[vpn-help] Cisco RV320 configuration.
Seth Dunn
seth at d2ms.com
Mon Apr 11 13:52:16 CDT 2016
Hello,
Wondering if you can shed some light on this one....
I set up the RV320 to do Group VPN....using Greenbow I can make the
connection and traffic will flow across the tunnel.
Now when I go to connect using Shrew (2.2.2)
It appears to complete the Phase1 negotiation and brings up the tunnel.
But phase2 fails (No policy found), it seems like it is hanging trying
to receive the IP address assignment information....
I have Policy Generation Level set to auto, but I have tried the others
as well.
I have checkmarks in the boxes for "Maintain Persistent..." and "Obtain
topology automaticall....."
16/04/11 13:59:27 <A : peer config add message
16/04/11 13:59:27 <A : proposal config message
16/04/11 13:59:27 <A : proposal config message
16/04/11 13:59:27 <A : client config message
16/04/11 13:59:27 <A : local id 'webd2ms2.com' message
16/04/11 13:59:27 <A : preshared key message
16/04/11 13:59:27 <A : peer tunnel enable message
16/04/11 13:59:27 DB : peer added ( obj count = 1 )
16/04/11 13:59:27 ii : local address 10.10.0.47 selected for peer
16/04/11 13:59:27 DB : tunnel added ( obj count = 1 )
16/04/11 13:59:27 DB : new phase1 ( ISAKMP initiator )
16/04/11 13:59:27 DB : exchange type is aggressive
16/04/11 13:59:27 DB : 10.10.0.47:500 <-> 10.10.0.71:500
16/04/11 13:59:27 DB : d0ac999371b5a847:0000000000000000
16/04/11 13:59:27 DB : phase1 added ( obj count = 1 )
16/04/11 13:59:27 >> : security association payload
16/04/11 13:59:27 >> : - proposal #1 payload
16/04/11 13:59:27 >> : -- transform #1 payload
16/04/11 13:59:27 >> : key exchange payload
16/04/11 13:59:27 >> : nonce payload
16/04/11 13:59:27 >> : identification payload
16/04/11 13:59:27 >> : vendor id payload
16/04/11 13:59:27 ii : local is SHREW SOFT compatible
16/04/11 13:59:27 >> : vendor id payload
16/04/11 13:59:27 ii : local is NETSCREEN compatible
16/04/11 13:59:27 >> : vendor id payload
16/04/11 13:59:27 ii : local is SIDEWINDER compatible
16/04/11 13:59:27 >> : vendor id payload
16/04/11 13:59:27 ii : local is CISCO UNITY compatible
16/04/11 13:59:27 >= : cookies d0ac999371b5a847:0000000000000000
16/04/11 13:59:27 >= : message 00000000
16/04/11 13:59:27 -> : send IKE packet 10.10.0.47:500 -> 10.10.0.71:500
( 376 bytes )
16/04/11 13:59:27 DB : phase1 resend event scheduled ( ref count = 2 )
16/04/11 13:59:27 <- : recv IKE packet 10.10.0.71:500 -> 10.10.0.47:500
( 316 bytes )
16/04/11 13:59:27 DB : phase1 found
16/04/11 13:59:27 ii : processing phase1 packet ( 316 bytes )
16/04/11 13:59:27 =< : cookies d0ac999371b5a847:a23c3f962a3f4795
16/04/11 13:59:27 =< : message 00000000
16/04/11 13:59:27 << : security association payload
16/04/11 13:59:27 << : - propsal #1 payload
16/04/11 13:59:27 << : -- transform #1 payload
16/04/11 13:59:27 ii : matched isakmp proposal #1 transform #1
16/04/11 13:59:27 ii : - transform = ike
16/04/11 13:59:27 ii : - cipher type = aes
16/04/11 13:59:27 ii : - key length = 256 bits
16/04/11 13:59:27 ii : - hash type = sha1
16/04/11 13:59:27 ii : - dh group = group2 ( modp-1024 )
16/04/11 13:59:27 ii : - auth type = psk
16/04/11 13:59:27 ii : - life seconds = 3600
16/04/11 13:59:27 ii : - life kbytes = 0
16/04/11 13:59:27 << : key exchange payload
16/04/11 13:59:27 << : nonce payload
