Hi list, trying to establish a VPN between a watchguard firebox x15edge and a ssg550m (5.4.0r4.0) initially works fine but upon clearing the sa or rekeying after the lifetime expired, the sa doesn't get established again. log snippet as follows:
---8<--- [Root]system-information-00536: Rejected an IKE packet on ethernet0/2.3 from x.x.x.x:500 to y.y.y.y:500 with cookies 59b9f3df2b0c0e01 and c99876e8613542c8 because an unencrypted packet unexpectedly arrived. --->8--- [...] ---8<--- [Root]system-information-00536: Rejected an IKE packet on ethernet0/2.3 from 89.27.129.9:500 to 80.152.236.73:500 with cookies 16d0c2ee794dc2d6 and 73c55fd1a153bb0e because the IKE INFO exchange mode hash payload was invalid. --->8--- did anyone experience something like this before? my guess is an interop issue but watchguard isn't that new in the field so i'm kind of puzzled. any pointers appreciated. best regards, sven03 Mit freundlichen Gruessen i. A. Sven Juergensen -- Fachbereich Informationstechnologie KielNET GmbH Gesellschaft fuer Kommunikation Preusserstr. 1-9, 24105 Kiel Telefon : 0431 / 2219-053 Telefax : 0431 / 2219-005 E-Mail : [EMAIL PROTECTED] Internet: http://www.kielnet.de AS# 25295 Key fingerprint: 65B6 90FC 010A 39CE DCA5 336D 9C45 3B7A B02D E132 Geschaeftsfuehrer Eberhard Schmidt HRB 4499 (Amtsgericht Kiel) _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp