Link to home
Start Free TrialLog in
Avatar of whatisthesolution
whatisthesolution

asked on

Connection fails VPN

Treing to setup a romaing user client to test with D-link DS-601 VPN software agianst their SMB/enterprise firewall DFL-700 I recieve an error saying: "Invalid payload type"

Log from ds-601 as follows:
23-02-2007 00:46:14  Found adapter: SiS NIC SISNIC (Microsoft's Packet Scheduler)  with MTU 1500 bytes
23-02-2007 00:46:14  Found adapter: Broadcom 802.11g Netværkskort (Microsoft's Packet Scheduler)  with MTU 1500 bytes
23-02-2007 00:46:14  Found adapter: NdisWan Adapter (Microsoft's Packet Scheduler)  with MTU 1400 bytes
23-02-2007 00:46:14  Installed as a full license.
23-02-2007 00:46:45  Protecting RAS adapter - 0
23-02-2007 01:01:38  Protecting RAS adapter - 0
23-02-2007 01:01:41  IPSDIALCHAN::start building connection
23-02-2007 01:01:41  NCPIKE-phase1:name(XX VPN) - outgoing connect request - main mode.
23-02-2007 01:01:41  XMIT_MSG1_MAIN - xx VPN
23-02-2007 01:01:41  Extended Firewall: adapter SiS NIC SISNIC (Microsoft's Packet Scheduler)  is outside the friendly net
23-02-2007 01:01:41  RECV_MSG2_MAIN - xx VPN
23-02-2007 01:01:41  IPSDIAL->FINAL_TUNNEL_ENDPOINT:192.168.001.001
23-02-2007 01:01:41  IKE phase I: Setting LifeTime to 28800 seconds
23-02-2007 01:01:41  xx VPN ->Support for NAT-T version - 3
23-02-2007 01:01:41  XMIT_MSG3_MAIN - xx VPN
23-02-2007 01:01:41  RECV_MSG4_MAIN - xx VPN
23-02-2007 01:01:42  XMIT_MSG5_MAIN - xx VPN
23-02-2007 01:01:42  NOTIFY : xx VPN : RECEIVED : INVALID_PAYLOAD_TYPE
23-02-2007 01:02:20  NCPIKE-phase2:name(xx VPN) - error - cleared by phase1
23-02-2007 01:02:20  IPSDIAL  - disconnected from xx VPN on channel 1.
23-02-2007 01:02:27  IPSDIALCHAN::start building connection
23-02-2007 01:02:27  NCPIKE-phase1:name(xx VPN) - outgoing connect request - main mode.
23-02-2007 01:02:27  XMIT_MSG1_MAIN - xx VPN
23-02-2007 01:02:27  RECV_MSG2_MAIN - xx VPN
23-02-2007 01:02:27  IKE phase I: Setting LifeTime to 28800 seconds
23-02-2007 01:02:27  xx VPN ->Support for NAT-T version - 3
23-02-2007 01:02:27  XMIT_MSG3_MAIN - xx VPN
23-02-2007 01:02:27  IPSDIAL->FINAL_TUNNEL_ENDPOINT:192.168.001.001
23-02-2007 01:02:27  RECV_MSG4_MAIN - xx VPN
23-02-2007 01:02:27  XMIT_MSG5_MAIN - xx VPN
23-02-2007 01:02:27  NOTIFY : xx VPN : RECEIVED : INVALID_PAYLOAD_TYPE
23-02-2007 01:03:06  NCPIKE-phase2:name(xx VPN) - error - cleared by phase1
23-02-2007 01:03:06  IPSDIAL  - disconnected from xx VPN on channel 1.
23-02-2007 01:04:02  Protecting RAS adapter - 0
23-02-2007 01:04:02  Protecting RAS adapter - 0
23-02-2007 01:04:02  Protecting RAS adapter - 2
23-02-2007 01:08:02  Protecting RAS adapter - 0
23-02-2007 01:08:02  Protecting RAS adapter - 0
23-02-2007 01:08:02  Protecting RAS adapter - 2
23-02-2007 01:09:56  Protecting RAS adapter - 0
23-02-2007 01:09:56  Protecting RAS adapter - 0
23-02-2007 01:09:57  Protecting RAS adapter - 0
23-02-2007 01:09:57  Protecting RAS adapter - 0
23-02-2007 01:09:57  Protecting RAS adapter - 0
23-02-2007 01:09:57  Protecting RAS adapter - 0
23-02-2007 01:09:58  Protecting RAS adapter - 0
23-02-2007 01:12:13  EAPOL:send EAPOL_LOGOFF
23-02-2007 01:12:13  EAP:SiS NIC SISNIC (Microsoft's Packet Scheduler)  authentication failure ! - EAPOL - admin close
23-02-2007 01:12:18  IPSDIALCHAN::start building connection
23-02-2007 01:12:18  NCPIKE-phase1:name(xx VPN) - outgoing connect request - main mode.
23-02-2007 01:12:18  XMIT_MSG1_MAIN - xx VPN
23-02-2007 01:12:36  NCPIKE-phase1:name(xx VPN) - error - retry timeout - max retries
23-02-2007 01:12:36  NCPIKE-phase2:name(xx VPN) - error - cleared by phase1
23-02-2007 01:12:36  IPSDIAL  - disconnected from xx VPN on channel 1.
23-02-2007 01:12:46  IPSDIALCHAN::start building connection
23-02-2007 01:12:46  NCPIKE-phase1:name(xx VPN) - outgoing connect request - main mode.
23-02-2007 01:12:46  XMIT_MSG1_MAIN - xx VPN
23-02-2007 01:12:56  IPSDIAL  - disconnecting from xx VPN on channel 1.
23-02-2007 01:12:56  NCPIKE-phase2:name(xx VPN) - error - cleared by phase1
23-02-2007 01:12:56  IPSDIAL  - disconnected from xx VPN on channel 1.
23-02-2007 01:13:02  IPSDIALCHAN::start building connection
23-02-2007 01:13:02  NCPIKE-phase1:name(xx VPN) - outgoing connect request - main mode.
23-02-2007 01:13:02  XMIT_MSG1_MAIN - xx VPN
23-02-2007 01:13:19  NCPIKE-phase1:name(xx VPN) - error - retry timeout - max retries
23-02-2007 01:13:19  NCPIKE-phase2:name(xx VPN) - error - cleared by phase1
23-02-2007 01:13:19  IPSDIAL  - disconnected from xx VPN on channel 1.
23-02-2007 01:14:12  Protecting RAS adapter - 0
23-02-2007 01:14:25  Found adapter: SiS NIC SISNIC (Microsoft's Packet Scheduler)  with MTU 1500 bytes
23-02-2007 01:14:36  IPSDIALCHAN::start building connection
23-02-2007 01:14:36  NCPIKE-phase1:name(xx VPN) - outgoing connect request - main mode.
23-02-2007 01:14:36  XMIT_MSG1_MAIN - xx VPN
23-02-2007 01:14:36  Extended Firewall: adapter SiS NIC SISNIC (Microsoft's Packet Scheduler)  is outside the friendly net
23-02-2007 01:14:36  RECV_MSG2_MAIN - xx VPN
23-02-2007 01:14:36  IKE phase I: Setting LifeTime to 28800 seconds
23-02-2007 01:14:36  x VPN ->Support for NAT-T version - 3
23-02-2007 01:14:36  XMIT_MSG3_MAIN - xx VPN
23-02-2007 01:14:36  IPSDIAL->FINAL_TUNNEL_ENDPOINT:192.168.001.001
23-02-2007 01:14:36  RECV_MSG4_MAIN - xx VPN
23-02-2007 01:14:36  XMIT_MSG5_MAIN - xx VPN
23-02-2007 01:14:36  NOTIFY : xx VPN : RECEIVED : INVALID_PAYLOAD_TYPE
23-02-2007 01:15:16  NCPIKE-phase2:name(xx VPN) - error - cleared

Log from DFL-700 as follows:

2007-02-23 00:14:39] <6>EFW: IPSEC: prio=1 Phase-1 [responder] between ipv4(any:0,[0..3]=192.168.1.1) and ipv4(any:0,[0..3]=192.168.1.3) failed; Invalid payload type

2007-02-23 00:14:38] <5>EFW: CONN: rule=IPsecBeforeRules conn=open connipproto=UDP connrecvif=LAN connsrcip=192.168.1.3 connsrcport=500 conndestif=core conndestip=192.168.1.1 conndestport=500

        [2007-02-23 00:14:38] <5>EFW: CONN: rule=IPsecBeforeRules conn=open connipproto=UDP connrecvif=LAN connsrcip=192.168.1.3 connsrcport=500 conndestif=core conndestip=XXX.XXX.XX.XXX conndestport=500

Any ideas guys?

