IKEv2-(IPSec)-Verbindung klappt nicht

Moderator: Securepoint

Gesperrt
BLH2012
Beiträge: 37
Registriert: Do 18.10.2012, 17:56

IKEv2-(IPSec)-Verbindung klappt nicht

Beitrag von BLH2012 »

Hallo,

ich bin nach dem Tutorial vorgegangen um eine IKEv1-(IPSec)-Verbindung von Windows7 zu meinem Gateway aufbauen. Es kommt immer der Fehler 13801.

Ich würde mich freuen wenn jemand einen Blick in mein Log werfen könnte :)

09:05:15 192.168.0.1 IPSEC Server gateway.blh.local 14[IKE] 80.187.96.154 is initiating an IKE_SA
09:05:15 192.168.0.1 IPSEC Server gateway.blh.local 14[IKE] 80.187.96.154 is initiating an IKE_SA
09:05:16 192.168.0.1 IPSEC Server gateway.blh.local 14[IKE] remote host is behind NAT
09:05:16 192.168.0.1 IPSEC Server gateway.blh.local 14[IKE] sending cert request for "C=DE, ST=Rheinland-Pfalz, L=Trier, O=BLH-Trier, OU=edv, CN=Cert_BLH_CA, E=technik@pccedvservice.de"
09:05:16 192.168.0.1 IPSEC Server gateway.blh.local 15[IKE] received retransmit of request with ID 0, retransmitting response
09:05:17 192.168.0.1 IPSEC Server gateway.blh.local 02[IKE] received cert request for unknown ca with keyid 0e:ac:82:60:40:56:27:97:e5:25:13:fc:2a:e1:0a:53:95:59:e4:a4
09:05:17 192.168.0.1 IPSEC Server gateway.blh.local 02[IKE] received cert request for unknown ca with keyid dd:bc:bd:86:9c:3f:07:ed:40:e3:1b:08:ef:ce:c4:d1:88:cd:3b:15
09:05:17 192.168.0.1 IPSEC Server gateway.blh.local 02[IKE] received cert request for unknown ca with keyid 4a:5c:75:22:aa:46:bf:a4:08:9d:39:97:4e:bd:b4:a3:60:f7:a0:1d
09:05:17 192.168.0.1 IPSEC Server gateway.blh.local 02[IKE] received cert request for unknown ca with keyid 48:d1:87:ed:89:9e:55:91:4e:8c:11:76:75:c2:6e:bb:c1:71:a6:45
09:05:17 192.168.0.1 IPSEC Server gateway.blh.local 02[IKE] received cert request for unknown ca with keyid 01:f0:33:4c:1a:a1:d9:ee:5b:7b:a9:de:43:bc:02:7d:57:09:33:fb
09:05:17 192.168.0.1 IPSEC Server gateway.blh.local 02[IKE] received cert request for "C=DE, ST=Rheinland-Pfalz, L=Trier, O=BLH-Trier, OU=edv, CN=Cert_BLH_CA, E=technik@pccedvservice.de"
09:05:17 192.168.0.1 IPSEC Server gateway.blh.local 02[IKE] received cert request for unknown ca with keyid 34:4f:30:2d:25:69:31:91:ea:f7:73:5c:ab:f5:86:8d:37:82:40:ec
09:05:17 192.168.0.1 IPSEC Server gateway.blh.local 02[IKE] received cert request for unknown ca with keyid 3e:df:29:0c:c1:f5:cc:73:2c:eb:3d:24:e1:7e:52:da:bd:27:e2:f0
09:05:17 192.168.0.1 IPSEC Server gateway.blh.local 02[IKE] received cert request for unknown ca with keyid da:ed:64:74:14:9c:14:3c:ab:dd:99:a9:bd:5b:28:4d:8b:3c:c9:d8
09:05:17 192.168.0.1 IPSEC Server gateway.blh.local 02[IKE] received cert request for unknown ca with keyid 48:e6:68:f9:2b:d2:b2:95:d7:47:d8:23:20:10:4f:33:98:90:9f:d4
