IKE_SA failed, peer not responding, Firebox behind FritzBox
Hello,
following szenario (Germany):
Internet - Fritzbox (DSL Router) - Firebox eth0 - eth1 local network
Configured IKEv2 and imported into StrongSwan on my andorid.
Have DynDNS running.
While trying to connct via VPN with my network I get error message in StrongSwan log:
initiating IKE_SA android to (my IP address)
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NAT_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP)]
sending packet... message ID 0
giving up...
establishing IKE_SA failed, peer not responding...
I think I cannot go through my first NAT the fritzbox. What shall I do?
Thanks for help?
kind regards
Frank
0
Sign In to comment.
Comments
Hi Frank,
It sounds like the firebox is not responding.
Do you see any logs on the firebox related to your connection attempt? If not, I'd suggest looking on the Fritzbox to see if it has any settings to allow VPN pass-thru.
In order for the VPN to work, the frtizbox must be forwarding traffic to the firebox.
-James Carson
WatchGuard Customer Support
If you cannot put the Fritzbox into bridge mode, then look to see if you can put the WAN IP of the Firebox into the Fritzbox' DMZ. More than likely, you will need to do the latter.
Gregg Hill