Jump to content


Photo

VPN phase 1 configuration mismatch


  • Please log in to reply
1 reply to this topic

#1 Adam Garrett

Adam Garrett
  • Members
  • 1 posts

Posted 09 July 2018 - 04:59 PM

Hello all. First time poster here and relatively new to Barracuda hardware (coming from Sonicwall).

 

I'm attempting to get a site-to-site VPN tunnel configured but I keep encountering the following error on both devices:

 

Fail: phase 1 configuration mismatch reported by peer

 

I don't see the problem... :huh:

Here's an overview of my two sites and configurations for each.

 

Site 1

NGX 400

 

3 Static IPs on interface P2. IP desired has VPN server enabled.

2 VLANs (each VLAN has SNAT to associated static public IP)

My phase 1 and phase 2 settings are configured identical (even left them default for troubleshooting).

 

Phase 1

Encryption: AES

Hash: SHA

DH Group: Group 1

Lifetime: 28800

 

Phase 2

Encryption: AES

Hash: SHA1

DH Group: Group 1

Lifetime: 3600

CHECKED: Perfect Forward Secrecy

PSK: blahblahblah123* (<-- example)

 

Local End: Active

Disabled dynamic IP

Local Address: selected Public IP desired (3rd IP on interface P2).

Remote Gateway: entered remote/target Public IP

Remote Network: entered LAN address for remote/target device

 

 

 

Site 2

NGX 400

 

1 Static IP on interface P2. VPN service enabled.

0 VLANs

My phase 1 and phase 2 settings are configured identical (even left them default for troubleshooting).

 

Phase 1

Encryption: AES

Hash: SHA

DH Group: Group 1

Lifetime: 28800

 

Phase 2

Encryption: AES

Hash: SHA1

DH Group: Group 1

Lifetime: 3600

CHECKED: Perfect Forward Secrecy

PSK: blahblahblah123* (<-- example)

 

Local End: Active

Disabled dynamic IP

Local Address: selected Public IP

Remote Gateway: entered remote/target Public IP

Remote Network: entered LAN address for remote/target device

 

I've been breaking my head over it for several hours. Any help is greatly appreciated!



#2 Michael Zoller

Michael Zoller
  • Barracuda Team Members
  • 183 posts

Posted 10 July 2018 - 05:44 AM

It is probably best if you contact our technical support. There are too many settings to efficiently troubleshooting site-to-site VPN Problems via forum.
https://login.barrac...support/newcase