09:05:17 192.168.0.1 IPSEC Server gateway.blh.local 02[IKE] received cert request for unknown ca with keyid 87:db:d4:5f:b0:92:8d:4e:1d:f8:15:67:e7:f2:ab:af:d6:2b:67:75
09:05:17 192.168.0.1 IPSEC Server gateway.blh.local 02[IKE] received cert request for unknown ca with keyid f0:17:62:13:55:3d:b3:ff:0a:00:6b:fb:50:84:97:f3:ed:62:d0:1a
09:05:17 192.168.0.1 IPSEC Server gateway.blh.local 02[IKE] received cert request for unknown ca with keyid 59:79:12:de:61:75:d6:6f:c4:23:b7:77:13:74:c7:96:de:6f:88:72
09:05:17 192.168.0.1 IPSEC Server gateway.blh.local 02[IKE] received cert request for unknown ca with keyid 6c:ca:bd:7d:b4:7e:94:a5:75:99:01:b6:a7:df:d4:5d:1c:09:1c:cc
09:05:17 192.168.0.1 IPSEC Server gateway.blh.local 02[IKE] received cert request for unknown ca with keyid 1a:21:b4:95:2b:62:93:ce:18:b3:65:ec:9c:0e:93:4c:b3:81:e6:d4
09:05:17 192.168.0.1 IPSEC Server gateway.blh.local 02[IKE] received cert request for unknown ca with keyid e2:7f:7b:d8:77:d5:df:9e:0a:3f:9e:b4:cb:0e:2e:a9:ef:db:69:77
09:05:17 192.168.0.1 IPSEC Server gateway.blh.local 02[IKE] received cert request for unknown ca with keyid 90:2f:82:a3:7c:47:97:01:1e:0f:4b:a5:af:13:13:c2:11:13:47:ea
09:05:17 192.168.0.1 IPSEC Server gateway.blh.local 02[IKE] received cert request for unknown ca with keyid 5f:f3:24:6c:8f:91:24:af:9b:5f:3e:b0:34:6a:f4:2d:5c:a8:5d:cc
09:05:17 192.168.0.1 IPSEC Server gateway.blh.local 02[IKE] received cert request for unknown ca with keyid 83:31:7e:62:85:42:53:d6:d7:78:31:90:ec:91:90:56:e9:91:b9:e3
09:05:17 192.168.0.1 IPSEC Server gateway.blh.local 02[IKE] received cert request for unknown ca with keyid e2:7f:7b:d8:77:d5:df:9e:0a:3f:9e:b4:cb:0e:2e:a9:ef:db:69:77
09:05:17 192.168.0.1 IPSEC Server gateway.blh.local 02[IKE] received cert request for unknown ca with keyid b1:81:08:1a:19:a4:c0:94:1f:fa:e8:95:28:c1:24:c9:9b:34:ac:c7
09:05:17 192.168.0.1 IPSEC Server gateway.blh.local 02[IKE] received cert request for unknown ca with keyid a8:48:b4:24:2f:c6:ea:24:a0:d7:8e:3c:b9:3c:5c:78:d7:98:33:e4
09:05:17 192.168.0.1 IPSEC Server gateway.blh.local 02[IKE] received cert request for unknown ca with keyid 90:2f:82:a3:7c:47:97:01:1e:0f:4b:a5:af:13:13:c2:11:13:47:ea
09:05:17 192.168.0.1 IPSEC Server gateway.blh.local 02[IKE] received end entity cert "C=DE, ST=Rheinland-Pfalz, L=Trier, O=BLH Trier, OU=EDV, CN=BLHwebCert, E=technik@pccedvservice.de"
09:05:17 192.168.0.1 IPSEC Server gateway.blh.local 02[CFG] looking for peer configs matching 217.92.59.76[%any]...80.187.96.154[C=DE, ST=Rheinland-Pfalz, L=Trier, O=BLH Trier, OU=EDV, CN=BLHwebCert, E=technik@pccedvservice.de]
09:05:17 192.168.0.1 IPSEC Server gateway.blh.local 02[CFG] selected peer config 'gateway.blh.local__GT__BLH_VPN_2'
