Sign in with
Sign up | Sign in
Your question

NSR under router problem

Last response: in Networking
Share
May 1, 2010 6:28:59 PM

Hi I having some kind of problem and I can't figure out what I should do to fix that, please try to help me guys:

5-01: 15:03:52.843
5-01: 15:03:52.843 My Connections\BSI - Initiating IKE Phase 1 (IP ADDR=xxx.xxx.xxx.xxx)
5-01: 15:03:52.984 My Connections\BSI - SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID 6x)
5-01: 15:03:53.062 My Connections\BSI - RECEIVED<<< ISAKMP OAK AG (SA, VID 3x, KE, NON, ID, HASH, VID, NAT-D 2x)
5-01: 15:03:53.062 My Connections\BSI - Peer supports Dead Peer Detection Version 1.0
5-01: 15:03:53.062 My Connections\BSI - Dead Peer Detection enabled
5-01: 15:03:53.062 My Connections\BSI - Peer is NAT-T draft-02 capable
5-01: 15:03:53.062 My Connections\BSI - Dead Peer Detection enabled
5-01: 15:03:53.062 My Connections\BSI - NAT is detected for Client
5-01: 15:03:53.062 My Connections\BSI - Floating to IKE non-500 port
5-01: 15:03:53.171 My Connections\BSI - SENDING>>>> ISAKMP OAK AG *(HASH, NAT-D 2x, NOTIFY:STATUS_REPLAY_STATUS, NOTIFY:STATUS_INITIAL_CONTACT)
5-01: 15:03:53.171 My Connections\BSI - Established IKE SA
5-01: 15:03:53.171 MY COOKIE d9 b3 d7 54 c4 a7 40 88
5-01: 15:03:53.171 HIS COOKIE f1 3 6e 69 c1 d1 b8 5b
5-01: 15:03:53.328
5-01: 15:03:53.328 My Connections\BSI - Initiating IKE Phase 2 with Client IDs (message id: 1FDB6382)
5-01: 15:03:53.328 My Connections\BSI - Initiator = IP ADDR=192.168.20.100, prot = 0 port = 0
5-01: 15:03:53.328 My Connections\BSI - Responder = IP SUBNET/MASK=172.31.1.140/255.255.255.255, prot = 0 port = 0
5-01: 15:03:53.328 My Connections\BSI - SENDING>>>> ISAKMP OAK QM *(HASH, SA, NON, KE, ID 2x)
5-01: 15:03:53.390 My Connections\BSI - RECEIVED<<< ISAKMP OAK QM *(HASH, SA, NON, KE, ID 2x, NOTIFY:STATUS_RESP_LIFETIME)
5-01: 15:03:53.390 My Connections\BSI - Filter entry 4: SECURE 192.168.020.100&255.255.255.255 172.031.001.140&255.255.255.255 xxx.xxx.xxx.xxx added.
5-01: 15:03:53.390 My Connections\BSI - SENDING>>>> ISAKMP OAK QM *(HASH)
5-01: 15:03:53.437 My Connections\BSI - Loading IPSec SA (Message ID = 1FDB6382 OUTBOUND SPI = 35AA359 INBOUND SPI = 896C34D)
5-01: 15:03:53.437
5-01: 15:03:54.093 Inbound packet failed validation: xxx.xxx.xxx.xxx -> 192.168.20.100


________________________________________________________________________________
I'm under TP-Link WR941N Router, when I try directly by the modem I can connect but I must have to fix to run over the router.
The Wan is on 192.168.21.1, and the router 192.168.21.2, while in the network the router is 192.168.20.1 => 255.255.255.0 subnet

Remote Party:
ID Ip subnet
subnet: 172.31.1.140
mask: 255.255.255.255
Protocol: all
using secure gateway tunnel on ip address xxx.xxx.xxx.xxx (sorry is really private company thing)

Identity:
certificate: none
type: email .. then my mail
adapter: none

Interface any

Security policy
Agressive
PFS ON => Diffie-Hellman Group 2
Enable Replay Detection ON

Phase 1
PSK/Triple DES/SHA-1/unspecified/diffie-hellman group 2

Phase 2
unspecified/None/ESP ON/Triple DES/SHA-1/Tunnel/AH OFF

That's all..
Could I get any help?

Thank you guys

More about : nsr router problem

!