Thanks
whatisthesolution
Avatar of infimate
infimate

I see on the log that we are having authenticationcation issues. Check the EAP policy.
Avatar of whatisthesolution

ASKER

Hi - I have uploaded the manual on ee.stuff.com - I have followed it line-by-line but with no result.
Thanks in advance.
23-02-2007 19:17:22  IPSDIALCHAN::start building connection
23-02-2007 19:17:22  NCPIKE-phase1:name(DFL-700) - outgoing connect request - main mode.
23-02-2007 19:17:22  XMIT_MSG1_MAIN - DFL-700
23-02-2007 19:17:22  RECV_MSG2_MAIN - DFL-700
23-02-2007 19:17:22  IPSDIAL->FINAL_TUNNEL_ENDPOINT:085.082.002.135
23-02-2007 19:17:22  IKE phase I: Setting LifeTime to 28800 seconds
23-02-2007 19:17:22  DFL-700 ->Support for NAT-T version - 3
23-02-2007 19:17:22  XMIT_MSG3_MAIN - DFL-700
23-02-2007 19:17:22  RECV_MSG4_MAIN - DFL-700
23-02-2007 19:17:22  Turning on NATD mode - DFL-700 - 1
23-02-2007 19:17:22  XMIT_MSG5_MAIN - DFL-700
23-02-2007 19:17:22  RECV_MSG6_MAIN - DFL-700
23-02-2007 19:17:22  Turning on DPD mode - DFL-700
23-02-2007 19:17:22  NCPIKE-phase1:name(DFL-700) - connected
23-02-2007 19:17:22  XMIT_IKECFG_REQUEST - DFL-700
23-02-2007 19:17:34  NCPIKE-phase2:name(
Last error I'm getting is:
IKE ERROR (Phase 1)
Lost contact to pear.
Some more firewall log...

[2007-02-23 18:19:53] <5>EFW: CONN: rule=IPsecBeforeRules conn=close connipproto=UDP connrecvif=WAN connsrcip=83.93.150.68 connsrcport=4500 conndestif=core conndestip=85.82.182.8.200 conndestport=4500 origsent=388 termsent=0
        
 
        [2007-02-23 18:19:47] <5>EFW: DROP: prio=2 rule=dropall-final action=drop recvif=WAN srcip=202.97.238.204 destip=85.182.8.200 ipproto=UDP ipdatalen=466 srcport=47236 destport=1027 udptotlen=466
        
        [2007-02-23 18:19:47] <5>EFW: DROP: prio=2 rule=dropall-final action=drop recvif=WAN srcip=202.97.238.204 destip=85.82.182.8.200 ipproto=UDP ipdatalen=466 srcport=47236 destport=1026 udptotlen=466
        
        [2007-02-23 18:19:40] <5>EFW: CONN: rule=IPsecBeforeRules conn=close connipproto=UDP connrecvif=WAN connsrcip=83.93.150.68 connsrcport=500 conndestif=core conndestip=85.182.8.200 conndestport=500 origsent=1680 termsent=0
        
        
        [2007-02-23 18:18:29] <5>EFW: DROP: prio=2 rule=dropall-final action=drop recvif=WAN srcip=221.209.110.48 destip=85.182.8.200 ipproto=UDP ipdatalen=466 srcport=56097 destport=1026 udptotlen=466
        
        [2007-02-23 18:18:29] <5>EFW: DROP: prio=2 rule=dropall-final action=drop recvif=WAN srcip=221.209.110.48 destip=85.182.8.200 ipproto=UDP ipdatalen=466 srcport=56097 destport=1027 udptotlen=466
        
        [2007-02-23 18:17:30] <6>EFW: IPSEC: prio=1 Phase-1 [responder] between ipv4(udp:500,[0..3]=85.182.8.200) and ipv4(any:0,[0..3]=192.168.254.2) done.
Ok - so I do not know what I've done right but kn ow it's connecting fine, but there is no data flowing through the tunnel - I cannot get in touch with the nodes on the network and Internet connection times out when I'm trying to surf the internet. I'm connection outside from a Wireless connection to ensure that I'm not on the local network when testing.

So what is wrong here?

Thanks in advance!
whatisthesolution
Logfile from the client...

