[vpn-help] Tunnel from Shrew Soft to Netgear FVS338 formed but notworking
Michal Wegrzyn
Michal at comfortel.pl
Sun Feb 14 07:31:47 CST 2010
Hello,
If you use ModeConfig+XAUTh add in Shrew - IPSEC Policy
jj.q.25.0 / 255.255.255.0
x.y.z.0 / 255.255.255.0 - ip pool to serwer you want get.
If you don't use ModeConfig+XAUTh the Shrew simply won't connect.
Regards,
Michal Wegrzyn
----- Original Message -----
From: Preston Harrison
To: vpn-help at lists.shrew.net
Sent: Saturday, February 13, 2010 6:40 AM
Subject: [vpn-help] Tunnel from Shrew Soft to Netgear FVS338 formed but notworking
I'm using the Shrew Soft VPN Client, Verison 2.15 to form a tunnel to a Netgear FVS338. I can't connect using Remote Desktop and I get a timeout from PING.
Here is the VPN log on the FVS338 (I substitued random letters for the number in the first two octets of the IPs in the log for security purposes):
2010 Feb 12 23:15:17 [FVS338] [IKE] Remote configuration for identifier "vpn.com" found_
2010 Feb 12 23:15:17 [FVS338] [IKE] Received request for new phasIf e 1 negotiation: sy.vw.36.137[500]<=>ab.gh.88.140[500]_
2010 Feb 12 23:15:17 [FVS338] [IKE] Beginning Aggressive mode._
2010 Feb 12 23:15:17 [FVS338] [IKE] Received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt_
2010 Feb 12 23:15:17 [FVS338] [IKE] Received unknown Vendor ID_
- Last output repeated twice -
2010 Feb 12 23:15:17 [FVS338] [IKE] Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02__
2010 Feb 12 23:15:17 [FVS338] [IKE] Received unknown Vendor ID_
- Last output repeated 6 times -
2010 Feb 12 23:15:18 [FVS338] [IKE] Received Vendor ID: CISCO-UNITY_
2010 Feb 12 23:15:18 [FVS338] [IKE] For ab.gh.88.140[500], Selected NAT-T version: draft-ietf-ipsec-nat-t-ike-02_
2010 Feb 12 23:15:20 [FVS338] [IKE] Floating ports for NAT-T with peer ab.gh.88.140[4500]_
2010 Feb 12 23:15:20 [FVS338] [IKE] NAT-D payload does not match for sy.vw.36.137[4500]_
2010 Feb 12 23:15:20 [FVS338] [IKE] NAT-D payload does not match for ab.gh.88.140[4500]_
2010 Feb 12 23:15:20 [FVS338] [IKE] NAT detected: Local is behind a NAT device. and alsoPeer is behind a NAT device_
2010 Feb 12 23:15:20 [FVS338] [IKE] Sending Xauth request to ab.gh.88.140[4500]_
2010 Feb 12 23:15:20 [FVS338] [IKE] ISAKMP-SA established for sy.vw.36.137[4500]-ab.gh.88.140[4500] with spi:cbd501b988552332:978610d758636710_
2010 Feb 12 23:15:20 [FVS338] [IKE] purging spi=250579867._
2010 Feb 12 23:15:21 [FVS338] [IKE] Received attribute type "ISAKMP_CFG_REPLY" from ab.gh.88.140[4500]_
2010 Feb 12 23:15:21 [FVS338] [IKE] Login succeeded for user "Preston"_
2010 Feb 12 23:15:22 [FVS338] [IKE] Received attribute type "ISAKMP_CFG_REQUEST" from ab.gh.88.140[4500]_
2010 Feb 12 23:15:22 [FVS338] [IKE] jj.q.25.101 IP address is assigned to remote peer ab.gh.88.140[4500]_
2010 Feb 12 23:15:22 [FVS338] [IKE] Ignored attribute 5_
2010 Feb 12 23:15:22 [FVS338] [IKE] Cannot open "/etc/motd"_
2010 Feb 12 23:15:30 [FVS338] [IKE] Responding to new phase 2 negotiation: sy.vw.36.137[0]<=>ab.gh.88.140[0]_
2010 Feb 12 23:15:30 [FVS338] [IKE] Using IPsec SA configuration: rst.lmn.0.0/24<->jj.q.25.0/24_
2010 Feb 12 23:15:31 [FVS338] [IKE] Adjusting peer's encmode 61443(61443)->Tunnel(1)_
2010 Feb 12 23:15:32 [FVS338] [IKE] IPsec-SA established[UDP encap 4500->4500]: ESP/Tunnel ab.gh.88.140->sy.vw.36.137 with spi=87747332(0x53aeb04)_
2010 Feb 12 23:15:32 [FVS338] [IKE] IPsec-SA established[UDP encap 4500->4500]: ESP/Tunnel sy.vw.36.137->ab.gh.88.140 with spi=3107620073(0xb93a84e9)_
sy.vw.36.137 is the VPN host (FVS338) IP
ab.gh.88.140 is the client host (AT&T 2wire Gateway)
jj.q.25.0 is the Mode Config IP pool
rst.lmn.0.0 is the FVS338 DHCP assigned IP
Can anyone tell me why I can't use the tunnel?
------------------------------------------------------------------------------
_______________________________________________
vpn-help mailing list
vpn-help at lists.shrew.net
http://lists.shrew.net/mailman/listinfo/vpn-help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20100214/49e04806/attachment-0002.html>
More information about the vpn-help
mailing list