Hi I want to set VPN failover between two internet links. I plan to use gre over IPSec and ospf over gre to dynamically change routes on failure.
I've started with creating IPSec transport mode connection between two hosts and I got stuck. Let say I have HostA - which has two internet connections HostA1 - public IP from ISP1 HostA2 - public IP from ISP1 HostB - which has only one public IP HostB Now I want to make two tunnels from HostB to HostA. I figured I have to use passive and dynamic mode. on HostA I have --- ike passive esp transport from any to any \ quick group modp1024 \ psk "xxx" --- on HostB --- ike dynamic esp transport from HostB to HostA2 \ quick group modp1024 \ psk "xxx" ike dynamic esp transport from HostB to HostA1 \ quick group modp1024 \ psk "xxx" --- and it doesn't work. I get errors pasted below. I've tried many combinations but can't get it right and I guess I'm tired with this. I tried adding srcid and dstid to ike rules but had no luck. Can anyone please point me in right direction ? Aug 18 15:34:56 HostB isakmpd[13542]: isakmpd: exit Aug 18 15:35:33 HostB isakmpd[4827]: transport_send_messages: giving up on exchange peer-HostA1, no response from peer HostA1:500 Aug 18 15:35:33 HostB isakmpd[4827]: transport_send_messages: giving up on exchange peer-HostA2, no response from peer HostA2:500 Aug 18 15:37:33 HostB isakmpd[4827]: transport_send_messages: giving up on exchange peer-HostA1, no response from peer HostA1:500 Aug 18 15:37:33 HostB isakmpd[4827]: transport_send_messages: giving up on exchange peer-HostA2, no response from peer HostA2:500 Aug 18 15:34:53 HostA isakmpd[13928]: isakmpd: shutting down... Aug 18 15:34:53 HostA isakmpd[13928]: isakmpd: exit Aug 18 15:35:06 HostA isakmpd[15052]: message_parse_payloads: reserved field non-zero: 78 Aug 18 15:35:06 HostA isakmpd[15052]: dropped message from HostB port 500 due to notification type PAYLOAD_MALFORMED Aug 18 15:35:06 HostA isakmpd[15052]: message_parse_payloads: invalid next payload type <Unknown 43> in payload of type 5 Aug 18 15:35:06 HostA isakmpd[15052]: dropped message from HostB port 500 due to notification type INVALID_PAYLOAD_TYPE Aug 18 15:35:13 HostA isakmpd[15052]: message_parse_payloads: reserved field non-zero: 78 Aug 18 15:35:13 HostA isakmpd[15052]: dropped message from HostB port 500 due to notification type PAYLOAD_MALFORMED Aug 18 15:35:13 HostA isakmpd[15052]: message_parse_payloads: invalid next payload type <Unknown 43> in payload of type 5 Aug 18 15:35:13 HostA isakmpd[15052]: dropped message from HostB port 500 due to notification type INVALID_PAYLOAD_TYPE Aug 18 15:35:22 HostA isakmpd[15052]: message_parse_payloads: reserved field non-zero: 78 Aug 18 15:35:22 HostA isakmpd[15052]: dropped message from HostB port 500 due to notification type PAYLOAD_MALFORMED Aug 18 15:35:22 HostA isakmpd[15052]: message_parse_payloads: invalid next payload type <Unknown 43> in payload of type 5 Aug 18 15:35:22 HostA isakmpd[15052]: dropped message from HostB port 500 due to notification type INVALID_PAYLOAD_TYPE Aug 18 15:35:33 HostA isakmpd[15052]: message_parse_payloads: reserved field non-zero: 78 Aug 18 15:35:33 HostA isakmpd[15052]: dropped message from HostB port 500 due to notification type PAYLOAD_MALFORMED Aug 18 15:35:33 HostA isakmpd[15052]: message_parse_payloads: invalid next payload type <Unknown 43> in payload of type 5 Aug 18 15:35:33 HostA isakmpd[15052]: dropped message from HostB port 500 due to notification type INVALID_PAYLOAD_TYPE Aug 18 15:37:06 HostA isakmpd[15052]: message_parse_payloads: invalid next payload type <Unknown 62> in payload of type 5 Aug 18 15:37:06 HostA isakmpd[15052]: dropped message from HostB port 500 due to notification type INVALID_PAYLOAD_TYPE Aug 18 15:37:06 HostA isakmpd[15052]: message_parse_payloads: invalid next payload type <Unknown 42> in payload of type 5 Aug 18 15:37:06 HostA isakmpd[15052]: dropped message from HostB port 500 due to notification type INVALID_PAYLOAD_TYPE