23-02-2007 21:49:28  Warning: could not open file - c:\crypt.key
23-02-2007 21:49:28  Installed as a full license.
23-02-2007 21:49:31  IPSDIALCHAN::start building connection
23-02-2007 21:49:31  NCPIKE-phase1:name(Headquarters) - outgoing connect request - main mode.
23-02-2007 21:49:31  XMIT_MSG1_MAIN - Headquarters
23-02-2007 21:49:31  RECV_MSG2_MAIN - Headquarters
23-02-2007 21:49:31  IPSDIAL->FINAL_TUNNEL_ENDPOINT:085.082.232.245
23-02-2007 21:49:31  IKE phase I: Setting LifeTime to 28800 seconds
23-02-2007 21:49:31  Turning on XAUTH mode - Headquarters
23-02-2007 21:49:31  Headquarters ->Support for NAT-T version - 3
23-02-2007 21:49:31  XMIT_MSG3_MAIN - Headquarters
23-02-2007 21:49:31  RECV_MSG4_MAIN - Headquarters
23-02-2007 21:49:32  Turning on NATD mode - Headquarters - 1
23-02-2007 21:49:32  XMIT_MSG5_MAIN - Headquarters
23-02-2007 21:49:32  RECV_MSG6_MAIN - Headquarters
23-02-2007 21:49:32  Turning on DPD mode - Headquarters
23-02-2007 21:49:32  NCPIKE-phase1:name(Headquarters) - connected
23-02-2007 21:49:32  RECV_XAUTH_REQUEST
23-02-2007 21:49:32  XMIT_XAUTH_REPLY
23-02-2007 21:49:32  RECV_XAUTH_SET
23-02-2007 21:49:32  XMIT_XAUTH_ACK
23-02-2007 21:49:32  NCPIKE-xauth:name(Headquar) - IkeXauth: enter state open
23-02-2007 21:49:32  XMIT_MSG1_QUICK - Headquarters
23-02-2007 21:49:32  RECV_MSG2_QUICK - Headquarters
23-02-2007 21:49:32  XMIT_MSG3_QUICK - Headquarters
23-02-2007 21:49:32  NCPIKE-phase2:name(Headquarters) - connected
23-02-2007 21:49:32  IPSDIAL  - connected to Headquarters on channel 1.
23-02-2007 21:49:32  IPCP  - connected to Headquarters with IP Address: 192.168.254.002. : 192.168.254.003.
23-02-2007 21:49:49  NOTIFY : Headquarters : RECEIVED : NOTIFY_MSG_R_U_HERE
23-02-2007 21:49:49  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE_ACK
23-02-2007 21:49:49  NOTIFY : Headquarters : RECEIVED : NOTIFY_MSG_R_U_HERE
23-02-2007 21:49:49  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE_ACK
23-02-2007 21:49:52  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE
23-02-2007 21:49:52  NOTIFY : Headquarters : RECEIVED : NOTIFY_MSG_R_U_HERE_ACK
23-02-2007 21:50:04  NOTIFY : Headquarters : RECEIVED : NOTIFY_MSG_R_U_HERE
23-02-2007 21:50:04  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE_ACK
23-02-2007 21:50:05  NOTIFY : Headquarters : RECEIVED : NOTIFY_MSG_R_U_HERE
23-02-2007 21:50:05  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE_ACK
23-02-2007 21:50:19  NOTIFY : Headquarters : RECEIVED : NOTIFY_MSG_R_U_HERE
23-02-2007 21:50:19  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE_ACK
23-02-2007 21:50:19  NOTIFY : Headquarters : RECEIVED : NOTIFY_MSG_R_U_HERE
23-02-2007 21:50:19  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE_ACK
23-02-2007 21:50:34  NOTIFY : Headquarters : RECEIVED : NOTIFY_MSG_R_U_HERE
23-02-2007 21:50:34  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE_ACK
23-02-2007 21:50:35  NOTIFY : Headquarters : RECEIVED : NOTIFY_MSG_R_U_HERE
23-02-2007 21:50:35  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE_ACK
23-02-2007 21:50:49  NOTIFY : Headquarters : RECEIVED : NOTIFY_MSG_R_U_HERE
23-02-2007 21:50:49  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE_ACK
23-02-2007 21:50:49  NOTIFY : Headquarters : RECEIVED : NOTIFY_MSG_R_U_HERE
23-02-2007 21:50:49  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE_ACK
23-02-2007 21:50:52  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE
23-02-2007 21:50:52  NOTIFY : Headquarters : RECEIVED : NOTIFY_MSG_R_U_HERE_ACK
23-02-2007 21:50:59  IPSDIAL  - disconnecting from Headquarters on channel 1.
23-02-2007 21:51:01  IPSDIAL  - disconnected from Headquarters on channel 1.
23-02-2007 21:51:34  IPSDIALCHAN::start building connection
23-02-2007 21:51:34  NCPIKE-phase1:name(Headquarters) - outgoing connect request - main mode.
23-02-2007 21:51:34  XMIT_MSG1_MAIN - Headquarters
23-02-2007 21:51:34  RECV_MSG2_MAIN - Headquarters
23-02-2007 21:51:34  IPSDIAL->FINAL_TUNNEL_ENDPOINT:085.082.232.245
23-02-2007 21:51:34  IKE phase I: Setting LifeTime to 28800 seconds
23-02-2007 21:51:34  Turning on XAUTH mode - Headquarters
23-02-2007 21:51:34  Headquarters ->Support for NAT-T version - 3
23-02-2007 21:51:34  XMIT_MSG3_MAIN - Headquarters
23-02-2007 21:51:35  RECV_MSG4_MAIN - Headquarters
23-02-2007 21:51:35  Turning on NATD mode - Headquarters - 1
23-02-2007 21:51:35  XMIT_MSG5_MAIN - Headquarters
23-02-2007 21:51:35  RECV_MSG6_MAIN - Headquarters
23-02-2007 21:51:35  Turning on DPD mode - Headquarters
23-02-2007 21:51:35  NCPIKE-phase1:name(Headquarters) - connected
23-02-2007 21:51:35  RECV_XAUTH_REQUEST
23-02-2007 21:51:35  XMIT_XAUTH_REPLY
23-02-2007 21:51:35  RECV_XAUTH_SET
23-02-2007 21:51:35  XMIT_XAUTH_ACK
23-02-2007 21:51:35  NCPIKE-xauth:name(Headquar) - IkeXauth: enter state open
23-02-2007 21:51:35  XMIT_MSG1_QUICK - Headquarters
23-02-2007 21:51:35  RECV_MSG2_QUICK - Headquarters
23-02-2007 21:51:35  XMIT_MSG3_QUICK - Headquarters
23-02-2007 21:51:35  NCPIKE-phase2:name(Headquarters) - connected
23-02-2007 21:51:35  IPSDIAL  - connected to Headquarters on channel 1.
23-02-2007 21:51:35  IPCP  - connected to Headquarters with IP Address: 192.168.254.002. : 192.168.254.003.
23-02-2007 21:51:41  IPSDIAL  - disconnecting from Headquarters on channel 1.
23-02-2007 21:51:42  IPSDIAL  - disconnected from Headquarters on channel 1.
23-02-2007 21:52:18  IPSDIALCHAN::start building connection
23-02-2007 21:52:18  NCPIKE-phase1:name(Headquarters) - outgoing connect request - main mode.
23-02-2007 21:52:18  XMIT_MSG1_MAIN - Headquarters
23-02-2007 21:52:35  NCPIKE-phase1:name(Headquarters) - error - retry timeout - max retries
23-02-2007 21:52:35  NCPIKE-phase2:name(Headquarters) - error - cleared by phase1
23-02-2007 21:52:35  IPSDIAL  - disconnected from Headquarters on channel 1.
23-02-2007 21:53:10  IPSDIALCHAN::start building connection
23-02-2007 21:53:10  NCPIKE-phase1:name(Headquarters) - outgoing connect request - main mode.
23-02-2007 21:53:10  XMIT_MSG1_MAIN - Headquarters
23-02-2007 21:53:10  RECV_MSG2_MAIN - Headquarters
23-02-2007 21:53:10  IPSDIAL->FINAL_TUNNEL_ENDPOINT:085.082.232.245
23-02-2007 21:53:10  IKE phase I: Setting LifeTime to 28800 seconds
23-02-2007 21:53:10  Turning on XAUTH mode - Headquarters
23-02-2007 21:53:10  Headquarters ->Support for NAT-T version - 3
23-02-2007 21:53:10  XMIT_MSG3_MAIN - Headquarters
23-02-2007 21:53:10  RECV_MSG4_MAIN - Headquarters
23-02-2007 21:53:10  Turning on NATD mode - Headquarters - 1
23-02-2007 21:53:10  XMIT_MSG5_MAIN - Headquarters
23-02-2007 21:53:10  RECV_MSG6_MAIN - Headquarters
23-02-2007 21:53:10  Turning on DPD mode - Headquarters
23-02-2007 21:53:10  NCPIKE-phase1:name(Headquarters) - connected
23-02-2007 21:53:10  RECV_XAUTH_REQUEST
23-02-2007 21:53:10  XMIT_XAUTH_REPLY
23-02-2007 21:53:10  RECV_XAUTH_SET
23-02-2007 21:53:10  XMIT_XAUTH_ACK
23-02-2007 21:53:10  NCPIKE-xauth:name(Headquar) - IkeXauth: enter state open
23-02-2007 21:53:10  XMIT_MSG1_QUICK - Headquarters
23-02-2007 21:53:11  RECV_MSG2_QUICK - Headquarters
23-02-2007 21:53:11  XMIT_MSG3_QUICK - Headquarters
23-02-2007 21:53:11  NCPIKE-phase2:name(Headquarters) - connected
23-02-2007 21:53:11  IPSDIAL  - connected to Headquarters on channel 1.
23-02-2007 21:53:11  IPCP  - connected to Headquarters with IP Address: 192.168.254.002. : 192.168.254.003.
23-02-2007 21:53:30  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE
23-02-2007 21:53:30  NOTIFY : Headquarters : RECEIVED : NOTIFY_MSG_R_U_HERE_ACK
23-02-2007 21:53:37  IPSDIAL  - disconnecting from Headquarters on channel 1.
23-02-2007 21:53:38  IPSDIAL  - disconnected from Headquarters on channel 1.
23-02-2007 21:53:55  IPSDIALCHAN::start building connection
23-02-2007 21:53:55  NCPIKE-phase1:name(Headquarters) - outgoing connect request - main mode.
23-02-2007 21:53:55  XMIT_MSG1_MAIN - Headquarters
23-02-2007 21:54:13  NCPIKE-phase1:name(Headquarters) - error - retry timeout - max retries
23-02-2007 21:54:13  NCPIKE-phase2:name(Headquarters) - error - cleared by phase1
23-02-2007 21:54:13  IPSDIAL  - disconnected from Headquarters on channel 1.
23-02-2007 21:54:18  IPSDIALCHAN::start building connection
23-02-2007 21:54:18  NCPIKE-phase1:name(Headquarters) - outgoing connect request - main mode.
23-02-2007 21:54:18  XMIT_MSG1_MAIN - Headquarters
23-02-2007 21:54:20  IPSDIAL  - disconnecting from Headquarters on channel 1.
23-02-2007 21:54:20  NCPIKE-phase2:name(Headquarters) - error - cleared by phase1
23-02-2007 21:54:20  IPSDIAL  - disconnected from Headquarters on channel 1.
23-02-2007 21:54:26  IPSDIALCHAN::start building connection
23-02-2007 21:54:26  NCPIKE-phase1:name(Headquarters) - outgoing connect request - main mode.
23-02-2007 21:54:26  XMIT_MSG1_MAIN - Headquarters
23-02-2007 21:54:29  RECV_MSG2_MAIN - Headquarters
23-02-2007 21:54:29  IPSDIAL->FINAL_TUNNEL_ENDPOINT:085.082.232.245
23-02-2007 21:54:29  IKE phase I: Setting LifeTime to 28800 seconds
23-02-2007 21:54:29  Turning on XAUTH mode - Headquarters
23-02-2007 21:54:29  Headquarters ->Support for NAT-T version - 3
23-02-2007 21:54:29  XMIT_MSG3_MAIN - Headquarters
23-02-2007 21:54:29  RECV_MSG4_MAIN - Headquarters
23-02-2007 21:54:29  Turning on NATD mode - Headquarters - 1
23-02-2007 21:54:29  XMIT_MSG5_MAIN - Headquarters
23-02-2007 21:54:29  RECV_MSG6_MAIN - Headquarters
23-02-2007 21:54:29  Turning on DPD mode - Headquarters
23-02-2007 21:54:29  NCPIKE-phase1:name(Headquarters) - connected
23-02-2007 21:54:29  RECV_XAUTH_REQUEST
23-02-2007 21:54:29  XMIT_XAUTH_REPLY
23-02-2007 21:54:29  RECV_XAUTH_SET
23-02-2007 21:54:29  XMIT_XAUTH_ACK
23-02-2007 21:54:29  NCPIKE-xauth:name(Headquar) - IkeXauth: enter state open
23-02-2007 21:54:29  XMIT_MSG1_QUICK - Headquarters
23-02-2007 21:54:29  RECV_MSG2_QUICK - Headquarters
23-02-2007 21:54:29  XMIT_MSG3_QUICK - Headquarters
23-02-2007 21:54:29  NCPIKE-phase2:name(Headquarters) - connected
23-02-2007 21:54:30  IPSDIAL  - connected to Headquarters on channel 1.
23-02-2007 21:54:30  IPCP  - connected to Headquarters with IP Address: 192.168.254.002. : 192.168.254.003.
23-02-2007 21:54:49  NOTIFY : Headquarters : RECEIVED : NOTIFY_MSG_R_U_HERE
23-02-2007 21:54:49  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE_ACK
23-02-2007 21:54:49  NOTIFY : Headquarters : RECEIVED : NOTIFY_MSG_R_U_HERE
23-02-2007 21:54:49  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE_ACK
23-02-2007 21:54:49  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE
23-02-2007 21:54:49  NOTIFY : Headquarters : RECEIVED : NOTIFY_MSG_R_U_HERE_ACK
23-02-2007 21:55:04  NOTIFY : Headquarters : RECEIVED : NOTIFY_MSG_R_U_HERE
23-02-2007 21:55:04  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE_ACK
23-02-2007 21:55:05  NOTIFY : Headquarters : RECEIVED : NOTIFY_MSG_R_U_HERE
23-02-2007 21:55:05  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE_ACK
23-02-2007 21:55:19  NOTIFY : Headquarters : RECEIVED : NOTIFY_MSG_R_U_HERE
23-02-2007 21:55:19  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE_ACK
23-02-2007 21:55:19  NOTIFY : Headquarters : RECEIVED : NOTIFY_MSG_R_U_HERE
23-02-2007 21:55:19  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE_ACK
23-02-2007 21:55:34  NOTIFY : Headquarters : RECEIVED : NOTIFY_MSG_R_U_HERE
23-02-2007 21:55:34  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE_ACK
23-02-2007 21:55:35  NOTIFY : Headquarters : RECEIVED : NOTIFY_MSG_R_U_HERE
23-02-2007 21:55:35  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE_ACK
23-02-2007 21:55:49  NOTIFY : Headquarters : RECEIVED : NOTIFY_MSG_R_U_HERE
23-02-2007 21:55:49  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE_ACK
23-02-2007 21:55:49  NOTIFY : Headquarters : RECEIVED : NOTIFY_MSG_R_U_HERE
23-02-2007 21:55:49  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE_ACK
23-02-2007 21:55:49  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE
23-02-2007 21:55:49  NOTIFY : Headquarters : RECEIVED : NOTIFY_MSG_R_U_HERE_ACK
Can you post your DFL-700 config?  

Yup  - Done. -->--> ee-stuff....
Are you using IKE XAUTH? I've seen it included in your client and then removed?
Yes we are using that option and it's turned on the the client ds-601
The XAuth username/password is missing in the DFL-700 config that you posted.
Disregard that XAuth username/password response.  Do you have Windows Firewall on?  Digging around it seems that it may be blocking port 500.  
"The XAuth username/password is missing in the DFL-700 config that you posted."
No if you dig into the manual postyed in the ee stuff you will see that you setup a new user in the DFL-700 firewall.

Disregarded :-)

"Do you have Windows Firewall on"
No we are not using windows firewall. - We are using the Network Associates Enterprise desktop firewall soluition. When looking into the client computers firewall log i cannot find any section of port 500...
I saw the xauth username/password field on the VPN page when I first posted that.  Why are there IPs listed as 85.182.8.200 and 85.82.182.8 in the log?  Do you policies defined that has this IP entered incorrectly?  Also, you mentioned earlier that you are using a wireless network to test with.  What are the internal/private IPs on each side?
"listed as 85.182.8.200 and 85.82.182.8 in the log?" -  We are talking security here, right?  :-)

So we do not want the whole world to know of the our set up in the DFL-700 firewall, so the IP's above has been changed, but they are FYI  one and the same ip-adress. Sorry for the confusion.

"you mentioned earlier that you are using a wireless network to test with.  What are the internal/private IPs on each side?"

I do not know. There is a caf'e beside our office that has a wireless for free usage. So i setup the firewall  from our office and then went over to test the client. But i think the internal was 192.168.1.0/24. and the external ?? - I do not remember.
I though maybe that was the case.  Makes the logs hard to read but I understand.
If both sides of the VPN are using 192.168.1.0/24 then you cannot generate 'interesting' traffic for the tunnel as it is a local network to each side.  Is this in use in your network?  It appears to be at the cafe.   Can you verify as there are inconsitencies in the logs.
If the above is not the case the a second possibility is the cafe has a firewall that is blocking UDP port 500.  You can verify this by accessing the Internet through their AP and go to auditmypc.com and run a port scan for UDP 500.   Have you tested this elsewhere besides the cafe?
Hi Hancke,

Thank you for your posting and interest in my issue

"Can you verify as there are inconsitencies in the logs."
We are using the 192.168.1.0/24 range internally so that is correct and the cafe seams unfortunately to use the same range which you are correct in the statement that it makes it harder to find any errors.  

"Have you tested this elsewhere besides the cafe?"

Well no not really - Iv'e tried inside form our own network but that will not produce a real testing scenario.

I could maybe try a pc cafe which is farther away from our location/office - but I'm not sure that I will be granted to connect one of our laptops to their network.... So therefore I've thought the normal cafe joint   nearby was the best option.

"UDP port 500.  You can verify this by accessing the Internet through their AP and go to auditmypc.com and run a port scan for UDP 500."

I acctually did that but used grc.com "shieldsup" and the cafe's connection was 100% stealthed. I acctually tried to make a remote desktop connection to one of our servers to test but no data was allowed through.

Question: Since the data is going though a encrypted VPN tunnel does the firewall from the cafe really give a damm (I mean it cannot inspect the data) or ????

(FYI: when i tried from our own office the result is the same - the VPN connects fine with handshake and everything but no datga is flowing through. Funny thing is that i could use the build in capability in DFL-700 to ping the machine with the VPN running - but the machine cannot connect to the network resources aka. server nodes ect. it can only find it selves in the network/workgroup.)

Thanks in advance.
Kind regard
whatisthesolution

ASKER CERTIFIED SOLUTION
Avatar of hancke
hancke
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Hi Hancke,

That is a very interesting point you have there!

