Hello,
Can anyone point me in the right direction with troubleshooting this VPN connection issue. I have tried various settings for Phase 1, with no success. The on prem endpoint is a Draytek device, it may be that it just will not work, but the logs seem to give
a certain degree of hope that it would be possible.
[0]0364.0890::08/24/2015-21:00:12.812 [ikeext] 0|<on_prem_ip_removed>|Process Payload VENDOR ID, SA 0000003D299BC080
[0]0364.0890::08/24/2015-21:00:12.812 [ikeext] 0|<on_prem_ip_removed>|Process Payload SA, SA 0000003D299BC080
[0]0364.0890::08/24/2015-21:00:12.812 [ikeext] 0|<on_prem_ip_removed>|MM transform: 0
[0]0364.0890::08/24/2015-21:00:12.812 [ikeext] 0|<on_prem_ip_removed>|MM-LIFETIME-TYPE: 1
[0]0364.0890::08/24/2015-21:00:12.812 [ikeext] 0|<on_prem_ip_removed>|MM-LIFETIME-SEC: 28800
Unknown( 25): GUID=08bde363-89a7-96f6-73de-58dd49d49245 (No Format Information found).
[0]0364.0890::08/24/2015-21:00:12.812 [ikeext] 0|<on_prem_ip_removed>|MM-KEY-LENGTH: 256
[0]0364.0890::08/24/2015-21:00:12.812 [ikeext] 0|<on_prem_ip_removed>|Adjusting MM cipher type to AES-256
Unknown( 27): GUID=08bde363-89a7-96f6-73de-58dd49d49245 (No Format Information found).
Unknown( 30): GUID=08bde363-89a7-96f6-73de-58dd49d49245 (No Format Information found).
Unknown( 31): GUID=08bde363-89a7-96f6-73de-58dd49d49245 (No Format Information found).
[0]0364.0890::08/24/2015-21:00:12.812 [ikeext] 0|<on_prem_ip_removed>|Comparing MM local policy proposal 0 with received transform 0
[0]0364.0890::08/24/2015-21:00:12.812 [ikeext] 0|<on_prem_ip_removed>|Attribute mismatch: MM-DH-GROUP, expected: DH-ECP-384, received: DH-2
[0]0364.0890::08/24/2015-21:00:12.812 [ikeext] 0|<on_prem_ip_removed>|Comparing MM local policy proposal 1 with received transform 0
[0]0364.0890::08/24/2015-21:00:12.812 [ikeext] 0|<on_prem_ip_removed>|Attribute mismatch: MM-CIPHER, expected: AES-128, received: AES-256
[0]0364.0890::08/24/2015-21:00:12.812 [ikeext] 0|<on_prem_ip_removed>|Comparing MM local policy proposal 2 with received transform 0
[0]0364.0890::08/24/2015-21:00:12.812 [ikeext] 0|<on_prem_ip_removed>|Attribute mismatch: MM-CIPHER, expected: 3DES, received: AES-256
[0]0364.0890::08/24/2015-21:00:12.812 [user] |<on_prem_ip_removed>|IkeProcessMMSA failed with Windows error 13868(ERROR_IPSEC_IKE_POLICY_MATCH)
[0]0364.0890::08/24/2015-21:00:12.812 [user] |<on_prem_ip_removed>|IkeProcessMMSA failed with HRESULT 0x8007362c(ERROR_IPSEC_IKE_POLICY_MATCH)
[0]0364.0890::08/24/2015-21:00:12.812 [user] |<on_prem_ip_removed>|IkeHandlePayloadMMSA failed with HRESULT 0x8007362c(ERROR_IPSEC_IKE_POLICY_MATCH)
[0]0364.0890::08/24/2015-21:00:12.812 [user] |<on_prem_ip_removed>|IkeProcessPayloadMM failed with HRESULT 0x8007362c(ERROR_IPSEC_IKE_POLICY_MATCH)
[0]0364.0890::08/24/2015-21:00:12.812 [user] |<on_prem_ip_removed>|IkeProcessPayloadGroup failed with HRESULT 0x8007362c(ERROR_IPSEC_IKE_POLICY_MATCH)
[0]0364.0890::08/24/2015-21:00:12.812 [user] |<on_prem_ip_removed>|IkeProcessPayloadsInPacket failed with HRESULT 0x8007362c(ERROR_IPSEC_IKE_POLICY_MATCH)
[0]0364.0890::08/24/2015-21:00:12.812 [ikeext] 0|<on_prem_ip_removed>|IKE diagnostic event:
Event Header:
Timestamp: 1601-01-01T00:00:00.000Z
Flags: 0x00000106
Local address field set
Remote address field set
IP version field set
IP version: IPv4
IP protocol: 0
Local address: <azure_gw_ip_removed>
Remote address: <on_prem_ip_removed>
Local Port: 0
Remote Port: 0
Application ID:
User SID: <invalid>
Failure type: IKE/Authip Main Mode Failure
Type specific info:
Failure error code:0x0000362c
Policy match error
[0]0364.0890::08/24/2015-21:00:12.812 [ikeext] 0|<on_prem_ip_removed>|Process Payload SA, SA 0000003D299BC080
[0]0364.0890::08/24/2015-21:00:12.812 [ikeext] 0|<on_prem_ip_removed>|MM transform: 0
[0]0364.0890::08/24/2015-21:00:12.812 [ikeext] 0|<on_prem_ip_removed>|MM-LIFETIME-TYPE: 1
[0]0364.0890::08/24/2015-21:00:12.812 [ikeext] 0|<on_prem_ip_removed>|MM-LIFETIME-SEC: 28800
Unknown( 25): GUID=08bde363-89a7-96f6-73de-58dd49d49245 (No Format Information found).
