2 Replies Latest reply on Dec 4, 2017 3:27 AM by Lud97x

    VPN IPsec NSX with Stonesoft

    Lud97x Lurker

      Hello,

       

      I am unable to setup a tunnel VPN between a stonesoft and a ESG 6.3.3.

      I already have 3 working IPsec VPN with 2 sonicwall and Azure.

      It seems the stonesoft couln't recognize the ESG as a valid VPN gateway, it doesn't pass the phase 1.

       

      Please see the log at the Stonesoft side:

      "No rule found for IKE peers XX.XX.XX.XX and XX.XX.XX.XX: Peer IP address mismatch"

      "Sending error notify, no proposal chosen"

      "IKE state start sa negociation R: outgoing ike SA values processing failed: No  proposal Chosen.

       

      The log at the NSX side:

       

      2017-11-28T11:04:20+00:00 NSX-edge-2-0 ipsec[22484]: [default]:  [authpriv.warning] pending Quick Mode with XX.XX.XX.XX "XX.XX.XX.XX_XX.XX.XX.XX/15-XX.XX.XX.XX_XX.XX.XX.XX/15" took too long -- replacing phase 1

      2017-11-28T11:04:20+00:00 NSX-edge-2-0 ipsec[22484]: [default]:  [authpriv.warning] "XX.XX.XX.XX_XX.XX.XX.XX/15-XX.XX.XX.XX_XX.XX.XX.XX/15" #9613: initiating Main Mode to replace #9612

      2017-11-28T11:04:20+00:00 NSX-edge-2-0 ipsec[22484]: [default]:  [authpriv.warning] "XX.XX.XX.XX_XX.XX.XX.XX/15-XX.XX.XX.XX_XX.XX.XX.XX/15" #9613: ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000

      2017-11-28T11:04:20+00:00 NSX-edge-2-0 ipsec[22484]: [default]:  [authpriv.warning] "XX.XX.XX.XX_XX.XX.XX.XX/15-XX.XX.XX.XX_XX.XX.XX.XX/15" #9613: received and ignored informational message

      2017-11-28T11:04:30+00:00 NSX-edge-2-0 ipsec[22484]: [default]:  [authpriv.warning] "XX.XX.XX.XX_XX.XX.XX.XX/15-XX.XX.XX.XX_XX.XX.XX.XX/15" #9613: ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000

      2017-11-28T11:04:30+00:00 NSX-edge-2-0 ipsec[22484]: [default]:  [authpriv.warning] "XX.XX.XX.XX_XX.XX.XX.XX/15-XX.XX.XX.XX_XX.XX.XX.XX/15" #9613: received and ignored informational message

      2017-11-28T11:04:50+00:00 NSX-edge-2-0 ipsec[22484]: [default]:  [authpriv.warning] "XX.XX.XX.XX_XX.XX.XX.XX/15-XX.XX.XX.XX_XX.XX.XX.XX/15" #9613: ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000

      2017-11-28T11:04:50+00:00 NSX-edge-2-0 ipsec[22484]: [default]:  [authpriv.warning] "XX.XX.XX.XX_XX.XX.XX.XX/15-XX.XX.XX.XX_XX.XX.XX.XX/15" #9613: received and ignored informational message

      2017-11-28T11:05:30+00:00 NSX-edge-2-0 ipsec[22484]: [default]:  [authpriv.warning] "XX.XX.XX.XX_XX.XX.XX.XX/15-XX.XX.XX.XX_XX.XX.XX.XX/15" #9613: ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000

      2017-11-28T11:05:30+00:00 NSX-edge-2-0 ipsec[22484]: [default]:  [authpriv.warning] "XX.XX.XX.XX_XX.XX.XX.XX/15-XX.XX.XX.XX_XX.XX.XX.XX/15" #9613: received and ignored informational message

      2017-11-28T11:06:10+00:00 NSX-edge-2-0 ipsec[22484]: [default]:  [authpriv.warning] "XX.XX.XX.XX_XX.XX.XX.XX/15-XX.XX.XX.XX_XX.XX.XX.XX/15" #9613: ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000

      2017-11-28T11:06:10+00:00 NSX-edge-2-0 ipsec[22484]: [default]:  [authpriv.warning] "XX.XX.XX.XX_XX.XX.XX.XX/15-XX.XX.XX.XX_XX.XX.XX.XX/15" #9613: received and ignored informational message

      2017-11-28T11:06:20+00:00 NSX-edge-2-0 ipsec[22484]: [default]:  [authpriv.warning] pending Quick Mode with XX.XX.XX.XX "XX.XX.XX.XX_XX.XX.XX.XX/15-XX.XX.XX.XX_XX.XX.XX.XX/15" took too long -- replacing phase 1

      2017-11-28T11:06:20+00:00 NSX-edge-2-0 ipsec[22484]: [default]:  [authpriv.warning] "XX.XX.XX.XX_XX.XX.XX.XX/15-XX.XX.XX.XX_XX.XX.XX.XX/15" #9614: initiating Main Mode to replace #9613

      2017-11-28T11:06:20+00:00 NSX-edge-2-0 ipsec[22484]: [default]:  [authpriv.warning] "XX.XX.XX.XX_XX.XX.XX.XX/15-XX.XX.XX.XX_XX.XX.XX.XX/15" #9614: ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000

      2017-11-28T11:06:20+00:00 NSX-edge-2-0 ipsec[22484]: [default]:  [authpriv.warning] "XX.XX.XX.XX_XX.XX.XX.XX/15-XX.XX.XX.XX_XX.XX.XX.XX/15" #9614: received and ignored informational message

       

      Is there a way to have more debug information on the nsg?

      Do you have any idea do help me solve this issue?