Do you have any proposal to ranges to use?
I found this by googling  a bit http://www.rhebus.com/techinfo/iprange.htm - But that is still the standard range as you describe.

We rather go the hard way and change it now because we need the VPN to work so that roaming co-workers can connect safely to the network resources. Also by doing this we will be able to make a final test to see if there still is something wrong with the VPN setup.

So if I understand you right the VPN has to be able to see the difference/differentiate  the network/s to function or else the traffic, (supposed VPN traffic) will be routed through the normal network adapter which in this scenario is the WIFI adapter on the machine mentioned?

Kind regard
whatisthesolution
That depends on how many IPs you need.  If you need less than 253 host IPs go with something like 192.168.100.0/24.  If you need more you can use a range like 172.16.100.0/23 and get 510 hosts.  That would be 172.16.100.1 255.255.254.0 and would give you the range of 172.16.100.1-172.16.101.254.  You can also use the 10.0.0.0 and use the appropriate mask to get the hosts you need.  
Here is a link to a good subnet calculator.
http://www.subnet-calculator.com
Pick a range and\or tell me how many hosts you need and I'll post some suggestions.
Hi - Thanks for the info.

So.. Status is that We changed the network - But still the same case. Se the file below

23-02-2007 21:49:28  Warning: could not open file - c:\crypt.key
23-02-2007 21:49:28  Installed as a full license.
23-02-2007 21:49:31  IPSDIALCHAN::start building connection
23-02-2007 21:49:31  NCPIKE-phase1:name(Headquarters) - outgoing connect request - main mode.
23-02-2007 21:49:31  XMIT_MSG1_MAIN - Headquarters
23-02-2007 21:49:31  RECV_MSG2_MAIN - Headquarters
23-02-2007 21:49:31  IPSDIAL->FINAL_TUNNEL_ENDPOINT:085.082.002.135
23-02-2007 21:49:31  IKE phase I: Setting LifeTime to 28800 seconds
23-02-2007 21:49:31  Turning on XAUTH mode - Headquarters
23-02-2007 21:49:31  Headquarters ->Support for NAT-T version - 3
23-02-2007 21:49:31  XMIT_MSG3_MAIN - Headquarters
23-02-2007 21:49:31  RECV_MSG4_MAIN - Headquarters
23-02-2007 21:49:32  Turning on NATD mode - Headquarters - 1
23-02-2007 21:49:32  XMIT_MSG5_MAIN - Headquarters
23-02-2007 21:49:32  RECV_MSG6_MAIN - Headquarters
23-02-2007 21:49:32  Turning on DPD mode - Headquarters
23-02-2007 21:49:32  NCPIKE-phase1:name(Headquarters) - connected
23-02-2007 21:49:32  RECV_XAUTH_REQUEST
23-02-2007 21:49:32  XMIT_XAUTH_REPLY
23-02-2007 21:49:32  RECV_XAUTH_SET
23-02-2007 21:49:32  XMIT_XAUTH_ACK
23-02-2007 21:49:32  NCPIKE-xauth:name(Headquar) - IkeXauth: enter state open
23-02-2007 21:49:32  XMIT_MSG1_QUICK - Headquarters
23-02-2007 21:49:32  RECV_MSG2_QUICK - Headquarters
23-02-2007 21:49:32  XMIT_MSG3_QUICK - Headquarters
23-02-2007 21:49:32  NCPIKE-phase2:name(Headquarters) - connected
23-02-2007 21:49:32  IPSDIAL  - connected to Headquarters on channel 1.
23-02-2007 21:49:32  IPCP  - connected to Headquarters with IP Address: 192.168.254.002. : 192.168.254.003.
23-02-2007 21:49:49  NOTIFY : Headquarters : RECEIVED : NOTIFY_MSG_R_U_HERE
23-02-2007 21:49:49  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE_ACK
23-02-2007 21:49:49  NOTIFY : Headquarters : RECEIVED : NOTIFY_MSG_R_U_HERE
23-02-2007 21:49:49  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE_ACK
23-02-2007 21:49:52  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE
23-02-2007 21:49:52  NOTIFY : Headquarters : RECEIVED : NOTIFY_MSG_R_U_HERE_ACK
23-02-2007 21:50:04  NOTIFY : Headquarters : RECEIVED : NOTIFY_MSG_R_U_HERE
23-02-2007 21:50:04  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE_ACK
23-02-2007 21:50:05  NOTIFY : Headquarters : RECEIVED : NOTIFY_MSG_R_U_HERE
23-02-2007 21:50:05  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE_ACK
23-02-2007 21:50:19  NOTIFY : Headquarters : RECEIVED : NOTIFY_MSG_R_U_HERE
23-02-2007 21:50:19  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE_ACK
23-02-2007 21:50:19  NOTIFY : Headquarters : RECEIVED : NOTIFY_MSG_R_U_HERE
23-02-2007 21:50:19  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE_ACK
23-02-2007 21:50:34  NOTIFY : Headquarters : RECEIVED : NOTIFY_MSG_R_U_HERE
23-02-2007 21:50:34  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE_ACK
23-02-2007 21:50:35  NOTIFY : Headquarters : RECEIVED : NOTIFY_MSG_R_U_HERE
23-02-2007 21:50:35  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE_ACK
23-02-2007 21:50:49  NOTIFY : Headquarters : RECEIVED : NOTIFY_MSG_R_U_HERE
23-02-2007 21:50:49  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE_ACK
23-02-2007 21:50:49  NOTIFY : Headquarters : RECEIVED : NOTIFY_MSG_R_U_HERE
23-02-2007 21:50:49  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE_ACK
23-02-2007 21:50:52  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE
23-02-2007 21:50:52  NOTIFY : Headquarters : RECEIVED : NOTIFY_MSG_R_U_HERE_ACK
23-02-2007 21:50:59  IPSDIAL  - disconnecting from Headquarters on channel 1.
23-02-2007 21:51:01  IPSDIAL  - disconnected from Headquarters on channel 1.
23-02-2007 21:51:34  IPSDIALCHAN::start building connection
23-02-2007 21:51:34  NCPIKE-phase1:name(Headquarters) - outgoing connect request - main mode.
23-02-2007 21:51:34  XMIT_MSG1_MAIN - Headquarters
23-02-2007 21:51:34  RECV_MSG2_MAIN - Headquarters
23-02-2007 21:51:34  IPSDIAL->FINAL_TUNNEL_ENDPOINT:085.082.002.135
23-02-2007 21:51:34  IKE phase I: Setting LifeTime to 28800 seconds
23-02-2007 21:51:34  Turning on XAUTH mode - Headquarters
23-02-2007 21:51:34  Headquarters ->Support for NAT-T version - 3
23-02-2007 21:51:34  XMIT_MSG3_MAIN - Headquarters
23-02-2007 21:51:35  RECV_MSG4_MAIN - Headquarters
23-02-2007 21:51:35  Turning on NATD mode - Headquarters - 1
23-02-2007 21:51:35  XMIT_MSG5_MAIN - Headquarters
23-02-2007 21:51:35  RECV_MSG6_MAIN - Headquarters
23-02-2007 21:51:35  Turning on DPD mode - Headquarters
23-02-2007 21:51:35  NCPIKE-phase1:name(Headquarters) - connected
23-02-2007 21:51:35  RECV_XAUTH_REQUEST
23-02-2007 21:51:35  XMIT_XAUTH_REPLY
23-02-2007 21:51:35  RECV_XAUTH_SET
23-02-2007 21:51:35  XMIT_XAUTH_ACK
23-02-2007 21:51:35  NCPIKE-xauth:name(Headquar) - IkeXauth: enter state open
23-02-2007 21:51:35  XMIT_MSG1_QUICK - Headquarters
23-02-2007 21:51:35  RECV_MSG2_QUICK - Headquarters
23-02-2007 21:51:35  XMIT_MSG3_QUICK - Headquarters
23-02-2007 21:51:35  NCPIKE-phase2:name(Headquarters) - connected
23-02-2007 21:51:35  IPSDIAL  - connected to Headquarters on channel 1.
23-02-2007 21:51:35  IPCP  - connected to Headquarters with IP Address: 192.168.254.002. : 192.168.254.003.
23-02-2007 21:51:41  IPSDIAL  - disconnecting from Headquarters on channel 1.
23-02-2007 21:51:42  IPSDIAL  - disconnected from Headquarters on channel 1.
