User Unable to Connect IPSEC VPN
Firebox M470 running 12.5.2
I have a user that is unable to connect from home using IPSEC through his ISP. However, if he uses his phone as a hotspot he can connect. The ISP provider is stumped, pointing fingers at us preventing the traffic. I say "Doubt 100" because I have around 100 employees working from home just fine, but I thought I'd cover my bases and see what any of you think.
When I look at System Manager for the users external IP while trying to connect this is what I see -
2020-04-30 15:22:58 iked (FIREWALL_IP<->USERS_HOME_IP)******** RECV an IKE packet at FIREWALL_IP:4500(socket=16 ifIndex=5) from Peer USERS_HOME_IP:4500 ******** Debug
2020-04-30 15:22:58 iked (FIREWALL_IP<->USERS_HOME_IP)IKE SA[0x8af4c0 socket:16 state:'Hash Wait' MyAddr:FIREWALL_IP:4500 PeerAddr:199.117.60.138:4500] Debug
2020-04-30 15:22:58 iked (FIREWALL_IP<->USERS_HOME_IP)Drop the packet from USERS_HOME_IP:4500 to FIREWALL_IP:4500 with matching cookies. IKE SA is mature, expect further packet from 199.117.60.138:4500 to FIREWALL_IP:4500. Debug
2020-04-30 15:22:58 iked (FIREWALL_IP<->USERS_HOME_IP)ike_process_pkt: ProcessData returned error (-1) Debug
2020-04-30 15:22:58 iked (FIREWALL_IP<->USERS_HOME_IP)******** RECV an IKE packet at FIREWALL_IP:4500(socket=16 ifIndex=5) from Peer USERS_HOME_IP:4500 ******** Debug
2020-04-30 15:22:58 iked (FIREWALL_IP<->USERS_HOME_IP)IKE SA[0x8af4c0 socket:16 state:'Hash Wait' MyAddr:FIREWALL_IP:4500 PeerAddr:199.117.60.138:4500] Debug
2020-04-30 15:22:58 iked (FIREWALL_IP<->USERS_HOME_IP)Drop the packet from USERS_HOME_IP:4500 to FIREWALL_IP:4500 with matching cookies. IKE SA is mature, expect further packet from 199.117.60.138:4500 to FIREWALL_IP:4500. Debug
2020-04-30 15:22:58 iked (FIREWALL_IP<->USERS_HOME_IP)ike_process_pkt: ProcessData returned error (-1) Debug
2020-04-30 15:23:28 iked (FIREWALL_IP<->USERS_HOME_IP)******** RECV an IKE packet at FIREWALL_IP:4500(socket=16 ifIndex=5) from Peer USERS_HOME_IP:4500 ******** Debug
2020-04-30 15:23:28 iked (FIREWALL_IP<->USERS_HOME_IP)ISAKMP SA not found using cookies[i=1617982d5dd72c95 r=0199226f5b70001b] Debug
2020-04-30 15:23:28 iked (FIREWALL_IP<->USERS_HOME_IP)Ignore informational(5) IKE message Debug
Ideas or suggestions?
Thanks.
Comments
Nothing helpful to me in these logs.
Time for a support incident.
Most likely they will want to see more log entries related to this, perhaps from the connection attempt.
Thanks Bruce. 👍