[Vpn-help] Zyxel USG 300

Brice Paccoud brice.paccoud at free.fr
Tue Jul 15 13:34:34 CDT 2008


I have some problem to build tunnel with Zyxel USG300.
Before i had a Zyxel zywall 70 and it worked.

Below IKE log :

08/07/15 19:50:58 ## : IKE Daemon, ver 2.1.0
08/07/15 19:50:58 ## : Copyright 2007 Shrew Soft Inc.
08/07/15 19:50:58 ## : This product linked OpenSSL 0.9.8h 28 May 2008
08/07/15 19:50:58 ii : opened 'C:\Program Files\ShrewSoft\VPN 
Client\debug\iked.log'
08/07/15 19:50:58 ii : opened 'C:\Program Files\ShrewSoft\VPN 
Client/debug/dump-ike-decrypt.cap'
08/07/15 19:50:58 ii : opened 'C:\Program Files\ShrewSoft\VPN 
Client/debug/dump-ike-encrypt.cap'
08/07/15 19:50:58 ii : rebuilding vnet device list ...
08/07/15 19:50:58 ii : device ROOT\VNET\0000 disabled
08/07/15 19:50:58 ii : network process thread begin ...
08/07/15 19:50:58 ii : pfkey process thread begin ...
08/07/15 19:50:58 ii : ipc server process thread begin ...
08/07/15 20:29:17 ii : ipc client process thread begin ...
08/07/15 20:29:17 <A : peer config add message
08/07/15 20:29:17 DB : peer ref increment ( ref count = 1, obj count = 0 )
08/07/15 20:29:17 DB : peer added ( obj count = 1 )
08/07/15 20:29:17 ii : local address 192.168.30.10:500 selected for peer
08/07/15 20:29:17 DB : peer ref increment ( ref count = 2, obj count = 1 )
08/07/15 20:29:17 DB : tunnel ref increment ( ref count = 1, obj count = 0 )
08/07/15 20:29:17 DB : tunnel added ( obj count = 1 )
08/07/15 20:29:17 <A : proposal config message
08/07/15 20:29:17 <A : proposal config message
08/07/15 20:29:17 <A : client config message
08/07/15 20:29:17 <A : local id '127.0.0.1' message
08/07/15 20:29:17 <A : remote id '82.127.57.53' message
08/07/15 20:29:17 <A : preshared key message
08/07/15 20:29:17 <A : remote resource message
08/07/15 20:29:17 <A : peer tunnel enable message
08/07/15 20:29:17 DB : tunnel ref increment ( ref count = 2, obj count = 1 )
08/07/15 20:29:17 DB : new phase1 ( ISAKMP initiator )
08/07/15 20:29:17 DB : exchange type is aggressive
08/07/15 20:29:17 DB : 192.168.30.10:500 <-> 82.127.57.58:500
08/07/15 20:29:17 DB : a64a3fdcf682af26:0000000000000000
08/07/15 20:29:17 DB : phase1 ref increment ( ref count = 1, obj count = 0 )
08/07/15 20:29:17 DB : phase1 added ( obj count = 1 )
08/07/15 20:29:17 >> : security association payload
08/07/15 20:29:17 >> : - proposal #1 payload
08/07/15 20:29:17 >> : -- transform #1 payload
08/07/15 20:29:17 >> : key exchange payload
08/07/15 20:29:17 >> : nonce payload
08/07/15 20:29:17 >> : identification payload
08/07/15 20:29:17 >> : vendor id payload
08/07/15 20:29:17 ii : local supports nat-t ( draft v00 )
08/07/15 20:29:17 >> : vendor id payload
08/07/15 20:29:17 ii : local supports nat-t ( draft v01 )
08/07/15 20:29:17 >> : vendor id payload
08/07/15 20:29:17 ii : local supports nat-t ( draft v02 )
08/07/15 20:29:17 >> : vendor id payload
08/07/15 20:29:17 ii : local supports nat-t ( draft v03 )
08/07/15 20:29:17 >> : vendor id payload
08/07/15 20:29:17 ii : local supports nat-t ( rfc )
08/07/15 20:29:17 >> : vendor id payload
08/07/15 20:29:17 ii : local supports FRAGMENTATION
08/07/15 20:29:17 >> : vendor id payload
08/07/15 20:29:17 ii : local supports DPDv1
08/07/15 20:29:17 >> : vendor id payload
08/07/15 20:29:17 ii : local is SHREW SOFT compatible
08/07/15 20:29:17 >> : vendor id payload
08/07/15 20:29:17 ii : local is CISCO UNITY compatible
