Quantcast
Channel: Sophos User Bulletin Board
Viewing all articles
Browse latest Browse all 14361

Fehler: Mit Handy(Android) über VPN(IPSec) ins Netzwerk

$
0
0
Hallo Forum,

ich versuche grade eine Astaro Security Gateway V8 für einen VPN Zugriff über IPSec zu konfigurieren.
Verwendete Smartphones sind HTC One X und Samsung Galaxy Nexus.

Bei der Konfiguration habe ich mich an die Astaro VPN Remote Guide gehalten.

Mein Vorgehen:

1) Anlegen eines Testusers: vpntest
2) Network Services -> DNS -> hinzufügen des VPN Pool (L2TP) zu Allowed Networks
3) Erstellen einer Rule unter Network Security -> Firewall -> Source:VPN Pool (L2TP) -> Service: any -> Destination Internal (Network)
4) Anlegen einer IPSec remote access rule unter: Remote Access -> IPSec ->
a. Interface: External
b. Local Networks: Internal (Networks)
c. Virtual IP Pool: VPN Pool (IPSec)
d. Policy: AES-256
e. Auth. Type: PSK
f. Enable XAUTH: angehakt
g. Allowed users: vpntest



Die Verbindung kommt zustande, allerdings haben wir nur die Möglichkeit auf unser Netz zuzugreifen wenn „Local Network“ auf „Any“ steht. Wenn das „Local Network“ auf „Internal“ steht kommt es zu folgender Fehlermeldung:
2012:05:23-17:20:29 firewall pluto[15086]: packet from *.*.*.*:***: received Vendor ID payload [RFC 3947]
2012:05:23-17:20:29 firewall pluto[15086]: packet from *.*.*.*:***: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
2012:05:23-17:20:29 firewall pluto[15086]: packet from *.*.*.*:***: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2012:05:23-17:20:29 firewall pluto[15086]: packet from *.*.*.*:***: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
2012:05:23-17:20:29 firewall pluto[15086]: packet from *.*.*.*:***: received Vendor ID payload [XAUTH]
2012:05:23-17:20:29 firewall pluto[15086]: packet from *.*.*.*:***: ignoring Vendor ID payload [Cisco-Unity]
2012:05:23-17:20:29 firewall pluto[15086]: packet from *.*.*.*:***: ignoring Vendor ID payload [FRAGMENTATION 80000000]
2012:05:23-17:20:29 firewall pluto[15086]: packet from *.*.*.*:***: received Vendor ID payload [Dead Peer Detection]
2012:05:23-17:20:29 firewall pluto[15086]: "D_Android Remote Access"[1] *.*.*.*:*** #651: responding to Main Mode from unknown peer *.*.*.*:***
2012:05:23-17:20:29 firewall pluto[15086]: "D_Android Remote Access"[1] *.*.*.*:*** #651: NAT-Traversal: Result using RFC 3947: no NAT detected
2012:05:23-17:20:30 firewall pluto[15086]: "D_Android Remote Access"[1] *.*.*.*:*** #651: Peer ID is ID_IPV4_ADDR: '*.*.*.*:***'
2012:05:23-17:20:30 firewall pluto[15086]: "D_Android Remote Access"[1] *.*.*.*:*** #651: Dead Peer Detection (RFC 3706) enabled
2012:05:23-17:20:30 firewall pluto[15086]: "D_Android Remote Access"[1] *.*.*.*:*** #651: sent MR3, ISAKMP SA established
2012:05:23-17:20:30 firewall pluto[15086]: "D_Android Remote Access"[1] *.*.*.*:*** #651: sending XAUTH request
2012:05:23-17:20:30 firewall pluto[15086]: packet from *.*.*.*:***: Informational Exchange is for an unknown (expired?) SA
2012:05:23-17:20:30 firewall pluto[15086]: "D_Android Remote Access"[1] *.*.*.*:*** #651: parsing XAUTH reply
2012:05:23-17:20:30 firewall pluto[15086]: "D_Android Remote Access"[1] *.*.*.*:*** #651: extended authentication was successful
2012:05:23-17:20:30 firewall pluto[15086]: "D_Android Remote Access"[1] *.*.*.*:*** #651: sending XAUTH status
2012:05:23-17:20:30 firewall pluto[15086]: "D_Android Remote Access"[1] *.*.*.*:*** #651: parsing XAUTH ack
2012:05:23-17:20:30 firewall pluto[15086]: "D_Android Remote Access"[1] *.*.*.*:*** #651: received XAUTH ack, established
2012:05:23-17:20:30 firewall pluto[15086]: "D_Android Remote Access"[1] *.*.*.*:*** #651: parsing ModeCfg request
2012:05:23-17:20:30 firewall pluto[15086]: "D_Android Remote Access"[1] *.*.*.*:*** #651: peer requested virtual IP %any
2012:05:23-17:20:30 firewall pluto[15086]: "D_Android Remote Access"[1] *.*.*.*:*** #651: assigning virtual IP *.*.*.*:*** to peer
