[j-nsp] Watchguard <-> SSG550M VPN
Jeremy Stinson
laxplayer at earthlink.net
Tue Dec 11 12:34:23 EST 2007
Sven,
I have had this issue with the watchguards for years. The only way I have
found to fix the problem consistently is to change the gateway IP address on
the netscreen and then change it back to the correct one. This creates a new
SA and therefore allows the tunnel to come up. I have spent hours trying to
figure out another ways and it has always been restart the watchguard or do
this.
Hope it helps.
Jeremy
----- Original Message -----
From: "Sven Juergensen (KielNET)" <s.juergensen at kielnet.de>
To: <juniper-nsp at puck.nether.net>
Sent: Tuesday, December 11, 2007 7:30 AM
Subject: [j-nsp] Watchguard <-> SSG550M VPN
> Hi list,
>
> trying to establish a VPN between
> a watchguard firebox x15edge and
> a ssg550m (5.4.0r4.0) initially
> works fine but upon clearing the
> sa or rekeying after the lifetime
> expired, the sa doesn't get established
> again. log snippet as follows:
>
> ---8<---
> [Root]system-information-00536: Rejected an IKE packet on ethernet0/2.3
> from x.x.x.x:500 to y.y.y.y:500 with cookies 59b9f3df2b0c0e01 and
> c99876e8613542c8 because an unencrypted packet unexpectedly arrived.
> --->8---
> [...]
> ---8<---
> [Root]system-information-00536: Rejected an IKE packet on ethernet0/2.3
> from 89.27.129.9:500 to 80.152.236.73:500 with cookies 16d0c2ee794dc2d6
> and 73c55fd1a153bb0e because the IKE INFO exchange mode hash payload was
> invalid.
> --->8---
>
> did anyone experience something
> like this before? my guess is
> an interop issue but watchguard
> isn't that new in the field so
> i'm kind of puzzled.
>
> any pointers appreciated.
>
> best regards,
>
> sven03
>
>
> Mit freundlichen Gruessen
>
> i. A. Sven Juergensen
>
> --
> Fachbereich
> Informationstechnologie
>
> KielNET GmbH
> Gesellschaft fuer Kommunikation
> Preusserstr. 1-9, 24105 Kiel
>
> Telefon : 0431 / 2219-053
> Telefax : 0431 / 2219-005
> E-Mail : s.juergensen at kielnet.de
> Internet: http://www.kielnet.de
>
> AS# 25295
> Key fingerprint:
> 65B6 90FC 010A 39CE DCA5 336D 9C45 3B7A B02D E132
>
> Geschaeftsfuehrer Eberhard Schmidt
> HRB 4499 (Amtsgericht Kiel)
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list