Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 968
  • Last Modified:

Getting VPN tunnel working

When trying to bring up a VPN tunnel I get the following log messages:

 3-27: 16:32:15.143 My Connections\QCC-VPN - Initiating IKE Phase 1 (IP ADDR=70.100.xxx.xxx)
 3-27: 16:32:15.159 My Connections\QCC-VPN - SENDING>>>> ISAKMP OAK MM (SA, VID 2x)
 3-27: 16:32:30.194 My Connections\QCC-VPN - message not received! Retransmitting!
 3-27: 16:32:30.194 My Connections\QCC-VPN - SENDING>>>> ISAKMP OAK MM (Retransmission)
 3-27: 16:32:30.257 My Connections\QCC-VPN - RECEIVED<<< ISAKMP OAK INFO (NOTIFY:NO_PROPOSAL_CHOSEN)
 3-27: 16:32:30.257 My Connections\QCC-VPN - Discarding IKE SA negotiation

Any idea what this means?
0
tonykman
Asked:
tonykman
  • 6
  • 5
1 Solution
 
Steviek411Commented:
Recheck your authentication and encryption settings. They don't match.
0
 
tonykmanAuthor Commented:
I set everything up as default on the firewall and the client.  I double checked both of there auth and encrytion settings are they appear the same.
0
 
tonykmanAuthor Commented:
I changed the negotiation on the client from main to aggressive and now this is the message:

 3-28: 14:15:05.250 My Connections\QCC-VPN - Initiating IKE Phase 1 (IP ADDR=70.100.xxx.xxx)
 3-28: 14:15:05.562 My Connections\QCC-VPN - SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID 6x)
 3-28: 14:15:05.625 My Connections\QCC-VPN - RECEIVED<<< ISAKMP OAK INFO (NOTIFY:INVALID_ID_INFO)
 3-28: 14:15:05.625 My Connections\QCC-VPN - Discarding SA negotiation
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
Steviek411Commented:
These logs look like a watchguard product. Am I correct? Check your phase 1 settings. Thats where it looks like the problem is. If all else fails delete the tunnels and recreate them from scratch.
0
 
Steviek411Commented:
Also, only one end should be configured as aggressive.
0
 
tonykmanAuthor Commented:
This is a netgear vpn/firewall.  I have deleted the tunnel settings and recreated them multiple times so far.  I even looked at the manual and set this up using its simplest settings and still nothing.
0
 
tonykmanAuthor Commented:
If I configure the client to be main and the netgear firewall to be aggressive, I get the first error.
0
 
Steviek411Commented:
Try this link I just found on the net. Do a search for Invalid_id_info and read the results.

http://www.sonicwall.com/support/pdfs/technotes/Troubleshooting_Guide_IKE_VPN_Initialization_rev0.pdf
0
 
tonykmanAuthor Commented:
No luck...but after I changed the client back to main (netgear box is aggressive), I get the first error message.
0
 
Steviek411Commented:
Try changing your parameters on both ends to something else. Maybe your current settings are not compatible with your hardware/internet/etc settings. Everything that I know about this points to a misconfiguration. Check out your client settings closely.
0
 
tonykmanAuthor Commented:
I had to setup FQDN on both sides for authorization and that seemed to work.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now