Tipping Point VPN connection issues

[cknipe]

Im trying to connect a MAC OS10 client to my Tipping Point x506 firewall. The connection never connects and each time I recieve the following message in the logs doe sayone know what the:
Rejecting phase 1 SA due to IKE proposal mismatch
means





Main mode responder received message 1 Rcvd Msg, 344 bytes: HDR[MM], [ SA(172) VENDOR_ID(24) VENDOR_ID(20) VENDOR_ID(20) VENDOR_ID(20)

VENDOR_ID(20) VENDOR_ID(20) VENDOR_ID(20)]| , cookies: 3398C2AD1339A8F3 / 0000000000000000, msg id: 0

Proposal 1 -- protocol ISAKMP, 4 transforms

Transform 1 KEY_IKE:AES_CBC | 32 bytes key | SHA_HASH | GroupDescription: unsupported 20 | PRESHARED_KEY | SECONDS | 28800 |

Transform 2 KEY_IKE:AES_CBC | 16 bytes key | SHA_HASH | GroupDescription: unsupported 19 | PRESHARED_KEY | SECONDS | 28800 |

Transform 3 KEY_IKE:TRIPLEDES_CBC | SHA_HASH | GroupDescription: unsupported 14 | PRESHARED_KEY | SECONDS | 28800 |

Transform 4 KEY_IKE:TRIPLEDES_CBC | SHA_HASH | DH_GROUP_2(MODP_1024) | PRESHARED_KEY | SECONDS | 28800 |


Rejecting phase 1 SA due to IKE proposal mismatch

 

[cyberspace]

What are you using to configure the IPSec VPN in OSX?

I am not familiar with OSX but you need to check that the settings under VPN > IKE Proposals on the x506 match what you have configured in the client in OSX.

Same goes for IPSec Status > configuration

Everything must match

'When all else fails.......read the manual'

 

[cyberspace]

An update to this if it's of any use...I have been trying with a OSX to get L2TP over IPSec up - I get the same error, while on a Windows PC it will connect

However - on the Windows PCs, dispite L2TP over IPSec being selected, it's not using the key - i put in a totally incorrect key and it still authenticated with the X506.

I have followed the manual quite rigidly..

If anybody can shed any light or their own experiences that would be appreciated

'When all else fails.......read the manual'