it now with a Sophos UTM 320 (FW 9.106-17). I’m not really a firewall professional, so I thought maybe there is someone in this forum who can take a look at my configuration and give me some advice if I did something wrong. I did the same before with my configuration of the Webserver in the DMZ and our Exchangeserver. I’m glad that a professional looked over it (http://www.astaro.org/gateway-produc...ophos-utm.html and http://www.astaro.org/gateway-produc...ophos-utm.html).
Hope that someone can have a look at this one too (this is the last service I migrated from the old ISA box, so the last post with this question). Thanks in advance.

It looks like you can’t use WAF for publishing a Remotedesktopservergateway. There are two feature request that I found: Web Application Security: Remote Desktop Support and Web Application Firewall: Remote Desktop Gateway support

I found also a post in the german forum (http://www.astaro.org/local-language...2k8-rdweb.html) and two in the English (http://www.astaro.org/closed-forums-...t-working.html and http://www.astaro.org/gateway-produc...p-gateway.html). In the first one the Astaro Beta Bot says that “The Mantis ID #25441 is now under investigation”.

So maybe in the future there is also the possibility to use the UTM as reverse proxy for the RD Gateway like it is working for Exchange now.
In the meantime I tried to configure it with a DNAT rule.

NAT
I created a DNAT rule with these settings: For traffic from: Any, Using Service: HTTPS, Going to: external Network Address, Change the destination to: Remotedesktopservergatewayserver.

Firewall
The firewall rule I added myself. Any -- > HTTPS -- > Remotedesktopservergateway.

IPS
Since the Server is in the local networks of the Intrusion Prevention the traffic should be secured by the Intrusion Prevention of the UTM.

I hope, I didn’t made something wrong and we’re safe. But I would feel more comfortable if someone of you could confirm this. Thanks.

Kein Flash auf diversen Seiten, obwohl nur Firewall-Modul aktiv

December 9, 2013, 3:17 am

≫ Next: Sophos Executive Report Top10 Client

≪ Previous: Publishing Microsoft Remote Desktops Server Gateway with Sophos UTM

$

0

0

Hallo zusammen,

ich bin neu hier und evaluiere seit letzter Woche eine UTM110 (später noch den passenden AP und eine RED) für mehrere (Klein-)Kunden, die fast alle von ISA-Server/TMG auf die UTM umsteigen sollen.

Was mir bisher sehr gut gefällt: Recht perfomantes Menü, sehr übersichtliche, relativ intuitive Konfiguration.
Was mir bisher nicht so gut gefällt: Ganz erheblicher Performanceverlust (ca. 78%) bei aktiviertem IPS-Modul (damit hatte ich ja gerechnet, aber 78% ist schon ne Menge), Signallaufzeit (Ping) bei aktiviertem Webfilter 250-300 ms, (deaktiverter Webfilter: 30 ms).

Genug geschwafelt, hier meine konkrete Frage:
Ich habe mehrere Kunden, die, sagen wir mal so, "Webseiten für anspruchsvolle Erwachsenen-Unterhaltung" :D regelmäßig aufsuchen.
Diese Seiten kann ich hinter der UTM zwar aufrufen, die dortigen (Flash-)Videos starten allerdings nicht.
Die besten technischen Werte der UTM nutzen mir in der Kundenargumentation nichts, wenn die Inhaber ihre Schmuddelseiten nicht mehr benutzen können. ;)

Ich habe die aktuelle Firmware installiert (9.106-17) und alle Module deaktiviert, bis auf "Firewall" und "Network Visibility".

Habt Ihr Tipps für mich, wie ich diese (Live-)Videos zum Laufen bekomme?

Herzlichen Dank im Voraus,
bfg

Sophos Executive Report Top10 Client

December 9, 2013, 4:50 am

≫ Next: SSL VPN Client

≪ Previous: Kein Flash auf diversen Seiten, obwohl nur Firewall-Modul aktiv

$

0

0

In the weekly Sophos Executive Report, Network Usage, Top10 Clients we see 2 IP-Adresses with over 8.500.000.000 Packets (see attached file). In the Firewall Logging & Reporting menu we can’t find any menu where the destination and ports of these packets are displayed. So we could not find out, what causes this amount of packets. Is there an easy way to find out what these clients are doing?

Attached Images

Sophos.JPG (16.6 KB)

SSL VPN Client

December 9, 2013, 6:47 am

≫ Next: AirServer/Airplay across Multiple VLANs

≪ Previous: Sophos Executive Report Top10 Client

$

0

0

Hello Supporters,
ich have a question about the SSL Client
IN the UTM i make the following records:
SSL
TCP
Port:4443
<hostname> as in the system
AES-128-CBC encoding
i take the certificate from the UTM Loacl X509 Cert.

When i try to connect i get the following message:

3 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Dec 09 15:44:01 2013 MANAGEMENT: >STATE:1386600241,RESOLVE,,,
Mon Dec 09 15:44:01 2013 Attempting to establish TCP connection with [AF_INET]<ip-adress>:4443 [nonblock]
Mon Dec 09 15:44:01 2013 MANAGEMENT: >STATE:1386600241,TCP_CONNECT,,,
Mon Dec 09 15:44:11 2013 TCP: connect to [AF_INET]<ip-adress>:4443 failed, will try again in 5 seconds: Das System hat versucht, einem Verzeichnis, das sich auf einem mit JOIN zugeordneten Laufwerk befindet, ein Laufwerk mit SUBST zuzuordnen.


( I try to translate: the system tried to connect to a directory that was used by a drive mapped from JOIN)

Mon Dec 09 15:44:16 2013 MANAGEMENT: >STATE:1386600256,RESOLVE,,,
Mon Dec 09 15:44:16 2013 MANAGEMENT: >STATE:1386600256,TCP_CONNECT,,,

What is the problem with that installation ?