[Vpn-help] NETGEAR FVS 318v3 with Client 2.1.1

gerhard1967 at gmx.net gerhard1967 at gmx.net
Sun Sep 14 11:52:00 CDT 2008 

Hello, I am trying to connect with the Shrew Soft VPN Client 2.1.1 to my NETGEAR FVS 318v3 Firewall. After several different configuration settings, I am now on a point, that Netegear and Client still talk to each other, but the have a communication problem, where my VPN knowledge could not help any more. 

The form my point of view critical part is the 

08/09/14 18:24:02 ii : phase1 id match ( fqdn my.secound.FQDN )
08/09/14 18:24:02 << : hash payload
08/09/14 18:24:02 << : vendor id payload
08/09/14 18:24:02 ii : peer supports nat-t ( draft v00 )
08/09/14 18:24:02 << : nat discovery payload
08/09/14 18:24:02 << : nat discovery payload
08/09/14 18:24:02 XX : warning, unprocessed payload data !!!
08/09/14 18:24:02 XX : warning, unprocessed payload data !!!
08/09/14 18:24:02 !! : unhandled phase1 payload 'unknown' ( 109 )
08/09/14 18:24:02 XX : warning, unprocessed payload data !!!
08/09/14 18:24:02 DB : phase1 resend event canceled ( ref count = 1 )
08/09/14 18:24:02 ii : phase1 removal before expire time

The full log you find below. 

Thx Gerhard 

**** Trace Log of IKE Services – VPN Client **** 

08/09/14 18:23:58 ii : ipc client process thread begin ...
08/09/14 18:23:58 <A : peer config add message
08/09/14 18:23:58 DB : peer ref increment ( ref count = 1, obj count = 0 )
08/09/14 18:23:58 DB : peer added ( obj count = 1 )
08/09/14 18:23:58 ii : local address 90.152.33.188:500 selected for peer
08/09/14 18:23:58 DB : peer ref increment ( ref count = 2, obj count = 1 )
08/09/14 18:23:59 DB : tunnel ref increment ( ref count = 1, obj count = 0 )
08/09/14 18:23:59 DB : tunnel added ( obj count = 1 )
08/09/14 18:23:59 <A : proposal config message
08/09/14 18:23:59 <A : proposal config message
08/09/14 18:23:59 <A : client config message
08/09/14 18:23:59 <A : local id 'my.first.FQDN' message
08/09/14 18:23:59 <A : remote id 'my.secound.FQDN' message
08/09/14 18:23:59 <A : preshared key message
08/09/14 18:23:59 <A : peer tunnel enable message
08/09/14 18:23:59 DB : tunnel ref increment ( ref count = 2, obj count = 1 )
08/09/14 18:23:59 DB : new phase1 ( ISAKMP initiator )
08/09/14 18:23:59 DB : exchange type is aggressive
08/09/14 18:23:59 DB : 90.152.33.188:500 <-> 91.115.33.27:500
08/09/14 18:23:59 DB : f271ad39b2788edd:0000000000000000
08/09/14 18:23:59 DB : phase1 ref increment ( ref count = 1, obj count = 0 )
08/09/14 18:23:59 DB : phase1 added ( obj count = 1 )
08/09/14 18:23:59 >> : security association payload
08/09/14 18:23:59 >> : - proposal #1 payload 
08/09/14 18:23:59 >> : -- transform #1 payload 
08/09/14 18:23:59 >> : key exchange payload
08/09/14 18:23:59 >> : nonce payload
08/09/14 18:23:59 >> : identification payload
08/09/14 18:23:59 >> : vendor id payload
08/09/14 18:23:59 ii : local supports nat-t ( draft v00 )
08/09/14 18:23:59 >> : vendor id payload
08/09/14 18:23:59 ii : local supports nat-t ( draft v01 )
08/09/14 18:23:59 >> : vendor id payload
08/09/14 18:23:59 ii : local supports nat-t ( draft v02 )
08/09/14 18:23:59 >> : vendor id payload
08/09/14 18:23:59 ii : local supports nat-t ( draft v03 )
08/09/14 18:23:59 >> : vendor id payload
08/09/14 18:23:59 ii : local supports nat-t ( rfc )
08/09/14 18:23:59 >> : vendor id payload
08/09/14 18:23:59 ii : local supports FRAGMENTATION
08/09/14 18:23:59 >> : vendor id payload
08/09/14 18:23:59 ii : local supports DPDv1
08/09/14 18:23:59 >> : vendor id payload
08/09/14 18:23:59 ii : local is SHREW SOFT compatible
08/09/14 18:23:59 >> : vendor id payload
08/09/14 18:23:59 ii : local is CISCO UNITY compatible
08/09/14 18:23:59 >> : vendor id payload
08/09/14 18:23:59 ii : local is NETSCREEN compatible
08/09/14 18:23:59 >> : vendor id payload
08/09/14 18:23:59 ii : local is SIDEWINDER compatible
08/09/14 18:23:59 >> : vendor id payload
08/09/14 18:23:59 ii : local is CHECKPOINT compatible
08/09/14 18:23:59 =< : using ISAKMP SA f271ad39b2788edd:0000000000000000
08/09/14 18:23:59 -> : send IKE packet 90.152.33.188:500 -> 91.115.33.27:500 ( 562 bytes )
08/09/14 18:23:59 0x : 45000232 83d30000 4011d504 5a98fabc 5b736f1b 01f401f4 021eee1f f271ad39
08/09/14 18:23:59 0x : b2788edd 00000000 00000000 01100400 00000000 00000216 04000038 00000001
08/09/14 18:23:59 0x : 00000001 0000002c 01010001 00000024 01010000 80010005 80020002 80040002
08/09/14 18:23:59 0x : 80030001 800b0001 000c0004 00015180 0a000084 b92d5952 4e181cab 421c2d4e
08/09/14 18:23:59 0x : 29afe766 1cad1b8f 20312576 b7cef68a 1b9eb1dc 48a3290b 93714c13 6f4aa446
08/09/14 18:23:59 0x : 2379d48e cf6409d2 6d806666 cf22838a 096e4e6f 905095fd 2b8dbef9 849a99df
08/09/14 18:23:59 0x : 8b36b593 3eed001c 8074c138 5d25d9a5 261319e8 5219134a bd3f5736 46442a4d
08/09/14 18:23:59 0x : fc722058 018f01a4 4bc3a6a7 2bfed8f4 d0bb59d2 05000018 f8603d06 9a0a1bcf
08/09/14 18:23:59 0x : 36192273 8fa116b6 860d564c 0d000016 02000000 6d792e73 69656d65 6e732e63
08/09/14 18:23:59 0x : 6f6d0d00 00144485 152d18b6 bbcd0be8 a8469579 ddcc0d00 001416f6 ca16e4a4
08/09/14 18:23:59 0x : 066d8382 1a0f0aea a8620d00 001490cb 80913ebb 696e0863 81b5ec42 7b1f0d00
08/09/14 18:23:59 0x : 00147d94 19a65310 ca6f2c17 9d921552 9d560d00 00144a13 1c810703 58455c57
08/09/14 18:23:59 0x : 28f20e95 452f0d00 00184048 b7d56ebc e88525e7 de7f00d6 c2d38000 00000d00
08/09/14 18:23:59 0x : 0014afca d71368a1 f1c96b86 96fc7757 01000d00 0014f14b 94b7bff1 fef02773
08/09/14 18:23:59 0x : b8c49fed ed260d00 001412f5 f28c4571 68a9702d 9fe274cc 01000d00 0018166f
08/09/14 18:23:59 0x : 932d55eb 64d8e4df 4fd37e23 13f0d0fd 84510d00 00148404 adf9cda0 5760b2ca
08/09/14 18:23:59 0x : 292e4bff 537b0000 002cf4ed 19e0c114 eb516faa ac0ee37d af2807b4 381f0000
08/09/14 18:23:59 0x : 00020000 138e0000 00000000 00001880 0000
08/09/14 18:23:59 DB : phase1 resend event scheduled ( ref count = 2 )
08/09/14 18:23:59 DB : phase1 ref decrement ( ref count = 1, obj count = 1 )
08/09/14 18:23:59 DB : tunnel ref increment ( ref count = 3, obj count = 1 )
08/09/14 18:24:02 <- : recv IKE packet 91.115.33.27:500 -> 90.152.33.188:500 ( 394 bytes )
08/09/14 18:24:02 0x : f271ad39 b2788edd c8874ace 1a802523 01100400 00000000 0000018a 04000038
08/09/14 18:24:02 0x : 00000001 00000001 0000002c 01010001 00000024 01010000 80010005 80020002
08/09/14 18:24:02 0x : 80040002 80030001 800b0001 000c0004 00015180 0a000084 c102b43a ad8736a4
08/09/14 18:24:02 0x : 6cad3853 e783ddb4 f81b3a6d 122dded5 672fa88d a9f476c1 45d0a204 6e1d694f
08/09/14 18:24:02 0x : 1eec2306 e780bb50 f6700432 5ec52883 af25888a f45f3155 50f6771c 10cab08f
08/09/14 18:24:02 0x : e55c7d14 9eb3e0bb d35e3987 0a33e930 d65f5e60 ca4d033b 8f22515e 85f019e2
08/09/14 18:24:02 0x : 9818b43b d36df2b2 2c8df81a a4619c29 7a573b7a baa4540a 0500000c 8e6d45fc
08/09/14 18:24:02 0x : f7f92f07 0800001a 02000000 6d792e65 78636565 6469742e 696e7369 64650d00
08/09/14 18:24:02 0x : 00188ab5 31372fa7 a462ae75 5ed5bd2b 174842b7 19028200 00144485 152d18b6
08/09/14 18:24:02 0x : bbcd0be8 a8469579 ddcc8200 00185691 d41a82bc 74be4e19 61a11fc3 4491e93f
08/09/14 18:24:02 0x : b5218200 00189ad0 91b188a0 58b120e0 c85498cf 120edc81 683e8200 00186d97
08/09/14 18:24:02 0x : 511e4e74 eb5c0a3e 991528dc 9ecbb2cb 03b20000 00187154 6eb44e46 3cf5a06c
08/09/14 18:24:02 0x : d3686a71 cc3df676 8af1
08/09/14 18:24:02 ii : parsing ike packet header
08/09/14 18:24:02 ii : attempting to locate phase1 sa for packet
08/09/14 18:24:02 DB : phase1 found
08/09/14 18:24:02 DB : phase1 ref increment ( ref count = 2, obj count = 1 )
08/09/14 18:24:02 ii : processing phase1 packet ( 394 bytes )
08/09/14 18:24:02 =< : using ISAKMP SA f271ad39b2788edd:c8874ace1a802523
08/09/14 18:24:02 << : security association payload
08/09/14 18:24:02 << : - propsal #1 payload 
08/09/14 18:24:02 << : -- transform #1 payload 
08/09/14 18:24:02 ii : matched isakmp proposal #1 transform #1
08/09/14 18:24:02 ii : - transform    = ike
08/09/14 18:24:02 ii : - cipher type  = 3des
08/09/14 18:24:02 ii : - key length   = default
08/09/14 18:24:02 ii : - hash type    = sha1
08/09/14 18:24:02 ii : - dh group     = modp-1024
08/09/14 18:24:02 ii : - auth type    = psk
08/09/14 18:24:02 ii : - life seconds = 86400
08/09/14 18:24:02 ii : - life kbytes  = 0
08/09/14 18:24:02 << : key exchange payload
08/09/14 18:24:02 << : nonce payload
08/09/14 18:24:02 << : identification payload
08/09/14 18:24:02 ii : phase1 id match ( fqdn my.secound.FQDN )
08/09/14 18:24:02 << : hash payload
08/09/14 18:24:02 << : vendor id payload
08/09/14 18:24:02 ii : peer supports nat-t ( draft v00 )
08/09/14 18:24:02 << : nat discovery payload
08/09/14 18:24:02 << : nat discovery payload
08/09/14 18:24:02 XX : warning, unprocessed payload data !!!
08/09/14 18:24:02 XX : warning, unprocessed payload data !!!
08/09/14 18:24:02 !! : unhandled phase1 payload 'unknown' ( 109 )
08/09/14 18:24:02 XX : warning, unprocessed payload data !!!
08/09/14 18:24:02 DB : phase1 resend event canceled ( ref count = 1 )
08/09/14 18:24:02 ii : phase1 removal before expire time
08/09/14 18:24:02 DB : phase1 deleted ( obj count = 0 )
08/09/14 18:24:02 DB : tunnel ref decrement ( ref count = 2, obj count = 1 )
08/09/14 18:24:02 DB : tunnel stats event canceled ( ref count = 1 )
08/09/14 18:24:02 DB : removing tunnel config references
08/09/14 18:24:02 DB : removing tunnel phase2 references
08/09/14 18:24:02 DB : removing tunnel phase1 references
08/09/14 18:24:02 DB : tunnel deleted ( obj count = 0 )
08/09/14 18:24:03 DB : peer ref decrement ( ref count = 1, obj count = 1 )
08/09/14 18:24:03 DB : removing all peer tunnel refrences
08/09/14 18:24:03 DB : peer deleted ( obj count = 0 )
08/09/14 18:24:03 ii : ipc client process thread exit ...


