Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
gm446
Contributor
Jump to solution

IPSec VPN invalid id error

Hello Everyone,

i am trying to establish a VPN tunnel to new AWS VPC. all the configurations on the aws side is on default and the configurations i made in the gateway are exactly like the requirements in the aws document but still the tunnel is not up.

i get this error on the logs: Key Install Quick Mode Sent Notification: invalid id information

on debug file:

** QuickMode ==> Thu Mar 16 2023 12:52:09 cookie cbf83400fb582586 (0.0.0.0 0.0.0.0) - (0.0.0.0 0.0.0.0) ---- Failed after QM packet 2 ----

==> QM packet 1 (12:52:09) - (0.0.0.0 0.0.0.0) - (0.0.0.0 0.0.0.0)
Header
RespCookie: a1 3d 9f d7 c6 28 6c 21
MsgID: d5 2b 06 42
SAPayload
prop1 PROTO_IPSEC_ESP (8a 5a 8e 7e )
Transform Payload - ESP_AES
Group Description: Alternate 1024-bit MODP group
SA Life Type: Seconds
SA Life Duration: 3600
Authentication Alg: HMAC-SHA1
Encapsulation Mode: Tunnel
Key Length: 128
ID Payload
ID type: ID_IPV4_ADDR_SUBNET
ID Data: 00 00 00 00 00 00 00 00 (0.0.0.0 0.0.0.0)
ID Payload
ID type: ID_IPV4_ADDR_SUBNET
ID Data: 00 00 00 00 00 00 00 00 (0.0.0.0 0.0.0.0)

<== QM packet 2 (12:52:09) - (10.10.0.0 255.255.255.0)
Header
RespCookie: a1 3d 9f d7 c6 28 6c 21
MsgID: d5 2b 06 42
SAPayload
prop1 PROTO_IPSEC_ESP (c3 9d 78 4d )
Transform Payload - ESP_AES
Key Length: 128
Authentication Alg: HMAC-SHA1
Group Description: Alternate 1024-bit MODP group
Encapsulation Mode: Tunnel
SA Life Type: Seconds
SA Life Duration: 3600
ID Payload
ID type: ID_IPV4_ADDR_SUBNET
ID Data: 0a 0a 00 00 ff ff ff 00 (10.10.0.0 255.255.255.0)

i will love to get any help on this.

Best Regards,
Yossi.

0 Kudos
3 Replies
gm446
Contributor

thank you, it was the encryption domain mismatch

the_rock
Legend
Legend

Yea, more often that not, since its quick mode, that would always refer to phase 2, specifically enc domain mismatch, so good job! 👍

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events