[vpn-help] Cisco RV320 configuration.

Seth Dunn seth at d2ms.com
Mon Apr 11 13:52:16 CDT 2016


Hello,
Wondering if you can shed some light on this one....
I set up the RV320 to do Group VPN....using Greenbow I can make the
connection and traffic will flow across the tunnel.

Now when I go to connect using Shrew (2.2.2)
It appears to complete the Phase1 negotiation and brings up the tunnel.
But phase2 fails (No policy found), it seems like it is hanging trying
to receive the IP address assignment information....

I have Policy Generation Level set to auto, but I have tried the others
as well.
I have checkmarks in the boxes for "Maintain Persistent..." and "Obtain
topology automaticall....."



16/04/11 13:59:27 <A : peer config add message

16/04/11 13:59:27 <A : proposal config message

16/04/11 13:59:27 <A : proposal config message

16/04/11 13:59:27 <A : client config message

16/04/11 13:59:27 <A : local id 'webd2ms2.com' message

16/04/11 13:59:27 <A : preshared key message

16/04/11 13:59:27 <A : peer tunnel enable message

16/04/11 13:59:27 DB : peer added ( obj count = 1 )

16/04/11 13:59:27 ii : local address 10.10.0.47 selected for peer

16/04/11 13:59:27 DB : tunnel added ( obj count = 1 )

16/04/11 13:59:27 DB : new phase1 ( ISAKMP initiator )

16/04/11 13:59:27 DB : exchange type is aggressive

16/04/11 13:59:27 DB : 10.10.0.47:500 <-> 10.10.0.71:500

16/04/11 13:59:27 DB : d0ac999371b5a847:0000000000000000

16/04/11 13:59:27 DB : phase1 added ( obj count = 1 )

16/04/11 13:59:27 >> : security association payload

16/04/11 13:59:27 >> : - proposal #1 payload 

16/04/11 13:59:27 >> : -- transform #1 payload 

16/04/11 13:59:27 >> : key exchange payload

16/04/11 13:59:27 >> : nonce payload

16/04/11 13:59:27 >> : identification payload

16/04/11 13:59:27 >> : vendor id payload

16/04/11 13:59:27 ii : local is SHREW SOFT compatible

16/04/11 13:59:27 >> : vendor id payload

16/04/11 13:59:27 ii : local is NETSCREEN compatible

16/04/11 13:59:27 >> : vendor id payload

16/04/11 13:59:27 ii : local is SIDEWINDER compatible

16/04/11 13:59:27 >> : vendor id payload

16/04/11 13:59:27 ii : local is CISCO UNITY compatible

16/04/11 13:59:27 >= : cookies d0ac999371b5a847:0000000000000000

16/04/11 13:59:27 >= : message 00000000

16/04/11 13:59:27 -> : send IKE packet 10.10.0.47:500 -> 10.10.0.71:500
( 376 bytes )

16/04/11 13:59:27 DB : phase1 resend event scheduled ( ref count = 2 )

16/04/11 13:59:27 <- : recv IKE packet 10.10.0.71:500 -> 10.10.0.47:500
( 316 bytes )

16/04/11 13:59:27 DB : phase1 found

16/04/11 13:59:27 ii : processing phase1 packet ( 316 bytes )

16/04/11 13:59:27 =< : cookies d0ac999371b5a847:a23c3f962a3f4795

16/04/11 13:59:27 =< : message 00000000

16/04/11 13:59:27 << : security association payload

16/04/11 13:59:27 << : - propsal #1 payload 

16/04/11 13:59:27 << : -- transform #1 payload 

16/04/11 13:59:27 ii : matched isakmp proposal #1 transform #1

16/04/11 13:59:27 ii : - transform    = ike

16/04/11 13:59:27 ii : - cipher type  = aes

16/04/11 13:59:27 ii : - key length   = 256 bits

16/04/11 13:59:27 ii : - hash type    = sha1

16/04/11 13:59:27 ii : - dh group     = group2 ( modp-1024 )

16/04/11 13:59:27 ii : - auth type    = psk

16/04/11 13:59:27 ii : - life seconds = 3600

16/04/11 13:59:27 ii : - life kbytes  = 0

16/04/11 13:59:27 << : key exchange payload

16/04/11 13:59:27 << : nonce payload

16/04/11 13:59:27 << : identification payload

16/04/11 13:59:27 ii : phase1 id match 

16/04/11 13:59:27 ii : received = ipv4-host 10.10.0.71

16/04/11 13:59:27 << : hash payload

16/04/11 13:59:27 << : vendor id payload

16/04/11 13:59:27 ii : peer is CISCO UNITY compatible

16/04/11 13:59:27 << : vendor id payload

16/04/11 13:59:27 ii : peer supports DPDv1

16/04/11 13:59:27 ii : nat-t is disabled locally

16/04/11 13:59:27 == : DH shared secret ( 128 bytes )

16/04/11 13:59:27 == : SETKEYID ( 20 bytes )

16/04/11 13:59:27 == : SETKEYID_d ( 20 bytes )

16/04/11 13:59:27 == : SETKEYID_a ( 20 bytes )

16/04/11 13:59:27 == : SETKEYID_e ( 20 bytes )

16/04/11 13:59:27 == : cipher key ( 32 bytes )

16/04/11 13:59:27 == : cipher iv ( 16 bytes )

16/04/11 13:59:27 == : phase1 hash_i ( computed ) ( 20 bytes )

16/04/11 13:59:27 >> : hash payload

16/04/11 13:59:27 >= : cookies d0ac999371b5a847:a23c3f962a3f4795

16/04/11 13:59:27 >= : message 00000000

16/04/11 13:59:27 >= : encrypt iv ( 16 bytes )

16/04/11 13:59:27 == : encrypt packet ( 52 bytes )

16/04/11 13:59:27 == : stored iv ( 16 bytes )

16/04/11 13:59:27 DB : phase1 resend event canceled ( ref count = 1 )

16/04/11 13:59:27 -> : send IKE packet 10.10.0.47:500 -> 10.10.0.71:500
( 88 bytes )

16/04/11 13:59:27 == : phase1 hash_r ( computed ) ( 20 bytes )

16/04/11 13:59:27 == : phase1 hash_r ( received ) ( 20 bytes )

16/04/11 13:59:27 ii : phase1 sa established

16/04/11 13:59:27 ii : 10.10.0.71:500 <-> 10.10.0.47:500

16/04/11 13:59:27 ii : d0ac999371b5a847:a23c3f962a3f4795

16/04/11 13:59:27 ii : sending peer INITIAL-CONTACT notification

16/04/11 13:59:27 ii : - 10.10.0.47:500 -> 10.10.0.71:500

16/04/11 13:59:27 ii : - isakmp spi = d0ac999371b5a847:a23c3f962a3f4795

16/04/11 13:59:27 ii : - data size 0

16/04/11 13:59:27 >> : hash payload

16/04/11 13:59:27 >> : notification payload

16/04/11 13:59:27 == : new informational hash ( 20 bytes )

16/04/11 13:59:27 == : new informational iv ( 16 bytes )

16/04/11 13:59:27 >= : cookies d0ac999371b5a847:a23c3f962a3f4795

16/04/11 13:59:27 >= : message 56c09db3

16/04/11 13:59:27 >= : encrypt iv ( 16 bytes )

16/04/11 13:59:27 == : encrypt packet ( 80 bytes )

16/04/11 13:59:27 == : stored iv ( 16 bytes )

16/04/11 13:59:27 -> : send IKE packet 10.10.0.47:500 -> 10.10.0.71:500
( 120 bytes )

16/04/11 13:59:27 DB : config added ( obj count = 1 )

16/04/11 13:59:27 ii : building config attribute list

16/04/11 13:59:27 ii : - IP4 Address

16/04/11 13:59:27 ii : - Address Expiry

16/04/11 13:59:27 ii : - IP4 Netmask

16/04/11 13:59:27 ii : - IP4 DNS Server

16/04/11 13:59:27 ii : - IP4 WINS Server

16/04/11 13:59:27 ii : - DNS Suffix

16/04/11 13:59:27 ii : - IP4 Split Network Include

16/04/11 13:59:27 ii : - IP4 Split Network Exclude

16/04/11 13:59:27 ii : - Login Banner

16/04/11 13:59:27 ii : - Application Version = Cisco Systems VPN Client
4.8.01.0300:WinNT

16/04/11 13:59:27 ii : - Firewall Type = CISCO-UNKNOWN

16/04/11 13:59:27 == : new config iv ( 16 bytes )

16/04/11 13:59:27 ii : sending config pull request

16/04/11 13:59:27 >> : hash payload

16/04/11 13:59:27 >> : attribute payload

16/04/11 13:59:27 == : new configure hash ( 20 bytes )

16/04/11 13:59:27 >= : cookies d0ac999371b5a847:a23c3f962a3f4795

16/04/11 13:59:27 >= : message 6460bfc1

16/04/11 13:59:27 >= : encrypt iv ( 16 bytes )

16/04/11 13:59:27 == : encrypt packet ( 158 bytes )

16/04/11 13:59:27 == : stored iv ( 16 bytes )

16/04/11 13:59:27 -> : send IKE packet 10.10.0.47:500 -> 10.10.0.71:500
( 200 bytes )

16/04/11 13:59:27 DB : config resend event scheduled ( ref count = 2 )

16/04/11 13:59:27 DB : phase2 not found

16/04/11 13:59:32 -> : resend 1 config packet(s) [0/2] 10.10.0.47:500 ->
10.10.0.71:500

16/04/11 13:59:37 -> : resend 1 config packet(s) [1/2] 10.10.0.47:500 ->
10.10.0.71:500

16/04/11 13:59:42 -> : resend 1 config packet(s) [2/2] 10.10.0.47:500 ->
10.10.0.71:500

16/04/11 13:59:47 ii : resend limit exceeded for config exchange

16/04/11 13:59:47 DB : config deleted ( obj count = 0 )

16/04/11 14:00:14 <A : peer tunnel disable message

16/04/11 14:00:14 DB : policy not found

16/04/11 14:00:14 DB : policy not found

16/04/11 14:00:14 DB : removing tunnel config references

16/04/11 14:00:14 DB : removing tunnel phase2 references

16/04/11 14:00:14 DB : removing tunnel phase1 references

16/04/11 14:00:14 DB : phase1 soft event canceled ( ref count = 3 )

16/04/11 14:00:14 DB : phase1 hard event canceled ( ref count = 2 )

16/04/11 14:00:14 DB : phase1 dead event canceled ( ref count = 1 )

16/04/11 14:00:14 ii : sending peer DELETE message

16/04/11 14:00:14 ii : - 10.10.0.47:500 -> 10.10.0.71:500

16/04/11 14:00:14 ii : - isakmp spi = d0ac999371b5a847:a23c3f962a3f4795

16/04/11 14:00:14 ii : - data size 0

16/04/11 14:00:14 >> : hash payload

16/04/11 14:00:14 >> : delete payload

16/04/11 14:00:14 == : new informational hash ( 20 bytes )

16/04/11 14:00:14 == : new informational iv ( 16 bytes )

16/04/11 14:00:14 >= : cookies d0ac999371b5a847:a23c3f962a3f4795

16/04/11 14:00:14 >= : message 0a12125a

16/04/11 14:00:14 >= : encrypt iv ( 16 bytes )

16/04/11 14:00:14 == : encrypt packet ( 80 bytes )

16/04/11 14:00:14 == : stored iv ( 16 bytes )

16/04/11 14:00:14 -> : send IKE packet 10.10.0.47:500 -> 10.10.0.71:500
( 120 bytes )

16/04/11 14:00:14 ii : phase1 removal before expire time

16/04/11 14:00:14 DB : phase1 deleted ( obj count = 0 )

16/04/11 14:00:14 DB : tunnel deleted ( obj count = 0 )

16/04/11 14:00:14 DB : removing all peer tunnel references

16/04/11 14:00:14 DB : peer deleted ( obj count = 0 )

16/04/11 14:00:14 ii : ipc client process thread exit ...

 

Thank you for any help you can provide.

 

 

------------------------------------------------------------------------
------------

Seth Dunn

Network Administrator

EFT Corporation | Donation-Net, Inc.

Divisions of Dynamic Management Systems, Inc.

 

1210 Progressive Drive, Suite 101

Chesapeake, VA  23320

P: 800.397.4755  Ext. 460

F: 703.997.2254

E: seth at d2ms.com <BLOCKED::mailto:seth at d2ms.com> 

 

This email transmission and any attachments are for the sole use of the
intended recipient(s) and may contain confidential and privileged
information that is the sole property of Dynamic Management Systems,
Inc. and its holdings (EFT Corporation and Donation-Net, Inc.).  Any
unauthorized review, use, disclosure or distribution is prohibited.  If
you have received this transmission in error, do not read it. Please
immediately reply to the sender that you have received this
communication in error and destroy all copies including any attachments.

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20160411/f268fa6d/attachment-0001.html>


More information about the vpn-help mailing list