Skip to main content
Gypsy_Dave
Gypsy_Dave
New Member
August 5, 2020
Question

esp_error IPSEC VPN HQ to branch with DynamicDNS on Branch FG

  • August 5, 2020
  • 1 reply
  • 2417 views

Hi,

I've created a new IPSEC VPN from my HQ to Branch office. It's a site to site configuration but the branch office used DynamicDNS. I used the Wizard and all settings seem to validate when I created it. 

 

Both sides are configured and if I try and bring up the VPN on the Branch side I get an error:

 

Invalid ESP packet detected (HMAC validation failed).

 

The HQ side seems to only bring up phase1. I'm using Pre-shared key authentication which I've checked is the same on both FG's.- 

 

Any ideas?

Thanks,

    1 reply

    Gypsy_Dave
    Gypsy_DaveAuthor
    New Member
    August 6, 2020

    Solved. Seemed to have been a firmware problem. I upgrade to 5.6.11 from 5.6.9 or something screwy with the FG. I deleted all references to the VPN and re-created with a different name and it connected straight away. 

     

    The only problem I have now is I can only ping devices on the branch network but not connect to them.  For example make a https web console connection from HQ to branch. Does not work. 

     

    From the Branch office I have full access to the HQ network. Ping and everything else. 

    Any ideas?  Seems the HQ to branch only allows ping even though the rules are allowing everything.

     

    Terms & ConditionsAccessibility statement