16/04/11 13:59:27 << : identification payload
16/04/11 13:59:27 ii : phase1 id match
16/04/11 13:59:27 ii : received = ipv4-host 10.10.0.71
16/04/11 13:59:27 << : hash payload
16/04/11 13:59:27 << : vendor id payload
16/04/11 13:59:27 ii : peer is CISCO UNITY compatible
16/04/11 13:59:27 << : vendor id payload
16/04/11 13:59:27 ii : peer supports DPDv1
16/04/11 13:59:27 ii : nat-t is disabled locally
16/04/11 13:59:27 == : DH shared secret ( 128 bytes )
16/04/11 13:59:27 == : SETKEYID ( 20 bytes )
16/04/11 13:59:27 == : SETKEYID_d ( 20 bytes )
16/04/11 13:59:27 == : SETKEYID_a ( 20 bytes )
16/04/11 13:59:27 == : SETKEYID_e ( 20 bytes )
16/04/11 13:59:27 == : cipher key ( 32 bytes )
16/04/11 13:59:27 == : cipher iv ( 16 bytes )
16/04/11 13:59:27 == : phase1 hash_i ( computed ) ( 20 bytes )
16/04/11 13:59:27 >> : hash payload
16/04/11 13:59:27 >= : cookies d0ac999371b5a847:a23c3f962a3f4795
16/04/11 13:59:27 >= : message 00000000
16/04/11 13:59:27 >= : encrypt iv ( 16 bytes )
16/04/11 13:59:27 == : encrypt packet ( 52 bytes )
16/04/11 13:59:27 == : stored iv ( 16 bytes )
16/04/11 13:59:27 DB : phase1 resend event canceled ( ref count = 1 )
16/04/11 13:59:27 -> : send IKE packet 10.10.0.47:500 -> 10.10.0.71:500
( 88 bytes )
16/04/11 13:59:27 == : phase1 hash_r ( computed ) ( 20 bytes )
16/04/11 13:59:27 == : phase1 hash_r ( received ) ( 20 bytes )
16/04/11 13:59:27 ii : phase1 sa established
16/04/11 13:59:27 ii : 10.10.0.71:500 <-> 10.10.0.47:500
16/04/11 13:59:27 ii : d0ac999371b5a847:a23c3f962a3f4795
16/04/11 13:59:27 ii : sending peer INITIAL-CONTACT notification
16/04/11 13:59:27 ii : - 10.10.0.47:500 -> 10.10.0.71:500
16/04/11 13:59:27 ii : - isakmp spi = d0ac999371b5a847:a23c3f962a3f4795
16/04/11 13:59:27 ii : - data size 0
16/04/11 13:59:27 >> : hash payload
16/04/11 13:59:27 >> : notification payload
16/04/11 13:59:27 == : new informational hash ( 20 bytes )
16/04/11 13:59:27 == : new informational iv ( 16 bytes )
16/04/11 13:59:27 >= : cookies d0ac999371b5a847:a23c3f962a3f4795
16/04/11 13:59:27 >= : message 56c09db3
16/04/11 13:59:27 >= : encrypt iv ( 16 bytes )
16/04/11 13:59:27 == : encrypt packet ( 80 bytes )
16/04/11 13:59:27 == : stored iv ( 16 bytes )
16/04/11 13:59:27 -> : send IKE packet 10.10.0.47:500 -> 10.10.0.71:500
( 120 bytes )
16/04/11 13:59:27 DB : config added ( obj count = 1 )
16/04/11 13:59:27 ii : building config attribute list
16/04/11 13:59:27 ii : - IP4 Address
16/04/11 13:59:27 ii : - Address Expiry
16/04/11 13:59:27 ii : - IP4 Netmask
16/04/11 13:59:27 ii : - IP4 DNS Server
16/04/11 13:59:27 ii : - IP4 WINS Server
16/04/11 13:59:27 ii : - DNS Suffix
16/04/11 13:59:27 ii : - IP4 Split Network Include
16/04/11 13:59:27 ii : - IP4 Split Network Exclude
16/04/11 13:59:27 ii : - Login Banner
16/04/11 13:59:27 ii : - Application Version = Cisco Systems VPN Client
4.8.01.0300:WinNT
16/04/11 13:59:27 ii : - Firewall Type = CISCO-UNKNOWN
16/04/11 13:59:27 == : new config iv ( 16 bytes )
16/04/11 13:59:27 ii : sending config pull request
16/04/11 13:59:27 >> : hash payload
16/04/11 13:59:27 >> : attribute payload
16/04/11 13:59:27 == : new configure hash ( 20 bytes )
16/04/11 13:59:27 >= : cookies d0ac999371b5a847:a23c3f962a3f4795
16/04/11 13:59:27 >= : message 6460bfc1
16/04/11 13:59:27 >= : encrypt iv ( 16 bytes )
