[Vpn-help] Beta's and Alpha's with Zywall 70

Matthew Grooms mgrooms at shrew.net
Mon May 18 00:59:17 CDT 2009


Tim Tekaev wrote:
> Hi, guys,
> i can't make any version of this vpn client to connect to zywall 70. 
> though i've read the manual on zywall+shrew client configuration, still 
> no success.
> Zywall just logs "IKE Packet Retransmit" and the shrew-client finally 
> disconnects :-(
> 

Hi Tim,

I'm not exactly sure why this is happening. The aggressive mode exchange 
should only take 3 packets ...

packet #1 - Initiator -> Responder
packet #2 - Responder -> Initiator
packet #3 - Initiator -> Responder

The Zywall appear to be accepting packet #1 which is sent by the client 
because it responds with packet #2. The client accepts the contents of 
packet #2 sent by the Zywall and declares the tunnel established. After, 
it sends the final packet #3 to the Zywall. The Zywall is acting like it 
doesn't receive the third packet because it just keeps re-transmitting 
packet #2.

Have you tried disabling NAT-T support? Perhaps UDP port 4500 traffic is 
getting dropped between the client and the Zywall or maybe there is a 
bug in the version of firmware that you have loaded. I can tell you that 
with my Zywall 5 UTM, it work with both beta and alpha versions ( except 
for re-negotiating phase1 when NAT-T is enable which is a known Zywall 
bug ).

-Matthew



More information about the vpn-help mailing list