[Vpn-help] Zyxel USG 300

Tue Jul 15 13:58:45 CDT 2008

I have some problem to build tunnel with Zyxel USG300.
I have tried on an other IP WAN.
Before i had a Zyxel zywall 70 and it worked.

Below IKE log :

08/07/15 20:55:43 ## : IKE Daemon, ver 2.1.0
08/07/15 20:55:43 ## : Copyright 2007 Shrew Soft Inc.
08/07/15 20:55:43 ## : This product linked OpenSSL 0.9.8h 28 May 2008
08/07/15 20:55:43 ii : opened 'C:\Program Files\ShrewSoft\VPN 
Client\debug\iked.log'
08/07/15 20:55:43 ii : opened 'C:\Program Files\ShrewSoft\VPN 
Client/debug/dump-ike-decrypt.cap'
08/07/15 20:55:43 ii : opened 'C:\Program Files\ShrewSoft\VPN 
Client/debug/dump-ike-encrypt.cap'
08/07/15 20:55:43 ii : rebuilding vnet device list ...
08/07/15 20:55:43 ii : device ROOT\VNET\0000 disabled
08/07/15 20:55:43 ii : network process thread begin ...
08/07/15 20:55:43 ii : pfkey process thread begin ...
08/07/15 20:55:43 ii : ipc server process thread begin ...
08/07/15 20:55:50 ii : ipc client process thread begin ...
08/07/15 20:55:50 <A : peer config add message
08/07/15 20:55:50 DB : peer ref increment ( ref count = 1, obj count = 0 )
08/07/15 20:55:50 DB : peer added ( obj count = 1 )
08/07/15 20:55:50 ii : local address 192.168.30.10:500 selected for peer
08/07/15 20:55:50 DB : peer ref increment ( ref count = 2, obj count = 1 )
08/07/15 20:55:50 DB : tunnel ref increment ( ref count = 1, obj count = 0 )
08/07/15 20:55:50 DB : tunnel added ( obj count = 1 )
08/07/15 20:55:50 <A : proposal config message
08/07/15 20:55:50 <A : proposal config message
08/07/15 20:55:50 <A : client config message
08/07/15 20:55:50 <A : local id '127.0.0.1' message
08/07/15 20:55:50 <A : remote id '82.127.57.53' message
08/07/15 20:55:50 <A : preshared key message
08/07/15 20:55:50 <A : remote resource message
08/07/15 20:55:50 <A : peer tunnel enable message
08/07/15 20:55:50 DB : tunnel ref increment ( ref count = 2, obj count = 1 )
08/07/15 20:55:50 DB : new phase1 ( ISAKMP initiator )
08/07/15 20:55:50 DB : exchange type is aggressive
08/07/15 20:55:50 DB : 192.168.30.10:500 <-> 82.127.57.53:500
08/07/15 20:55:50 DB : 94c909c33f0c1ec4:0000000000000000
08/07/15 20:55:50 DB : phase1 ref increment ( ref count = 1, obj count = 0 )
08/07/15 20:55:50 DB : phase1 added ( obj count = 1 )
08/07/15 20:55:50 >> : security association payload
08/07/15 20:55:50 >> : - proposal #1 payload
08/07/15 20:55:50 >> : -- transform #1 payload
08/07/15 20:55:50 >> : key exchange payload
08/07/15 20:55:50 >> : nonce payload
08/07/15 20:55:50 >> : identification payload
08/07/15 20:55:50 >> : vendor id payload
08/07/15 20:55:50 ii : local supports nat-t ( draft v00 )
08/07/15 20:55:50 >> : vendor id payload
08/07/15 20:55:50 ii : local supports nat-t ( draft v01 )
08/07/15 20:55:50 >> : vendor id payload
08/07/15 20:55:50 ii : local supports nat-t ( draft v02 )
08/07/15 20:55:50 >> : vendor id payload
08/07/15 20:55:50 ii : local supports nat-t ( draft v03 )
08/07/15 20:55:50 >> : vendor id payload
08/07/15 20:55:50 ii : local supports nat-t ( rfc )
08/07/15 20:55:50 >> : vendor id payload
08/07/15 20:55:50 ii : local supports FRAGMENTATION
08/07/15 20:55:50 >> : vendor id payload
08/07/15 20:55:50 ii : local supports DPDv1
08/07/15 20:55:50 >> : vendor id payload
08/07/15 20:55:50 ii : local is SHREW SOFT compatible
08/07/15 20:55:50 >> : vendor id payload
08/07/15 20:55:50 ii : local is CISCO UNITY compatible
