I am trying to setup a vpn between a Pepwave Max 700 hw4 running 8.1.0 and a cisco device not under my control.
Using IKEv2 with the correct preshared key with AES-256 & Sha256, group21 and 3600 seconds for both Phase1 and Phase2 I am unable to establish a connection. (We also tried the default settings of AES-256 & SHA1 with 28800 seconds with no more success)
Using wireshark to analyse the output from the support.cgi capture I can see:
IKE_SA_INIT initiator request from pepwave to cisco
IKE_SA_INIT responder response from the cisco to the pepwave
IKE_AUTH Initiator request from pepwave to cisco
IKE_AUTH responder response from the cisco to the pepwave
INFORMATIONAL Initiator request from the pepwave to the cisco
– No further communication or retry attempts.
The administrator of the cisco is able to provide more useful debugging information and has said that Phase1 is successful but the informational message is from Phase2 with contents: NOTIFY(AUTHENTICAION_FAILED).
Since both devices have the same configuration for Phase1 and Phase2 with the correct preshared key this seems like an odd message. They have requested additional information as everything looks ok from their end.
In Status > IPSec VPN my connection is visible but has the spinning wheel - wireshark says there is no more connections being attempted. The Event Log > IPsec VPN event log has an entry from a day or two ago and has not updated since.
This Ipsec vpn troubleshooting is what led me to the wireshark output - however the payload are encrypted so I cannot gather any more information on why the connection is failing. Is there anything I can do or additional verbose logging I can enable to assist me with IPsec VPN establishment debugging?
As a side note the 8.1.0 user manual says there is a NAT-Traversal option in the Advanced > IPSec VPN section - however my device does not have it - but I believe it is on by default?