VPN "Message retry timeout"

invisikinvisik
in Firebox - VPN Branch Office

Hi all,

Trying to do drag-and-drop VPN within System Manager … our location has a M200 and the other end has a T35 both on 12.3.1.

I've connected to this location in the past. I don't know how the ID can be mismatched due to the WSM handling creating the BOVPN connection... sounds kinda like packet loss, but I can make other remote desktop type connections (LogMeIn, ScreenConnect, etc) and they are working just fine. We have Comcast Business Cable on our end and the other end has a regional telco provider's 5MB connection.

Here are the logs... (my end is "localip"… the office we are trying to connect to is "remoteip".)

2019-04-01 08:37:54 iked (remoteip<->localip)IKE phase-1 negotiation from remoteip:500 to localip:500 failed. Gateway-Endpoint='InvisikTechOffice.1.3' Reason=Authentication failure due to mismatched ID setting msg_id="0203-0011" Debug
2019-04-01 08:37:59 iked (remoteip<->localip)IKE phase-1 negotiation from remoteip:500 to localip:500 failed. Gateway-Endpoint='InvisikTechOffice.1.3' Reason=Authentication failure due to mismatched ID setting msg_id="0203-0011" Debug
2019-04-01 08:38:02 iked (remoteip<->localip)IKE phase-1 negotiation from remoteip:500 to local:500 failed. Gateway-Endpoint='InvisikTechOffice.1.3' Reason=Authentication failure due to mismatched ID setting msg_id="0203-0011" Debug
2019-04-01 08:38:07 iked (remoteip<->localip)IKE phase-1 negotiation from remoteip:500 to localip:500 failed. Gateway-Endpoint='InvisikTechOffice.1.3' Reason=Authentication failure due to mismatched ID setting msg_id="0203-0011" Debug
2019-04-01 08:38:09 iked (remoteip<->localip)IKE phase-1 negotiation from remoteip:500 to localip:500 failed. Gateway-Endpoint='InvisikTechOffice.1.3' Reason=Message retry timeout. Check the connection between local and remote gateway endpoints. msg_id="0203-0015" Debug

Thank you for any suggestions...

-m

Comments

  • Bruce_BriggsBruce_Briggs

    In WSM, you can try Expire Lease and Update Device for both firewalls.
    See if that helps. If not consider opening a support incident.

    I used managed BOVPNs when I first set up BOVPNs, but after a while I switched to manaual ones, which are fairly easy to set up, and for me, there is more flexibility in BOVPN settings and dealing with policies, Traffic Mgt, etc.

Sign In to comment.