[vpn-help] Cisco RV320 configuration.

Alexis La Goutte alexis.lagoutte at gmail.com
Thu Apr 14 07:13:03 CDT 2016


Hi Seth,

Do you have try different Auto Config Mode ? (ike config Pull/Push...)

Cheers

On Mon, Apr 11, 2016 at 8:52 PM, Seth Dunn <seth at d2ms.com> wrote:

> Hello,
> Wondering if you can shed some light on this one....
> I set up the RV320 to do Group VPN....using Greenbow I can make the
> connection and traffic will flow across the tunnel.
>
> Now when I go to connect using Shrew (2.2.2)
> It appears to complete the Phase1 negotiation and brings up the tunnel.
> But phase2 fails (No policy found), it seems like it is hanging trying to
> receive the IP address assignment information....
>
> I have Policy Generation Level set to auto, but I have tried the others as
> well.
> I have checkmarks in the boxes for "Maintain Persistent..." and "Obtain
> topology automaticall....."
>
> 16/04/11 13:59:27 <A : peer config add message
>
> 16/04/11 13:59:27 <A : proposal config message
>
> 16/04/11 13:59:27 <A : proposal config message
>
> 16/04/11 13:59:27 <A : client config message
>
> 16/04/11 13:59:27 <A : local id 'webd2ms2.com' message
>
> 16/04/11 13:59:27 <A : preshared key message
>
> 16/04/11 13:59:27 <A : peer tunnel enable message
>
> 16/04/11 13:59:27 DB : peer added ( obj count = 1 )
>
> 16/04/11 13:59:27 ii : local address 10.10.0.47 selected for peer
>
> 16/04/11 13:59:27 DB : tunnel added ( obj count = 1 )
>
> 16/04/11 13:59:27 DB : new phase1 ( ISAKMP initiator )
>
> 16/04/11 13:59:27 DB : exchange type is aggressive
>
> 16/04/11 13:59:27 DB : 10.10.0.47:500 <-> 10.10.0.71:500
>
> 16/04/11 13:59:27 DB : d0ac999371b5a847:0000000000000000
>
> 16/04/11 13:59:27 DB : phase1 added ( obj count = 1 )
>
> 16/04/11 13:59:27 >> : security association payload
>
> 16/04/11 13:59:27 >> : - proposal #1 payload
>
> 16/04/11 13:59:27 >> : -- transform #1 payload
>
> 16/04/11 13:59:27 >> : key exchange payload
>
> 16/04/11 13:59:27 >> : nonce payload
>
> 16/04/11 13:59:27 >> : identification payload
>
> 16/04/11 13:59:27 >> : vendor id payload
>
> 16/04/11 13:59:27 ii : local is SHREW SOFT compatible
>
> 16/04/11 13:59:27 >> : vendor id payload
>
> 16/04/11 13:59:27 ii : local is NETSCREEN compatible
>
> 16/04/11 13:59:27 >> : vendor id payload
>
> 16/04/11 13:59:27 ii : local is SIDEWINDER compatible
>
> 16/04/11 13:59:27 >> : vendor id payload
>
> 16/04/11 13:59:27 ii : local is CISCO UNITY compatible
>
> 16/04/11 13:59:27 >= : cookies d0ac999371b5a847:0000000000000000
>
> 16/04/11 13:59:27 >= : message 00000000
>
> 16/04/11 13:59:27 -> : send IKE packet 10.10.0.47:500 -> 10.10.0.71:500 (
> 376 bytes )
>
> 16/04/11 13:59:27 DB : phase1 resend event scheduled ( ref count = 2 )
>
> 16/04/11 13:59:27 <- : recv IKE packet 10.10.0.71:500 -> 10.10.0.47:500 (
> 316 bytes )
>
> 16/04/11 13:59:27 DB : phase1 found
>
> 16/04/11 13:59:27 ii : processing phase1 packet ( 316 bytes )
>
> 16/04/11 13:59:27 =< : cookies d0ac999371b5a847:a23c3f962a3f4795
>
> 16/04/11 13:59:27 =< : message 00000000
>
> 16/04/11 13:59:27 << : security association payload
>
> 16/04/11 13:59:27 << : - propsal #1 payload
>
> 16/04/11 13:59:27 << : -- transform #1 payload
>
> 16/04/11 13:59:27 ii : matched isakmp proposal #1 transform #1
>
> 16/04/11 13:59:27 ii : - transform    = ike
>
> 16/04/11 13:59:27 ii : - cipher type  = aes
>
> 16/04/11 13:59:27 ii : - key length   = 256 bits
>
> 16/04/11 13:59:27 ii : - hash type    = sha1
>
> 16/04/11 13:59:27 ii : - dh group     = group2 ( modp-1024 )
>
> 16/04/11 13:59:27 ii : - auth type    = psk
>
> 16/04/11 13:59:27 ii : - life seconds = 3600
>
> 16/04/11 13:59:27 ii : - life kbytes  = 0
>