09:05:17 192.168.0.1 IPSEC Server gateway.blh.local 02[CFG] using certificate "C=DE, ST=Rheinland-Pfalz, L=Trier, O=BLH Trier, OU=EDV, CN=BLHwebCert, E=technik@pccedvservice.de"
09:05:17 192.168.0.1 IPSEC Server gateway.blh.local 02[CFG] using trusted ca certificate "C=DE, ST=Rheinland-Pfalz, L=Trier, O=BLH-Trier, OU=edv, CN=Cert_BLH_CA, E=technik@pccedvservice.de"
09:05:17 192.168.0.1 IPSEC Server gateway.blh.local 02[CFG] checking certificate status of "C=DE, ST=Rheinland-Pfalz, L=Trier, O=BLH Trier, OU=EDV, CN=BLHwebCert, E=technik@pccedvservice.de"
09:05:17 192.168.0.1 IPSEC Server gateway.blh.local 02[CFG] certificate status is not available
09:05:17 192.168.0.1 IPSEC Server gateway.blh.local 02[CFG] reached self-signed root ca with a path length of 0
09:05:17 192.168.0.1 IPSEC Server gateway.blh.local 02[IKE] authentication of 'C=DE, ST=Rheinland-Pfalz, L=Trier, O=BLH Trier, OU=EDV, CN=BLHwebCert, E=technik@pccedvservice.de' with RSA signature successful
09:05:17 192.168.0.1 IPSEC Server gateway.blh.local 02[IKE] peer supports MOBIKE, but disabled in config
09:05:17 192.168.0.1 IPSEC Server gateway.blh.local 02[IKE] authentication of 'C=DE, ST=Rheinland-Pfalz, L=Trier, O=BLH Trier, OU=EDV, CN=BLH_vpn_Cert, E=technik@pccedvservice.de' (myself) with RSA signature successful
09:05:17 192.168.0.1 IPSEC Server gateway.blh.local 02[IKE] deleting duplicate IKE_SA for peer 'C=DE, ST=Rheinland-Pfalz, L=Trier, O=BLH Trier, OU=EDV, CN=BLHwebCert, E=technik@pccedvservice.de' due to uniqueness policy
09:05:17 192.168.0.1 IPSEC Server gateway.blh.local 02[IKE] deleting IKE_SA gateway.blh.local__GT__BLH_VPN_2[1] between 217.92.59.76[C=DE, ST=Rheinland-Pfalz, L=Trier, O=BLH Trier, OU=EDV, CN=BLH_vpn_Cert, E=technik@pccedvservice.de]...80.187.96.154[C=DE, ST=Rheinland-Pfalz, L=Trier, O=BLH Trier, OU=EDV, CN=BLHwebCert, E=technik@pccedvservice.de]
09:05:17 192.168.0.1 IPSEC Server gateway.blh.local 02[IKE] deleting IKE_SA gateway.blh.local__GT__BLH_VPN_2[1] between 217.92.59.76[C=DE, ST=Rheinland-Pfalz, L=Trier, O=BLH Trier, OU=EDV, CN=BLH_vpn_Cert, E=technik@pccedvservice.de]...80.187.96.154[C=DE, ST=Rheinland-Pfalz, L=Trier, O=BLH Trier, OU=EDV, CN=BLHwebCert, E=technik@pccedvservice.de]
09:05:17 192.168.0.1 IPSEC Server gateway.blh.local 02[IKE] sending DELETE for IKE_SA gateway.blh.local__GT__BLH_VPN_2[1]
09:05:17 192.168.0.1 IPSEC Server gateway.blh.local 02[IKE] IKE_SA gateway.blh.local__GT__BLH_VPN_2[5] established between 217.92.59.76[C=DE, ST=Rheinland-Pfalz, L=Trier, O=BLH Trier, OU=EDV, CN=BLH_vpn_Cert, E=technik@pccedvservice.de]...80.187.96.154[C=DE, ST=Rheinland-Pfalz, L=Trier, O=BLH Trier, OU=EDV, CN=BLHwebCert, E=technik@pccedvservice.de]
