02-08-2017 09:15 AM
I have been trying to get a Site to Site VPN going between my Aruba 7005 controller and a Watchguard Firebox XTM 21 version 11.3.B277323.
We are using 3DES, MD5 and DHG 2 with IKE preshared key. All the setting look right on both sides, yet we can't seem to get the tunnel up.
NAT-T is enabled on both sides and firewall rules are created to pass the proper UDP packets on both side.
Aruba 7005 is connected to an Internet device with a public static IP and we are using the device to port forward the UDP 4500 and 500 traffic ti it's internal interface of 192.168.x.x
Watchguard is connected to an Internet device with a public static IP and it has an internal 192.168.x.x address. Ports are properly opened for UDP 4500 and 500 traffic. This device does not have any active Site to Site tunnels currently, but has in the past.
Transform 1: SUCESS
but we see the following on the Aruba CLI:
ike_auth.c:ike_auth_get_key:603 Found isakmp policy for peer x.x.x.x clinet:no
At one point, we managed to get the ISAKMP session; however, the IPsec session was failing due to the unresponsiveness of the peer device.
I have opened tickets with Aruba support, so far we are still searching for the solution. I will be speaking with Watchguard as well to try to figure out why the Watchguard isn't responding proerly.
Maybe someone in this community has seen similar issues with Watchguard or other vendors and can suggests some things to try.
Thank you so much for the help.