IKE_SA failed, peer not responding, Firebox behind FritzBox

Hello,
following szenario (Germany):
Internet - Fritzbox (DSL Router) - Firebox eth0 - eth1 local network

Configured IKEv2 and imported into StrongSwan on my andorid.
Have DynDNS running.

While trying to connct via VPN with my network I get error message in StrongSwan log:
initiating IKE_SA android to (my IP address)
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NAT_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP)]
sending packet... message ID 0
giving up...
establishing IKE_SA failed, peer not responding...

I think I cannot go through my first NAT the fritzbox. What shall I do?

Thanks for help?
kind regards
Frank

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi Frank,

    It sounds like the firebox is not responding.

    Do you see any logs on the firebox related to your connection attempt? If not, I'd suggest looking on the Fritzbox to see if it has any settings to allow VPN pass-thru.

    In order for the VPN to work, the frtizbox must be forwarding traffic to the firebox.

    -James Carson
    WatchGuard Customer Support

  • If you cannot put the Fritzbox into bridge mode, then look to see if you can put the WAN IP of the Firebox into the Fritzbox' DMZ. More than likely, you will need to do the latter.

    Gregg Hill

Sign In to comment.