> 16/04/11 13:59:27 << : key exchange payload
>
> 16/04/11 13:59:27 << : nonce payload
>
> 16/04/11 13:59:27 << : identification payload
>
> 16/04/11 13:59:27 ii : phase1 id match
>
> 16/04/11 13:59:27 ii : received = ipv4-host 10.10.0.71
>
> 16/04/11 13:59:27 << : hash payload
>
> 16/04/11 13:59:27 << : vendor id payload
>
> 16/04/11 13:59:27 ii : peer is CISCO UNITY compatible
>
> 16/04/11 13:59:27 << : vendor id payload
>
> 16/04/11 13:59:27 ii : peer supports DPDv1
>
> 16/04/11 13:59:27 ii : nat-t is disabled locally
>
> 16/04/11 13:59:27 == : DH shared secret ( 128 bytes )
>
> 16/04/11 13:59:27 == : SETKEYID ( 20 bytes )
>
> 16/04/11 13:59:27 == : SETKEYID_d ( 20 bytes )
>
> 16/04/11 13:59:27 == : SETKEYID_a ( 20 bytes )
>
> 16/04/11 13:59:27 == : SETKEYID_e ( 20 bytes )
>
> 16/04/11 13:59:27 == : cipher key ( 32 bytes )
>
> 16/04/11 13:59:27 == : cipher iv ( 16 bytes )
>
> 16/04/11 13:59:27 == : phase1 hash_i ( computed ) ( 20 bytes )
>
> 16/04/11 13:59:27 >> : hash payload
>
> 16/04/11 13:59:27 >= : cookies d0ac999371b5a847:a23c3f962a3f4795
>
> 16/04/11 13:59:27 >= : message 00000000
>
> 16/04/11 13:59:27 >= : encrypt iv ( 16 bytes )
>
> 16/04/11 13:59:27 == : encrypt packet ( 52 bytes )
>
> 16/04/11 13:59:27 == : stored iv ( 16 bytes )
>
> 16/04/11 13:59:27 DB : phase1 resend event canceled ( ref count = 1 )
>
> 16/04/11 13:59:27 -> : send IKE packet 10.10.0.47:500 -> 10.10.0.71:500 (
> 88 bytes )
>
> 16/04/11 13:59:27 == : phase1 hash_r ( computed ) ( 20 bytes )
>
> 16/04/11 13:59:27 == : phase1 hash_r ( received ) ( 20 bytes )
>
> 16/04/11 13:59:27 ii : phase1 sa established
>
> 16/04/11 13:59:27 ii : 10.10.0.71:500 <-> 10.10.0.47:500
>
> 16/04/11 13:59:27 ii : d0ac999371b5a847:a23c3f962a3f4795
>
> 16/04/11 13:59:27 ii : sending peer INITIAL-CONTACT notification
>
> 16/04/11 13:59:27 ii : - 10.10.0.47:500 -> 10.10.0.71:500
>
> 16/04/11 13:59:27 ii : - isakmp spi = d0ac999371b5a847:a23c3f962a3f4795
>
> 16/04/11 13:59:27 ii : - data size 0
>
> 16/04/11 13:59:27 >> : hash payload
>
> 16/04/11 13:59:27 >> : notification payload
>
> 16/04/11 13:59:27 == : new informational hash ( 20 bytes )
>
> 16/04/11 13:59:27 == : new informational iv ( 16 bytes )
>
> 16/04/11 13:59:27 >= : cookies d0ac999371b5a847:a23c3f962a3f4795
>
> 16/04/11 13:59:27 >= : message 56c09db3
>
> 16/04/11 13:59:27 >= : encrypt iv ( 16 bytes )
>
> 16/04/11 13:59:27 == : encrypt packet ( 80 bytes )
>
> 16/04/11 13:59:27 == : stored iv ( 16 bytes )
>
> 16/04/11 13:59:27 -> : send IKE packet 10.10.0.47:500 -> 10.10.0.71:500 (
> 120 bytes )
>
> 16/04/11 13:59:27 DB : config added ( obj count = 1 )
>
> 16/04/11 13:59:27 ii : building config attribute list
>
> 16/04/11 13:59:27 ii : - IP4 Address
>
> 16/04/11 13:59:27 ii : - Address Expiry
>
> 16/04/11 13:59:27 ii : - IP4 Netmask
>
> 16/04/11 13:59:27 ii : - IP4 DNS Server
>
> 16/04/11 13:59:27 ii : - IP4 WINS Server
>
> 16/04/11 13:59:27 ii : - DNS Suffix
>
> 16/04/11 13:59:27 ii : - IP4 Split Network Include
>
> 16/04/11 13:59:27 ii : - IP4 Split Network Exclude
>
> 16/04/11 13:59:27 ii : - Login Banner
>
> 16/04/11 13:59:27 ii : - Application Version = Cisco Systems VPN Client
> 4.8.01.0300:WinNT
>
> 16/04/11 13:59:27 ii : - Firewall Type = CISCO-UNKNOWN
>
> 16/04/11 13:59:27 == : new config iv ( 16 bytes )
>
> 16/04/11 13:59:27 ii : sending config pull request
>
> 16/04/11 13:59:27 >> : hash payload
>
> 16/04/11 13:59:27 >> : attribute payload
>
> 16/04/11 13:59:27 == : new configure hash ( 20 bytes )
>
> 16/04/11 13:59:27 >= : cookies d0ac999371b5a847:a23c3f962a3f4795
>
> 16/04/11 13:59:27 >= : message 6460bfc1
>
> 16/04/11 13:59:27 >= : encrypt iv ( 16 bytes )
>
> 16/04/11 13:59:27 == : encrypt packet ( 158 bytes )
>
> 16/04/11 13:59:27 == : stored iv ( 16 bytes )
>
> 16/04/11 13:59:27 -> : send IKE packet 10.10.0.47:500 -> 10.10.0.71:500 (
> 200 bytes )
>
> 16/04/11 13:59:27 DB : config resend event scheduled ( ref count = 2 )
>
> 16/04/11 13:59:27 DB : phase2 not found
>
> 16/04/11 13:59:32 -> : resend 1 config packet(s) [0/2] 10.10.0.47:500 ->
> 10.10.0.71:500
>
> 16/04/11 13:59:37 -> : resend 1 config packet(s) [1/2] 10.10.0.47:500 ->
> 10.10.0.71:500
>
> 16/04/11 13:59:42 -> : resend 1 config packet(s) [2/2] 10.10.0.47:500 ->
> 10.10.0.71:500
>
> 16/04/11 13:59:47 ii : resend limit exceeded for config exchange
>
> 16/04/11 13:59:47 DB : config deleted ( obj count = 0 )
>
> 16/04/11 14:00:14 <A : peer tunnel disable message
>
> 16/04/11 14:00:14 DB : policy not found
>
> 16/04/11 14:00:14 DB : policy not found
>
> 16/04/11 14:00:14 DB : removing tunnel config references
>
> 16/04/11 14:00:14 DB : removing tunnel phase2 references
>
> 16/04/11 14:00:14 DB : removing tunnel phase1 references
>
> 16/04/11 14:00:14 DB : phase1 soft event canceled ( ref count = 3 )
>
> 16/04/11 14:00:14 DB : phase1 hard event canceled ( ref count = 2 )
>
> 16/04/11 14:00:14 DB : phase1 dead event canceled ( ref count = 1 )
>
> 16/04/11 14:00:14 ii : sending peer DELETE message
>
> 16/04/11 14:00:14 ii : - 10.10.0.47:500 -> 10.10.0.71:500
>
> 16/04/11 14:00:14 ii : - isakmp spi = d0ac999371b5a847:a23c3f962a3f4795
>
> 16/04/11 14:00:14 ii : - data size 0
>
> 16/04/11 14:00:14 >> : hash payload
>
> 16/04/11 14:00:14 >> : delete payload
>
> 16/04/11 14:00:14 == : new informational hash ( 20 bytes )
>
> 16/04/11 14:00:14 == : new informational iv ( 16 bytes )
>
> 16/04/11 14:00:14 >= : cookies d0ac999371b5a847:a23c3f962a3f4795
>
> 16/04/11 14:00:14 >= : message 0a12125a
>
> 16/04/11 14:00:14 >= : encrypt iv ( 16 bytes )
>
> 16/04/11 14:00:14 == : encrypt packet ( 80 bytes )
>
> 16/04/11 14:00:14 == : stored iv ( 16 bytes )
>
> 16/04/11 14:00:14 -> : send IKE packet 10.10.0.47:500 -> 10.10.0.71:500 (
> 120 bytes )
>
> 16/04/11 14:00:14 ii : phase1 removal before expire time
>
> 16/04/11 14:00:14 DB : phase1 deleted ( obj count = 0 )
>
> 16/04/11 14:00:14 DB : tunnel deleted ( obj count = 0 )
>
> 16/04/11 14:00:14 DB : removing all peer tunnel references
>
> 16/04/11 14:00:14 DB : peer deleted ( obj count = 0 )
>
> 16/04/11 14:00:14 ii : ipc client process thread exit ...
>
>
>
> Thank you for any help you can provide.
>
>
>
>
>
>
> ------------------------------------------------------------------------------------
>
> Seth Dunn
>
> Network Administrator
>
> EFT Corporation | Donation-Net, Inc.
>
> Divisions of Dynamic Management Systems, Inc.
>
>
>
> 1210 Progressive Drive, Suite 101
>
> Chesapeake, VA  23320
>
> P: 800.397.4755  Ext. 460
>
> F: 703.997.2254
>
> E: seth at d2ms.com
>
>
>
> *This email transmission and any attachments are for the sole use of the
> intended recipient(s) and may contain confidential and privileged
> information that is the sole property of Dynamic Management Systems, Inc.
> and its holdings (EFT Corporation and Donation-Net, Inc.).  Any
> unauthorized review, use, disclosure or distribution is prohibited.  If you
> have received this transmission in error, do not read it. Please
> immediately reply to the sender that you have received this communication
> in error and destroy all copies including any attachments.*
>
>
>
> _______________________________________________
> vpn-help mailing list
> vpn-help at lists.shrew.net
> https://lists.shrew.net/mailman/listinfo/vpn-help
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20160414/c63490c9/attachment-0001.html>


More information about the vpn-help mailing list