[j-nsp] Watchguard <-> SSG550M VPN

Sven Juergensen (KielNET) s.juergensen at kielnet.de
Tue Dec 11 07:30:16 EST 2007


Hi list,

trying to establish a VPN between
a watchguard firebox x15edge and
a ssg550m (5.4.0r4.0) initially
works fine but upon clearing the
sa or rekeying after the lifetime
expired, the sa doesn't get established
again. log snippet as follows:

---8<---
[Root]system-information-00536: Rejected an IKE packet on ethernet0/2.3
from x.x.x.x:500 to y.y.y.y:500 with cookies 59b9f3df2b0c0e01 and
c99876e8613542c8 because an unencrypted packet unexpectedly arrived.
--->8---
[...]
---8<---
[Root]system-information-00536: Rejected an IKE packet on ethernet0/2.3
from 89.27.129.9:500 to 80.152.236.73:500 with cookies 16d0c2ee794dc2d6
and 73c55fd1a153bb0e because the IKE INFO exchange mode hash payload was
invalid.
--->8---

did anyone experience something
like this before? my guess is
an interop issue but watchguard
isn't that new in the field so
i'm kind of puzzled.

any pointers appreciated.

best regards,

sven03


Mit freundlichen Gruessen

i. A. Sven Juergensen

-- 
Fachbereich
Informationstechnologie

KielNET GmbH
Gesellschaft fuer Kommunikation
Preusserstr. 1-9, 24105 Kiel

Telefon : 0431 / 2219-053
Telefax : 0431 / 2219-005
E-Mail  : s.juergensen at kielnet.de
Internet: http://www.kielnet.de

AS# 25295
Key fingerprint:
65B6 90FC 010A 39CE DCA5  336D 9C45 3B7A B02D E132

Geschaeftsfuehrer Eberhard Schmidt
HRB 4499 (Amtsgericht Kiel)


More information about the juniper-nsp mailing list