Link to home
Create AccountLog in
Avatar of tonykman
tonykman

asked on

Getting VPN tunnel working

When trying to bring up a VPN tunnel I get the following log messages:

 3-27: 16:32:15.143 My Connections\QCC-VPN - Initiating IKE Phase 1 (IP ADDR=70.100.xxx.xxx)
 3-27: 16:32:15.159 My Connections\QCC-VPN - SENDING>>>> ISAKMP OAK MM (SA, VID 2x)
 3-27: 16:32:30.194 My Connections\QCC-VPN - message not received! Retransmitting!
 3-27: 16:32:30.194 My Connections\QCC-VPN - SENDING>>>> ISAKMP OAK MM (Retransmission)
 3-27: 16:32:30.257 My Connections\QCC-VPN - RECEIVED<<< ISAKMP OAK INFO (NOTIFY:NO_PROPOSAL_CHOSEN)
 3-27: 16:32:30.257 My Connections\QCC-VPN - Discarding IKE SA negotiation

Any idea what this means?
Avatar of Steviek411
Steviek411

Recheck your authentication and encryption settings. They don't match.
Avatar of tonykman

ASKER

I set everything up as default on the firewall and the client.  I double checked both of there auth and encrytion settings are they appear the same.
I changed the negotiation on the client from main to aggressive and now this is the message:

 3-28: 14:15:05.250 My Connections\QCC-VPN - Initiating IKE Phase 1 (IP ADDR=70.100.xxx.xxx)
 3-28: 14:15:05.562 My Connections\QCC-VPN - SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID 6x)
 3-28: 14:15:05.625 My Connections\QCC-VPN - RECEIVED<<< ISAKMP OAK INFO (NOTIFY:INVALID_ID_INFO)
 3-28: 14:15:05.625 My Connections\QCC-VPN - Discarding SA negotiation
These logs look like a watchguard product. Am I correct? Check your phase 1 settings. Thats where it looks like the problem is. If all else fails delete the tunnels and recreate them from scratch.
Also, only one end should be configured as aggressive.
This is a netgear vpn/firewall.  I have deleted the tunnel settings and recreated them multiple times so far.  I even looked at the manual and set this up using its simplest settings and still nothing.
If I configure the client to be main and the netgear firewall to be aggressive, I get the first error.
Try this link I just found on the net. Do a search for Invalid_id_info and read the results.

http://www.sonicwall.com/support/pdfs/technotes/Troubleshooting_Guide_IKE_VPN_Initialization_rev0.pdf
No luck...but after I changed the client back to main (netgear box is aggressive), I get the first error message.
ASKER CERTIFIED SOLUTION
Avatar of Steviek411
Steviek411

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
I had to setup FQDN on both sides for authorization and that seemed to work.