troubleshooting Question

How do I set up Netgear FVS124g VPN and connect from home XP PC??

Avatar of enSynergy
enSynergy asked on
NetworkingHardware FirewallsInternet Protocol Security
2 Comments1 Solution1040 ViewsLast Modified:
Hi all,

I am hoping someone here can help as this is now doing my tree in!!

I have the following setup:
Work:

LAN   +--------------------------+--Netgear FVS124g--+----------+--External Router--+-----()()WWW()()-------+Home
subnet 192.168.0.x         192.168.0.254    173.15.15.1     173.15.15.254   198.180.18.13                     Dynamic IP

The external router is outside my control as it is owned by the landlord of our office block.  However, he will configure ports as requested.  Netgear advised open ports 1723 and 500 on it. Done!

I have set up the ProSafe VPN client on my home pc which has an adsl connection using a Speedtouch 330 adsl modem.  When I try to connect to the VPN I get the following in the PCs VPN Client Log Viewer:
--------------------------------------------------
 9-13: 01:02:51.130
 9-13: 01:02:51.130 My Connections\my vpn - Initiating IKE Phase 1 (IP ADDR=198.180.18.13)
 9-13: 01:02:51.581 My Connections\my vpn - SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID 6x)
 9-13: 01:02:54.595 My Connections\my vpn - RECEIVED<<< ISAKMP OAK AG (SA, KE, NON, ID, HASH, VID, NAT-D 2x, VID 2x)
 9-13: 01:02:54.595 My Connections\my vpn - Peer is NAT-T draft-02 capable
 9-13: 01:02:54.595 My Connections\my vpn - NAT is detected for Peer
 9-13: 01:02:54.595 My Connections\my vpn - Floating to IKE non-500 port
 9-13: 01:02:54.595 My Connections\my vpn - Peer supports Dead Peer Detection Version 1.0
 9-13: 01:02:54.595 My Connections\my vpn - Dead Peer Detection enabled
 9-13: 01:02:54.996 My Connections\my vpn - SENDING>>>> ISAKMP OAK AG *(HASH, NAT-D 2x, NOTIFY:STATUS_REPLAY_STATUS, NOTIFY:STATUS_INITIAL_CONTACT)
 9-13: 01:02:54.996 My Connections\my vpn - Established IKE SA
 9-13: 01:02:54.996    MY COOKIE d 4d b4 f5 9 4b fe 72
 9-13: 01:02:54.996    HIS COOKIE 80 b 34 ed ce 3a e3 3d
 9-13: 01:02:55.066
 9-13: 01:02:55.066 My Connections\my vpn - Initiating IKE Phase 2 with Client IDs (message id: E7FA63CE)
 9-13: 01:02:55.066 My Connections\my vpn -   Initiator = IP ADDR=89.110.136.89, prot = 0 port = 0
 9-13: 01:02:55.066 My Connections\my vpn -   Responder = IP SUBNET/MASK=192.168.0.0/255.255.255.0, prot = 0 port = 0
 9-13: 01:02:55.066 My Connections\my vpn - SENDING>>>> ISAKMP OAK QM *(HASH, SA, NON, ID 2x)
 9-13: 01:03:10.088 My Connections\my vpn - QM re-keying timed out. Retry count: 1
 9-13: 01:03:10.088 My Connections\my vpn - SENDING>>>> ISAKMP OAK QM *(Retransmission)
 9-13: 01:03:25.109 My Connections\my vpn - QM re-keying timed out. Retry count: 2
 9-13: 01:03:25.109 My Connections\my vpn - SENDING>>>> ISAKMP OAK QM *(Retransmission)
 9-13: 01:03:40.131 My Connections\my vpn - QM re-keying timed out. Retry count: 3
 9-13: 01:03:40.131 My Connections\my vpn - SENDING>>>> ISAKMP OAK QM *(Retransmission)
 9-13: 01:03:55.152 My Connections\my vpn - Exceeded 3 re-keying attempts (message id: E7FA63CE)
 9-13: 01:03:55.152 My Connections\my vpn - Disconnecting IKE SA negotiation
 9-13: 01:03:55.152 My Connections\my vpn - Deleting IKE SA (IP ADDR=198.180.18.13)
 9-13: 01:03:55.152    MY COOKIE d 4d b4 f5 9 4b fe 72
 9-13: 01:03:55.152    HIS COOKIE 80 b 34 ed ce 3a e3 3d
 9-13: 01:03:55.152 My Connections\my vpn - SENDING>>>> ISAKMP OAK INFO *(HASH, DEL)
---------------------------------------------

This looks to me (as a novice with VPNs) that it has successfully completed phase 1 but cannot complete phase 2.

SO.... (Finally getting to the point here).... What are the settings I require for both ends as I have tried many permutations and seem to get nowhere?

All advice GREATLY appreciated.  I have much more info if anyone wants it?  I can provide the full configs if you want them.  BTW the IPs have been altered in the listing above to protect the innocent... that being me :-)

Thanks guys!
ASKER CERTIFIED SOLUTION
Join our community to see this answer!
Unlock 1 Answer and 2 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 2 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros