VPN IPSEC IKE AUTHENTICATION FAIL

AirLink Routers AirLink routers
1

I am trying to create a IPSEC tunnel between a GX400 and a Cisco ISR Router.
My IKE settings are as follows on the GX400:
Encryption: AES-256
Authentication: SHA-256
DH5

But when the GX400 send a message to the ISR the settings show up as follows:
Encryption: AES-256
Authentication: MD5
DH5

The ISR will not create the tunnel unless I change the policy to MD5 even though I have the modem set to SHA 256.
Anyone else encounter this? Is this a bug in the GX400 software?

The GX400 is on firmware 4.4.1

Thanks.

2

Hi there,

You’ll probably want to try updating to the latest firmware release 4.4.2, and see if you can reproduce your issue with SHA-256. If the issue continues, I’d try testing against other appliances, and if you’re always able to reproduce the issue, follow up with your reseller and escalate the error to them.

Thanks,
lechieng

3

Hi, I can confirm that we see the exact same thing in v4.4.4 as well. SHA256 gives MD5 IKE auth from the ES440. Please fix ASAP.

ISAKMP Version : 1.0
Exchange type : Identity Protection (main mode)
Initiator cookie : 0xdf04d693138c3261
Responder cookie : 0x0000000000000000
Flags :
Message ID : 0x00000000
Length : 184 bytes

payloads : 6

Payloads:
SA (Security Association)
Payload data length : 52 bytes
DOI : 1 (IPsec DOI)
Proposal 1/1
Protocol 1/1
Protocol ID : ISAKMP
SPI Size : 0
Transform 1/1
Transform ID : IKE
Life type : Seconds
Life duration : 28800
Encryption algorithm : Rijndael-cbc (aes)
Key length : 256
Authentication method : Pre-Shared Key
[size=150] Hash algorithm : MD5[/size]
Group description : MODP 1024
VID (Vendor ID)
Payload data length : 16 bytes
Vendor ID : 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
Description : RFC 3947
VID (Vendor ID)
Payload data length : 16 bytes
Vendor ID : cd 60 46 43 35 df 21 f8 7c fd b2 fc 68 b6 a4 48
Description : draft-ietf-ipsec-nat-t-ike-02
VID (Vendor ID)
Payload data length : 16 bytes
Vendor ID : 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f
Description : draft-ietf-ipsec-nat-t-ike-02
VID (Vendor ID)
Payload data length : 16 bytes
Vendor ID : 44 85 15 2d 18 b6 bb cd 0b e8 a8 46 95 79 dd cc
Description : draft-ietf-ipsec-nat-t-ike-00
VID (Vendor ID)
Payload data length : 16 bytes
Vendor ID : af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00
Description : draft-ietf-ipsec-dpd-00