Archived from groups: comp.security.firewalls (More info?)
AGGGHGGHGHGH!!!!!
I have a number of Netgear FVS318 units located at multiple sites, and
am attempting to use the Netgear VPN clients to connect to these
units.
VPN Client is the Netgear SafeNet SoftRemote 10.1.1 Build 10
PROBLEM
If the end user (VPN Client) connects directly to the internet -- not
through a firewall of any sort, such as when using dialup or directly
connecting to cable or DSL modem, etc., the VPN connection works fine.
But if you try to connect through any sort of firewall, connection
fails. Log viewer errors below:
LOG FROM THE VPN CLIENT
(I have masked the Destination IP address in the following log)
7-15: 08:18:39.473 My Connections\VPNClient - RECEIVED<<< ISAKMP OAK
MM (KE, NON)
7-15: 08:18:39.703 My Connections\VPNClient - SENDING>>>> ISAKMP OAK
MM *(ID, HASH, NOTIFY:STATUS_INITIAL_CONTACT)
7-15: 08:18:39.743 My Connections\VPNClient - RECEIVED<<< ISAKMP OAK
MM *(ID, HASH)
7-15: 08:18:39.753 My Connections\VPNClient - Established IKE SA
7-15: 08:18:39.753 MY COOKIE 87 59 9 ee c4 4d 4e 44
7-15: 08:18:39.753 HIS COOKIE 24 45 32 47 d3 38 dd dc
7-15: 08:18:39.974 My Connections\VPNClient - Initiating IKE Phase 2
with Client IDs (message id: 3AFFEB9C)
7-15: 08:18:39.974 Initiator = IP ADDR=192.168.100.70, prot = 0
port = 0
7-15: 08:18:39.974 Responder = IP
SUBNET/MASK=192.168.0.0/255.255.255.0, prot = 0 port = 0
--> The following section is where it goes bad.
7-15: 08:18:39.974 My Connections\VPNClient - SENDING>>>> ISAKMP OAK
QM *(HASH, SA, NON, KE, ID 2x)
7-15: 08:18:50.709 My Connections\VPNClient - QM re-keying timed out
(message id: 3AFFEB9C). Retry count: 1
7-15: 08:18:50.709 My Connections\VPNClient - SENDING>>>> ISAKMP OAK
QM *(Retransmission)
7-15: 08:19:00.713 My Connections\VPNClient - QM re-keying timed out
(message id: 3AFFEB9C). Retry count: 2
7-15: 08:19:00.713 My Connections\VPNClient - SENDING>>>> ISAKMP OAK
QM *(Retransmission)
7-15: 08:19:11.709 My Connections\VPNClient - QM re-keying timed out
(message id: 3AFFEB9C). Retry count: 3
7-15: 08:19:11.709 My Connections\VPNClient - SENDING>>>> ISAKMP OAK
QM *(Retransmission)
7-15: 08:19:21.714 My Connections\VPNClient - Exceeded 3 re-keying
attempts (message id: 3AFFEB9C)
7-15: 08:19:21.714 My Connections\VPNClient - Disconnecting IKE SA
negotiation
7-15: 08:19:21.724 My Connections\VPNClient - Deleting IKE SA (IP
ADDR=12.169.111.11)
7-15: 08:19:21.724 MY COOKIE 87 59 9 ee c4 4d 4e 44
7-15: 08:19:21.724 HIS COOKIE 24 45 32 47 d3 38 dd dc
7-15: 08:19:21.724 My Connections\VPNClient - SENDING>>>> ISAKMP OAK
INFO *(HASH, DEL)
LOGS FROM THE NETGEAR
Thur, 07/15/2004 08:16:54 - FVS318 IPsec:New State index:1, sno:57
Thur, 07/15/2004 08:16:54 - FVS318 IKE:[VPNClient_tmp21] RX << QM_I1 :
67.168.11.111
Thur, 07/15/2004 08:16:54 - FVS318 IPsec:cannot respond to IPsec SA
request because no connection is known for
192.168.0.0/255.255.255.0-12.169.111.11=====67.168.11.111-19
Thur, 07/15/2004 08:17:04 - FVS318 IPsec:Receive Packet
address:0x1397478 from 67.168.11.111
Thur, 07/15/2004 08:17:04 - FVS318 IPsec:loglog[3] *#hahaha.... next
payload type of ISAKMP Hash Payload has an unknown value: 237
Thur, 07/15/2004 08:17:04 - FVS318 IPsec:malformed payload in packet
Thur, 07/15/2004 08:17:14 - FVS318 IPsec:Receive Packet
address:0x1397478 from 67.168.11.111
Thur, 07/15/2004 08:17:14 - FVS318 IPsec:loglog[3] *#hahaha.... next
payload type of ISAKMP Hash Payload has an unknown value: 237
Thur, 07/15/2004 08:17:14 - FVS318 IPsec:malformed payload in packet
Thur, 07/15/2004 08:17:24 - FVS318 IPsec:Receive Packet
address:0x1397478 from 67.168.11.111
Thur, 07/15/2004 08:17:24 - FVS318 IPsec:loglog[3] *#hahaha.... next
payload type of ISAKMP Hash Payload has an unknown value: 237
Thur, 07/15/2004 08:17:24 - FVS318 IPsec:malformed payload in packet
Thur, 07/15/2004 08:17:34 - FVS318 IPsec:Receive Packet
address:0x1397478 from 67.168.11.111
Thur, 07/15/2004 08:17:34 - FVS318 IKE:[VPNClient_tmp21] RX <<
XCHG_INFO : 67.168.11.111
Thur, 07/15/2004 08:17:34 - FVS318 IPsec:Enter Process_DeleteSA()
spi_len=16
Thur, 07/15/2004 08:17:34 - FVS318 IKE:RX << DELETE ISAKMP SA :
67.168.11.111 ,I-R=cc 5e da 23 5f f4 2d fb c9 40 9f d1 b f4 18 5
Thur, 07/15/2004 08:17:34 - FVS318 IKE:[VPNClient_tmp21] ISAKMP SAs
were Deleted!
Thur, 07/15/2004 08:18:32 - FVS318 IPsec:Receive Packet
address:0x1397478 from 67.168.11.111
Thur, 07/15/2004 08:18:32 - FVS318 IKE
eer Initialized IKE Main Mode
Thur, 07/15/2004 08:18:32 - FVS318 IKE:main_inI1_outR1() connection
not found 12.169.111.11[500]-67.168.11.111[500]
Thur, 07/15/2004 08:18:32 - FVS318 IKE:Trying Dynamic IP Searching
Thur, 07/15/2004 08:18:32 - FVS318 IPsec:instantiated
"VPNClient_tmp22" for 67.168.11.111
Thur, 07/15/2004 08:18:32 - FVS318 IKE:[VPNClient_tmp22] RX << MM_I1 :
67.168.11.111
Thur, 07/15/2004 08:18:32 - FVS318 IPsec:New State index:0, sno:1
Thur, 07/15/2004 08:18:32 - FVS318 IPsec:Oakley Transform 1 accepted
Thur, 07/15/2004 08:18:32 - FVS318
IKE:OAKLEY_PRESHARED_KEY/OAKLEY_3DES_CBC/MODP768
Thur, 07/15/2004 08:18:32 - FVS318 IKE:[VPNClient_tmp22] TX >> MM_R1 :
67.168.11.111
Thur, 07/15/2004 08:18:32 - FVS318 IPsec:inserting event
EVENT_RETRANSMIT, timeout in 10 seconds for #1
Thur, 07/15/2004 08:18:32 - FVS318 IPsec:Receive Packet
address:0x1397478 from 67.168.11.111
Thur, 07/15/2004 08:18:32 - FVS318 IKE:[VPNClient_tmp22] RX << MM_I2 :
67.168.11.111
Thur, 07/15/2004 08:18:32 - FVS318 IKE:[VPNClient_tmp22] TX >> MM_R2 :
67.168.11.111
Thur, 07/15/2004 08:18:32 - FVS318 IPsec:inserting event
EVENT_RETRANSMIT, timeout in 10 seconds for #1
Thur, 07/15/2004 08:18:34 - FVS318 IPsec:Receive Packet
address:0x1397478 from 67.168.11.111
Thur, 07/15/2004 08:18:34 - FVS318 IKE:[VPNClient_tmp22] RX << MM_I3 :
67.168.11.111
Thur, 07/15/2004 08:18:34 - FVS318 IPsececoded Peer's ID is
ID_IPV4_ADDR:192.168.100.70 and 67.168.11.111 in st
Thur, 07/15/2004 08:18:34 - FVS318 IKE:[VPNClient_tmp22] TX >> MM_R3 :
67.168.11.111
Thur, 07/15/2004 08:18:34 - FVS318 IPsec:inserting event
EVENT_SA_EXPIRE, timeout in 28980 seconds for #1
Thur, 07/15/2004 08:18:34 - FVS318 IPsec:STATE_MAIN_R3: sent MR3,
ISAKMP SA established
Thur, 07/15/2004 08:18:34 - FVS318 IPsec:Receive Packet
address:0x1397478 from 67.168.11.111
Thur, 07/15/2004 08:18:34 - FVS318 IPsec:New State index:1, sno:2
Thur, 07/15/2004 08:18:34 - FVS318 IKE:[VPNClient_tmp22] RX << QM_I1 :
67.168.11.111
Thur, 07/15/2004 08:18:34 - FVS318 IPsec:cannot respond to IPsec SA
request because no connection is known for
192.168.0.0/255.255.255.0-12.169.111.11=====67.168.11.111-19
Thur, 07/15/2004 08:18:44 - FVS318 IPsec:Receive Packet
address:0x1397478 from 67.168.11.111
Thur, 07/15/2004 08:18:44 - FVS318 IPsec:loglog[3] *#hahaha.... next
payload type of ISAKMP Hash Payload has an unknown value: 79
Thur, 07/15/2004 08:18:44 - FVS318 IPsec:malformed payload in packet
Thur, 07/15/2004 08:18:54 - FVS318 IPsec:Receive Packet
address:0x1397478 from 67.168.11.111
Thur, 07/15/2004 08:18:54 - FVS318 IPsec:loglog[3] *#hahaha.... next
payload type of ISAKMP Hash Payload has an unknown value: 79
Thur, 07/15/2004 08:18:54 - FVS318 IPsec:malformed payload in packet
Thur, 07/15/2004 08:19:06 - FVS318 IPsec:Receive Packet
address:0x1397478 from 67.168.11.111
Thur, 07/15/2004 08:19:06 - FVS318 IPsec:loglog[3] *#hahaha.... next
payload type of ISAKMP Hash Payload has an unknown value: 79
Thur, 07/15/2004 08:19:06 - FVS318 IPsec:malformed payload in packet
Thur, 07/15/2004 08:19:16 - FVS318 IPsec:Receive Packet
address:0x1397478 from 67.168.11.111
Thur, 07/15/2004 08:19:16 - FVS318 IKE:[VPNClient_tmp22] RX <<
XCHG_INFO : 67.168.11.111
Thur, 07/15/2004 08:19:16 - FVS318 IPsec:Enter Process_DeleteSA()
spi_len=16
Thur, 07/15/2004 08:19:16 - FVS318 IKE:RX << DELETE ISAKMP SA :
67.168.11.111 ,I-R=87 59 9 ee c4 4d 4e 44 24 45 32 47 d3 38 dd dc
Thur, 07/15/2004 08:19:16 - FVS318 IKE:[VPNClient_tmp22] ISAKMP SAs
were Deleted!
Thur, 07/15/2004 08:21:26 - FVS318 IPsec:Receive Packet
address:0x1397478 from 67.168.11.111
Thur, 07/15/2004 08:21:26 - FVS318 IKEeer Initialized IKE Main Mode
Thur, 07/15/2004 08:21:26 - FVS318 IKE:[VPNClient] RX << MM_I1 :
67.168.11.111
Thur, 07/15/2004 08:21:26 - FVS318 IPsec:New State index:0, sno:1
Thur, 07/15/2004 08:21:26 - FVS318 IPsec:responding to Main Mode
Thur, 07/15/2004 08:21:26 - FVS318 IPsec:Oakley Transform 1 accepted
Thur, 07/15/2004 08:21:26 - FVS318
IKE:OAKLEY_PRESHARED_KEY/OAKLEY_3DES_CBC/MODP768
Thur, 07/15/2004 08:21:26 - FVS318 IKE:[VPNClient] TX >> MM_R1 :
67.168.11.111
Thur, 07/15/2004 08:21:26 - FVS318 IPsec:inserting event
EVENT_RETRANSMIT, timeout in 10 seconds for #1
Thur, 07/15/2004 08:21:26 - FVS318 IPsec:Receive Packet
address:0x1397478 from 67.168.11.111
Thur, 07/15/2004 08:21:26 - FVS318 IKE:[VPNClient] RX << MM_I2 :
67.168.11.111
Thur, 07/15/2004 08:21:26 - FVS318 IKE:[VPNClient] TX >> MM_R2 :
67.168.11.111
Thur, 07/15/2004 08:21:26 - FVS318 IPsec:inserting event
EVENT_RETRANSMIT, timeout in 10 seconds for #1
Thur, 07/15/2004 08:21:28 - FVS318 IPsec:Receive Packet
address:0x1397478 from 67.168.11.111
Thur, 07/15/2004 08:21:28 - FVS318 IKE:[VPNClient] RX << MM_I3 :
67.168.11.111
Thur, 07/15/2004 08:21:28 - FVS318 IPsececoded Peer's ID is
ID_IPV4_ADDR:192.168.100.70 and 67.168.11.111 in st
Thur, 07/15/2004 08:21:28 - FVS318 IKE:[VPNClient] TX >> MM_R3 :
67.168.11.111
Thur, 07/15/2004 08:21:28 - FVS318 IPsec:inserting event
EVENT_SA_EXPIRE, timeout in 28980 seconds for #1
Thur, 07/15/2004 08:21:28 - FVS318 IPsec:STATE_MAIN_R3: sent MR3,
ISAKMP SA established
Thur, 07/15/2004 08:21:28 - FVS318 IPsec:Receive Packet
address:0x1397478 from 67.168.11.111
Thur, 07/15/2004 08:21:28 - FVS318 IPsec:New State index:1, sno:2
Thur, 07/15/2004 08:21:28 - FVS318 IKE:[VPNClient] RX << QM_I1 :
67.168.11.111
Thur, 07/15/2004 08:21:28 - FVS318 IPsec:cannot respond to IPsec SA
request because no connection is known for
192.168.0.0/255.255.255.0-12.169.111.11=====67.168.11.111-19
Thur, 07/15/2004 08:21:38 - FVS318 IPsec:Receive Packet
address:0x1397478 from 67.168.11.111
Thur, 07/15/2004 08:21:38 - FVS318 IPsec:loglog[3] *#hahaha.... next
payload type of ISAKMP Hash Payload has an unknown value: 48
Thur, 07/15/2004 08:21:38 - FVS318 IPsec:malformed payload in packet
Thur, 07/15/2004 08:21:48 - FVS318 IPsec:Receive Packet
address:0x1397478 from 67.168.11.111
Thur, 07/15/2004 08:21:48 - FVS318 IKE:[VPNClient] RX << XCHG_INFO :
67.168.11.111
Thur, 07/15/2004 08:21:48 - FVS318 IPsec:Enter Process_DeleteSA()
spi_len=16
Thur, 07/15/2004 08:21:48 - FVS318 IKE:RX << DELETE ISAKMP SA :
67.168.11.111 ,I-R=e0 f2 ea 67 e9 86 b9 68 d5 f6 b 6f be 23 de f9
Thur, 07/15/2004 08:21:48 - FVS318 IKE:[VPNClient] ISAKMP SAs were
Deleted!
Thur, 07/15/2004 08:24:50 - FVS318 IPsec:Receive Packet
address:0x1397478 from 67.168.11.111
Thur, 07/15/2004 08:24:50 - FVS318 IKEeer Initialized IKE Main Mode
Thur, 07/15/2004 08:24:50 - FVS318 IKE:main_inI1_outR1() connection
not found 12.169.111.11[500]-67.168.11.111[500]
Thur, 07/15/2004 08:24:50 - FVS318 IKE:Trying Dynamic IP Searching
Thur, 07/15/2004 08:24:50 - FVS318 IPsec:instantiated
"VPNClient_tmp23" for 67.168.11.111
Thur, 07/15/2004 08:24:50 - FVS318 IKE:[VPNClient_tmp23] RX << MM_I1 :
67.168.11.111
Thur, 07/15/2004 08:24:50 - FVS318 IPsec:New State index:0, sno:1
Thur, 07/15/2004 08:24:50 - FVS318 IPsec:Oakley Transform 1 accepted
Thur, 07/15/2004 08:24:50 - FVS318
IKE:OAKLEY_PRESHARED_KEY/OAKLEY_3DES_CBC/MODP768
Thur, 07/15/2004 08:24:50 - FVS318 IKE:[VPNClient_tmp23] TX >> MM_R1 :
67.168.11.111
Thur, 07/15/2004 08:24:50 - FVS318 IPsec:inserting event
EVENT_RETRANSMIT, timeout in 10 seconds for #1
Thur, 07/15/2004 08:24:50 - FVS318 IPsec:Receive Packet
address:0x1397478 from 67.168.11.111
Thur, 07/15/2004 08:24:50 - FVS318 IKE:[VPNClient_tmp23] RX << MM_I2 :
67.168.11.111
Thur, 07/15/2004 08:24:50 - FVS318 IKE:[VPNClient_tmp23] TX >> MM_R2 :
67.168.11.111
Thur, 07/15/2004 08:24:50 - FVS318 IPsec:inserting event
EVENT_RETRANSMIT, timeout in 10 seconds for #1
Thur, 07/15/2004 08:24:52 - FVS318 IPsec:Receive Packet
address:0x1397478 from 67.168.11.111
Thur, 07/15/2004 08:24:52 - FVS318 IKE:[VPNClient_tmp23] RX << MM_I3 :
67.168.11.111
Thur, 07/15/2004 08:24:52 - FVS318 IPsececoded Peer's ID is
ID_IPV4_ADDR:192.168.100.70 and 67.168.11.111 in st
Thur, 07/15/2004 08:24:52 - FVS318 IKE:[VPNClient_tmp23] TX >> MM_R3 :
67.168.11.111
Thur, 07/15/2004 08:24:52 - FVS318 IPsec:inserting event
EVENT_SA_EXPIRE, timeout in 28980 seconds for #1
Thur, 07/15/2004 08:24:52 - FVS318 IPsec:STATE_MAIN_R3: sent MR3,
ISAKMP SA established
Thur, 07/15/2004 08:24:52 - FVS318 IPsec:Receive Packet
address:0x1397478 from 67.168.11.111
Thur, 07/15/2004 08:24:52 - FVS318 IPsec:New State index:1, sno:2
Thur, 07/15/2004 08:24:52 - FVS318 IKE:[VPNClient_tmp23] RX << QM_I1 :
67.168.11.111
Thur, 07/15/2004 08:24:52 - FVS318 IPsec:cannot respond to IPsec SA
request because no connection is known for
192.168.0.0/255.255.255.0-12.169.111.11=====67.168.11.111-19
Thur, 07/15/2004 08:25:02 - FVS318 IPsec:Receive Packet
address:0x1397478 from 67.168.11.111
Thur, 07/15/2004 08:25:02 - FVS318 IPsec:loglog[3] *#hahaha.... next
payload type of ISAKMP Hash Payload has an unknown value: 34
Thur, 07/15/2004 08:25:02 - FVS318 IPsec:malformed payload in packet
Thur, 07/15/2004 08:25:12 - FVS318 IPsec:Receive Packet
address:0x1397478 from 67.168.11.111
Thur, 07/15/2004 08:25:12 - FVS318 IPsec:loglog[3] *#hahaha.... next
payload type of ISAKMP Hash Payload has an unknown value: 34
Thur, 07/15/2004 08:25:12 - FVS318 IPsec:malformed payload in packet
Thur, 07/15/2004 08:25:22 - FVS318 IPsec:Receive Packet
address:0x1397478 from 67.168.11.111
Thur, 07/15/2004 08:25:22 - FVS318 IPsec:loglog[3] *#hahaha.... next
payload type of ISAKMP Hash Payload has an unknown value: 34
Thur, 07/15/2004 08:25:22 - FVS318 IPsec:malformed payload in packet
Thur, 07/15/2004 08:25:32 - FVS318 IPsec:Receive Packet
address:0x1397478 from 67.168.11.111
Thur, 07/15/2004 08:25:32 - FVS318 IKE:[VPNClient_tmp23] RX <<
XCHG_INFO : 67.168.11.111
Thur, 07/15/2004 08:25:32 - FVS318 IPsec:Enter Process_DeleteSA()
spi_len=16
Thur, 07/15/2004 08:25:32 - FVS318 IKE:RX << DELETE ISAKMP SA :
67.168.11.111 ,I-R=6 1c 2f 29 9c 6b 9c 2e 6c 82 2f fb f7 c 55 76
Thur, 07/15/2004 08:25:32 - FVS318 IKE:[VPNClient_tmp23] ISAKMP SAs
were Deleted!
Thur, 07/15/2004 08:28:10 - FVS318 IPsec:[VPNClient_tmp23] is removed
from the head of conn_list
Thur, 07/15/2004 08:28:10 - FVS318 IPsec:Connection [VPNClient_tmp23]
is deleted from connection table
In this case, this was through a Netgear FVS318 router, while trying
to connect from my laptop to the VPN on another FVS318 at another
location.
I have tried the following:
Updated Firmware to current version V2.3 Feb. 5 2004
Assigning a static IP address to the VPN client (my laptop).
Changing the IP Address of the local gateway (my LAN's Netgear) to
192.168.1.253.
Setting my VPN Client (laptop) to be the DMZ.
Manually port forwarding port 500 to allow proper IKE functionality.
Changing MTU size on the Netgear.
On the Netgear IPSEC and VPN passthrough are enabled (same was true
for all firewalls tested).
Still I can't connect!
INTERESTING FACT: I have been replacing Sonicwall firewalls with
these Netgear FVS318's. The Sonicwall also uses an OEM version of the
ProSafe VPN client (just like Netgear). Those VPN connections work
JUST FINE without any changes to any networking hardware.
SUMMARY: It appears that any NAT device causes this same trouble. I
have tested through Netgear, Cisco, Dlink, and Linksys devices. All
show the same problem with the Netgear VPN only.
Any ideas on how to get this to work? Netgear support was clueless.
AGGGHGGHGHGH!!!!!
I have a number of Netgear FVS318 units located at multiple sites, and
am attempting to use the Netgear VPN clients to connect to these
units.
VPN Client is the Netgear SafeNet SoftRemote 10.1.1 Build 10
PROBLEM
If the end user (VPN Client) connects directly to the internet -- not
through a firewall of any sort, such as when using dialup or directly
connecting to cable or DSL modem, etc., the VPN connection works fine.
But if you try to connect through any sort of firewall, connection
fails. Log viewer errors below:
LOG FROM THE VPN CLIENT
(I have masked the Destination IP address in the following log)
7-15: 08:18:39.473 My Connections\VPNClient - RECEIVED<<< ISAKMP OAK
MM (KE, NON)
7-15: 08:18:39.703 My Connections\VPNClient - SENDING>>>> ISAKMP OAK
MM *(ID, HASH, NOTIFY:STATUS_INITIAL_CONTACT)
7-15: 08:18:39.743 My Connections\VPNClient - RECEIVED<<< ISAKMP OAK
MM *(ID, HASH)
7-15: 08:18:39.753 My Connections\VPNClient - Established IKE SA
7-15: 08:18:39.753 MY COOKIE 87 59 9 ee c4 4d 4e 44
7-15: 08:18:39.753 HIS COOKIE 24 45 32 47 d3 38 dd dc
7-15: 08:18:39.974 My Connections\VPNClient - Initiating IKE Phase 2
with Client IDs (message id: 3AFFEB9C)
7-15: 08:18:39.974 Initiator = IP ADDR=192.168.100.70, prot = 0
port = 0
7-15: 08:18:39.974 Responder = IP
SUBNET/MASK=192.168.0.0/255.255.255.0, prot = 0 port = 0
--> The following section is where it goes bad.
7-15: 08:18:39.974 My Connections\VPNClient - SENDING>>>> ISAKMP OAK
QM *(HASH, SA, NON, KE, ID 2x)
7-15: 08:18:50.709 My Connections\VPNClient - QM re-keying timed out
(message id: 3AFFEB9C). Retry count: 1
7-15: 08:18:50.709 My Connections\VPNClient - SENDING>>>> ISAKMP OAK
QM *(Retransmission)
7-15: 08:19:00.713 My Connections\VPNClient - QM re-keying timed out
(message id: 3AFFEB9C). Retry count: 2
7-15: 08:19:00.713 My Connections\VPNClient - SENDING>>>> ISAKMP OAK
QM *(Retransmission)
7-15: 08:19:11.709 My Connections\VPNClient - QM re-keying timed out
(message id: 3AFFEB9C). Retry count: 3
7-15: 08:19:11.709 My Connections\VPNClient - SENDING>>>> ISAKMP OAK
QM *(Retransmission)
7-15: 08:19:21.714 My Connections\VPNClient - Exceeded 3 re-keying
attempts (message id: 3AFFEB9C)
7-15: 08:19:21.714 My Connections\VPNClient - Disconnecting IKE SA
negotiation
7-15: 08:19:21.724 My Connections\VPNClient - Deleting IKE SA (IP
ADDR=12.169.111.11)
7-15: 08:19:21.724 MY COOKIE 87 59 9 ee c4 4d 4e 44
7-15: 08:19:21.724 HIS COOKIE 24 45 32 47 d3 38 dd dc
7-15: 08:19:21.724 My Connections\VPNClient - SENDING>>>> ISAKMP OAK
INFO *(HASH, DEL)
LOGS FROM THE NETGEAR
Thur, 07/15/2004 08:16:54 - FVS318 IPsec:New State index:1, sno:57
Thur, 07/15/2004 08:16:54 - FVS318 IKE:[VPNClient_tmp21] RX << QM_I1 :
67.168.11.111
Thur, 07/15/2004 08:16:54 - FVS318 IPsec:cannot respond to IPsec SA
request because no connection is known for
192.168.0.0/255.255.255.0-12.169.111.11=====67.168.11.111-19
Thur, 07/15/2004 08:17:04 - FVS318 IPsec:Receive Packet
address:0x1397478 from 67.168.11.111
Thur, 07/15/2004 08:17:04 - FVS318 IPsec:loglog[3] *#hahaha.... next
payload type of ISAKMP Hash Payload has an unknown value: 237
Thur, 07/15/2004 08:17:04 - FVS318 IPsec:malformed payload in packet
Thur, 07/15/2004 08:17:14 - FVS318 IPsec:Receive Packet
address:0x1397478 from 67.168.11.111
Thur, 07/15/2004 08:17:14 - FVS318 IPsec:loglog[3] *#hahaha.... next
payload type of ISAKMP Hash Payload has an unknown value: 237
Thur, 07/15/2004 08:17:14 - FVS318 IPsec:malformed payload in packet
Thur, 07/15/2004 08:17:24 - FVS318 IPsec:Receive Packet
address:0x1397478 from 67.168.11.111
Thur, 07/15/2004 08:17:24 - FVS318 IPsec:loglog[3] *#hahaha.... next
payload type of ISAKMP Hash Payload has an unknown value: 237
Thur, 07/15/2004 08:17:24 - FVS318 IPsec:malformed payload in packet
Thur, 07/15/2004 08:17:34 - FVS318 IPsec:Receive Packet
address:0x1397478 from 67.168.11.111
Thur, 07/15/2004 08:17:34 - FVS318 IKE:[VPNClient_tmp21] RX <<
XCHG_INFO : 67.168.11.111
Thur, 07/15/2004 08:17:34 - FVS318 IPsec:Enter Process_DeleteSA()
spi_len=16
Thur, 07/15/2004 08:17:34 - FVS318 IKE:RX << DELETE ISAKMP SA :
67.168.11.111 ,I-R=cc 5e da 23 5f f4 2d fb c9 40 9f d1 b f4 18 5
Thur, 07/15/2004 08:17:34 - FVS318 IKE:[VPNClient_tmp21] ISAKMP SAs
were Deleted!
Thur, 07/15/2004 08:18:32 - FVS318 IPsec:Receive Packet
address:0x1397478 from 67.168.11.111
Thur, 07/15/2004 08:18:32 - FVS318 IKE
eer Initialized IKE Main ModeThur, 07/15/2004 08:18:32 - FVS318 IKE:main_inI1_outR1() connection
not found 12.169.111.11[500]-67.168.11.111[500]
Thur, 07/15/2004 08:18:32 - FVS318 IKE:Trying Dynamic IP Searching
Thur, 07/15/2004 08:18:32 - FVS318 IPsec:instantiated
"VPNClient_tmp22" for 67.168.11.111
Thur, 07/15/2004 08:18:32 - FVS318 IKE:[VPNClient_tmp22] RX << MM_I1 :
67.168.11.111
Thur, 07/15/2004 08:18:32 - FVS318 IPsec:New State index:0, sno:1
Thur, 07/15/2004 08:18:32 - FVS318 IPsec:Oakley Transform 1 accepted
Thur, 07/15/2004 08:18:32 - FVS318
IKE:OAKLEY_PRESHARED_KEY/OAKLEY_3DES_CBC/MODP768
Thur, 07/15/2004 08:18:32 - FVS318 IKE:[VPNClient_tmp22] TX >> MM_R1 :
67.168.11.111
Thur, 07/15/2004 08:18:32 - FVS318 IPsec:inserting event
EVENT_RETRANSMIT, timeout in 10 seconds for #1
Thur, 07/15/2004 08:18:32 - FVS318 IPsec:Receive Packet
address:0x1397478 from 67.168.11.111
Thur, 07/15/2004 08:18:32 - FVS318 IKE:[VPNClient_tmp22] RX << MM_I2 :
67.168.11.111
Thur, 07/15/2004 08:18:32 - FVS318 IKE:[VPNClient_tmp22] TX >> MM_R2 :
67.168.11.111
Thur, 07/15/2004 08:18:32 - FVS318 IPsec:inserting event
EVENT_RETRANSMIT, timeout in 10 seconds for #1
Thur, 07/15/2004 08:18:34 - FVS318 IPsec:Receive Packet
address:0x1397478 from 67.168.11.111
Thur, 07/15/2004 08:18:34 - FVS318 IKE:[VPNClient_tmp22] RX << MM_I3 :
67.168.11.111
Thur, 07/15/2004 08:18:34 - FVS318 IPsec
ecoded Peer's ID isID_IPV4_ADDR:192.168.100.70 and 67.168.11.111 in st
Thur, 07/15/2004 08:18:34 - FVS318 IKE:[VPNClient_tmp22] TX >> MM_R3 :
67.168.11.111
Thur, 07/15/2004 08:18:34 - FVS318 IPsec:inserting event
EVENT_SA_EXPIRE, timeout in 28980 seconds for #1
Thur, 07/15/2004 08:18:34 - FVS318 IPsec:STATE_MAIN_R3: sent MR3,
ISAKMP SA established
Thur, 07/15/2004 08:18:34 - FVS318 IPsec:Receive Packet
address:0x1397478 from 67.168.11.111
Thur, 07/15/2004 08:18:34 - FVS318 IPsec:New State index:1, sno:2
Thur, 07/15/2004 08:18:34 - FVS318 IKE:[VPNClient_tmp22] RX << QM_I1 :
67.168.11.111
Thur, 07/15/2004 08:18:34 - FVS318 IPsec:cannot respond to IPsec SA
request because no connection is known for
192.168.0.0/255.255.255.0-12.169.111.11=====67.168.11.111-19
Thur, 07/15/2004 08:18:44 - FVS318 IPsec:Receive Packet
address:0x1397478 from 67.168.11.111
Thur, 07/15/2004 08:18:44 - FVS318 IPsec:loglog[3] *#hahaha.... next
payload type of ISAKMP Hash Payload has an unknown value: 79
Thur, 07/15/2004 08:18:44 - FVS318 IPsec:malformed payload in packet
Thur, 07/15/2004 08:18:54 - FVS318 IPsec:Receive Packet
address:0x1397478 from 67.168.11.111
Thur, 07/15/2004 08:18:54 - FVS318 IPsec:loglog[3] *#hahaha.... next
payload type of ISAKMP Hash Payload has an unknown value: 79
Thur, 07/15/2004 08:18:54 - FVS318 IPsec:malformed payload in packet
Thur, 07/15/2004 08:19:06 - FVS318 IPsec:Receive Packet
address:0x1397478 from 67.168.11.111
Thur, 07/15/2004 08:19:06 - FVS318 IPsec:loglog[3] *#hahaha.... next
payload type of ISAKMP Hash Payload has an unknown value: 79
Thur, 07/15/2004 08:19:06 - FVS318 IPsec:malformed payload in packet
Thur, 07/15/2004 08:19:16 - FVS318 IPsec:Receive Packet
address:0x1397478 from 67.168.11.111
Thur, 07/15/2004 08:19:16 - FVS318 IKE:[VPNClient_tmp22] RX <<
XCHG_INFO : 67.168.11.111
Thur, 07/15/2004 08:19:16 - FVS318 IPsec:Enter Process_DeleteSA()
spi_len=16
Thur, 07/15/2004 08:19:16 - FVS318 IKE:RX << DELETE ISAKMP SA :
67.168.11.111 ,I-R=87 59 9 ee c4 4d 4e 44 24 45 32 47 d3 38 dd dc
Thur, 07/15/2004 08:19:16 - FVS318 IKE:[VPNClient_tmp22] ISAKMP SAs
were Deleted!
Thur, 07/15/2004 08:21:26 - FVS318 IPsec:Receive Packet
address:0x1397478 from 67.168.11.111
Thur, 07/15/2004 08:21:26 - FVS318 IKE
eer Initialized IKE Main ModeThur, 07/15/2004 08:21:26 - FVS318 IKE:[VPNClient] RX << MM_I1 :
67.168.11.111
Thur, 07/15/2004 08:21:26 - FVS318 IPsec:New State index:0, sno:1
Thur, 07/15/2004 08:21:26 - FVS318 IPsec:responding to Main Mode
Thur, 07/15/2004 08:21:26 - FVS318 IPsec:Oakley Transform 1 accepted
Thur, 07/15/2004 08:21:26 - FVS318
IKE:OAKLEY_PRESHARED_KEY/OAKLEY_3DES_CBC/MODP768
Thur, 07/15/2004 08:21:26 - FVS318 IKE:[VPNClient] TX >> MM_R1 :
67.168.11.111
Thur, 07/15/2004 08:21:26 - FVS318 IPsec:inserting event
EVENT_RETRANSMIT, timeout in 10 seconds for #1
Thur, 07/15/2004 08:21:26 - FVS318 IPsec:Receive Packet
address:0x1397478 from 67.168.11.111
Thur, 07/15/2004 08:21:26 - FVS318 IKE:[VPNClient] RX << MM_I2 :
67.168.11.111
Thur, 07/15/2004 08:21:26 - FVS318 IKE:[VPNClient] TX >> MM_R2 :
67.168.11.111
Thur, 07/15/2004 08:21:26 - FVS318 IPsec:inserting event
EVENT_RETRANSMIT, timeout in 10 seconds for #1
Thur, 07/15/2004 08:21:28 - FVS318 IPsec:Receive Packet
address:0x1397478 from 67.168.11.111
Thur, 07/15/2004 08:21:28 - FVS318 IKE:[VPNClient] RX << MM_I3 :
67.168.11.111
Thur, 07/15/2004 08:21:28 - FVS318 IPsec
ecoded Peer's ID isID_IPV4_ADDR:192.168.100.70 and 67.168.11.111 in st
Thur, 07/15/2004 08:21:28 - FVS318 IKE:[VPNClient] TX >> MM_R3 :
67.168.11.111
Thur, 07/15/2004 08:21:28 - FVS318 IPsec:inserting event
EVENT_SA_EXPIRE, timeout in 28980 seconds for #1
Thur, 07/15/2004 08:21:28 - FVS318 IPsec:STATE_MAIN_R3: sent MR3,
ISAKMP SA established
Thur, 07/15/2004 08:21:28 - FVS318 IPsec:Receive Packet
address:0x1397478 from 67.168.11.111
Thur, 07/15/2004 08:21:28 - FVS318 IPsec:New State index:1, sno:2
Thur, 07/15/2004 08:21:28 - FVS318 IKE:[VPNClient] RX << QM_I1 :
67.168.11.111
Thur, 07/15/2004 08:21:28 - FVS318 IPsec:cannot respond to IPsec SA
request because no connection is known for
192.168.0.0/255.255.255.0-12.169.111.11=====67.168.11.111-19
Thur, 07/15/2004 08:21:38 - FVS318 IPsec:Receive Packet
address:0x1397478 from 67.168.11.111
Thur, 07/15/2004 08:21:38 - FVS318 IPsec:loglog[3] *#hahaha.... next
payload type of ISAKMP Hash Payload has an unknown value: 48
Thur, 07/15/2004 08:21:38 - FVS318 IPsec:malformed payload in packet
Thur, 07/15/2004 08:21:48 - FVS318 IPsec:Receive Packet
address:0x1397478 from 67.168.11.111
Thur, 07/15/2004 08:21:48 - FVS318 IKE:[VPNClient] RX << XCHG_INFO :
67.168.11.111
Thur, 07/15/2004 08:21:48 - FVS318 IPsec:Enter Process_DeleteSA()
spi_len=16
Thur, 07/15/2004 08:21:48 - FVS318 IKE:RX << DELETE ISAKMP SA :
67.168.11.111 ,I-R=e0 f2 ea 67 e9 86 b9 68 d5 f6 b 6f be 23 de f9
Thur, 07/15/2004 08:21:48 - FVS318 IKE:[VPNClient] ISAKMP SAs were
Deleted!
Thur, 07/15/2004 08:24:50 - FVS318 IPsec:Receive Packet
address:0x1397478 from 67.168.11.111
Thur, 07/15/2004 08:24:50 - FVS318 IKE
eer Initialized IKE Main ModeThur, 07/15/2004 08:24:50 - FVS318 IKE:main_inI1_outR1() connection
not found 12.169.111.11[500]-67.168.11.111[500]
Thur, 07/15/2004 08:24:50 - FVS318 IKE:Trying Dynamic IP Searching
Thur, 07/15/2004 08:24:50 - FVS318 IPsec:instantiated
"VPNClient_tmp23" for 67.168.11.111
Thur, 07/15/2004 08:24:50 - FVS318 IKE:[VPNClient_tmp23] RX << MM_I1 :
67.168.11.111
Thur, 07/15/2004 08:24:50 - FVS318 IPsec:New State index:0, sno:1
Thur, 07/15/2004 08:24:50 - FVS318 IPsec:Oakley Transform 1 accepted
Thur, 07/15/2004 08:24:50 - FVS318
IKE:OAKLEY_PRESHARED_KEY/OAKLEY_3DES_CBC/MODP768
Thur, 07/15/2004 08:24:50 - FVS318 IKE:[VPNClient_tmp23] TX >> MM_R1 :
67.168.11.111
Thur, 07/15/2004 08:24:50 - FVS318 IPsec:inserting event
EVENT_RETRANSMIT, timeout in 10 seconds for #1
Thur, 07/15/2004 08:24:50 - FVS318 IPsec:Receive Packet
address:0x1397478 from 67.168.11.111
Thur, 07/15/2004 08:24:50 - FVS318 IKE:[VPNClient_tmp23] RX << MM_I2 :
67.168.11.111
Thur, 07/15/2004 08:24:50 - FVS318 IKE:[VPNClient_tmp23] TX >> MM_R2 :
67.168.11.111
Thur, 07/15/2004 08:24:50 - FVS318 IPsec:inserting event
EVENT_RETRANSMIT, timeout in 10 seconds for #1
Thur, 07/15/2004 08:24:52 - FVS318 IPsec:Receive Packet
address:0x1397478 from 67.168.11.111
Thur, 07/15/2004 08:24:52 - FVS318 IKE:[VPNClient_tmp23] RX << MM_I3 :
67.168.11.111
Thur, 07/15/2004 08:24:52 - FVS318 IPsec
ecoded Peer's ID isID_IPV4_ADDR:192.168.100.70 and 67.168.11.111 in st
Thur, 07/15/2004 08:24:52 - FVS318 IKE:[VPNClient_tmp23] TX >> MM_R3 :
67.168.11.111
Thur, 07/15/2004 08:24:52 - FVS318 IPsec:inserting event
EVENT_SA_EXPIRE, timeout in 28980 seconds for #1
Thur, 07/15/2004 08:24:52 - FVS318 IPsec:STATE_MAIN_R3: sent MR3,
ISAKMP SA established
Thur, 07/15/2004 08:24:52 - FVS318 IPsec:Receive Packet
address:0x1397478 from 67.168.11.111
Thur, 07/15/2004 08:24:52 - FVS318 IPsec:New State index:1, sno:2
Thur, 07/15/2004 08:24:52 - FVS318 IKE:[VPNClient_tmp23] RX << QM_I1 :
67.168.11.111
Thur, 07/15/2004 08:24:52 - FVS318 IPsec:cannot respond to IPsec SA
request because no connection is known for
192.168.0.0/255.255.255.0-12.169.111.11=====67.168.11.111-19
Thur, 07/15/2004 08:25:02 - FVS318 IPsec:Receive Packet
address:0x1397478 from 67.168.11.111
Thur, 07/15/2004 08:25:02 - FVS318 IPsec:loglog[3] *#hahaha.... next
payload type of ISAKMP Hash Payload has an unknown value: 34
Thur, 07/15/2004 08:25:02 - FVS318 IPsec:malformed payload in packet
Thur, 07/15/2004 08:25:12 - FVS318 IPsec:Receive Packet
address:0x1397478 from 67.168.11.111
Thur, 07/15/2004 08:25:12 - FVS318 IPsec:loglog[3] *#hahaha.... next
payload type of ISAKMP Hash Payload has an unknown value: 34
Thur, 07/15/2004 08:25:12 - FVS318 IPsec:malformed payload in packet
Thur, 07/15/2004 08:25:22 - FVS318 IPsec:Receive Packet
address:0x1397478 from 67.168.11.111
Thur, 07/15/2004 08:25:22 - FVS318 IPsec:loglog[3] *#hahaha.... next
payload type of ISAKMP Hash Payload has an unknown value: 34
Thur, 07/15/2004 08:25:22 - FVS318 IPsec:malformed payload in packet
Thur, 07/15/2004 08:25:32 - FVS318 IPsec:Receive Packet
address:0x1397478 from 67.168.11.111
Thur, 07/15/2004 08:25:32 - FVS318 IKE:[VPNClient_tmp23] RX <<
XCHG_INFO : 67.168.11.111
Thur, 07/15/2004 08:25:32 - FVS318 IPsec:Enter Process_DeleteSA()
spi_len=16
Thur, 07/15/2004 08:25:32 - FVS318 IKE:RX << DELETE ISAKMP SA :
67.168.11.111 ,I-R=6 1c 2f 29 9c 6b 9c 2e 6c 82 2f fb f7 c 55 76
Thur, 07/15/2004 08:25:32 - FVS318 IKE:[VPNClient_tmp23] ISAKMP SAs
were Deleted!
Thur, 07/15/2004 08:28:10 - FVS318 IPsec:[VPNClient_tmp23] is removed
from the head of conn_list
Thur, 07/15/2004 08:28:10 - FVS318 IPsec:Connection [VPNClient_tmp23]
is deleted from connection table
In this case, this was through a Netgear FVS318 router, while trying
to connect from my laptop to the VPN on another FVS318 at another
location.
I have tried the following:
Updated Firmware to current version V2.3 Feb. 5 2004
Assigning a static IP address to the VPN client (my laptop).
Changing the IP Address of the local gateway (my LAN's Netgear) to
192.168.1.253.
Setting my VPN Client (laptop) to be the DMZ.
Manually port forwarding port 500 to allow proper IKE functionality.
Changing MTU size on the Netgear.
On the Netgear IPSEC and VPN passthrough are enabled (same was true
for all firewalls tested).
Still I can't connect!
INTERESTING FACT: I have been replacing Sonicwall firewalls with
these Netgear FVS318's. The Sonicwall also uses an OEM version of the
ProSafe VPN client (just like Netgear). Those VPN connections work
JUST FINE without any changes to any networking hardware.
SUMMARY: It appears that any NAT device causes this same trouble. I
have tested through Netgear, Cisco, Dlink, and Linksys devices. All
show the same problem with the Netgear VPN only.
Any ideas on how to get this to work? Netgear support was clueless.
Facebook
Twitter
Instagram