2012:05:23-17:20:30 firewall pluto[15086]: "D_Android Remote Access"[1] *.*.*.*:*** #651: sending ModeCfg reply
2012:05:23-17:20:30 firewall pluto[15086]: "D_Android Remote Access"[1] *.*.*.*:*** #651: sent ModeCfg reply, established
2012:05:23-17:20:38 firewall pluto[15086]: "D_Android Remote Access"[1] *.*.*.*:*** #651: cannot respond to IPsec SA request because no connection is known for 0.0.0.0/0===*.*.*.*[*.*.*.*]...*.*.*.*[*.*.*.*]===*.*.*.*/32
2012:05:23-17:20:38 firewall pluto[15086]: "D_Android Remote Access"[1] *.*.*.*:*** #651: sending encrypted notification INVALID_ID_INFORMATION to *.*.*.*:***
2012:05:23-17:20:41 firewall pluto[15086]: "D_Android Remote Access"[1] *.*.*.*:*** #651: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x3974c5d9 (perhaps this is a duplicated packet)
2012:05:23-17:20:41 firewall pluto[15086]: "D_Android Remote Access"[1] *.*.*.*:*** #651: sending encrypted notification INVALID_MESSAGE_ID to *.*.*.*:***
2012:05:23-17:20:44 firewall pluto[15086]: "D_Android Remote Access"[1] *.*.*.*:*** #651: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x3974c5d9 (perhaps this is a duplicated packet)
2012:05:23-17:20:44 firewall pluto[15086]: "D_Android Remote Access"[1] *.*.*.*:*** #651: sending encrypted notification INVALID_MESSAGE_ID to *.*.*.*:***
2012:05:23-17:20:47 firewall pluto[15086]: "D_Android Remote Access"[1] *.*.*.*:*** #651: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x3974c5d9 (perhaps this is a duplicated packet)
2012:05:23-17:20:47 firewall pluto[15086]: "D_Android Remote Access"[1] *.*.*.*:*** #651: sending encrypted notification INVALID_MESSAGE_ID to *.*.*.*:***
2012:05:23-17:20:50 firewall pluto[15086]: "D_Android Remote Access"[1] *.*.*.*:*** #651: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x3974c5d9 (perhaps this is a duplicated packet)
2012:05:23-17:20:50 firewall pluto[15086]: "D_Android Remote Access"[1] *.*.*.*:*** #651: sending encrypted notification INVALID_MESSAGE_ID to *.*.*.*:***
2012:05:23-17:20:53 firewall pluto[15086]: "D_Android Remote Access"[1] *.*.*.*:*** #651: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x3974c5d9 (perhaps this is a duplicated packet)
2012:05:23-17:20:53 firewall pluto[15086]: "D_Android Remote Access"[1] *.*.*.*:*** #651: sending encrypted notification INVALID_MESSAGE_ID to *.*.*.*:***
2012:05:23-17:20:56 firewall pluto[15086]: "D_Android Remote Access"[1] *.*.*.*:*** #651: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x3974c5d9 (perhaps this is a duplicated packet)
2012:05:23-17:20:56 firewall pluto[15086]: "D_Android Remote Access"[1] *.*.*.*:*** #651: sending encrypted notification INVALID_MESSAGE_ID to *.*.*.*:***
2012:05:23-17:20:59 firewall pluto[15086]: "D_Android Remote Access"[1] *.*.*.*:*** #651: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x3974c5d9 (perhaps this is a duplicated packet)
2012:05:23-17:20:59 firewall pluto[15086]: "D_Android Remote Access"[1] *.*.*.*:*** #651: sending encrypted notification INVALID_MESSAGE_ID to *.*.*.*:***
2012:05:23-17:21:02 firewall pluto[15086]: "D_Android Remote Access"[1] *.*.*.*:*** #651: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x3974c5d9 (perhaps this is a duplicated packet)
2012:05:23-17:21:02 firewall pluto[15086]: "D_Android Remote Access"[1] *.*.*.*:*** #651: sending encrypted notification INVALID_MESSAGE_ID to *.*.*.*:***
2012:05:23-17:21:05 firewall pluto[15086]: "D_Android Remote Access"[1] *.*.*.*:*** #651: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x3974c5d9 (perhaps this is a duplicated packet)
2012:05:23-17:21:05 firewall pluto[15086]: "D_Android Remote Access"[1] *.*.*.*:*** #651: sending encrypted notification INVALID_MESSAGE_ID to *.*.*.*:***

Ich habe schon im Forum/Google nach einer Lösung gesucht doch leider ohne Erfolg.
Nun wende ich mich an euch in der Hoffung das mir jemand helfen kann ;)

VG

Viewing all articles
Browse latest Browse all 14361

Trending Articles