**** LOG on NETGEAR FVS 318v3 ****


[2008-09-14 08:24:02][==== IKE PHASE 1(from 90.152.33.188) START (responder) ====]
[2008-09-14 08:24:02]**** RECEIVED  FIRST MESSAGE OF AGGR MODE **** 
[2008-09-14 08:24:02]<POLICY: > PAYLOADS: SA,PROP,TRANS,KE,NONCE,ID,VID,VID,VID,VID,VID,VID,VID,VID,VID,VID,VID,VID
[2008-09-14 08:24:02]<LocalRID> Type=ID_FQDN,ID DATA=my.first.FQDN
[2008-09-14 08:24:02]<RemoteLID> Type=ID_FQDN,ID DATA= my.first.FQDN
[2008-09-14 08:24:05]<POLICY: MyVPNServer> PAYLOADS: SA,PROP,TRANS,KE,NONCE,ID,HASH,VID,NATD,NATD,NATD,NATD
[2008-09-14 08:24:05]**** SENT OUT SECOND MESSAGE OF AGGR MODE **** 
[2008-09-14 08:24:25]**** SENT OUT INFORMATIONAL EXCHANGE MESSAGE **** 
[2008-09-14 08:24:25]<POLICY: MyVPNServer> PAYLOADS: DEL


-- 
Psssst! Schon vom neuen GMX MultiMessenger gehört? Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger

More information about the vpn-help mailing list