FIREWALL FAILS TO SETUP IPSEC TUNNEL TO CISCO ROUTER

Symptoms:

• XFamily Firewall fails to setup IPsec Tunnel to CISCO Router

Facts:

• Error: “INVALID_EXCHANGE_TYPE”
• CISCO 2821
• VPN
• IKE
• Pre-Shared Key
• X Family
• X5
• X506

Causes: The Router was requiring User Authentication (XAuth) during the exchange of the Pre-Shared Key

Fixes: Using the Security Device Manager (SDM) on the router uncheck the box for User Authentication (XAuth) in the IKE Pre-Shared Keys view.

This is similar to the following command on the PIX Firewall :

isakmp key:

address: 10.10.20.147

netmask 255.255.255.255

no-xauth

• Product(s): X Family
• Sub Product(s): X5, X506

— David Gonzalez 2021/04/07 14:49