[Vpn-help] Beta's and Alpha's with Zywall 70
Matthew Grooms
mgrooms at shrew.net
Mon May 18 00:59:17 CDT 2009
Tim Tekaev wrote:
> Hi, guys,
> i can't make any version of this vpn client to connect to zywall 70.
> though i've read the manual on zywall+shrew client configuration, still
> no success.
> Zywall just logs "IKE Packet Retransmit" and the shrew-client finally
> disconnects :-(
>
Hi Tim,
I'm not exactly sure why this is happening. The aggressive mode exchange
should only take 3 packets ...
packet #1 - Initiator -> Responder
packet #2 - Responder -> Initiator
packet #3 - Initiator -> Responder
The Zywall appear to be accepting packet #1 which is sent by the client
because it responds with packet #2. The client accepts the contents of
packet #2 sent by the Zywall and declares the tunnel established. After,
it sends the final packet #3 to the Zywall. The Zywall is acting like it
doesn't receive the third packet because it just keeps re-transmitting
packet #2.
Have you tried disabling NAT-T support? Perhaps UDP port 4500 traffic is
getting dropped between the client and the Zywall or maybe there is a
bug in the version of firmware that you have loaded. I can tell you that
with my Zywall 5 UTM, it work with both beta and alpha versions ( except
for re-negotiating phase1 when NAT-T is enable which is a known Zywall
bug ).
-Matthew
More information about the vpn-help
mailing list