| All Categories |
Primers
VPN, Firewall, Security ... |
Guides
HowTo, Choosing a VPN ... |
Reference
Articles, FAQs, Whitepapers ... |
Standards
Architectures, Protocols ... |
Downloads
VPN, Firewall, Security ... |
Products & Services
Hardware, Software, Services |
| Organizations |
Business
Market Research, Law ... |
| Forums |
News
Archive, Events, Newsletters ... |
|
|
| |
| VPN labs is an open community for researching, testing, reviewing, and discussing Virtual Private Networks. Get trusted, unbiased advice on just about everything related to VPN. For more detail check: How to use this site. VPN Labs - VIRTUAL PRIVATE NETWORKS - Free VPN Software and Virtual Private Network News. |
|
|
|
|
shadowheart
Member since:
2007-11-24 06:40:59 |  posted: 2007-11-24 06:42:10
Help with
gateway-to-gateway VPN
tunnel
----------
Hello,
I'm trying
to set up a VPN tunnel
between my home network
and a friend's home
network. My friend uses a
3Com OfficeConnect Secure
Router, which supports up
to 2 VPN tunnels, and I'm
using a NETGEAR ProSafe
VPN Wireless ADSL Gateway
DGFV338 which supports a
large number of VPN
tunnels. I'm unable to
get the VPN tunnel to
work, and I was hoping I
could get some help with
this.
When
we try to manually open
the tunnel from my
friend's side, the
following is logged in
the router:
Nov 24
14:58:49 localhost
kernel: IKE: IKE --Start
Phase 1 negotiation with
peer x.x.74.185
Nov
24 14:58:49 localhost
kernel: IKE: IKE --
RemoteGateway ID:
IPV4_ADDR--x.x.74.185
PresharedKey:***
Nov
24 14:58:49 localhost
kernel: IKE: IKE --
Protocol -- PROTO_ISAKMP
Nov 24 14:58:49
localhost kernel: IKE:
IKE -- Transform --
KEY_IKE
Nov 24
14:58:49 localhost
kernel: IKE: IKE --
Encryption --
TRIPLEDES_CBC
Nov 24
14:58:49 localhost
kernel: IKE: IKE -- Hash
-- SHA_HASH
Nov 24
14:58:49 localhost
kernel: IKE: IKE -- My
ID:
IPV4_ADDR--x.x.188.224
PresharedKey:***
Nov
24 14:58:49 localhost
kernel: IKE: IKE --
Authentication --
PRESHARED_KEY
Nov 24
14:58:49 localhost
kernel: IKE: IKE --
LifeType -- SECONDS
Nov 24 14:58:49
localhost kernel: IKE:
IKE -- LifeDuration --
3600
Nov 24 14:58:49
localhost kernel: IKE:
IKE -- GroupDescription
-- MODP_1024
Nov 24
14:58:49 localhost
kernel: IKE: IKE --
MainMode Exchange
Selected
Nov 24
14:58:49 localhost
kernel: IKE: IKE --
MainMode -- initiator
sent out message1 to
x.x.74.185, port
500->500.
Nov 24
14:58:29 localhost
kernel: IKE: IKE
--PHASE1_NEGOTIATION_ABOR
T -- peer
x.x.74.185
The
following is logged on my
side in the router during
this:
2007-11-24
14:58:48: ERROR: Could
not find configuration
for
x.x.188.224[45290]
200
7-11-24 14:58:58: ERROR:
Could not find
configuration for
x.x.188.224[45290]
200
7-11-24 14:59:08: ERROR:
Could not find
configuration for
x.x.188.224[45290]
200
7-11-24 14:59:18: ERROR:
Could not find
configuration for
x.x.188.224[45290]
When we try to
manually open the tunnel
from my side, the
following is logged in
the
router:
2007-11-24
15:07:51: INFO: accept a
request to establish
IKE-SA:
x.x.188.224
2007-11-24
15:07:51: INFO:
Configuration found for
x.x.188.224.
2007-11-2
4 15:07:51: INFO:
Initiating new phase 1
negotiation:
x.x.74.185[500]<=>x.x.188
.224[500]
2007-11-24
15:07:51: INFO:
Beginning Identity
Protection
mode.
2007-11-24
15:08:22: ERROR: Invalid
SA protocol type:
0
2007-11-24 15:08:22:
ERROR: Phase 2
negotiation failed due to
time up waiting for
phase1.
2007-11-24
15:08:51: ERROR: Phase 1
negotiation failed due to
time up for
x.x.188.224[500].
157f5d92b4e88b51:00000000
00000000
The 3Com
router at my friend's
side does not seem to be
logging anything at all
during this (and it's
setup to be logging
everything).
T
his is the configuration
on the 3Com
router:
http://www.sha
dowheart.se/misc/vpn/3com
-ipsec-config.GIF
http
://www.shadowheart.se/mis
c/vpn/3com-vpn-tunnel-con
fig.GIF
This is
the configuration on the
Netgear
router:
http://www.sha
dowheart.se/misc/vpn/netg
ear-ike-policy.GIF
htt
p://www.shadowheart.se/mi
sc/vpn/netgear-vpn-policy
.GIF
The
Netgear does have far
more settings than the
3Com...
Th
anks in advance for any
help! |
|
