This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Cookie Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

About Isaac_Zheng

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Isaac_Zheng
‎10-21-2020
since ‎10-21-2020
L0 Member
User Activity
User Profile
Latest posts by Isaac_Zheng
View All
User Badges
Community Statistics
Member Since ‎10-21-2020 06:21 PM
Date Last Visited ‎10-21-2020 11:06 PM
Posts 1

IPSec S2S VPN between Palo Alto and Sophos XG

by in General Topics
‎10-21-2020 07:38 PM
‎10-21-2020 07:38 PM
Hi,   I'm trying to set up a S2S between Palo Alto Sophos XG and so far it's been unsuccessful as Palo Alto is not able to find a suitable proposal for the connection.   I've also tried the following the KB here. (https://www.sophos.com/en-us/medialibrary/PDFs/documentation/SophosFirewall/Pocket-Guides/Establish-IPsec-VPN-Connection-between-Sophos-and-PaloAlto.pdf)   I'm supposed to be using IKEv1, AES256-SHA256, DH5 and I've checked to make sure the settings on both Firewalls are aligned (IKE, encryption keys, preshared keys).   Below is the logs from Palo Alto for a connection coming in from Sophos. Any insight to interpreting the logs would be helpful.   2020-10-21 01:29:05.195 +0000 [PNTF]: { 54: }: ====> PHASE-1 NEGOTIATION STARTED AS RESPONDER, MAIN MODE <==== ====> Initiated SA <==== [INFO]: { 54: }: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt [INFO]: { 54: }: received Vendor ID: DPD [INFO]: { 54: }: received Vendor ID: CISCO-UNITY [INFO]: { 54: }: received Vendor ID: FRAGMENTATION [INFO]: { 54: }: received Vendor ID: RFC 3947 [INFO]: { 54: }: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02 [PERR]: { 54: }: rejected hashtype: DB(prop#1:trns#1):Peer(prop#0:trns#1) = SHA1:SHA256 [PERR]: { 54: }: rejected dh_group: DB(prop#1:trns#1):Peer(prop#0:trns#1) = DH2:DH5 [PERR]: { 54: }: rejected enctype: DB(prop#1:trns#2):Peer(prop#0:trns#1) = 3DES:AES [PERR]: { 54: }: rejected hashtype: DB(prop#1:trns#2):Peer(prop#0:trns#1) = SHA1:SHA256 [PERR]: { 54: }: rejected dh_group: DB(prop#1:trns#2):Peer(prop#0:trns#1) = DH2:DH5 [PERR]: { 54: }: rejected hashtype: DB(prop#1:trns#1):Peer(prop#0:trns#2) = SHA1:SHA256 [PERR]: { 54: }: rejected enctype: DB(prop#1:trns#2):Peer(prop#0:trns#2) = 3DES:AES [PERR]: { 54: }: rejected hashtype: DB(prop#1:trns#2):Peer(prop#0:trns#2) = SHA1:SHA256 [PERR]: { 54: }: rejected hashtype: DB(prop#1:trns#1):Peer(prop#0:trns#3) = SHA1:SHA256 [PERR]: { 54: }: rejected dh_group: DB(prop#1:trns#1):Peer(prop#0:trns#3) = DH2:DH19 [PERR]: { 54: }: rejected enctype: DB(prop#1:trns#2):Peer(prop#0:trns#3) = 3DES:AES [PERR]: { 54: }: rejected hashtype: DB(prop#1:trns#2):Peer(prop#0:trns#3) = SHA1:SHA256 [PERR]: { 54: }: rejected dh_group: DB(prop#1:trns#2):Peer(prop#0:trns#3) = DH2:DH19 [PERR]: { 54: }: rejected enctype: DB(prop#1:trns#1):Peer(prop#0:trns#4) = AES:TBD [PERR]: { 54: }: rejected hashtype: DB(prop#1:trns#1):Peer(prop#0:trns#4) = SHA1:TBD [PERR]: { 54: }: rejected dh_group: DB(prop#1:trns#1):Peer(prop#0:trns#4) = DH2:DH19 [PERR]: { 54: }: rejected enctype: DB(prop#1:trns#2):Peer(prop#0:trns#4) = 3DES:TBD [PERR]: { 54: }: rejected hashtype: DB(prop#1:trns#2):Peer(prop#0:trns#4) = SHA1:TBD [PERR]: { 54: }: rejected dh_group: DB(prop#1:trns#2):Peer(prop#0:trns#4) = DH2:DH19 [PERR]: { 54: }: no suitable proposal found. [PERR]: { 54: }: (nil) failed to get valid proposal. [PERR]: { 54: }: failed to process packet. [INFO]: { 54: }: ====> PHASE-1 SA DELETED <==== ====> Deleted SA <==== ... View more
Register or Sign-in
Contact Me
Online Status
Offline
Date Last Visited
‎10-21-2020 11:06 PM
Latest Tags
No tags yet
LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks