Alright, I've been banging my head against this for too long<br><br>I'm trying to setup a FVS318v3 to work with the shrew client.<br>Currently, when trying to connect, I get...<br><br>configuring client settings ...<br>
attached to key daemon ...<br>peer configured<br>iskamp proposal configured<br>esp proposal configured<br>client configured<br>local id configured<br>remote id configured<br>pre-shared key configured<br>bringing up tunnel ...<br>
invalid message from gateway<br>tunnel disabled<br>detached from key daemon<br><br>trace utility logs following, anything with <=== next to it, is not in the log, it is me making a note:<br>It looks like it is dropping at phase 1, but I've tried a handful of options and cannot figure out /why/<br>
<br>The IKE/VPN policy on the firewall is setup as per the netgear tutorial <a href="http://kb.netgear.com/app/answers/detail/a_id/20">http://kb.netgear.com/app/answers/detail/a_id/20</a><br><br>I've tried swapping the local/remote identities in shrew, the PSK matches in the client and firewall.<br>
<br>10/04/26 15:24:46 ## : IKE Daemon, ver 2.2.0<br>10/04/26 15:24:46 ## : Copyright 2008 Shrew Soft Inc.<br>10/04/26 15:24:46 ## : This product linked OpenSSL 0.9.8h 28 May 2008<br>10/04/26 15:24:46 ii : opened 'C:\Program Files\ShrewSoft\VPN Client\debug\iked.log'<br>
10/04/26 15:24:46 ii : opened 'C:\Program Files\ShrewSoft\VPN Client/debug/dump-ike-decrypt.cap'<br>10/04/26 15:24:46 ii : opened 'C:\Program Files\ShrewSoft\VPN Client/debug/dump-ike-encrypt.cap'<br>10/04/26 15:24:46 ii : rebuilding vnet device list ...<br>
10/04/26 15:24:46 ii : device ROOT\VNET\0000 disabled<br>10/04/26 15:24:46 ii : network process thread begin ...<br>10/04/26 15:24:46 ii : pfkey process thread begin ...<br>10/04/26 15:24:46 ii : ipc server process thread begin ...<br>
10/04/26 15:24:52 ii : ipc client process thread begin ...<br>10/04/26 15:24:52 <A : peer config add message<br>10/04/26 15:24:52 <A : proposal config message<br>10/04/26 15:24:52 <A : proposal config message<br>
10/04/26 15:24:52 <A : client config message<br>10/04/26 15:24:52 <A : local id 'fvs_local' message<br>10/04/26 15:24:52 <A : remote id 'vpn_client1.fvs_remote_POLICY' message <== MATCHES POLICY NAME AS PER NETGEAR TUTORIAL<br>
10/04/26 15:24:52 <A : preshared key message<br>10/04/26 15:24:52 <A : peer tunnel enable message<br>10/04/26 15:24:52 ii : local supports nat-t ( draft v00 )<br>10/04/26 15:24:52 ii : local supports nat-t ( draft v01 )<br>
10/04/26 15:24:52 ii : local supports nat-t ( draft v02 )<br>10/04/26 15:24:52 ii : local supports nat-t ( draft v03 )<br>10/04/26 15:24:52 ii : local supports nat-t ( rfc )<br>10/04/26 15:24:52 ii : local supports FRAGMENTATION<br>
10/04/26 15:24:52 ii : local supports DPDv1<br>10/04/26 15:24:52 ii : local is SHREW SOFT compatible<br>10/04/26 15:24:52 ii : local is NETSCREEN compatible<br>10/04/26 15:24:52 ii : local is SIDEWINDER compatible<br>10/04/26 15:24:52 ii : local is CISCO UNITY compatible<br>
10/04/26 15:24:52 ii : local is CHECKPOINT compatible<br>10/04/26 15:24:52 >= : cookies 857fa496646cec1e:0000000000000000<br>10/04/26 15:24:52 >= : message 00000000<br>10/04/26 15:24:55 ww : ike packet from ===>WANIPADDRESS<=== ignored, unknown phase1 sa for peer<br>
10/04/26 15:24:55 ww : 8d1b0ab5efb10be6:3ad32efd1a48a9cc<br>10/04/26 15:24:55 ii : processing phase1 packet ( 373 bytes )<br>10/04/26 15:24:55 =< : cookies 857fa496646cec1e:76f2fe0491f7db66<br>10/04/26 15:24:55 =< : message 00000000<br>
10/04/26 15:24:55 ii : matched isakmp proposal #1 transform #14<br>10/04/26 15:24:55 ii : - transform = ike<br>10/04/26 15:24:55 ii : - cipher type = 3des<br>10/04/26 15:24:55 ii : - key length = default<br>10/04/26 15:24:55 ii : - hash type = sha1<br>
10/04/26 15:24:55 ii : - dh group = modp-1024<br>10/04/26 15:24:55 ii : - auth type = psk<br>10/04/26 15:24:55 ii : - life seconds = 86400<br>10/04/26 15:24:55 ii : - life kbytes = 0<br>10/04/26 15:24:55 !! : phase1 id mismatch <br>
10/04/26 15:24:55 !! : received = fqdn fvs_remote_vpn_client<br>10/04/26 15:24:55 !! : expected = fqdn vpn_client1.fvs_remote_wnyent<br>10/04/26 15:24:55 ii : phase1 removal before expire time<br>10/04/26 15:24:55 DB : removing tunnel config references<br>
10/04/26 15:24:55 DB : removing tunnel phase2 references<br>10/04/26 15:24:55 DB : removing tunnel phase1 references<br>10/04/26 15:24:55 DB : removing all peer tunnel refrences<br>10/04/26 15:24:55 ii : ipc client process thread exit ...<br>
<br><br><br>