08/07/15 20:29:17 >> : vendor id payload
08/07/15 20:29:17 ii : local is NETSCREEN compatible
08/07/15 20:29:17 >> : vendor id payload
08/07/15 20:29:17 ii : local is SIDEWINDER compatible
08/07/15 20:29:17 >> : vendor id payload
08/07/15 20:29:17 ii : local is CHECKPOINT compatible
08/07/15 20:29:17 =< : using ISAKMP SA a64a3fdcf682af26:0000000000000000
08/07/15 20:29:17 -> : send IKE packet 192.168.30.10:500 -> 
82.127.57.58:500 ( 552 bytes )
08/07/15 20:29:17 0x : 45000228 065a0000 40110800 c0a81e0a 527f393a 
01f401f4 02143a14 a64a3fdc
08/07/15 20:29:17 0x : f682af26 00000000 00000000 01100400 00000000 
0000020c 04000038 00000001
08/07/15 20:29:17 0x : 00000001 0000002c 01010001 00000024 01010000 
80010005 80020001 80040002
08/07/15 20:29:17 0x : 80030001 800b0001 000c0004 00007080 0a000084 
58776e1f 979b8f73 94a75f7e
08/07/15 20:29:17 0x : 0ded2a44 f59b236b d3e7cf1a a51634b1 0f954cd3 
5ebb048c dfe49b6a f9ce6449
08/07/15 20:29:17 0x : f82b24c7 e3d8161f b00d8959 5fe3b77d 58be3c8c 
f76fcdf6 05126e86 684854d9
08/07/15 20:29:17 0x : 2eeece05 bf8c49e7 21cd9f8e 4fac4c43 696426ee 
aeb6d008 2eaff59e 2a7a69de
08/07/15 20:29:17 0x : 148e7d68 2cd81f0e 5a93ee51 c32443d9 b0abfdda 
05000018 4850f2a2 c6877b0b
08/07/15 20:29:17 0x : 460c6ab7 4c3c5c51 749d1906 0d00000c 01000000 
7f000001 0d000014 4485152d
08/07/15 20:29:17 0x : 18b6bbcd 0be8a846 9579ddcc 0d000014 16f6ca16 
e4a4066d 83821a0f 0aeaa862
08/07/15 20:29:17 0x : 0d000014 90cb8091 3ebb696e 086381b5 ec427b1f 
0d000014 7d9419a6 5310ca6f
08/07/15 20:29:17 0x : 2c179d92 15529d56 0d000014 4a131c81 07035845 
5c5728f2 0e95452f 0d000018
08/07/15 20:29:17 0x : 4048b7d5 6ebce885 25e7de7f 00d6c2d3 80000000 
0d000014 afcad713 68a1f1c9
08/07/15 20:29:17 0x : 6b8696fc 77570100 0d000014 f14b94b7 bff1fef0 
2773b8c4 9feded26 0d000014
08/07/15 20:29:17 0x : 12f5f28c 457168a9 702d9fe2 74cc0100 0d000018 
166f932d 55eb64d8 e4df4fd3
08/07/15 20:29:17 0x : 7e2313f0 d0fd8451 0d000014 8404adf9 cda05760 
b2ca292e 4bff537b 0000002c
08/07/15 20:29:17 0x : f4ed19e0 c114eb51 6faaac0e e37daf28 07b4381f 
00000002 0000138e 00000000
08/07/15 20:29:17 0x : 00000000 18800000
08/07/15 20:29:17 DB : phase1 resend event scheduled ( ref count = 2 )
08/07/15 20:29:17 DB : phase1 ref decrement ( ref count = 1, obj count = 1 )
08/07/15 20:29:17 DB : tunnel ref increment ( ref count = 3, obj count = 1 )
08/07/15 20:29:17 <- : recv IKE packet 82.127.57.58:500 -> 
192.168.30.10:500 ( 102 bytes )
08/07/15 20:29:17 0x : a64a3fdc f682af26 85d62bad 543b7b61 0b100500 
e9c98302 00000066 0000004a
08/07/15 20:29:17 0x : 00000001 0110000e a64a3fdc f682af26 85d62bad 
543b7b61 800c0001 00060022
08/07/15 20:29:17 0x : 436f756c 64206e6f 74206669 6e642061 63636570 
7461626c 65207072 6f706f73
08/07/15 20:29:17 0x : 616c8008 0000
08/07/15 20:29:17 ii : parsing ike packet header
08/07/15 20:29:17 ii : attempting to locate phase1 sa for packet
08/07/15 20:29:17 DB : phase1 found
08/07/15 20:29:17 DB : phase1 ref increment ( ref count = 2, obj count = 1 )
08/07/15 20:29:17 ii : processing informational packet ( 102 bytes )
08/07/15 20:29:17 =< : using ISAKMP SA a64a3fdcf682af26:85d62bad543b7b61
08/07/15 20:29:17 << : notification payload
08/07/15 20:29:17 ii : received peer NO-PROPOSAL-CHOSEN notification
08/07/15 20:29:17 ii : - XX.XX.XX.XX:500 -> 192.168.30.10:500
08/07/15 20:29:17 ii : - isakmp spi = a64a3fdcf682af26:85d62bad543b7b61
08/07/15 20:29:17 ii : - data size 46
