Hi ,<br> I tried to form a site-site tunnel with NAT device in between using Ikev1. But I am getting the below error messages. I dont know what went wrong. Please help me to understand the problem.<br><br>strongswan ---(NAT device)----- Netgear<br>
<br>Logs<br>+++++<br><br>Oct 4 20:25:12 localhost pluto[15315]: | inserting event EVENT_SA_EXPIRE, timeout in 86400 seconds for #1<br>Oct 4 20:25:12 localhost pluto[15315]: "fqdn_vr"[1] <a href="http://172.31.114.227:4500">172.31.114.227:4500</a> #1: sent MR3, ISAKMP SA established<br>
Oct 4 20:25:12 localhost pluto[15315]: | next event EVENT_NAT_T_KEEPALIVE in 19 seconds<br>Oct 4 20:25:22 localhost pluto[15315]: |<br>Oct 4 20:25:22 localhost pluto[15315]: | *received 76 bytes from <a href="http://172.31.114.227:4500">172.31.114.227:4500</a> on eth0<br>
Oct 4 20:25:22 localhost pluto[15315]: | 26 ed 6f e6 44 ce 76 36 e2 e7 9e e8 84 73 ff 5a<br>Oct 4 20:25:22 localhost pluto[15315]: | 05 10 02 01 00 00 00 00 00 00 00 4c db b5 e7 60<br>Oct 4 20:25:22 localhost pluto[15315]: | e4 2b 1d eb e1 5d f8 41 64 1c d0 4a d7 7c 89 1c<br>
Oct 4 20:25:22 localhost pluto[15315]: | d9 02 cb 42 ee 8f 35 4a 69 b6 00 b1 4a f7 d1 69<br>Oct 4 20:25:22 localhost pluto[15315]: | 9d f4 6d 74 bf 15 03 73 e2 96 fc 3a<br>Oct 4 20:25:22 localhost pluto[15315]: | **parse ISAKMP Message:<br>
Oct 4 20:25:22 localhost pluto[15315]: | initiator cookie:<br>Oct 4 20:25:22 localhost pluto[15315]: | 26 ed 6f e6 44 ce 76 36<br>Oct 4 20:25:22 localhost pluto[15315]: | responder cookie:<br>Oct 4 20:25:22 localhost pluto[15315]: | e2 e7 9e e8 84 73 ff 5a<br>
Oct 4 20:25:22 localhost pluto[15315]: | next payload type: ISAKMP_NEXT_ID<br>Oct 4 20:25:22 localhost pluto[15315]: | ISAKMP version: ISAKMP Version 1.0<br>Oct 4 20:25:22 localhost pluto[15315]: | exchange type: ISAKMP_XCHG_IDPROT<br>
Oct 4 20:25:22 localhost pluto[15315]: | flags: ISAKMP_FLAG_ENCRYPTION<br>Oct 4 20:25:22 localhost pluto[15315]: | message ID: 00 00 00 00<br>Oct 4 20:25:22 localhost pluto[15315]: | length: 76<br>Oct 4 20:25:22 localhost pluto[15315]: | ICOOKIE: 26 ed 6f e6 44 ce 76 36<br>
Oct 4 20:25:22 localhost pluto[15315]: | RCOOKIE: e2 e7 9e e8 84 73 ff 5a<br>Oct 4 20:25:22 localhost pluto[15315]: | peer: ac 1f 72 e3<br>Oct 4 20:25:22 localhost pluto[15315]: | state hash entry 17<br><span style="color:rgb(204,0,0)">Oct 4 20:25:22 localhost pluto[15315]: | state object #1 found, in STATE_MAIN_R3</span><br style="color:rgb(204,0,0)">
<span style="color:rgb(204,0,0)">Oct 4 20:25:22 localhost pluto[15315]: "fqdn_vr"[1] <a href="http://172.31.114.227:4500">172.31.114.227:4500</a> #1: retransmitting in response to duplicate packet; already STATE_MAIN_R3</span><br style="color:rgb(204,0,0)">
<span style="color:rgb(204,0,0)">Oct 4 20:25:22 localhost pluto[15315]: | sending 76 bytes for retransmit in response to duplicate through eth0 to <a href="http://172.31.114.227:4500">172.31.114.227:4500</a>:</span><br style="color:rgb(204,0,0)">
