BR 100 cannot creat a tunnel with the CVG

  • 2
  • Question
  • Updated 4 years ago
  • Answered
i'm getting this erro at the BR100
ipsec tunnel negotiate 192.168.208.57[4500]->216.250.138.156[4500] phase 1 deleted
Photo of Noel Zammit

Noel Zammit

  • 2 Posts
  • 0 Reply Likes

Posted 4 years ago

  • 2
Photo of Andrew Garcia

Andrew Garcia, Official Rep

  • 368 Posts
  • 120 Reply Likes
Does the BR100 have the correct time? The BR100 needs to be able to contact an NTP server to get the right time, and depending on the NTP server you use in the network policy, the BR100 also may need to contact a DNS server to resolve the IP address for the NTP server. 

Are the correct ports open between the BR100 and the CVG (UDP 500 and 4500)?
Photo of LB3

LB3

  • 12 Posts
  • 0 Reply Likes
When we received that error message it was because the firewall was blocking it.

On the CVG side our logs looked like this
2013-05-06 11:06:12:Phase 1 started(172.19.4.166[500]->50.81.206.19[500])
2013-05-06 11:06:23:Peer not responding(172.19.4.166[500]->50.81.206.19[500])

On the BR side our logs looked like this: 2013-05-06 10:59:34:Phase 1 deleted(172.25.1.121[4500]->(our public IP)[4500])
2013-05-06 10:59:39:Phase 1 started(172.25.1.121[500]->our public IP[500])

Once we opened it up, it worked.  Like the previous person said UDP 500 and 4500
Photo of Noel Zammit

Noel Zammit

  • 2 Posts
  • 0 Reply Likes
on the firewall side i had only 500 open, now i added UDP 4500,