16/04/11 13:59:27 == : encrypt packet ( 158 bytes )
16/04/11 13:59:27 == : stored iv ( 16 bytes )
16/04/11 13:59:27 -> : send IKE packet 10.10.0.47:500 -> 10.10.0.71:500
( 200 bytes )
16/04/11 13:59:27 DB : config resend event scheduled ( ref count = 2 )
16/04/11 13:59:27 DB : phase2 not found
16/04/11 13:59:32 -> : resend 1 config packet(s) [0/2] 10.10.0.47:500 ->
10.10.0.71:500
16/04/11 13:59:37 -> : resend 1 config packet(s) [1/2] 10.10.0.47:500 ->
10.10.0.71:500
16/04/11 13:59:42 -> : resend 1 config packet(s) [2/2] 10.10.0.47:500 ->
10.10.0.71:500
16/04/11 13:59:47 ii : resend limit exceeded for config exchange
16/04/11 13:59:47 DB : config deleted ( obj count = 0 )
16/04/11 14:00:14 <A : peer tunnel disable message
16/04/11 14:00:14 DB : policy not found
16/04/11 14:00:14 DB : policy not found
16/04/11 14:00:14 DB : removing tunnel config references
16/04/11 14:00:14 DB : removing tunnel phase2 references
16/04/11 14:00:14 DB : removing tunnel phase1 references
16/04/11 14:00:14 DB : phase1 soft event canceled ( ref count = 3 )
16/04/11 14:00:14 DB : phase1 hard event canceled ( ref count = 2 )
16/04/11 14:00:14 DB : phase1 dead event canceled ( ref count = 1 )
16/04/11 14:00:14 ii : sending peer DELETE message
16/04/11 14:00:14 ii : - 10.10.0.47:500 -> 10.10.0.71:500
16/04/11 14:00:14 ii : - isakmp spi = d0ac999371b5a847:a23c3f962a3f4795
16/04/11 14:00:14 ii : - data size 0
16/04/11 14:00:14 >> : hash payload
16/04/11 14:00:14 >> : delete payload
16/04/11 14:00:14 == : new informational hash ( 20 bytes )
16/04/11 14:00:14 == : new informational iv ( 16 bytes )
16/04/11 14:00:14 >= : cookies d0ac999371b5a847:a23c3f962a3f4795
16/04/11 14:00:14 >= : message 0a12125a
16/04/11 14:00:14 >= : encrypt iv ( 16 bytes )
16/04/11 14:00:14 == : encrypt packet ( 80 bytes )
16/04/11 14:00:14 == : stored iv ( 16 bytes )
16/04/11 14:00:14 -> : send IKE packet 10.10.0.47:500 -> 10.10.0.71:500
( 120 bytes )
16/04/11 14:00:14 ii : phase1 removal before expire time
16/04/11 14:00:14 DB : phase1 deleted ( obj count = 0 )
16/04/11 14:00:14 DB : tunnel deleted ( obj count = 0 )
16/04/11 14:00:14 DB : removing all peer tunnel references
16/04/11 14:00:14 DB : peer deleted ( obj count = 0 )
16/04/11 14:00:14 ii : ipc client process thread exit ...
Thank you for any help you can provide.
------------------------------------------------------------------------
------------
Seth Dunn
Network Administrator
EFT Corporation | Donation-Net, Inc.
Divisions of Dynamic Management Systems, Inc.
1210 Progressive Drive, Suite 101
Chesapeake, VA 23320
P: 800.397.4755 Ext. 460
F: 703.997.2254
E: seth at d2ms.com <BLOCKED::mailto:seth at d2ms.com>
This email transmission and any attachments are for the sole use of the
intended recipient(s) and may contain confidential and privileged
information that is the sole property of Dynamic Management Systems,
Inc. and its holdings (EFT Corporation and Donation-Net, Inc.). Any
unauthorized review, use, disclosure or distribution is prohibited. If
you have received this transmission in error, do not read it. Please
immediately reply to the sender that you have received this
communication in error and destroy all copies including any attachments.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20160411/f268fa6d/attachment-0001.html>
More information about the vpn-help
mailing list