Problem w/ IKEv2 mobile VPN

I cannot connect to a mobile VPN with IKEv2 when using a mobile hotspot. The device reports this error,

2023-12-22 16:30:06 iked (External_IP<->Mobile_IP)Dropped IKEv2 IKE_AUTH message from Mobile_IP:40857. Gateway-Endpoint='WG IKEv2 MVPN'. Reason=Invalid message ID in IKE_AUTH request message.

There are no issues with the mobile hotspot if I use a L2TP connection. Any suggestion?


  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @DVM.

    The log suggests the message ID in the IKE traffic may be changed from what is expected in the IKE Auth message. If this is only happening via this mobile connection, I'd suggest checking that mobile router to see if it has any functionality to do this.

    -If you see any feature to "fix" or improve IPSec, IKE, or ESP, please ensure that this is turned off. (I most commonly see this referred to as ESP-ALG on ISP devices.)
    -If you see any feature for IKE or VPN pass-thru, please enable that.

    If you need assistance, I'd suggest opening a support case. Our team can verify if that is what's happening and help provide packet captures if needed.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.