Hello guys, I have a problem that i've been the whole day trying to make it work but i can't and i have to solve it asap. I have around 12 vpn connections peer to peer working. I have to change those vpn connections to another IP Public little by little (my peer IP). I tried today with 3 vpn sites modifying: - IKE Gateway: modifying Interface, local ip addres and local identification - Static Routes: i modified the interface and the next hop - Security Rules: I added the new IP Public to the one that already exist. Am i missing something? The ones with the old IP Public are working perfect but i can't make it work with the new one. (The changes in the remote peers were made as well). My remote peer told me that they can ping and traceroute me but i can't, so i guess the problem is on my side. Can someone help me? i don't know what more to look or to change. Also i got different errors in the logs: Site 1: ====> PHASE-1 NEGOTIATION FAILED AS INITIATOR, MAIN MODE <==== ====> Failed SA: my peer[500]-remote peer[500] cookie:6731f1a9f47445d5:0000000000000000 <==== Due to timeout. 2019-02-04 19:44:36.000 +0100 [INFO]: { 2: }: ====> PHASE-1 SA DELETED <==== ====> Deleted SA: my peer[500]-remote peer[500] cookie:6731f1a9f47445d5:0000000000000000 <==== Site 2: ====> PHASE-1 NEGOTIATION STARTED AS RESPONDER, MAIN MODE <==== ====> Initiated SA: my peer[500]-remote peer[500] cookie:81bbd9683095c862:4079c6c2a022dd4d <==== 2019-02-04 19:44:51.349 +0100 [INFO]: { 1: }: received Vendor ID: DPD 2019-02-04 19:44:51.349 +0100 [INFO]: { 1: }: received Vendor ID: RFC 3947 2019-02-04 19:44:51.349 +0100 [INFO]: { 1: }: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03 2019-02-04 19:44:51.349 +0100 [INFO]: { 1: }: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02 2019-02-04 19:44:51.349 +0100 [INFO]: { 1: }: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02 2019-02-04 19:44:51.349 +0100 [INFO]: { 1: }: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00 2019-02-04 19:44:52.000 +0100 [PNTF]: { 1: }: ====> PHASE-1 NEGOTIATION FAILED AS RESPONDER, MAIN MODE <==== ====> Failed SA: my peer[500]-remote peer[500] cookie:de602182338cb9d0:25a62e85bee11834 <==== Due to timeout. 2019-02-04 19:44:52.000 +0100 [INFO]: { 1: }: ====> PHASE-1 SA DELETED <==== ====> Deleted SA: my peer[500]-remote peer[500] cookie:de602182338cb9d0:25a62e85bee11834 <==== 2019-02-04 19:44:52.511 +0100 [PNTF]: { 17: }: notification message 36136:R-U-THERE, doi=1 proto_id=1 spi=5f9a7e21c7c369e9 97a227d4d986d5b5 (size=16). 2019-02-04 19:44:54.349 +0100 [INFO]: the packet is retransmitted from remote peer[500] to my peer[500]. Site 3: [PERR]: Couldn't find configuration for IKE phase-1 request for peer IP remote peer[500]. 2019-02-04 19:50:55.615 +0100 [PNTF]: { 17: }: notification message 36136:R-U-THERE, doi=1 proto_id=1 spi=5f9a7e21c7c369e9 97a227d4d986d5b5 (size=16). 2019-02-04 19:50:56.156 +0100 [PNTF]: { 3: }: notification message 36136:R-U-THERE, doi=1 proto_id=1 spi=54f5845033049f7e cef513a42e864900 (size=16). 2019-02-04 19:50:57.000 +0100 [PNTF]: { 11: }: ====> PHASE-1 NEGOTIATION FAILED AS INITIATOR, MAIN MODE <==== ====> Failed SA: my peer[500]-remote peer[500] cookie:e3c5714c065682f5:1a1619e7b34a9475 <==== Due to timeout. 2019-02-04 19:50:57.000 +0100 [INFO]: { 11: }: ====> PHASE-1 SA DELETED <==== ====> Deleted SA: my peer[500]-remote peer[500] cookie:e3c5714c065682f5:1a1619e7b34a9475 <==== received unencrypted Notify payload (AUTHENTICATION-FAILED) from IP remote peer[500] to my peer[500], ignored.
... View more