[vpn-help] Tunnel from Shrew Soft to Netgear FVS338 formed but not working

Preston Harrison plhdlh at sbcglobal.net
Fri Feb 12 23:40:50 CST 2010


I'm using the Shrew Soft VPN Client, Verison 2.15 to form a tunnel to a
Netgear FVS338.  I can't connect using Remote Desktop and I get a timeout
from PING. 

Here is the VPN log on the FVS338 (I substitued random letters for the
number in the first two octets of the IPs in the log for security purposes):

 

 

2010 Feb 12 23:15:17 [FVS338] [IKE] Remote configuration for identifier
"vpn.com" found_

2010 Feb 12 23:15:17 [FVS338] [IKE] Received request for new phase 1
negotiation: sy.vw.36.137[500]<=>ab.gh.88.140[500]_

2010 Feb 12 23:15:17 [FVS338] [IKE] Beginning Aggressive mode._

2010 Feb 12 23:15:17 [FVS338] [IKE] Received Vendor ID:
draft-ietf-ipsra-isakmp-xauth-06.txt_

2010 Feb 12 23:15:17 [FVS338] [IKE] Received unknown Vendor ID_

                - Last output repeated twice -

2010 Feb 12 23:15:17 [FVS338] [IKE] Received Vendor ID:
draft-ietf-ipsec-nat-t-ike-02__

2010 Feb 12 23:15:17 [FVS338] [IKE] Received unknown Vendor ID_

                - Last output repeated 6 times -

2010 Feb 12 23:15:18 [FVS338] [IKE] Received Vendor ID: CISCO-UNITY_

2010 Feb 12 23:15:18 [FVS338] [IKE] For ab.gh.88.140[500], Selected NAT-T
version: draft-ietf-ipsec-nat-t-ike-02_

2010 Feb 12 23:15:20 [FVS338] [IKE] Floating ports for NAT-T with peer
ab.gh.88.140[4500]_

2010 Feb 12 23:15:20 [FVS338] [IKE] NAT-D payload does not match for
sy.vw.36.137[4500]_

2010 Feb 12 23:15:20 [FVS338] [IKE] NAT-D payload does not match for
ab.gh.88.140[4500]_

2010 Feb 12 23:15:20 [FVS338] [IKE] NAT detected: Local is behind a NAT
device. and alsoPeer is behind a NAT device_

2010 Feb 12 23:15:20 [FVS338] [IKE] Sending Xauth request to
ab.gh.88.140[4500]_

2010 Feb 12 23:15:20 [FVS338] [IKE] ISAKMP-SA established for
sy.vw.36.137[4500]-ab.gh.88.140[4500] with
spi:cbd501b988552332:978610d758636710_

2010 Feb 12 23:15:20 [FVS338] [IKE] purging spi=250579867._

2010 Feb 12 23:15:21 [FVS338] [IKE] Received attribute type
"ISAKMP_CFG_REPLY" from ab.gh.88.140[4500]_

2010 Feb 12 23:15:21 [FVS338] [IKE] Login succeeded for user "Preston"_

2010 Feb 12 23:15:22 [FVS338] [IKE] Received attribute type
"ISAKMP_CFG_REQUEST" from ab.gh.88.140[4500]_

2010 Feb 12 23:15:22 [FVS338] [IKE] jj.q.25.101 IP address is assigned to
remote peer ab.gh.88.140[4500]_

2010 Feb 12 23:15:22 [FVS338] [IKE] Ignored attribute 5_

2010 Feb 12 23:15:22 [FVS338] [IKE] Cannot open "/etc/motd"_

2010 Feb 12 23:15:30 [FVS338] [IKE] Responding to new phase 2 negotiation:
sy.vw.36.137[0]<=>ab.gh.88.140[0]_

2010 Feb 12 23:15:30 [FVS338] [IKE] Using IPsec SA configuration:
rst.lmn.0.0/24<->jj.q.25.0/24_

2010 Feb 12 23:15:31 [FVS338] [IKE] Adjusting peer's encmode
61443(61443)->Tunnel(1)_

2010 Feb 12 23:15:32 [FVS338] [IKE] IPsec-SA established[UDP encap
4500->4500]: ESP/Tunnel ab.gh.88.140->sy.vw.36.137 with
spi=87747332(0x53aeb04)_

2010 Feb 12 23:15:32 [FVS338] [IKE] IPsec-SA established[UDP encap
4500->4500]: ESP/Tunnel sy.vw.36.137->ab.gh.88.140 with
spi=3107620073(0xb93a84e9)_

 

 

sy.vw.36.137 is the VPN host (FVS338) IP

ab.gh.88.140 is the client host (AT&T 2wire Gateway)

jj.q.25.0 is the Mode Config IP pool

rst.lmn.0.0 is the FVS338 DHCP assigned IP

 

Can anyone tell me why I can't use the tunnel?

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20100212/2b7199c7/attachment-0001.html>


More information about the vpn-help mailing list