08/07/15 20:55:50 >> : vendor id payload
08/07/15 20:55:50 ii : local is NETSCREEN compatible
08/07/15 20:55:50 >> : vendor id payload
08/07/15 20:55:50 ii : local is SIDEWINDER compatible
08/07/15 20:55:50 >> : vendor id payload
08/07/15 20:55:50 ii : local is CHECKPOINT compatible
08/07/15 20:55:50 =< : using ISAKMP SA 94c909c33f0c1ec4:0000000000000000
08/07/15 20:55:50 -> : send IKE packet 192.168.30.10:500 -> 
82.127.57.53:500 ( 552 bytes )
08/07/15 20:55:50 0x : 45000228 46210000 4011c83d c0a81e0a 527f3935 
01f401f4 0214e495 94c909c3
08/07/15 20:55:50 0x : 3f0c1ec4 00000000 00000000 01100400 00000000 
0000020c 04000038 00000001
08/07/15 20:55:50 0x : 00000001 0000002c 01010001 00000024 01010000 
80010005 80020001 80040002
08/07/15 20:55:50 0x : 80030001 800b0001 000c0004 00007080 0a000084 
36dfaa16 c2fe2d48 5c300191
08/07/15 20:55:50 0x : ac63960c 36b46488 849ecdc0 14f92be3 b4726ff1 
83c7267c c3330db6 fb3ba34b
08/07/15 20:55:50 0x : 50b55506 2b86d1b9 295d8363 fdfa859a 7833f09f 
1a2432be 52ff2c10 fde12b19
08/07/15 20:55:50 0x : eaa389e9 c3a07574 7e0ba513 9fef161b b5c450f2 
c64fe494 38d21939 cac74786
08/07/15 20:55:50 0x : b33e4fa5 dd433451 2bdea083 39aabcd8 872475cc 
05000018 1e84e2b8 adea78d4
08/07/15 20:55:50 0x : 5b0d9943 3ee418f3 47c5501e 0d00000c 01000000 
7f000001 0d000014 4485152d
08/07/15 20:55:50 0x : 18b6bbcd 0be8a846 9579ddcc 0d000014 16f6ca16 
e4a4066d 83821a0f 0aeaa862
08/07/15 20:55:50 0x : 0d000014 90cb8091 3ebb696e 086381b5 ec427b1f 
0d000014 7d9419a6 5310ca6f
08/07/15 20:55:50 0x : 2c179d92 15529d56 0d000014 4a131c81 07035845 
5c5728f2 0e95452f 0d000018
08/07/15 20:55:50 0x : 4048b7d5 6ebce885 25e7de7f 00d6c2d3 80000000 
0d000014 afcad713 68a1f1c9
08/07/15 20:55:50 0x : 6b8696fc 77570100 0d000014 f14b94b7 bff1fef0 
2773b8c4 9feded26 0d000014
08/07/15 20:55:50 0x : 12f5f28c 457168a9 702d9fe2 74cc0100 0d000018 
166f932d 55eb64d8 e4df4fd3
08/07/15 20:55:50 0x : 7e2313f0 d0fd8451 0d000014 8404adf9 cda05760 
b2ca292e 4bff537b 0000002c
08/07/15 20:55:50 0x : f4ed19e0 c114eb51 6faaac0e e37daf28 07b4381f 
00000002 0000138e 00000000
08/07/15 20:55:50 0x : 00000000 18800000
08/07/15 20:55:50 DB : phase1 resend event scheduled ( ref count = 2 )
08/07/15 20:55:50 DB : phase1 ref decrement ( ref count = 1, obj count = 1 )
08/07/15 20:55:50 DB : tunnel ref increment ( ref count = 3, obj count = 1 )
08/07/15 20:55:50 <- : recv IKE packet XX.XX.XX.XX:500 -> 
192.168.30.10:500 ( 102 bytes )
08/07/15 20:55:50 0x : 94c909c3 3f0c1ec4 216d8d28 07c0c63b 0b100500 
3928d082 00000066 0000004a
08/07/15 20:55:50 0x : 00000001 0110000e 94c909c3 3f0c1ec4 216d8d28 
07c0c63b 800c0001 00060022
08/07/15 20:55:50 0x : 436f756c 64206e6f 74206669 6e642061 63636570 
7461626c 65207072 6f706f73
08/07/15 20:55:50 0x : 616c8008 0000
08/07/15 20:55:50 ii : parsing ike packet header
08/07/15 20:55:50 ii : attempting to locate phase1 sa for packet
08/07/15 20:55:50 DB : phase1 found
08/07/15 20:55:50 DB : phase1 ref increment ( ref count = 2, obj count = 1 )
08/07/15 20:55:50 ii : processing informational packet ( 102 bytes )
08/07/15 20:55:50 =< : using ISAKMP SA 94c909c33f0c1ec4:216d8d2807c0c63b
08/07/15 20:55:50 << : notification payload
08/07/15 20:55:50 ii : received peer NO-PROPOSAL-CHOSEN notification
08/07/15 20:55:50 ii : - XX.XX.XX.XX:500 -> 192.168.30.10:500
08/07/15 20:55:50 ii : - isakmp spi = 94c909c33f0c1ec4:216d8d2807c0c63b
