Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
it_administrato
Explorer

Ошибка VPN при аутентификации Remote Access VPN: Не удалось согласовать общие методы.

Коллеги, добрый день!

прошу помочь в решении текущей проблемы никакой информации в сети нет.

Шлюз безопасности Check Point  80,40 руб.
 
Ядро:
3.10.0-957.21.3cpx86_64
 
Издание:
64-битный
 
Номер сборки:
294

 

1111.jpg

В дебаге ошибка выглядит вот так:

 

[vpnd 14186 4082403264] @ ruSRV-c1-cp2 [21 дек, 4:09:41] [туннель ] chooseProposalFromList: не удалось сопоставить предложение. Преобразование: AES-256, SHA1, группа 2 (1024 бит); Причина: неправильное значение для: Метод аутентификации

[vpnd 14186 4082403264] @ ruSRV-c1-cp2 [21 дек, 4:09:41] [туннель] MMProcess1: ОШИБКА: невозможно выбрать предложение для клиента

[vpnd 14186 4082403264] @ ruSRV-c1-cp2 [21 декабря, 4:09:41] [туннель] fwisakmp_user_failed_with_auth: введите, отклонить категорию 3

[vpnd 14186 4082403264]@ruSRV-c1-cp2[21 Dec  4:09:41][tunnel] getIkeClientType: p1state->l2tp_machine_info = 0

[vpnd 14186 4082403264]@ruSRV-c1-cp2[21 Dec  4:09:41][tunnel] getUserCertificate: fwCert_CertsAndCRLsFromCertInfoList failed

[vpnd 14186 4082403264]@ruSRV-c1-cp2[21 Dec  4:09:41][tunnel] isakmpd_user_authenticated: No user name given

[vpnd 14186 4082403264]@ruSRV-c1-cp2[21 Dec  4:09:41] create_login_log: Called

[vpnd 14186 4082403264]@ruSRV-c1-cp2[21 Dec  4:09:41] create_login_log: expiration is invalid (0)

[vpnd 14186 4082403264]@ruSRV-c1-cp2[21 Dec  4:09:41] create_login_log: generate new log uid

[vpnd 14186 4082403264]@ruSRV-c1-cp2[21 Dec  4:09:41] create_login_log: Peer Machine DN not available

[vpnd 14186 4082403264]@ruSRV-c1-cp2[21 Dec  4:09:41][vpnd] vpn_need_login_log: begin

[vpnd 14186 4082403264]@ruSRV-c1-cp2[21 Dec  4:09:41] CFwdCommStreamLocal::Write called

[vpnd 14186 4082403264]@ruSRV-c1-cp2[21 Dec  4:09:41] CFwdCommStreamLocal::Write sent 400 bytes

[vpnd 14186 4082403264]@ruSRV-c1-cp2[21 Dec  4:09:41][vpnd] vpn_need_login_log: begin

[vpnd 14186 4082403264]@ruSRV-c1-cp2[21 Dec  4:09:41] CFwdCommStreamLocal::Write called

[vpnd 14186 4082403264]@ruSRV-c1-cp2[21 Dec  4:09:41] CFwdCommStreamLocal::Write sent 68 bytes

[vpnd 14186 4082403264]@ruSRV-c1-cp2[21 Dec  4:09:41][tunnel] RespMMPacketError: error in FWIKE_EXCH_MAIN_MODE - FWIKE_MM_PACKET_1

[vpnd 14186 4082403264]@ruSRV-c1-cp2[21 Dec  4:09:41][tunnel]          < FWIKE_ROLE_INITIATOR >    Id = 3576

[vpnd 14186 4082403264]@ruSRV-c1-cp2[21 Dec  4:09:41][tunnel] ike_initiator: entering with my_instance: -1

[vpnd 14186 4082403264]@ruSRV-c1-cp2[21 Dec  4:09:41][tunnel] ike_initiator: notifyData.notifyType = 0

[vpnd 14186 4082403264]@ruSRV-c1-cp2[21 Dec  4:09:41][tunnel] InitiatorOnEnter: idRanges NOT USED mine [0-0] peer's [0-0]

[vpnd 14186 4082403264]@ruSRV-c1-cp2[21 Dec  4:09:41] findSAByPeer: Find SA with cookies 2e2bd449f5fb1361,0000000000000000 from packet

[vpnd 14186 4082403264]@ruSRV-c1-cp2[21 Dec  4:09:41] findSAByPeer: Valid ISAKMP SA was not found.  me=0, peer=b2d206d3

[vpnd 14186 4082403264]@ruSRV-c1-cp2[21 Dec  4:09:41][tunnel]          < FWIKE_EXCH_INFORMATION >    Id = 3576

[vpnd 14186 4082403264]@ruSRV-c1-cp2[21 Dec  4:09:41][tunnel]          < FWIKE_PACKET_START >    Id = 3576

[vpnd 14186 4082403264]@ruSRV-c1-cp2[21 Dec  4:09:41][tunnel] InitInfoStart: enter.

[vpnd 14186 4082403264]@ruSRV-c1-cp2[21 Dec  4:09:41] find_sa_by_ike_peer: Find IKE SA for IKE peer <178.210.6.211,0000000000000000>

[vpnd 14186 4082403264]@ruSRV-c1-cp2[21 Dec  4:09:41] find_sa_by_ike_peer: No IKE SA for this IKE peer found

[vpnd 14186 4082403264]@ruSRV-c1-cp2[21 Dec  4:09:41][tunnel] InitInfoStart: no sa for notification. Send without...

[vpnd 14186 4082403264]@ruSRV-c1-cp2[21 Dec  4:09:41][tunnel]          < FWIKE_INFO_NOTIFY_CLEAR >    Id = 3576

[vpnd 14186 4082403264]@ruSRV-c1-cp2[21 Dec  4:09:41][tunnel] CreateNotifyClear (9101): entering

[vpnd 14186 4082403264]@ruSRV-c1-cp2[21 Dec  4:09:41] HashResizeMode_verify_trigger_ratio: Illegal trigger value (1) should be 2..8

[vpnd 14186 4082403264]@ruSRV-c1-cp2[21 Dec  4:09:41][tunnel] Sent Notification to Peer b2d206d3: Client Encrypt Notification: Could not agree on common methods.

 

0 Kudos
1 Reply
it_administrato
Explorer

Проблема решена путем перегенерации сертификата на Шлюзе CheckPoint.