[vpn-help] FVS338 tunnel established but can't ping remote IP's/SSH/DNS etc.

David Borges david.borges at skitter.tv
Tue Jan 11 12:59:36 CST 2011 

Kevin,

I told shrew to use 10.1.1.0/24.  In the FVS338 here is the ModeConfig

Client Pool:
Record Name: 	Pool
First IP Pool: 	10.1.2.150 - 10.1.2.160
Section IP Pool: 	0.0.0.0 - 0.0.0.0
Third IP Pool: 	0.0.0.0 - 0.0.0.0
Primary WINS Server: 	0.0.0.0
Secondary WINS Server: 	0.0.0.0
Primary DNS Server: 	8.8.8.8
Secondary DNS Server: 	8.8.4.4
Traffic Tunnel Security Level:
PFS Key Group: 	Group 2 (1024 bit)
SA Lifetime: 	3600
SA Lifebyte: 	0
Encryption Algorithm: 	3DES
Integrity Algorithm: 	SHA-1
Local IP Address: 	10.1.1.0
Local Subnet Mask: 	255.255.255.0


My internal network is 10.1.1.0/24.  Am I missing something?

Thank you,

David

PS Matthew, I don't see that option in the Shrew Soft Client



On Tue, 2011-01-11 at 13:28 -0500, kevin vpn wrote:
> Hi David,
> 
> To me it looks like you have a policy mismatch ("No policy found"
> error in the Netgear log) which is preventing Phase2 negotiations from
> completing properly.  Double check that the IP ranges that you have
> told Shrew to tunnel match those that the gateway expects.
> 
> > From: david.borges at skitter.tv
> > To: vpn-help at lists.shrew.net
> > Date: Tue, 11 Jan 2011 10:57:03 -0500
> > Subject: [vpn-help] FVS338 tunnel established but can't ping remote
> IP's/SSH/DNS etc.
> > 
> > 
> > Shrew Soft Version 2.1.5
> > Netgear FVS338
> > Ubuntu 11.04
> > 
> > Below is my shrew soft client config:
> >...
> > s:policy-list-include:10.1.1.0 / 255.255.255.0
> > 
> > 
> > Netgear FVS338 VPN Log
> > ...
> > 2011 Jan 11 10:00:09 [FVS338] [IKE] Responding to new phase 2
> > negotiation: x.yy.57.73[0]<=>xx.yy.216.191[0]_
> > 2011 Jan 11 10:00:09 [FVS338] [IKE] Using IPsec SA configuration:
> > 10.1.1.0/24<->10.1.2.0/24_
> > 2011 Jan 11 10:00:09 [FVS338] [IKE] No policy found:
> 10.1.2.150/32[0]
> > 10.1.1.0/24[0] proto=any dir=in_
> > 2011 Jan 11 10:00:09 [FVS338] [IKE] Failed to get proposal for
> > responder._
> > 
> 
> _______________________________________________
> vpn-help mailing list
> vpn-help at lists.shrew.net
> http://lists.shrew.net/mailman/listinfo/vpn-help

-- 
David Borges
Director of Network Administration
3720 Davinci Court, Suite 200
Norcross GA, 30092
www.skitter.tv

More information about the vpn-help mailing list