23-02-2007 21:52:18  IPSDIALCHAN::start building connection
23-02-2007 21:52:18  NCPIKE-phase1:name(Headquarters) - outgoing connect request - main mode.
23-02-2007 21:52:18  XMIT_MSG1_MAIN - Headquarters
23-02-2007 21:52:35  NCPIKE-phase1:name(Headquarters) - error - retry timeout - max retries
23-02-2007 21:52:35  NCPIKE-phase2:name(Headquarters) - error - cleared by phase1
23-02-2007 21:52:35  IPSDIAL  - disconnected from Headquarters on channel 1.
23-02-2007 21:53:10  IPSDIALCHAN::start building connection
23-02-2007 21:53:10  NCPIKE-phase1:name(Headquarters) - outgoing connect request - main mode.
23-02-2007 21:53:10  XMIT_MSG1_MAIN - Headquarters
23-02-2007 21:53:10  RECV_MSG2_MAIN - Headquarters
23-02-2007 21:53:10  IPSDIAL->FINAL_TUNNEL_ENDPOINT:085.082.002.135
23-02-2007 21:53:10  IKE phase I: Setting LifeTime to 28800 seconds
23-02-2007 21:53:10  Turning on XAUTH mode - Headquarters
23-02-2007 21:53:10  Headquarters ->Support for NAT-T version - 3
23-02-2007 21:53:10  XMIT_MSG3_MAIN - Headquarters
23-02-2007 21:53:10  RECV_MSG4_MAIN - Headquarters
23-02-2007 21:53:10  Turning on NATD mode - Headquarters - 1
23-02-2007 21:53:10  XMIT_MSG5_MAIN - Headquarters
23-02-2007 21:53:10  RECV_MSG6_MAIN - Headquarters
23-02-2007 21:53:10  Turning on DPD mode - Headquarters
23-02-2007 21:53:10  NCPIKE-phase1:name(Headquarters) - connected
23-02-2007 21:53:10  RECV_XAUTH_REQUEST
23-02-2007 21:53:10  XMIT_XAUTH_REPLY
23-02-2007 21:53:10  RECV_XAUTH_SET
23-02-2007 21:53:10  XMIT_XAUTH_ACK
23-02-2007 21:53:10  NCPIKE-xauth:name(Headquar) - IkeXauth: enter state open
23-02-2007 21:53:10  XMIT_MSG1_QUICK - Headquarters
23-02-2007 21:53:11  RECV_MSG2_QUICK - Headquarters
23-02-2007 21:53:11  XMIT_MSG3_QUICK - Headquarters
23-02-2007 21:53:11  NCPIKE-phase2:name(Headquarters) - connected
23-02-2007 21:53:11  IPSDIAL  - connected to Headquarters on channel 1.
23-02-2007 21:53:11  IPCP  - connected to Headquarters with IP Address: 192.168.254.002. : 192.168.254.003.
23-02-2007 21:53:30  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE
23-02-2007 21:53:30  NOTIFY : Headquarters : RECEIVED : NOTIFY_MSG_R_U_HERE_ACK
23-02-2007 21:53:37  IPSDIAL  - disconnecting from Headquarters on channel 1.
23-02-2007 21:53:38  IPSDIAL  - disconnected from Headquarters on channel 1.
23-02-2007 21:53:55  IPSDIALCHAN::start building connection
23-02-2007 21:53:55  NCPIKE-phase1:name(Headquarters) - outgoing connect request - main mode.
23-02-2007 21:53:55  XMIT_MSG1_MAIN - Headquarters
23-02-2007 21:54:13  NCPIKE-phase1:name(Headquarters) - error - retry timeout - max retries
23-02-2007 21:54:13  NCPIKE-phase2:name(Headquarters) - error - cleared by phase1
23-02-2007 21:54:13  IPSDIAL  - disconnected from Headquarters on channel 1.
23-02-2007 21:54:18  IPSDIALCHAN::start building connection
23-02-2007 21:54:18  NCPIKE-phase1:name(Headquarters) - outgoing connect request - main mode.
23-02-2007 21:54:18  XMIT_MSG1_MAIN - Headquarters
23-02-2007 21:54:20  IPSDIAL  - disconnecting from Headquarters on channel 1.
23-02-2007 21:54:20  NCPIKE-phase2:name(Headquarters) - error - cleared by phase1
23-02-2007 21:54:20  IPSDIAL  - disconnected from Headquarters on channel 1.
23-02-2007 21:54:26  IPSDIALCHAN::start building connection
23-02-2007 21:54:26  NCPIKE-phase1:name(Headquarters) - outgoing connect request - main mode.
23-02-2007 21:54:26  XMIT_MSG1_MAIN - Headquarters
23-02-2007 21:54:29  RECV_MSG2_MAIN - Headquarters
23-02-2007 21:54:29  IPSDIAL->FINAL_TUNNEL_ENDPOINT:085.082.002.135
23-02-2007 21:54:29  IKE phase I: Setting LifeTime to 28800 seconds
23-02-2007 21:54:29  Turning on XAUTH mode - Headquarters
23-02-2007 21:54:29  Headquarters ->Support for NAT-T version - 3
23-02-2007 21:54:29  XMIT_MSG3_MAIN - Headquarters
23-02-2007 21:54:29  RECV_MSG4_MAIN - Headquarters
23-02-2007 21:54:29  Turning on NATD mode - Headquarters - 1
23-02-2007 21:54:29  XMIT_MSG5_MAIN - Headquarters
23-02-2007 21:54:29  RECV_MSG6_MAIN - Headquarters
23-02-2007 21:54:29  Turning on DPD mode - Headquarters
23-02-2007 21:54:29  NCPIKE-phase1:name(Headquarters) - connected
23-02-2007 21:54:29  RECV_XAUTH_REQUEST
23-02-2007 21:54:29  XMIT_XAUTH_REPLY
23-02-2007 21:54:29  RECV_XAUTH_SET
23-02-2007 21:54:29  XMIT_XAUTH_ACK
23-02-2007 21:54:29  NCPIKE-xauth:name(Headquar) - IkeXauth: enter state open
23-02-2007 21:54:29  XMIT_MSG1_QUICK - Headquarters
23-02-2007 21:54:29  RECV_MSG2_QUICK - Headquarters
23-02-2007 21:54:29  XMIT_MSG3_QUICK - Headquarters
23-02-2007 21:54:29  NCPIKE-phase2:name(Headquarters) - connected
23-02-2007 21:54:30  IPSDIAL  - connected to Headquarters on channel 1.
23-02-2007 21:54:30  IPCP  - connected to Headquarters with IP Address: 192.168.254.002. : 192.168.254.003.
23-02-2007 21:54:49  NOTIFY : Headquarters : RECEIVED : NOTIFY_MSG_R_U_HERE
23-02-2007 21:54:49  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE_ACK
23-02-2007 21:54:49  NOTIFY : Headquarters : RECEIVED : NOTIFY_MSG_R_U_HERE
23-02-2007 21:54:49  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE_ACK
23-02-2007 21:54:49  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE
23-02-2007 21:54:49  NOTIFY : Headquarters : RECEIVED : NOTIFY_MSG_R_U_HERE_ACK
23-02-2007 21:55:04  NOTIFY : Headquarters : RECEIVED : NOTIFY_MSG_R_U_HERE
23-02-2007 21:55:04  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE_ACK
23-02-2007 21:55:05  NOTIFY : Headquarters : RECEIVED : NOTIFY_MSG_R_U_HERE
23-02-2007 21:55:05  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE_ACK
23-02-2007 21:55:19  NOTIFY : Headquarters : RECEIVED : NOTIFY_MSG_R_U_HERE
23-02-2007 21:55:19  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE_ACK
23-02-2007 21:55:19  NOTIFY : Headquarters : RECEIVED : NOTIFY_MSG_R_U_HERE
23-02-2007 21:55:19  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE_ACK
23-02-2007 21:55:34  NOTIFY : Headquarters : RECEIVED : NOTIFY_MSG_R_U_HERE
23-02-2007 21:55:34  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE_ACK
23-02-2007 21:55:35  NOTIFY : Headquarters : RECEIVED : NOTIFY_MSG_R_U_HERE
23-02-2007 21:55:35  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE_ACK
23-02-2007 21:55:49  NOTIFY : Headquarters : RECEIVED : NOTIFY_MSG_R_U_HERE
23-02-2007 21:55:49  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE_ACK
23-02-2007 21:55:49  NOTIFY : Headquarters : RECEIVED : NOTIFY_MSG_R_U_HERE
23-02-2007 21:55:49  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE_ACK
23-02-2007 21:55:49  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE
23-02-2007 21:55:49  NOTIFY : Headquarters : RECEIVED : NOTIFY_MSG_R_U_HERE_ACK
So checking the Network Associates Desktop firewall log on the laptop reveals the following traffic as it set to log both permitted traffic as blocked traffic:

