IPSEC Site to Site with a Ubiquiti XSFP
I am trying to get a VPN to work between a Netvanta 1335 and a Ubiquiti XSFP. I have everything set, but it will not come up. Phase 1 and Phase 2 match, but I get the following in the debug -
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION peer 24.159.225.222: Received first message of main mode
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION <POLICY: 100> PAYLOADS: SA,PROP,TRANS,VID,VID,VID,VID
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION SA PAYLOAD
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION DOI: 1
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION Situation: 1
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION PROPOSAL PAYLOAD
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION Proposal No.: 0
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION IANA No. for protocol: ISAKMP (1)
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION Size of the variable SPI field: 0
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION Number of transforms offered: 1
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION TRANSFORM PAYLOAD
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION Transform Number: 1
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION IANA Transform ID: IKE Key (1)
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION TRANSFORM ATTRIBUTES
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION SA Attrib: Encryption Algorithm (1)
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION Length: 2
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION Value: 3DES (5)
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION SA Attrib: Authentication Algorithm (2)
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION Length: 2
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION Value: MD5 (1)
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION SA Attrib: Group Description (4)
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION Length: 2
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION Value: DH Group 5 (5)
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION SA Attrib: Authentication Method (3)
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION Length: 2
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION Value: Pre-shared Key (1)
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION SA Attrib: Life Type (11)
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION Length: 2
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION Value: Seconds (1)
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION SA Attrib: Life Time (12)
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION Length: 2
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION Value: (28800)
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION VID PAYLOAD
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION Vendor ID Length: 8
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION VENDOR ID HASH IN HEX:
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION 09 00 26 89 DF D6 B7 12 ..&.....
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION VID PAYLOAD
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION Vendor ID Length: 16
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION VENDOR ID HASH IN HEX:
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION AF CA D7 13 68 A1 F1 C9 ....h...
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION 6B 86 96 FC 77 57 01 00 k...wW..
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION VID PAYLOAD
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION Vendor ID Length: 16
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION VENDOR ID HASH IN HEX:
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION 4A 13 1C 81 07 03 58 45 J.....XE
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION 5C 57 28 F2 0E 95 45 2F W(...E/
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION VID PAYLOAD
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION Vendor ID Length: 16
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION VENDOR ID HASH IN HEX:
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION 90 CB 80 91 3E BB 69 6E ....>.in
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION 08 63 81 B5 EC 42 7B 1F .c...B{.
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION Xauth is not Enabled
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION IKEInVendorIDProcess :: Received Vendor ID not registered with IKE
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION IkeInVIDProcess :: IKEInVendorIDProcess failed
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION 100: Sent out second message of main mode
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION <POLICY: 100> PAYLOADS: SA,PROP,TRANS,VID,VID
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION SA PAYLOAD
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION DOI: 1
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION Situation: 1
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION PROPOSAL PAYLOAD
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION Proposal No.: 0
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION IANA No. for protocol: ISAKMP (1)
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION Size of the variable SPI field: 0
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION Number of transforms offered: 1
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION TRANSFORM PAYLOAD
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION Transform Number: 1
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION IANA Transform ID: IKE Key (1)
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION TRANSFORM ATTRIBUTES
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION SA Attrib: Encryption Algorithm (1)
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION Length: 2
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION Value: 3DES (5)
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION SA Attrib: Authentication Algorithm (2)
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION Length: 2
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION Value: MD5 (1)
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION SA Attrib: Group Description (4)
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION Length: 2
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION Value: DH Group 5 (5)
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION SA Attrib: Authentication Method (3)
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION Length: 2
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION Value: Pre-shared Key (1)
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION SA Attrib: Life Type (11)
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION Length: 2
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION Value: Seconds (1)
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION SA Attrib: Life Time (12)
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION Length: 2
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION Value: (28800)
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION VID PAYLOAD
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION Vendor ID Length: 16
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION VENDOR ID HASH IN HEX:
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION 90 CB 80 91 3E BB 69 6E ....>.in
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION 08 63 81 B5 EC 42 7B 1F .c...B{.