09:05:17 192.168.0.1 IPSEC Server gateway.blh.local 02[IKE] IKE_SA gateway.blh.local__GT__BLH_VPN_2[5] established between 217.92.59.76[C=DE, ST=Rheinland-Pfalz, L=Trier, O=BLH Trier, OU=EDV, CN=BLH_vpn_Cert, E=technik@pccedvservice.de]...80.187.96.154[C=DE, ST=Rheinland-Pfalz, L=Trier, O=BLH Trier, OU=EDV, CN=BLHwebCert, E=technik@pccedvservice.de]
09:05:17 192.168.0.1 IPSEC Server gateway.blh.local 02[IKE] scheduling reauthentication in 2613s
09:05:17 192.168.0.1 IPSEC Server gateway.blh.local 02[IKE] maximum IKE_SA lifetime 3153s
09:05:17 192.168.0.1 IPSEC Server gateway.blh.local 02[IKE] sending end entity cert "C=DE, ST=Rheinland-Pfalz, L=Trier, O=BLH Trier, OU=EDV, CN=BLH_vpn_Cert, E=technik@pccedvservice.de"
09:05:17 192.168.0.1 IPSEC Server gateway.blh.local 02[IKE] peer requested virtual IP %any6
09:05:17 192.168.0.1 IPSEC Server gateway.blh.local 02[CFG] assigning new lease to 'C=DE, ST=Rheinland-Pfalz, L=Trier, O=BLH Trier, OU=EDV, CN=BLHwebCert, E=technik@pccedvservice.de'
09:05:17 192.168.0.1 IPSEC Server gateway.blh.local 02[IKE] assigning virtual IP 192.168.0.2 to peer 'C=DE, ST=Rheinland-Pfalz, L=Trier, O=BLH Trier, OU=EDV, CN=BLHwebCert, E=technik@pccedvservice.de'
09:05:17 192.168.0.1 IPSEC Server gateway.blh.local 02[IKE] CHILD_SA gateway.blh.local__GT__BLH_VPN_2{2} established with SPIs c508f83e_i 2d2b853e_o and TS 192.168.0.0/24 === 192.168.0.2/32
09:05:17 192.168.0.1 IPSEC Server gateway.blh.local 02[IKE] CHILD_SA gateway.blh.local__GT__BLH_VPN_2{2} established with SPIs c508f83e_i 2d2b853e_o and TS 192.168.0.0/24 === 192.168.0.2/32
09:05:17 192.168.0.1 IPSEC Server gateway.blh.local + C=DE, ST=Rheinland-Pfalz, L=Trier, O=BLH Trier, OU=EDV, CN=BLHwebCert, E=technik@pccedvservice.de 192.168.0.2/32 == 80.187.96.154 -- 217.92.59.76 == 192.168.0.0/24
09:05:21 192.168.0.1 IPSEC Server gateway.blh.local 10[IKE] destroying IKE_SA in state DELETING without notification
09:05:21 192.168.0.1 IPSEC Server gateway.blh.local - C=DE, ST=Rheinland-Pfalz, L=Trier, O=BLH Trier, OU=EDV, CN=BLHwebCert, E=technik@pccedvservice.de 192.168.0.1/32 == 80.187.96.154 -- 217.92.59.76 == 192.168.0.0/24
09:05:21 192.168.0.1 IPSEC Server gateway.blh.local 10[CFG] lease 192.168.0.1 by 'C=DE, ST=Rheinland-Pfalz, L=Trier, O=BLH Trier, OU=EDV, CN=BLHwebCert, E=technik@pccedvservice.de' went offline
09:05:25 192.168.0.1 Firewall DROP DROP(default) IN=eth1 gateway.blh.local OUT= MAC=ff:ff:ff:ff:ff:ff:00:26:18:74:03:88:08:00 SRC=192.168.0.57 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=36887 PROTO=UDP SPT=137 DPT=137 LEN=58

BLH2012
Beiträge: 37
Registriert: Do 18.10.2012, 17:56

Beitrag von BLH2012 »

Hat sich erledigt, die Verbindung kommt jetzt zustande. Die Zertifikate waren nicht richtig erstellt bzw. auf dem Client importiert.

Gesperrt