08/07/15 20:29:17 DB : phase1 ref decrement ( ref count = 1, obj count = 1 )
08/07/15 20:29:22 ii : resend 1 packet(s) for phase1 exchange
08/07/15 20:29:22 <- : recv IKE packet XX.XX.XX.XX:500 -> 
192.168.30.10:500 ( 102 bytes )
08/07/15 20:29:22 0x : a64a3fdc f682af26 8a146006 a7647dd6 0b100500 
4d58b4c6 00000066 0000004a
08/07/15 20:29:22 0x : 00000001 0110000e a64a3fdc f682af26 8a146006 
a7647dd6 800c0001 00060022
08/07/15 20:29:22 0x : 436f756c 64206e6f 74206669 6e642061 63636570 
7461626c 65207072 6f706f73
08/07/15 20:29:22 0x : 616c8008 0000
08/07/15 20:29:22 ii : parsing ike packet header
08/07/15 20:29:22 ii : attempting to locate phase1 sa for packet
08/07/15 20:29:22 DB : phase1 found
08/07/15 20:29:22 DB : phase1 ref increment ( ref count = 2, obj count = 1 )
08/07/15 20:29:22 ii : processing informational packet ( 102 bytes )
08/07/15 20:29:22 =< : using ISAKMP SA a64a3fdcf682af26:8a146006a7647dd6
08/07/15 20:29:22 << : notification payload
08/07/15 20:29:22 ii : received peer NO-PROPOSAL-CHOSEN notification
08/07/15 20:29:22 ii : - XX.XX.XX.XX:500 -> 192.168.30.10:500
08/07/15 20:29:22 ii : - isakmp spi = a64a3fdcf682af26:8a146006a7647dd6
08/07/15 20:29:22 ii : - data size 46
08/07/15 20:29:22 DB : phase1 ref decrement ( ref count = 1, obj count = 1 )
08/07/15 20:29:27 ii : resend 1 packet(s) for phase1 exchange
08/07/15 20:29:27 <- : recv IKE packet XX.XX.XX.XX:500 -> 
192.168.30.10:500 ( 102 bytes )
08/07/15 20:29:27 0x : a64a3fdc f682af26 2c84697c 9aa40ab6 0b100500 
fcf99b2f 00000066 0000004a
08/07/15 20:29:27 0x : 00000001 0110000e a64a3fdc f682af26 2c84697c 
9aa40ab6 800c0001 00060022
08/07/15 20:29:27 0x : 436f756c 64206e6f 74206669 6e642061 63636570 
7461626c 65207072 6f706f73
08/07/15 20:29:27 0x : 616c8008 0000
08/07/15 20:29:27 ii : parsing ike packet header
08/07/15 20:29:27 ii : attempting to locate phase1 sa for packet
08/07/15 20:29:27 DB : phase1 found
08/07/15 20:29:27 DB : phase1 ref increment ( ref count = 2, obj count = 1 )
08/07/15 20:29:27 ii : processing informational packet ( 102 bytes )
08/07/15 20:29:27 =< : using ISAKMP SA a64a3fdcf682af26:2c84697c9aa40ab6
08/07/15 20:29:27 << : notification payload
08/07/15 20:29:27 ii : received peer NO-PROPOSAL-CHOSEN notification
08/07/15 20:29:27 ii : - XX.XX.XX.XX:500 -> 192.168.30.10:500
08/07/15 20:29:27 ii : - isakmp spi = a64a3fdcf682af26:2c84697c9aa40ab6
08/07/15 20:29:27 ii : - data size 46
08/07/15 20:29:27 DB : phase1 ref decrement ( ref count = 1, obj count = 1 )
08/07/15 20:29:32 ii : resend limit exceeded for phase1 exchange
08/07/15 20:29:32 ii : phase1 removal before expire time
08/07/15 20:29:32 DB : phase1 deleted ( obj count = 0 )
08/07/15 20:29:32 DB : tunnel ref decrement ( ref count = 2, obj count = 1 )
08/07/15 20:29:32 DB : policy not found
08/07/15 20:29:32 DB : policy not found
08/07/15 20:29:32 DB : tunnel stats event canceled ( ref count = 1 )
08/07/15 20:29:32 DB : removing tunnel config references
08/07/15 20:29:32 DB : removing tunnel phase2 references
08/07/15 20:29:32 DB : removing tunnel phase1 references
08/07/15 20:29:32 DB : tunnel deleted ( obj count = 0 )
08/07/15 20:29:32 DB : peer ref decrement ( ref count = 1, obj count = 1 )
08/07/15 20:29:32 DB : removing all peer tunnel refrences
08/07/15 20:29:32 DB : peer deleted ( obj count = 0 )
08/07/15 20:29:32 ii : ipc client process thread exit ...

Thanks




More information about the vpn-help mailing list