Beiträge von risc

Hallo,
so jetzt habe ich den Auszug aus dem Logfile der efw.

Auszug-----------------------
Nov 25 16:23:39 pluto[6429] "rothmann"[1] 91.62.57.207 #17: sending encrypted notification INVALID_ID_INFORMATION to 91.62.57.207:500
Nov 25 16:23:39 pluto[6429] "rothmann"[1] 91.62.57.207 #17: cannot respond to IPsec SA request because no connection is known for 0.0.0.0/0===195.64.106.31[C=DE, ST=Germany, O=Service, CN=195.64.106.31]...91.62.57.207[C=DE, ST=Germany, O=Service, CN=rothmannvpn]
Nov 25 16:23:39 pluto[6429] "rothmann"[1] 91.62.57.207 #17: Dead Peer Detection (RFC 3706): not enabled because peer did not advertise it
Nov 25 16:23:39 pluto[6429] "rothmann"[1] 91.62.57.207 #17: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_256 prf=oakley_sha group=modp1024}
Nov 25 16:23:39 pluto[6429] "rothmann"[1] 91.62.57.207 #17: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Nov 25 16:23:39 pluto[6429] "rothmann"[1] 91.62.57.207 #17: I am sending my cert
Nov 25 16:23:39 pluto[6429] "rothmann"[1] 91.62.57.207 #17: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, ST=Germany, O=Service, CN=rothmannvpn'
Nov 25 16:23:38 pluto[6429] "rothmann"[1] 91.62.57.207 #17: STATE_MAIN_R2: sent MR2, expecting MI3
Nov 25 16:23:38 pluto[6429] "rothmann"[1] 91.62.57.207 #17: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Nov 25 16:23:37 pluto[6429] "rothmann"[1] 91.62.57.207 #17: STATE_MAIN_R1: sent MR1, expecting MI2
Nov 25 16:23:37 pluto[6429] "rothmann"[1] 91.62.57.207 #17: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Nov 25 16:23:37 pluto[6429] "rothmann"[1] 91.62.57.207 #17: responding to Main Mode from unknown peer 91.62.57.207
Nov 25 16:23:37 pluto[6429] packet from 91.62.57.207:500: ignoring unknown Vendor ID payload [f4ed19e0c114eb516faaac0ee37daf2807b4381f000000020000138800000000...]
Nov 25 16:22:44 pluto[6429] "rothmann"[1] 91.62.57.207 #16: sending encrypted notification INVALID_ID_INFORMATION to 91.62.57.207:500
Nov 25 16:22:44 pluto[6429] "rothmann"[1] 91.62.57.207 #16: cannot respond to IPsec SA request because no connection is known for 0.0.0.0/0===195.64.106.31[C=DE, ST=Germany, O=Service, CN=195.64.106.31]...91.62.57.207[C=DE, ST=Germany, O=Service, CN=rothmannvpn]
Nov 25 16:22:44 pluto[6429] "rothmann"[1] 91.62.57.207 #16: Dead Peer Detection (RFC 3706): not enabled because peer did not advertise it
Nov 25 16:22:44 pluto[6429] "rothmann"[1] 91.62.57.207 #16: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_256 prf=oakley_sha group=modp1024}
Nov 25 16:22:44 pluto[6429] "rothmann"[1] 91.62.57.207 #16: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Nov 25 16:22:44 pluto[6429] "rothmann"[1] 91.62.57.207 #16: I am sending my cert
Nov 25 16:22:44 pluto[6429] "rothmann"[1] 91.62.57.207 #16: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, ST=Germany, O=Service, CN=rothmannvpn'
Nov 25 16:22:43 pluto[6429] "rothmann"[1] 91.62.57.207 #16: STATE_MAIN_R2: sent MR2, expecting MI3
Nov 25 16:22:43 pluto[6429] "rothmann"[1] 91.62.57.207 #16: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Nov 25 16:22:42 pluto[6429] "rothmann"[1] 91.62.57.207 #16: STATE_MAIN_R1: sent MR1, expecting MI2
Nov 25 16:22:42 pluto[6429] "rothmann"[1] 91.62.57.207 #16: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Nov 25 16:22:42 pluto[6429] "rothmann"[1] 91.62.57.207 #16: responding to Main Mode from unknown peer 91.62.57.207
Nov 25 16:22:42 pluto[6429] packet from 91.62.57.207:500: ignoring unknown Vendor ID payload [f4ed19e0c114eb516faaac0ee37daf2807b4381f000000020000138800000000...]
Nov 25 16:21:49 pluto[6429] "rothmann"[1] 91.62.57.207 #15: sending encrypted notification INVALID_ID_INFORMATION to 91.62.57.207:500
Nov 25 16:21:49 pluto[6429] "rothmann"[1] 91.62.57.207 #15: cannot respond to IPsec SA request because no connection is known for 0.0.0.0/0===195.64.106.31[C=DE, ST=Germany, O=Service, CN=195.64.106.31]...91.62.57.207[C=DE, ST=Germany, O=Service, CN=rothmannvpn]
Nov 25 16:21:49 pluto[6429] "rothmann"[1] 91.62.57.207 #15: Dead Peer Detection (RFC 3706): not enabled because peer did not advertise it
Nov 25 16:21:49 pluto[6429] "rothmann"[1] 91.62.57.207 #15: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_256 prf=oakley_sha group=modp1024}