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION VID PAYLOAD
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION Vendor ID Length: 16
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION VENDOR ID HASH IN HEX:
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION AF CA D7 13 68 A1 F1 C9 ....h...
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION 6B 86 96 FC 77 57 01 00 k...wW..
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION peer 24.159.225.222: Received third message of main mode
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION <POLICY: 100> PAYLOADS: KE,NONCE,NATD,NATD
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION KE PAYLOAD
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION NONCE PAYLOAD
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION NATD PAYLOAD
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION HASH Len: 16
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION HASH Data:
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION B0 5F 55 48 48 3B 6C 0F ._UHH;l.
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION 70 F1 1C DD DE 1D 98 A9 p.......
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION NATD PAYLOAD
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION HASH Len: 16
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION HASH Data:
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION 11 40 2C A2 00 F6 9A 66 .@,....f
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION 1B 95 E0 38 E8 0C AE 7A ...8...z
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION Intoto_DH_mod_exp :: Entry
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION Found 1 primary IP addrs w/ crypto map or profile for NAT-T
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION Found 9 other IP addrs for NAT-T
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION <POLICY: 100> PAYLOADS: KE,NONCE,NATD,NATD,NATD,NATD,NATD,NATD,NATD,NATD,NATD,NATD,NATD
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION KE PAYLOAD
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION NONCE PAYLOAD
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION NATD PAYLOAD
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION HASH Len: 16
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION HASH Data:
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION 11 40 2C A2 00 F6 9A 66 .@,....f
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION 1B 95 E0 38 E8 0C AE 7A ...8...z
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION NATD PAYLOAD
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION HASH Len: 16
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION HASH Data:
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION B0 5F 55 48 48 3B 6C 0F ._UHH;l.
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION 70 F1 1C DD DE 1D 98 A9 p.......
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION NATD PAYLOAD
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION HASH Len: 16
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION HASH Data:
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION F2 2D 41 31 73 AC F6 F1 .-A1s...
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION A5 8B AF FA 15 E3 07 28 .......(
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION NATD PAYLOAD
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION HASH Len: 16
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION HASH Data:
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION 4B 2F 92 91 60 6D B9 22 K/..`m.'
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION DF 9F 85 AC CF AE 11 1C ........
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION NATD PAYLOAD
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION HASH Len: 16
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION HASH Data:
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION F7 1C 76 6B E6 62 F7 BF ..vk.b..
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION 11 C0 FD C7 6A 6A E4 1B ....jj..
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION NATD PAYLOAD
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION HASH Len: 16
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION HASH Data:
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION EC 29 07 CC B2 13 70 13 .)....p.
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION 71 4A 36 85 0B B3 C3 8D qJ6.....
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION NATD PAYLOAD
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION HASH Len: 16
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION HASH Data:
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION F8 1F 72 F2 C7 22 D8 E9 ..r..'..
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION 01 E5 17 B1 AF 1F 41 84 ......A.
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION NATD PAYLOAD
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION HASH Len: 16
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION HASH Data:
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION D4 21 83 13 AC 0F FC 4A .!.....J
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION B5 E5 83 69 22 87 6E 0A ...i'.n.
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION NATD PAYLOAD
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION HASH Len: 16
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION HASH Data:
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION 42 9A DA 83 9F 7C 07 DB B....|..
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION AB 35 F3 0B BB 46 AD DB .5...F..
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION NATD PAYLOAD
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION HASH Len: 16
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION HASH Data:
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION 88 52 8D FA 96 FA 85 BD .R......
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION F4 C0 88 E7 00 C2 B5 C7 ........
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION NATD PAYLOAD
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION HASH Len: 16
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION HASH Data:
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION EC 3E B5 6B 2F 0C 0E D2 .>.k/...
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION 19 75 08 B1 39 5C 1F 47 .u..9.G
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION 100: Sent fourth message of main mode
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION peer 24.159.225.222: Received informational exchange message
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION IkeInNotifyProcess: NOTIFY TYPE: PAYLOAD MALFORMED (16)
2018.04.10 09:10:03 CRYPTO_IKE.NEGOTIATION IkeDeleteIsakmpSA :: Deleting any DPDRequests queued in isakmpsa
What is it complaining about? Thanks!
