[vpn-help] negotiation timeout

Kevin VPN kvpn at live.com
Wed Jul 25 21:32:08 CDT 2012 

On 07/24/2012 02:29 AM, Steven Lam wrote:
> Hi, here is the log:
>
<snip>
> 12/07/23 23:19:51 -> : send IKE packet 10.0.1.102:500 ->
> xxx.xxx.xxx.xxx:500 ( 620 bytes )
> 12/07/23 23:19:51 DB : phase1 resend event scheduled ( ref count = 2 )
> 12/07/23 23:19:56 -> : resend 1 phase1 packet(s) 10.0.1.102:500 ->
> xxx.xxx.xxx.xxx:500
> 12/07/23 23:20:01 -> : resend 1 phase1 packet(s) 10.0.1.102:500 ->
> xxx.xxx.xxx.xxx:500
> 12/07/23 23:20:06 -> : resend 1 phase1 packet(s) 10.0.1.102:500 ->
> xxx.xxx.xxx.xxx:500
> 12/07/23 23:20:11 ii : resend limit exceeded for phase1 exchange
> 12/07/23 23:20:11 ii : phase1 removal before expire time
> 12/07/23 23:20:11 DB : phase1 deleted ( obj count = 0 )
> 12/07/23 23:20:11 DB : policy not found
> 12/07/23 23:20:11 DB : policy not found
> 12/07/23 23:20:11 DB : policy not found
> 12/07/23 23:20:11 DB : policy not found
<snip>
>
>
> I don't see any problem until the policy not found error.
>
> -----Original Message-----
> From: vpn-help-bounces at lists.shrew.net
> [mailto:vpn-help-bounces at lists.shrew.net] On Behalf Of Kevin VPN
> Sent: July-22-12 9:38 AM
> To: vpn-help at lists.shrew.net
> Subject: Re: [vpn-help] negotiation timeout
>
> On 07/19/2012 02:26 AM, Steven Lam wrote:
>> Hi, I'm using shrew 2.1.7 connecting to rv082.  I haven't been able to
>> connect so far.  I am having connection timeout error.  Shrew will say
>> it is bringing up tunnel but it will eventually get a "negotiation
> timeout"
>> message.  When I consult the vpn log on the rv082, I see a lot of
>> "ignoring vendor id payload" message.  The payload id is different
>> each time.  Any idea what it is?  Thanks!
>>
>
> Hi Steven,
>
> I'm not sure the vendor id payload is a big problem.  During negotiation, I
> think Shrew provides a list of the vendor ids it supports/emulates.
>
> I would generate a log file from Shrew to see if it gives us more
> information, I would guess there is something else wrong, perhaps a
> configuration mismatch.
>
> Instructions on how to generate a log file are here:
> http://www.shrew.net/support/wiki/BugReportVpnWindows
>

Hi Steven,

The problem is actually before the "policy not found," it's here:

 > 12/07/23 23:19:51 -> : send IKE packet 10.0.1.102:500 -> 
xxx.xxx.xxx.xxx:500 (
 > 620 bytes )
 > 12/07/23 23:19:51 DB : phase1 resend event scheduled ( ref count = 2 )
 > 12/07/23 23:19:56 -> : resend 1 phase1 packet(s) 10.0.1.102:500 ->
 > xxx.xxx.xxx.xxx:500
 > 12/07/23 23:20:01 -> : resend 1 phase1 packet(s) 10.0.1.102:500 ->
 > xxx.xxx.xxx.xxx:500
 > 12/07/23 23:20:06 -> : resend 1 phase1 packet(s) 10.0.1.102:500 ->
 > xxx.xxx.xxx.xxx:500
 > 12/07/23 23:20:11 ii : resend limit exceeded for phase1 exchange

These messages mean that Shrew tried to contact the gateway but received 
no response.  At this point, you'll need to get the gateway logs to see 
if it is receiving the packets from Shrew and if so, why it is not 
responding.

My guess is that it will be something related to the settings on the 
Authentication tab of the Shrew Site Configuration.  Look to synchronize 
those with the settings on the gateway.

More information about the vpn-help mailing list