tonykman
asked on
Getting VPN tunnel working
When trying to bring up a VPN tunnel I get the following log messages:
3-27: 16:32:15.143 My Connections\QCC-VPN - Initiating IKE Phase 1 (IP ADDR=70.100.xxx.xxx)
3-27: 16:32:15.159 My Connections\QCC-VPN - SENDING>>>> ISAKMP OAK MM (SA, VID 2x)
3-27: 16:32:30.194 My Connections\QCC-VPN - message not received! Retransmitting!
3-27: 16:32:30.194 My Connections\QCC-VPN - SENDING>>>> ISAKMP OAK MM (Retransmission)
3-27: 16:32:30.257 My Connections\QCC-VPN - RECEIVED<<< ISAKMP OAK INFO (NOTIFY:NO_PROPOSAL_CHOSEN
3-27: 16:32:30.257 My Connections\QCC-VPN - Discarding IKE SA negotiation
Any idea what this means?
3-27: 16:32:15.143 My Connections\QCC-VPN - Initiating IKE Phase 1 (IP ADDR=70.100.xxx.xxx)
3-27: 16:32:15.159 My Connections\QCC-VPN - SENDING>>>> ISAKMP OAK MM (SA, VID 2x)
3-27: 16:32:30.194 My Connections\QCC-VPN - message not received! Retransmitting!
3-27: 16:32:30.194 My Connections\QCC-VPN - SENDING>>>> ISAKMP OAK MM (Retransmission)
3-27: 16:32:30.257 My Connections\QCC-VPN - RECEIVED<<< ISAKMP OAK INFO (NOTIFY:NO_PROPOSAL_CHOSEN
3-27: 16:32:30.257 My Connections\QCC-VPN - Discarding IKE SA negotiation
Any idea what this means?
Recheck your authentication and encryption settings. They don't match.
ASKER
I set everything up as default on the firewall and the client. I double checked both of there auth and encrytion settings are they appear the same.
ASKER
I changed the negotiation on the client from main to aggressive and now this is the message:
3-28: 14:15:05.250 My Connections\QCC-VPN - Initiating IKE Phase 1 (IP ADDR=70.100.xxx.xxx)
3-28: 14:15:05.562 My Connections\QCC-VPN - SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID 6x)
3-28: 14:15:05.625 My Connections\QCC-VPN - RECEIVED<<< ISAKMP OAK INFO (NOTIFY:INVALID_ID_INFO)
3-28: 14:15:05.625 My Connections\QCC-VPN - Discarding SA negotiation
3-28: 14:15:05.250 My Connections\QCC-VPN - Initiating IKE Phase 1 (IP ADDR=70.100.xxx.xxx)
3-28: 14:15:05.562 My Connections\QCC-VPN - SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID 6x)
3-28: 14:15:05.625 My Connections\QCC-VPN - RECEIVED<<< ISAKMP OAK INFO (NOTIFY:INVALID_ID_INFO)
3-28: 14:15:05.625 My Connections\QCC-VPN - Discarding SA negotiation
These logs look like a watchguard product. Am I correct? Check your phase 1 settings. Thats where it looks like the problem is. If all else fails delete the tunnels and recreate them from scratch.
Also, only one end should be configured as aggressive.
ASKER
This is a netgear vpn/firewall. I have deleted the tunnel settings and recreated them multiple times so far. I even looked at the manual and set this up using its simplest settings and still nothing.
ASKER
If I configure the client to be main and the netgear firewall to be aggressive, I get the first error.
Try this link I just found on the net. Do a search for Invalid_id_info and read the results.
http://www.sonicwall.com/support/pdfs/technotes/Troubleshooting_Guide_IKE_VPN_Initialization_rev0.pdf
http://www.sonicwall.com/support/pdfs/technotes/Troubleshooting_Guide_IKE_VPN_Initialization_rev0.pdf
ASKER
No luck...but after I changed the client back to main (netgear box is aggressive), I get the first error message.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I had to setup FQDN on both sides for authorization and that seemed to work.