On port 4500 there is communiction on UDP - Incoming

Onport 37905 incoming traffic UDP

But except from that there is no traffic from what I can see in the active/live firewall log on the machine.
There is no attempt to send traffic on port 500. That is wrong, isn't it?

VPN is not exactly my sharp corner so..
Found this in the DS-601 VPN client log:

28-02-2007 21:58:57  IPCP  - connected to Headquarters with IP Address: 192.168.254.002. : IKE(isakmp) - Headquarters:Decrypt error(2)

Decrypt error 2?

Could this be the missing link?
Some more ds-601 log:

28-02-2007 22:16:05  Protecting RAS adapter - 0
28-02-2007 22:16:13  IPSDIALCHAN::start building connection
28-02-2007 22:16:13  NCPIKE-phase1:name(Headquarters) - outgoing connect request - main mode.
28-02-2007 22:16:13  XMIT_MSG1_MAIN - Headquarters
28-02-2007 22:16:13  RECV_MSG2_MAIN - Headquarters
28-02-2007 22:16:13  IKE phase I: Setting LifeTime to 28800 seconds
28-02-2007 22:16:13  Headquarters ->Support for NAT-T version - 3
28-02-2007 22:16:13  XMIT_MSG3_MAIN - Headquarters
28-02-2007 22:16:13  IPSDIAL->FINAL_TUNNEL_ENDPOINT:085.082.002.135
28-02-2007 22:16:13  RECV_MSG4_MAIN - Headquarters
28-02-2007 22:16:13  Turning on NATD mode - Headquarters - 1
28-02-2007 22:16:13  XMIT_MSG5_MAIN - Headquarters
28-02-2007 22:16:44  RECV_MSG6_MAIN - Headquarters
28-02-2007 22:16:44  Turning on DPD mode - Headquarters
28-02-2007 22:16:44  NCPIKE-phase1:name(Headquarters) - connected
28-02-2007 22:16:44  XMIT_MSG1_QUICK - Headquarters
28-02-2007 22:16:44  RECV_MSG2_QUICK - Headquarters
28-02-2007 22:16:44  XMIT_MSG3_QUICK - Headquarters
28-02-2007 22:16:44  NCPIKE-phase2:name(Headquarters) - connected
28-02-2007 22:16:44  IPSDIAL  - connected to Headquarters on channel 1.
28-02-2007 22:16:44  IPCP  - connected to Headquarters with IP Address: 192.168.254.002. : 192.168.254.003.
28-02-2007 22:17:03  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE
28-02-2007 22:17:13  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE
28-02-2007 22:17:13  NOTIFY : Headquarters : RECEIVED : NOTIFY_MSG_R_U_HERE_ACK
28-02-2007 22:18:03  NOTIFY : Headquarters : SENT : NOTIFY_MSG_R_U_HERE
28-02-2007 22:18:03  NOTIFY : Headquarters : RECEIVED : NOTIFY_MSG_R_U_HERE_ACK
And finally some firewall log files from DFL-700:

2007-02-28 21:25:50] <5>EFW: DROP: rule=LocalUndelivered action=drop reason=unhandled_local recvif=WAN srcip=83.93.150.68 destip=85.82.2.135 ipproto=UDP ipdatalen=64 srcport=4500 destport=4500 udptotlen=64
        
        [2007-02-28 21:25:44] <5>EFW: DROP: rule=LocalUndelivered action=drop reason=unhandled_local recvif=WAN srcip=83.93.150.68 destip=85.82.2.135 ipproto=UDP ipdatalen=764 srcport=4500 destport=4500 udptotlen=764
        
        [2007-02-28 21:25:39] <5>EFW: DROP: rule=LocalUndelivered action=drop reason=unhandled_local recvif=WAN srcip=83.93.150.68 destip=85.82.2.135 ipproto=UDP ipdatalen=764 srcport=4500 destport=4500 udptotlen=764
        
        [2007-02-28 21:25:35] <5>EFW: DROP: rule=LocalUndelivered action=drop reason=unhandled_local recvif=WAN srcip=83.93.150.68 destip=85.82.2.135 ipproto=UDP ipdatalen=764 srcport=4500 destport=4500 udptotlen=764
        
        [2007-02-28 21:25:32] <5>EFW: DROP: rule=LocalUndelivered action=drop reason=unhandled_local recvif=WAN srcip=83.93.150.68 destip=85.82.2.135 ipproto=UDP ipdatalen=764 srcport=4500 destport=4500 udptotlen=764
        
        [2007-02-28 21:25:23] <6>EFW: IPSEC: prio=1 Phase-1 [responder] between ipv4(udp:500,[0..3]=85.82.2.135) and ipv4(any:0,[0..3]=192.168.254.2) done.
        [2007-02-28 21:20:32] <5>EFW: DROP: rule=LogOpenFails reason=no_new_conn_for_this_packet recvif=WAN srcip=83.93.150.68 destip=85.82.2.135 ipproto=TCP ipdatalen=20 srcport=1523 destport=39506 rst=1
        
        [2007-02-28 21:20:03] <5>EFW: DROP: rule=LogOpenFails reason=no_new_conn_for_this_packet recvif=WAN srcip=83.93.150.68 destip=85.82.2.135 ipproto=TCP ipdatalen=20 srcport=1521 destport=39506 rst=1
        
        [2007-02-28 21:20:02] <5>EFW: DROP: prio=2 rule=dropall-final action=drop recvif=Roaming_user srcip=192.168.1.8 destip=192.168.253.1 ipproto=ICMP ipdatalen=40 icmptype=ECHO_REQUEST echoid=768 echoseq=1024
        
        [2007-02-28 21:19:56] <5>EFW: DROP: prio=2 rule=dropall-final action=drop recvif=Roaming_user srcip=192.168.1.8 destip=192.168.253.1 ipproto=ICMP ipdatalen=40 icmptype=ECHO_REQUEST echoid=768 echoseq=768
        
        [2007-02-28 21:19:51] <5>EFW: DROP: prio=2 rule=dropall-final action=drop recvif=Roaming_user srcip=192.168.1.8 destip=192.168.253.1 ipproto=ICMP ipdatalen=40 icmptype=ECHO_REQUEST echoid=768 echoseq=512
        
        [2007-02-28 21:19:45] <5>EFW: DROP: prio=2 rule=dropall-final action=drop recvif=Roaming_user srcip=192.168.1.8 destip=192.168.253.1 ipproto=ICMP ipdatalen=40 icmptype=ECHO_REQUEST echoid=768 echoseq=256
        
        [2007-02-28 21:18:32] <5>EFW: CONN: rule=IPsecBeforeRules conn=close connipproto=UDP connrecvif=WAN connsrcip=83.93.150.68 connsrcport=500 conndestif=core conndestip=85.82.2.135 conndestport=500 origsent=1064 termsent=0
        €
        [2007-02-28 21:18:04] <5>EFW: DROP: prio=2 rule=dropall-final action=drop recvif=WAN srcip=202.97.238.204 destip=85.82.2.135 ipproto=UDP ipdatalen=466 srcport=35420 destport=1026 udptotlen=466
        
        [2007-02-28 21:16:52] <6>EFW: IPSEC: prio=1 SA ESP[bc34b4b4] alg [rijndael-cbc/16]+hmac[hmac-md5-96] bundle [24,0] pri 0 opts udpencap src=ipv4(any:0,[0..3]=192.168.1.8) dst=ipv4_subnet(any:0,[0..7]=192.168.253.0/24)
        
        [2007-02-28 21:16:52] <6>EFW: IPSEC: prio=1 SA ESP[1cdcc858] alg [rijndael-cbc/16]+hmac[hmac-md5-96] bundle [24,0] pri 0 opts udpencap src=ipv4_subnet(any:0,[0..7]=192.168.253.0/24) dst=ipv4(any:0,[0..3]=192.168.1.8)
        
        [2007-02-28 21:16:52] <6>EFW: IPSEC: prio=1 Phase-2 [responder] done bundle 24 with 2 SA's by rule 10:`ipsec ipv4_subnet(any:0,[0..7]=192.168.253.0/24)<->ipv4_subnet(any:0,[0..7]=0.0.0.0/0)'
        
        
        [2007-02-28 21:16:22] <6>EFW: IPSEC: prio=1 Phase-1 [responder] between ipv4(udp:500,[0..3]=85.82.2.135) and ipv4(any:0,[0..3]=192.168.254.2) done.
        
        [2007-02-28 21:16:22] <5>EFW: CONN: rule=IPsecBeforeRules conn=open connipproto=UDP connrecvif=WAN connsrcip=83.93.150.68 connsrcport=4500 conndestif=core conndestip=85.82.2.135 conndestport=4500
        
        [2007-02-28 21:16:21] <5>EFW: CONN: rule=IPsecBeforeRules conn=open connipproto=UDP connrecvif=WAN connsrcip=83.93.150.68 connsrcport=500 conndestif=core conndestip=85.82.2.135 conndestport=500
        
        [2007-02-28 21:15:54] <5>EFW: TIMESYNC: recvif=WAN srcip=130.235.20.3 destip=85.82.2.135 ipproto=UDP ipdatalen=56 srcport=123 destport=123 udptotlen=56 action=synced clockdrift=2 timeserver=130.235.20.3 reason=clockdrift
        
        [2007-02-28 21:15:52] <5>EFW: SYSTEM: cfgfile=FWCore_N.cfg cfgver=319 bidir=ok
        
        [2007-02-28 21:15:47] <5>EFW: NETCON: event=init_complete
        
        [2007-02-28 21:15:39] <5>EFW: DROP: rule=LogOpenFails reason=no_new_conn_for_this_packet recvif=WAN srcip=83.93.150.68 destip=85.82.2.135 ipproto=TCP ipdatalen=20 srcport=1483 destport=39506 rst=1
        
        
        [2007-02-28 21:15:37] <5>EFW: DROP: rule=LogOpenFails reason=no_new_conn_for_this_packet recvif=WAN srcip=83.93.150.68 destip=85.82.2.135 ipproto=TCP ipdatalen=20 srcport=1480 destport=39506 rst=1
        
        [2007-02-28 21:14:57] <5>EFW: CONN: rule=IPsecBeforeRules conn=close connipproto=UDP connrecvif=WAN connsrcip=83.93.150.68 connsrcport=4500 conndestif=core conndestip=85.82.2.135 conndestport=4500 origsent=7452 termsent=0
        
        [2007-02-28 21:14:14] <5>EFW: DROP: rule=LogOpenFails reason=no_new_conn_for_this_packet recvif=WAN srcip=83.93.150.68 destip=85.82.2.135 ipproto=TCP ipdatalen=20 srcport=1436 destport=39506 rst=1
        
        [2007-02-28 21:14:10] <5>EFW: DROP: rule=LogOpenFails reason=no_new_conn_for_this_packet recvif=WAN srcip=83.93.150.68 destip=85.82.2.135 ipproto=TCP ipdatalen=20 srcport=1420 destport=39506 rst=1
        
        [2007-02-28 21:14:07] <5>EFW: DROP: rule=LogOpenFails reason=no_new_conn_for_this_packet recvif=WAN srcip=83.93.150.68 destip=85.82.2.135 ipproto=TCP ipdatalen=20 srcport=1417 destport=39506 rst=1
        
        [2007-02-28 21:13:53] <5>EFW: CONN: rule=IPsecBeforeRules conn=close connipproto=UDP connrecvif=WAN connsrcip=83.93.150.68 connsrcport=500 conndestif=core conndestip=85.82.2.135 conndestport=500 origsent=2128 termsent=0
        
        [2007-02-28 21:12:46] <5>EFW: DROP: rule=LocalUndelivered action=drop reason=unhandled_local recvif=WAN srcip=83.93.150.68 destip=85.82.2.135 ipproto=UDP ipdatalen=64 srcport=4500 destport=4500 udptotlen=64
        
        [2007-02-28 21:12:40] <5>EFW: DROP: rule=LocalUndelivered action=drop reason=unhandled_local recvif=WAN srcip=83.93.150.68 destip=85.82.2.135 ipproto=UDP ipdatalen=1380 srcport=4500 destport=4500 udptotlen=1380
        
        [2007-02-28 21:12:35] <5>EFW: DROP: rule=LocalUndelivered action=drop reason=unhandled_local recvif=WAN srcip=83.93.150.68 destip=85.82.2.135 ipproto=UDP ipdatalen=1380 srcport=4500 destport=4500 udptotlen=1380
        
        [2007-02-28 21:12:31] <5>EFW: DROP: rule=LocalUndelivered action=drop reason=unhandled_local recvif=WAN srcip=83.93.150.68 destip=85.82.2.135 ipproto=UDP ipdatalen=1380 srcport=4500 destport=4500 udptotlen=1380
        
        [2007-02-28 21:12:29] <5>EFW: DROP: rule=LocalUndelivered action=drop reason=unhandled_local recvif=WAN srcip=83.93.150.68 destip=85.82.2.135 ipproto=UDP ipdatalen=1380 srcport=4500 destport=4500 udptotlen=1380
        
        
A question:
When the VPN is connection is established - should not all traffic be automatically be routed through/to the VPN - my 5 cents is no traffic should flow through the normal unencrypted NIC/ lan connection ?

Or am I totally wrong in my thinking?

Thanks..
All traffic between the defined networks should go through the VPN.  I'm still digesting the logs.  What is you new IP range for you LAN?  I see reference in the log to 192.168.254.0 and 192.168.253.0.  
that is correct - 192.168.254.0 and 192.168.253.0.

But traffic like for example http netbios etc goes through the normal nic.
Anyhow - In the meanwhile I actually had a successful connection to  our file server on TS/remote desktop connection from the cafe - That is a giant leap! - But still nothing else flows through as mentioned above.
You cannot for example connect to mapped networkdrives on the server - you have to logon through ts. Right now I'm back in the office again since they are closed (its pretty late here) so I have to do the rest from our office or continue tomorrow. - But lets try :-)
You are going to need a WINS server to do handle the NETBIOS name resolution (UNC path) such as \\myserver\sharedfolder.  You can use  \\ipaddress\sharedfolder without WINS.
Hi hancke,

So everything is its order now?
I'm thinking so.  Try accessing the drive map with an IP and let me know how it works.  Do you have a WINS server?  
Excellent hancke, thanks! :-)
Yeah it comes in the bundle with Ms Enterprise Edition think - but we never used it.

Do you know anything about config it/have you worked with WINS - I mean any cons?

If you are going to use NETBIOS names, aka computer name, you are going to need WINS.  WINS is to NETBIOS as DNS is to domain names.

www.mysite.com = DNS (FQDN) resolution to IP
\\myofficepc\shared = WINS (NETBIOS) resolution to IP

I know that part :-) -we haven't just had a need for it until now - we are running our own dns server, but we did not have a need to WINS until now. But its just matter of running the server config wizard in 2003 server enterprise. i will try to get one of my colleges or my selves to set it up for us.

Anways.... -  thanks hancke for all  the help!