Nov 25 16:21:49 pluto[6429] "rothmann"[1] 91.62.57.207 #15: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Nov 25 16:21:49 pluto[6429] "rothmann"[1] 91.62.57.207 #15: I am sending my cert
Nov 25 16:21:49 pluto[6429] "rothmann"[1] 91.62.57.207 #15: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, ST=Germany, O=Service, CN=rothmannvpn'
Nov 25 16:21:48 pluto[6429] "rothmann"[1] 91.62.57.207 #15: STATE_MAIN_R2: sent MR2, expecting MI3
Nov 25 16:21:48 pluto[6429] "rothmann"[1] 91.62.57.207 #15: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Nov 25 16:21:47 pluto[6429] "rothmann"[1] 91.62.57.207 #15: STATE_MAIN_R1: sent MR1, expecting MI2
Nov 25 16:21:47 pluto[6429] "rothmann"[1] 91.62.57.207 #15: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Nov 25 16:21:47 pluto[6429] "rothmann"[1] 91.62.57.207 #15: responding to Main Mode from unknown peer 91.62.57.207
Nov 25 16:21:47 pluto[6429] packet from 91.62.57.207:500: ignoring unknown Vendor ID payload [f4ed19e0c114eb516faaac0ee37daf2807b4381f000000020000138800000000...]
Nov 25 16:21:13 pluto[6429] "rothmann"[1] 91.62.57.207 #14: retransmitting in response to duplicate packet; already STATE_MAIN_R3
Nov 25 16:21:13 pluto[6429] "rothmann"[1] 91.62.57.207 #14: Dead Peer Detection (RFC 3706): not enabled because peer did not advertise it
Nov 25 16:21:13 pluto[6429] "rothmann"[1] 91.62.57.207 #14: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_256 prf=oakley_sha group=modp1024}
Nov 25 16:21:13 pluto[6429] "rothmann"[1] 91.62.57.207 #14: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Nov 25 16:21:13 pluto[6429] "rothmann"[1] 91.62.57.207 #14: I am sending my cert
Nov 25 16:21:13 pluto[6429] "rothmann"[1] 91.62.57.207 #14: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, ST=Germany, O=Service, CN=rothmannvpn'
Nov 25 16:21:12 pluto[6429] "rothmann"[1] 91.62.57.207 #14: STATE_MAIN_R2: sent MR2, expecting MI3
Nov 25 16:21:12 pluto[6429] "rothmann"[1] 91.62.57.207 #14: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Nov 25 16:21:11 pluto[6429] "rothmann"[1] 91.62.57.207 #14: STATE_MAIN_R1: sent MR1, expecting MI2
Nov 25 16:21:11 pluto[6429] "rothmann"[1] 91.62.57.207 #14: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Nov 25 16:21:11 pluto[6429] "rothmann"[1] 91.62.57.207 #14: responding to Main Mode from unknown peer 91.62.57.207
Nov 25 16:21:11 pluto[6429] packet from 91.62.57.207:500: ignoring unknown Vendor ID payload [f4ed19e0c114eb516faaac0ee37daf2807b4381f000000020000138800000000...]
Nov 25 16:20:54 pluto[6429] "rothmann"[1] 91.62.57.207 #13: sending encrypted notification INVALID_ID_INFORMATION to 91.62.57.207:500
Nov 25 16:20:54 pluto[6429] "rothmann"[1] 91.62.57.207 #13: cannot respond to IPsec SA request because no connection is known for 0.0.0.0/0===195.64.106.31[C=DE, ST=Germany, O=Service, CN=195.64.106.31]...91.62.57.207[C=DE, ST=Germany, O=Service, CN=rothmannvpn]
Nov 25 16:20:54 pluto[6429] "rothmann"[1] 91.62.57.207 #13: Dead Peer Detection (RFC 3706): not enabled because peer did not advertise it
Nov 25 16:20:54 pluto[6429] "rothmann"[1] 91.62.57.207 #13: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_256 prf=oakley_sha group=modp1024}
Nov 25 16:20:54 pluto[6429] "rothmann"[1] 91.62.57.207 #13: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Nov 25 16:20:54 pluto[6429] "rothmann"[1] 91.62.57.207 #13: I am sending my cert
Nov 25 16:20:54 pluto[6429] "rothmann"[1] 91.62.57.207 #13: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, ST=Germany, O=Service, CN=rothmannvpn'
Nov 25 16:20:53 pluto[6429] "rothmann"[1] 91.62.57.207 #13: STATE_MAIN_R2: sent MR2, expecting MI3
Nov 25 16:20:53 pluto[6429] "rothmann"[1] 91.62.57.207 #13: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Nov 25 16:20:52 pluto[6429] "rothmann"[1] 91.62.57.207 #13: STATE_MAIN_R1: sent MR1, expecting MI2
Nov 25 16:20:52 pluto[6429] "rothmann"[1] 91.62.57.207 #13: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Nov 25 16:20:52 pluto[6429] "rothmann"[1] 91.62.57.207 #13: responding to Main Mode from unknown peer 91.62.57.207
Nov 25 16:20:52 pluto[6429] packet from 91.62.57.207:500: ignoring unknown Vendor ID payload [f4ed19e0c114eb516faaac0ee37daf2807b4381f000000020000138800000000...]