[0]0364.0890::08/24/2015-21:00:12.812 [ikeext] 0|<on_prem_ip_removed>|MM-KEY-LENGTH: 256
[0]0364.0890::08/24/2015-21:00:12.812 [ikeext] 0|<on_prem_ip_removed>|Adjusting MM cipher type to AES-256
Unknown( 27): GUID=08bde363-89a7-96f6-73de-58dd49d49245 (No Format Information found).
Unknown( 30): GUID=08bde363-89a7-96f6-73de-58dd49d49245 (No Format Information found).
Unknown( 31): GUID=08bde363-89a7-96f6-73de-58dd49d49245 (No Format Information found).
[0]0364.0890::08/24/2015-21:00:12.812 [ikeext] 0|<on_prem_ip_removed>|Comparing MM local policy proposal 0 with received transform 0
[0]0364.0890::08/24/2015-21:00:12.812 [ikeext] 0|<on_prem_ip_removed>|Attribute mismatch: MM-DH-GROUP, expected: DH-ECP-384, received: DH-2
[0]0364.0890::08/24/2015-21:00:12.812 [ikeext] 0|<on_prem_ip_removed>|Comparing MM local policy proposal 1 with received transform 0
[0]0364.0890::08/24/2015-21:00:12.812 [ikeext] 0|<on_prem_ip_removed>|Attribute mismatch: MM-CIPHER, expected: AES-128, received: AES-256
[0]0364.0890::08/24/2015-21:00:12.812 [ikeext] 0|<on_prem_ip_removed>|Comparing MM local policy proposal 2 with received transform 0
[0]0364.0890::08/24/2015-21:00:12.812 [ikeext] 0|<on_prem_ip_removed>|Attribute mismatch: MM-CIPHER, expected: 3DES, received: AES-256
[0]0364.0890::08/24/2015-21:00:12.812 [user] |<on_prem_ip_removed>|IkeProcessMMSA failed with Windows error 13868(ERROR_IPSEC_IKE_POLICY_MATCH)
[0]0364.0890::08/24/2015-21:00:12.812 [user] |<on_prem_ip_removed>|IkeProcessMMSA failed with HRESULT 0x8007362c(ERROR_IPSEC_IKE_POLICY_MATCH)
[0]0364.0890::08/24/2015-21:00:12.812 [user] |<on_prem_ip_removed>|IkeHandlePayloadMMSA failed with HRESULT 0x8007362c(ERROR_IPSEC_IKE_POLICY_MATCH)
[0]0364.0890::08/24/2015-21:00:12.812 [user] |<on_prem_ip_removed>|IkeProcessPayloadMM failed with HRESULT 0x8007362c(ERROR_IPSEC_IKE_POLICY_MATCH)
[0]0364.0890::08/24/2015-21:00:12.812 [user] |<on_prem_ip_removed>|IkeProcessPayloadGroup failed with HRESULT 0x8007362c(ERROR_IPSEC_IKE_POLICY_MATCH)
[0]0364.0890::08/24/2015-21:00:12.812 [user] |<on_prem_ip_removed>|IkeProcessPayloadsInPacket failed with HRESULT 0x8007362c(ERROR_IPSEC_IKE_POLICY_MATCH)
[0]0364.0890::08/24/2015-21:00:12.812 [ikeext] 0|<on_prem_ip_removed>|IKE diagnostic event:
Event Header:
Timestamp: 1601-01-01T00:00:00.000Z
Flags: 0x00000106
Local address field set
Remote address field set
IP version field set
IP version: IPv4
IP protocol: 0
Local address: <azure_gw_ip_removed>
Remote address: <on_prem_ip_removed>
Local Port: 0
Remote Port: 0
Application ID:
User SID: <invalid>
Failure type: IKE/Authip Main Mode Failure
Type specific info:
Failure error code:0x0000362c
Policy match error
Failure point: Local
Flags: 0x00000000
Keying module type: Ike
MM State: Initial state, no packets sent
MM SA role: Responder
MM auth method: Unknown
Cert hash:
0000000000000000000000000000000000000000
MM ID: 0x0000000000000731
MM Filter ID: 0x0000000000012dae
Local Principal Name:
Remote Principal Name:
Local Principal Group SIDs:
Remote Principal Group SIDs:
Does anyone have any pointes as to what could be tried?
Thanks,
Marcus