Hot!esp_error IPSEC VPN HQ to branch with DynamicDNS on Branch FG

Author
Gypsy Dave
Bronze Member
  • Total Posts : 33
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/03/09 02:07:48
  • Status: offline
2020/08/05 03:55:43 (permalink)
0

esp_error IPSEC VPN HQ to branch with DynamicDNS on Branch FG

Hi,
I've created a new IPSEC VPN from my HQ to Branch office. It's a site to site configuration but the branch office used DynamicDNS. I used the Wizard and all settings seem to validate when I created it. 
 
Both sides are configured and if I try and bring up the VPN on the Branch side I get an error:
 
Invalid ESP packet detected (HMAC validation failed). 
The HQ side seems to only bring up phase1. I'm using Pre-shared key authentication which I've checked is the same on both FG's.- 
 
Any ideas?
Thanks,
#1

1 Reply Related Threads

    Gypsy Dave
    Bronze Member
    • Total Posts : 33
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/03/09 02:07:48
    • Status: offline
    Re: esp_error IPSEC VPN HQ to branch with DynamicDNS on Branch FG 2020/08/06 04:16:26 (permalink)
    0
    Solved. Seemed to have been a firmware problem. I upgrade to 5.6.11 from 5.6.9 or something screwy with the FG. I deleted all references to the VPN and re-created with a different name and it connected straight away. 
     
    The only problem I have now is I can only ping devices on the branch network but not connect to them.  For example make a https web console connection from HQ to branch. Does not work. 
     
    From the Branch office I have full access to the HQ network. Ping and everything else. 
    Any ideas?  Seems the HQ to branch only allows ping even though the rules are allowing everything.
     
    post edited by Gypsy Dave - 2020/08/06 04:45:19
    #2
    Jump to:
    © 2020 APG vNext Commercial Version 5.5