[vpn-help] win2008r2 ike phase 1 fails, works on win7x64 sp1

Roper, Andrew aroper at bcsvoicedata.com
Fri Mar 2 08:41:17 CST 2012


Martin,

I'm a little confused. You say that a network sniffer sees that the packets are arriving on the Win2K8 server but the VPN client does not and that debug packet captures are empty. Where was the sniffer placed? Which debug packet captures are empty? What is the VPN server that you are trying to connect to? Is the Win2K8 server behind a firewall? Is it the same firewall that the Win7 box is behind? Are you using the same configuration file between the two machines? Are there any other VPN clients installed on the Win2K8 box? Is there a software firewall running (by default Windows firewall is on in Win2K8R2)?

-Andrew

From: vpn-help-bounces at lists.shrew.net [mailto:vpn-help-bounces at lists.shrew.net] On Behalf Of Forster Martin
Sent: Friday, March 02, 2012 8:31 AM
To: vpn-help at lists.shrew.net
Subject: [vpn-help] win2008r2 ike phase 1 fails, works on win7x64 sp1

Hi,

on a windows 2008 R2 Server i have a problem in phase 1.
Problem: the vpn client does not see the answers from vpn server.
I have verified with Network sniffer that the packets arrive on the win2008 r2 box.

The cap files from debugging are completely empty.
No send and no receivepackets.
In the iked log I see resend's and then a timeout like that:
12/03/02 13:37:50 DB : phase1 ref increment ( ref count = 1, obj count = 0 )
12/03/02 13:37:50 DB : phase1 added ( obj count = 1 )
12/03/02 13:37:50 >> : security association payload
12/03/02 13:37:50 >> : - proposal #1 payload
12/03/02 13:37:50 >> : -- transform #1 payload
12/03/02 13:37:50 >> : -- transform #2 payload
12/03/02 13:37:50 >> : -- transform #3 payload
12/03/02 13:37:50 >> : -- transform #4 payload
12/03/02 13:37:50 >> : -- transform #5 payload
12/03/02 13:37:50 >> : -- transform #6 payload
12/03/02 13:37:50 >> : -- transform #7 payload
12/03/02 13:37:50 >> : -- transform #8 payload
12/03/02 13:37:50 >> : -- transform #9 payload
12/03/02 13:37:50 >> : -- transform #10 payload
12/03/02 13:37:50 >> : -- transform #11 payload
12/03/02 13:37:50 >> : -- transform #12 payload
12/03/02 13:37:50 >> : -- transform #13 payload
12/03/02 13:37:50 >> : -- transform #14 payload
12/03/02 13:37:50 >> : -- transform #15 payload
12/03/02 13:37:50 >> : -- transform #16 payload
12/03/02 13:37:50 >> : -- transform #17 payload
12/03/02 13:37:50 >> : -- transform #18 payload
12/03/02 13:37:50 >> : key exchange payload
12/03/02 13:37:50 >> : nonce payload
12/03/02 13:37:50 >> : identification payload
12/03/02 13:37:50 >> : vendor id payload
12/03/02 13:37:50 ii : local supports XAUTH
12/03/02 13:37:50 >> : vendor id payload
12/03/02 13:37:50 ii : local supports nat-t ( draft v02 )
12/03/02 13:37:50 >> : vendor id payload
12/03/02 13:37:50 ii : local supports nat-t ( draft v03 )
12/03/02 13:37:50 >> : vendor id payload
12/03/02 13:37:50 ii : local supports nat-t ( rfc )
12/03/02 13:37:50 >> : vendor id payload
12/03/02 13:37:50 ii : local supports DPDv1
12/03/02 13:37:50 >> : vendor id payload
12/03/02 13:37:50 ii : local is SHREW SOFT compatible
12/03/02 13:37:50 >> : vendor id payload
12/03/02 13:37:50 ii : local is NETSCREEN compatible
12/03/02 13:37:50 >> : vendor id payload
12/03/02 13:37:50 ii : local is SIDEWINDER compatible
12/03/02 13:37:50 >> : vendor id payload
12/03/02 13:37:50 ii : local is CISCO UNITY compatible
12/03/02 13:37:50 >= : cookies a5ee74543f00c208:0000000000000000
12/03/02 13:37:50 >= : message 00000000
12/03/02 13:37:50 -> : send IKE packet 10.100.100.10:500 -> xxx.xxx.xxx.xxx:500 ( 1121 bytes )
12/03/02 13:37:50 DB : phase1 resend event scheduled ( ref count = 2 )
12/03/02 13:37:50 DB : phase1 ref decrement ( ref count = 1, obj count = 1 )
12/03/02 13:37:50 DB : tunnel ref increment ( ref count = 3, obj count = 1 )
12/03/02 13:37:55 -> : resend 1 phase1 packet(s) 10.100.100.10:500 -> xxx.xxx.xxx.xxx:500
12/03/02 13:38:00 -> : resend 1 phase1 packet(s) 10.100.100.10:500 -> xxx.xxx.xxx.xxx:500
12/03/02 13:38:05 -> : resend 1 phase1 packet(s) 10.100.100.10:500 -> xxx.xxx.xxx.xxx:500
12/03/02 13:38:10 ii : resend limit exceeded for phase1 exchange
12/03/02 13:38:10 ii : phase1 removal before expire time
12/03/02 13:38:10 DB : phase1 deleted ( obj count = 0 )

Any hints ?

Regards Martin Forster
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20120302/af3d8f6d/attachment-0002.html>


More information about the vpn-help mailing list