<span style="color:rgb(204,0,0)">Oct 4 20:25:22 localhost pluto[15315]: | 26 ed 6f e6 44 ce 76 36 e2 e7 9e e8 84 73 ff 5a</span><br style="color:rgb(204,0,0)"><span style="color:rgb(204,0,0)">Oct 4 20:25:22 localhost pluto[15315]: | 05 10 02 01 00 00 00 00 00 00 00 4c c8 83 25 f7</span><br style="color:rgb(204,0,0)">
<span style="color:rgb(204,0,0)">Oct 4 20:25:22 localhost pluto[15315]: | cb 77 1d 73 92 2b 0b 34 a0 93 05 ea 99 3a 06 1b</span><br style="color:rgb(204,0,0)"><span style="color:rgb(204,0,0)">Oct 4 20:25:22 localhost pluto[15315]: | 3f d6 66 7f 6f fe 2b b2 48 e8 a7 e8 e0 4f 90 6e</span><br style="color:rgb(204,0,0)">
<span style="color:rgb(204,0,0)">Oct 4 20:25:22 localhost pluto[15315]: | 04 55 50 a4 5c 7f f1 36 41 c1 ac be</span><br style="color:rgb(204,0,0)"><span style="color:rgb(204,0,0)">Oct 4 20:25:22 localhost pluto[15315]: | next event EVENT_NAT_T_KEEPALIVE in 9 seconds</span><br style="color:rgb(204,0,0)">
<span style="color:rgb(204,0,0)">Oct 4 20:25:31 localhost pluto[15315]: |</span><br style="color:rgb(204,0,0)"><span style="color:rgb(204,0,0)">Oct 4 20:25:31 localhost pluto[15315]: | *time to handle event</span><br style="color:rgb(204,0,0)">
<span style="color:rgb(204,0,0)">Oct 4 20:25:31 localhost pluto[15315]: | event after this is EVENT_REINIT_SECRET in 3567 seconds</span><br style="color:rgb(204,0,0)"><span style="color:rgb(204,0,0)">Oct 4 20:25:31 localhost pluto[15315]: | next event EVENT_REINIT_SECRET in 3567 seconds</span><br style="color:rgb(204,0,0)">
<span style="color:rgb(204,0,0)">Oct 4 20:25:32 localhost pluto[15315]: |</span><br style="color:rgb(204,0,0)"><span style="color:rgb(204,0,0)">Oct 4 20:25:32 localhost pluto[15315]: | *received 76 bytes from <a href="http://172.31.114.227:4500">172.31.114.227:4500</a> on eth0</span><br style="color:rgb(204,0,0)">
<span style="color:rgb(204,0,0)">Oct 4 20:25:32 localhost pluto[15315]: | 26 ed 6f e6 44 ce 76 36 e2 e7 9e e8 84 73 ff 5a</span><br style="color:rgb(204,0,0)"><span style="color:rgb(204,0,0)">Oct 4 20:25:32 localhost pluto[15315]: | 05 10 02 01 00 00 00 00 00 00 00 4c db b5 e7 60</span><br style="color:rgb(204,0,0)">
<span style="color:rgb(204,0,0)">Oct 4 20:25:32 localhost pluto[15315]: | e4 2b 1d eb e1 5d f8 41 64 1c d0 4a d7 7c 89 1c</span><br style="color:rgb(204,0,0)"><span style="color:rgb(204,0,0)">Oct 4 20:25:32 localhost pluto[15315]: | d9 02 cb 42 ee 8f 35 4a 69 b6 00 b1 4a f7 d1 69</span><br style="color:rgb(204,0,0)">
<span style="color:rgb(204,0,0)">Oct 4 20:25:32 localhost pluto[15315]: | 9d f4 6d 74 bf 15 03 73 e2 96 fc 3a</span><br style="color:rgb(204,0,0)"><span style="color:rgb(204,0,0)">Oct 4 20:25:32 localhost pluto[15315]: | **parse ISAKMP Message:</span><br style="color:rgb(204,0,0)">
<span style="color:rgb(204,0,0)">Oct 4 20:25:32 localhost pluto[15315]: | initiator cookie:</span><br style="color:rgb(204,0,0)"><span style="color:rgb(204,0,0)">Oct 4 20:25:32 localhost pluto[15315]: | 26 ed 6f e6 44 ce 76 36</span><br style="color:rgb(204,0,0)">