08/07/15 20:55:50 ii : - data size 46
08/07/15 20:55:50 DB : phase1 ref decrement ( ref count = 1, obj count = 1 )
08/07/15 20:55:55 ii : resend 1 packet(s) for phase1 exchange
08/07/15 20:55:55 <- : recv IKE packet XX.XX.XX.XX:500 -> 
192.168.30.10:500 ( 102 bytes )
08/07/15 20:55:55 0x : 94c909c3 3f0c1ec4 cdf66a62 951047fb 0b100500 
a8b4a651 00000066 0000004a
08/07/15 20:55:55 0x : 00000001 0110000e 94c909c3 3f0c1ec4 cdf66a62 
951047fb 800c0001 00060022
08/07/15 20:55:55 0x : 436f756c 64206e6f 74206669 6e642061 63636570 
7461626c 65207072 6f706f73
08/07/15 20:55:55 0x : 616c8008 0000
08/07/15 20:55:55 ii : parsing ike packet header
08/07/15 20:55:55 ii : attempting to locate phase1 sa for packet
08/07/15 20:55:55 DB : phase1 found
08/07/15 20:55:55 DB : phase1 ref increment ( ref count = 2, obj count = 1 )
08/07/15 20:55:55 ii : processing informational packet ( 102 bytes )
08/07/15 20:55:55 =< : using ISAKMP SA 94c909c33f0c1ec4:cdf66a62951047fb
08/07/15 20:55:55 << : notification payload
08/07/15 20:55:55 ii : received peer NO-PROPOSAL-CHOSEN notification
08/07/15 20:55:55 ii : - XX.XX.XX.XX:500 -> 192.168.30.10:500
08/07/15 20:55:55 ii : - isakmp spi = 94c909c33f0c1ec4:cdf66a62951047fb
08/07/15 20:55:55 ii : - data size 46
08/07/15 20:55:55 DB : phase1 ref decrement ( ref count = 1, obj count = 1 )
08/07/15 20:56:00 ii : resend 1 packet(s) for phase1 exchange
08/07/15 20:56:00 <- : recv IKE packet XX.XX.XX.XX:500 -> 
192.168.30.10:500 ( 102 bytes )
08/07/15 20:56:00 0x : 94c909c3 3f0c1ec4 6fa6a7bc 242bd083 0b100500 
eb6fd9bb 00000066 0000004a
08/07/15 20:56:00 0x : 00000001 0110000e 94c909c3 3f0c1ec4 6fa6a7bc 
242bd083 800c0001 00060022
08/07/15 20:56:00 0x : 436f756c 64206e6f 74206669 6e642061 63636570 
7461626c 65207072 6f706f73
08/07/15 20:56:00 0x : 616c8008 0000
08/07/15 20:56:00 ii : parsing ike packet header
08/07/15 20:56:00 ii : attempting to locate phase1 sa for packet
08/07/15 20:56:00 DB : phase1 found
08/07/15 20:56:00 DB : phase1 ref increment ( ref count = 2, obj count = 1 )
08/07/15 20:56:00 ii : processing informational packet ( 102 bytes )
08/07/15 20:56:00 =< : using ISAKMP SA 94c909c33f0c1ec4:6fa6a7bc242bd083
08/07/15 20:56:00 << : notification payload
08/07/15 20:56:00 ii : received peer NO-PROPOSAL-CHOSEN notification
08/07/15 20:56:00 ii : - XX.XX.XX.XX:500 -> 192.168.30.10:500
08/07/15 20:56:00 ii : - isakmp spi = 94c909c33f0c1ec4:6fa6a7bc242bd083
08/07/15 20:56:00 ii : - data size 46
08/07/15 20:56:00 DB : phase1 ref decrement ( ref count = 1, obj count = 1 )
08/07/15 20:56:05 ii : resend limit exceeded for phase1 exchange
08/07/15 20:56:05 ii : phase1 removal before expire time
08/07/15 20:56:05 DB : phase1 deleted ( obj count = 0 )
08/07/15 20:56:05 DB : tunnel ref decrement ( ref count = 2, obj count = 1 )
08/07/15 20:56:05 DB : policy not found
08/07/15 20:56:05 DB : policy not found
08/07/15 20:56:05 DB : tunnel stats event canceled ( ref count = 1 )
08/07/15 20:56:05 DB : removing tunnel config references
08/07/15 20:56:05 DB : removing tunnel phase2 references
08/07/15 20:56:05 DB : removing tunnel phase1 references
08/07/15 20:56:05 DB : tunnel deleted ( obj count = 0 )
08/07/15 20:56:05 DB : peer ref decrement ( ref count = 1, obj count = 1 )
08/07/15 20:56:05 DB : removing all peer tunnel refrences
08/07/15 20:56:05 DB : peer deleted ( obj count = 0 )
08/07/15 20:56:05 ii : ipc client process thread exit ..

Thanks