Thank you for your reply
I think that this is not the case, in my ipsec.conf i don't use hmac-sha2 protocol.
In meantime I' ve find the solution to the error:
Apr 8 16:20:37 fire1 isakmpd[18227]: responder_recv_HASH_SA_NONCE: peer proposed invalid phase 2 IDs: initiator id 10.0.0.0/255.0.0.0, responder id 172.16.196.16/255.255.255.240
Apr 8 16:20:37 fire1 isakmpd[18227]: dropped message from <remotefw> port 500 due to notification type INVALID_ID_INFORMATION
I added also the nat ip address in the ipsec.conf:
ike esp from { 172.16.196.16/28, 172.16.1.0/24, 172.29.128.96/27, 172.20.44.224/27, 172.20.43.192/27 } to 10.0.0.0/8 local <myfw_pub_ip> peer <remotefw_pub_ip> \
main auth hmac-md5 enc 3des quick auth hmac-md5 enc 3des group none psk XXXXXXXXXX
and I've tried to change the modp1024 with none to fix the second error, it seems work fine, but sometime appear still an error:
isakmpd[27703]: message_parse_payloads: reserved field non-zero: 5
Apr 12 12:06:39 fire1 isakmpd[27703]: dropped message from <remotefw> port 500 due to notification type PAYLOAD_MALFORMED
|