Ende----------------------

Irgendeine hoffentlich weiterführende Idee dazu?

Mit besten Grüssen

risc

Hallo,
besten Dank für die schnelle Antwort.
D.h. bei dem Endian Server wäre es möglich ein certificat zu erzeugen
mit dem IPSEC mit der Checkpoint 500 eine Verbindung auf bauen kann?
Die box kann nur Certificate erzeugen, die der Server nicht akzeptiert,
oder Certificate einlesen, die dann ein bisschen Phase 1, 2, und nach 3
hakt es, funktionieren.
Gibt es denn irgendwo eine Anleitung was genau da zwischen den Phasen
passieren muss.
Morgen kommt eine Cisco Box oder was weiss ich und schon geht der
ganze Kram wieder los. So kommt man ja garnicht mehr zu einem
Ergebnis. Es ist doch nicht sinnvoll für jede Box einen separaten
VPN Server einzusetzen.

Die Kommunikation läuft nur bis zu einem gewissen Grad. Habe es jetzt
nicht genau im Kopf, melde mich morgen nochmal wenn ich wieder Zugang
zu dem System habe.

Mit freundlichen Grüssen

risc

Hallo Forum

ich möchte gerne die obige box mit einem EDIAN Firwall über IPSEC verbinden.
Gibt es dafür eine Anleitung?
Alle Kombinationen des certificats und ebenso User/Passwort
scheiterten bislang.

Mit freundlichen Grüssen

risc