Question

Hi All,

Setup is a RUT950 (firmware RUT9XX_R_00.06.08.3 ). The Rut950 have a static public 4G IP,  the 2 IPSEC tunnels are configured with Static IKE Peer IP's. Both tunnels did previous work ok. But as we deploy this unit from time to time, so was it like 6 moths last time it did work ok. I did get one tunnel working against the Fortigate FW by using the IPSEC "local ID option", without that option it always failed on "Pre-shared Password" incorrect. Ok, One tunnel up! Then I tried to get the other, to a Checkpoint FW to connect, but, same Error, the Checkpoint Log reports "PSK is incorrect", have tried with "Local ID Option", No change! Tried with ike v1 and 2, no change, tried with a PSK like "123456789", no change. Did also try to have same PSK for both tunnels, No change.

Both Tunnels have same P1 Props (Aes256, Sha1, DH5, 8 hours), P2(Aes128, Sha1, No PFS 1h)

I have never got it working with this firmware 6.08.3, just noticed that 6.08.5 is available, did just apply it, but same problem with PSK. (I will also try the latest 7.0 firmware...)

What are the "IPSEC" debug options on the device?

Any Ideas how to solve this!

Thanks

Rikard

Answer 1

Hello,

On which firmware you managed to get both of the tunnels to get working at the same time?

"PSK is incorrect" error usually means that the preshared key is not right. Could you try to change both your configurations to use the same Preshared key for testing purposes?

Regards.

Comments

Now using the 7.0 firmware.

"Solved" so to speak. I did change the identity string for the PSK to same as the IKE Peer IP. then it did work. I have suspecting that the device does pick the wrong "PSK", but I did also try to have same PSK for both tunnels...but at that time same error. Anyhow, it seems to be working for now.