VPN Primer needed for my USG 100 Flex

Options
2»

All Replies

  • tesagig
    tesagig Posts: 56  Ally Member
    First Anniversary 10 Comments Friend Collector
    Options

    IKE SA [] is disconnected

    73.73.116.92:500

    98.46.107.197:10228

    IKE_LOG

    5

    2023-05-12 14:34:13

    info

    IKE

    [SA] : No proposal chosen

    73.73.116.92:500

    98.46.107.197:10228

    IKE_LOG

    6

    2023-05-12 14:34:13

    info

    IKE

    [SA] : Tunnel [WIZ_VPN_v2] Phase 1 proposal mismatch

    IKE_LOG

    7

    2023-05-12 14:34:13

    info

    IKE

    The cookie pair is : 53192 [count=3]

    98.46.107.197:10228

    IKE_LOG

    8

    2023-05-12 14:34:13

    info

    IKE

    Recv
    IKE sa: SA([0] protocol = IKE (1), AES CBC key len = 256, HMAC-SHA256
    PRF, HMAC-SHA256-128, 2048 bit MODP; [1] protocol = IKE (1), AES CBC key
    len = 256, HMAC-SHA256 PRF, HMAC-SHA256-128, 256 bit ECP; [2] protocol =
    IKE (1), AES CBC key len = 256, HM

    73.73.116.92:500

    IKE_LOG

    9

    2023-05-12 14:34:13

    info

    IKE

    [INIT] Recv: [SA][KE][NONCE][NOTIFY][NOTIFY][NOTIFY][NOTIFY]

    73.73.116.92:500

    IKE_LOG

    10

    2023-05-12 14:34:13

    info

    IKE

    Receiving IKEv2 request

    Thank you for the continued help. I am still getting some sort of mismatch

  • PeterUK
    PeterUK Posts: 2,922  Guru Member
    Community MVP First Anniversary 10 Comments Friend Collector
    Options

    Try add in for Phase 1 and 2 Settings

    AES256 SHA256

    The order might matter

  • tesagig
    tesagig Posts: 56  Ally Member
    First Anniversary 10 Comments Friend Collector
    Options

    still no luck…

  • PeterUK
    PeterUK Posts: 2,922  Guru Member
    Community MVP First Anniversary 10 Comments Friend Collector
    Options

    still Phase 1 proposal mismatch?

    Try changing the key group and reboot ipad set the client with ikev2 in IPsec identifier

    Setup a DDNS with like no-ip and in advance for local ID Type DNS and content your DDNS

    That should be everything

  • tesagig
    tesagig Posts: 56  Ally Member
    First Anniversary 10 Comments Friend Collector
    edited May 2023
    Options

    not sure in phase 1 or two. I tried on a second ipad

    BTW. there is a "connect" menu item in VPN connection tab. Not knowing what I am doing, I hit connect with the following error.

    CLI Number: 0
    Error Number: -16015
    Error Message: 'Dial a dynamic tunnel has failed for Crypto map.'

    Here is the log

    1

    2023-05-14 16:51:21

    info

    IKE

    IKE SA [WIZ_VPN_v2] is disconnected

    server:4500

    client:4500

    IKE_LOG
    12

    2023-05-14 16:51:21

    info

    IKE

    The cookie pair is : 0x8875ff66f1736b17 / 0x5989436118077d7c

    Server:4500

    client1:4500

    IKE_LOG
    13

    2023-05-14 16:51:21

    info

    IKE

    [AUTH] Recv:[IDi][NOTIFY][IDr][CONF][NOTIFY][NOTIFY][SA][TSi][TSr][NOTIFY]

    client1:4500

    Server:4500

    IKE_LOG
    14

    2023-05-14 16:51:21

    info

    IKE

    The cookie pair is : 0x5989436118077d7c / 0x8875ff66f1736b17

    client:4500

    Server:4500

    IKE_LOG
    15

    2023-05-14 16:51:20

    info

    IKE

    [INIT] Send:[SAr1][KE][NONCE][NOTIFY][NOTIFY][NOTIFY][CERTREQ][VID][VID][VID][VID][VID][VID]

    Server:500

    client:41912

    IKE_LOG
    16

    2023-05-14 16:51:20

    info

    IKE

    The cookie pair is : 0x8875ff66f1736b17 / 0x5989436118077d7c

    Server:500

    client:41912

    IKE_LOG
    17

    2023-05-14 16:51:20

    info

    IKE

    Recv IKE sa: SA([0] protocol = IKE (1), AES CBC key len = 256, HMAC-SHA256 PRF, HMAC-SHA256-128, 2048 bit MODP; [1] protocol = IKE (1), AES CBC key len = 256, HMAC-SHA256 PRF, HMAC-SHA256-128, 256 bit ECP; [2] protocol = IKE (1), AES CBC key len = 256, HM

    client:41912

    Server:500

    IKE_LOG
    18

    2023-05-14 16:51:20

    info

    IKE

    [INIT] Recv: [SA][KE][NONCE][NOTIFY][NOTIFY][NOTIFY][NOTIFY]

    client:41912

    Server:500

    IKE_LOG
    19

    2023-05-14 16:51:20

    info

    IKE

    Receiving IKEv2 request

    client:41912

    Server:500

    IKE_LOG
    20

    2023-05-14 16:51:20

    info

    IKE

    The cookie pair is : 0x5989436118077d7c / 0x8875ff66f1736b17 [count=2]

    client:41912

    Server:500

    IKE_LOG

Security Highlight