<span style="color:rgb(204,0,0)">Oct 4 20:25:32 localhost pluto[15315]: | responder cookie:</span><br style="color:rgb(204,0,0)"><span style="color:rgb(204,0,0)">Oct 4 20:25:32 localhost pluto[15315]: | e2 e7 9e e8 84 73 ff 5a</span><br style="color:rgb(204,0,0)">
<span style="color:rgb(204,0,0)">Oct 4 20:25:32 localhost pluto[15315]: | next payload type: ISAKMP_NEXT_ID</span><br style="color:rgb(204,0,0)"><span style="color:rgb(204,0,0)">Oct 4 20:25:32 localhost pluto[15315]: | ISAKMP version: ISAKMP Version 1.0</span><br style="color:rgb(204,0,0)">
<span style="color:rgb(204,0,0)">Oct 4 20:25:32 localhost pluto[15315]: | exchange type: ISAKMP_XCHG_IDPROT</span><br style="color:rgb(204,0,0)"><span style="color:rgb(204,0,0)">Oct 4 20:25:32 localhost pluto[15315]: | flags: ISAKMP_FLAG_ENCRYPTION</span><br style="color:rgb(204,0,0)">
<span style="color:rgb(204,0,0)">Oct 4 20:25:32 localhost pluto[15315]: | message ID: 00 00 00 00</span><br style="color:rgb(204,0,0)"><span style="color:rgb(204,0,0)">Oct 4 20:25:32 localhost pluto[15315]: | length: 76</span><br style="color:rgb(204,0,0)">
<span style="color:rgb(204,0,0)">Oct 4 20:25:32 localhost pluto[15315]: | ICOOKIE: 26 ed 6f e6 44 ce 76 36</span><br style="color:rgb(204,0,0)"><span style="color:rgb(204,0,0)">Oct 4 20:25:32 localhost pluto[15315]: | RCOOKIE: e2 e7 9e e8 84 73 ff 5a</span><br style="color:rgb(204,0,0)">
<span style="color:rgb(204,0,0)">Oct 4 20:25:32 localhost pluto[15315]: | peer: ac 1f 72 e3</span><br style="color:rgb(204,0,0)"><span style="color:rgb(204,0,0)">Oct 4 20:25:32 localhost pluto[15315]: | state hash entry 17</span><br style="color:rgb(204,0,0)">
<span style="color:rgb(204,0,0)">Oct 4 20:25:32 localhost pluto[15315]: | state object #1 found, in STATE_MAIN_R3</span><br style="color:rgb(204,0,0)"><span style="color:rgb(204,0,0)">Oct 4 20:25:32 localhost pluto[15315]: "fqdn_vr"[1] <a href="http://172.31.114.227:4500">172.31.114.227:4500</a> #1: retransmitting in response to duplicate packet; already STATE_MAIN_R3</span><br style="color:rgb(204,0,0)">
<span style="color:rgb(204,0,0)">Oct 4 20:25:32 localhost pluto[15315]: | sending 76 bytes for retransmit in response to duplicate through eth0 to <a href="http://172.31.114.227:4500">172.31.114.227:4500</a>:</span><br><br>
<b>Configuration for your reference<br></b><br>ipsec.conf<br>_______<br><br>ca vpnca<br> cacert=ikeca-sha1-2048-dn.crt<br> auto=add<br><br>config setup<br> plutostart=yes<br> plutodebug=all<br>
charonstart=yes<br> charondebug=all<br> nat_traversal=yes<br> crlcheckinterval=10m<br> strictcrlpolicy=no<br><br>conn %default<br> ikelifetime=8h<br> lifetime = 8h<br>
rekeyfuzz = 100%<br> keyingtries=1<br><br>conn fqdn_vr<br> auth=esp<br> type=tunnel<br> keyexchange=ikev1<br> left=172.31.114.246<br> right=%any<br> rightid=<a href="mailto:cross@cas.com">cross@cas.com</a><br>
rightsubnet=<a href="http://0.0.0.0/0">0.0.0.0/0</a><br> authby=secret<br> pfs=no<br> rekey=no<br> auto=add<br><br style="color:rgb(204,0,0)">ipsec.secrets<br>_____________<br>172.31.114.246 %any : PSK "sachinten1"<br>
<br>Regards,<br>Saravanan N<br>