[vpn-help] Problem connecting to Netgear SRX5308
Alexis La Goutte
alexis.lagoutte at gmail.com
Mon Dec 13 14:04:30 CST 2010
Hi,
Which mode you use ? Xauth ? ModeConfig ?
Because there is a "known issue" with NETGEAR Router and ModeConfig without
XAUTH
http://lists.shrew.net/pipermail/vpn-help/2010-February/001962.html
Regards,
On Mon, Dec 13, 2010 at 8:33 PM, Shad L. Lords <slords at lordsfam.net> wrote:
> Problem:
>
> I'm trying to establish a IPSec VPN to a Netgear SRX5308 with the Shrew
> Soft VPN Client. I've got it configured correctly to do mode config and
> xauth. If I point the exact same configuration at my Netgear FVX538 or
> Netgear FVS336G (also setup the same as the SRX5308) it connects just fine.
> However on the SRX5308 I get a "invalid message from gateway" message on the
> VPN client. I've tried using the 3.0.6-9.1 firmware as well as the beta
> 3.0.7-11.1 firmware. They both behave the same way.
>
> VPN Client Version = 2.1.7 and 2.2.0-alpha10
> Windows OS Version = Windows 7 Ultimate (32-bit and 64-bit)
> Gateway Make/Model = Netgear SRX5308 (broken)
> Gateway OS Version = 3.0.6-9.1 and 3.0.7-11.1 (beta)
>
> Gateway Make/Model = Netgear FVX538 and FVS336G (working)
> Gateway OS Version = 3.0.6-29
>
> In comparing the IKE decrypted packed dumps between the FVS336G and the
> SRX5308 they are the same up to the point of doing the mode config
> negotiation. The FVS336G does a ISAKMP_CFG_REQUEST (1) and receives a
> ISAKMP_CFG_REPLY (2) with all the data needed (ip, mask, dns, etc). The
> SRX5308 does the same ISAKMP_CFG_REQUEST (1) and receives a ISAKMP_CFG_SET
> (3) with the needed information (ip, mask, dns, etc). Because the packet is
> a SET instead of a REPLY the client doesn't recognize the packet as one it
> expects and fails to bring up the tunnel.
>
> I've got packet captures of both firewalls that I can send if necessary.
> _______________________________________________
> vpn-help mailing list
> vpn-help at lists.shrew.net
> http://lists.shrew.net/mailman/listinfo/vpn-help
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20101213/8c64fbeb/attachment-0002.html>
More information about the vpn-help
mailing list