Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Pro-safe VPN client

Posted on 2009-04-06
9
Medium Priority
?
1,067 Views
Last Modified: 2012-05-06
Hi ,
I am trying to setup a VPN client for a remote connection, the remote Firewall is a prosafe VPN fvs114. with the following config.

Please verify your inputs:
  Connection Name:  pnd_vpn
  Exchange Type:  Aggressive Mode
  ID Type:  FQDN
  Remote WAN ID:  fvs_remote
  Remote VPN Endpoint:  0.0.0.0
  Remote Client Access:  By Single
  Remote IP:  0.0.0.0
  Local WAN ID:  fvs_local
  Local Client Access:  By Subnet
  Local IP:  192.168.0.0/255.255.255.0

I think i have configured the client correctly.
but it wont connect.
I am using Netgear prosafe VPN Client with license.
I also noticed the log says " this is a GA Version of Netgear prosafe VPN Client.
is it compatible with the fvs114 FW

Here is what the logs say from the VPN Clent.
 4-06: 10:55:33.234 This is a GA version of NETGEAR ProSafe VPN Client.
 4-06: 10:55:33.500 Filter table loaded (2 entries).
 4-06: 10:55:33.500 My Connections\Other Connections - Filter record 2 updated.
 4-06: 10:55:40.469
 4-06: 10:55:40.469 My Connections\Pnv_vpn - Initiating IKE Phase 1 (IP ADDR=*.*.*.)
 4-06: 10:55:40.625 My Connections\Pnv_vpn - SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID 6x)
 4-06: 10:56:26.220 My Connections\Pnv_vpn - message not received! Retransmitting!
 4-06: 10:56:26.220 My Connections\Pnv_vpn - SENDING>>>> ISAKMP OAK AG (Retransmission)
 4-06: 10:57:11.220 My Connections\Pnv_vpn - message not received! Retransmitting!
 4-06: 10:57:11.220 My Connections\Pnv_vpn - SENDING>>>> ISAKMP OAK AG (Retransmission)
 4-06: 10:57:15.876 This is a GA version of NETGEAR ProSafe VPN Client.
 4-06: 10:57:16.142 Filter table loaded (2 entries).
 4-06: 10:57:16.158 My Connections\Other Connections - Filter record 2 updated.
 4-06: 10:57:46.189 This is a GA version of NETGEAR ProSafe VPN Client.
 4-06: 10:57:46.455 Filter table loaded (2 entries).
 4-06: 10:57:46.455 My Connections\Other Connections - Filter record 2 updated.
 4-06: 10:57:58.252
 4-06: 10:57:58.252 My Connections\Pnv_vpn - Initiating IKE Phase 1 (IP ADDR=*.*.*.*)
 4-06: 10:57:58.408 My Connections\Pnv_vpn - SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID 6x)
 4-06: 10:58:43.471 My Connections\Pnv_vpn - message not received! Retransmitting!
 4-06: 10:58:43.471 My Connections\Pnv_vpn - SENDING>>>> ISAKMP OAK AG (Retransmission)
 4-06: 10:59:28.472 My Connections\Pnv_vpn - message not received! Retransmitting!
 4-06: 10:59:28.472 My Connections\Pnv_vpn - SENDING>>>> ISAKMP OAK AG (Retransmission)
 4-06: 11:00:13.472 My Connections\Pnv_vpn - message not received! Retransmitting!
 4-06: 11:00:13.472 My Connections\Pnv_vpn - SENDING>>>> ISAKMP OAK AG (Retransmission)
 4-06: 11:00:43.488 This is a GA version of NETGEAR ProSafe VPN Client.
 4-06: 11:00:43.738 Filter table loaded (1 entries).

Any ideas would be gratefully appericated


 

0
Comment
Question by:pndoyleuk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 32

Expert Comment

by:dpk_wal
ID: 24086043
The logs indicate that phase I itself is not going through; can you check that you have specified the public IP of netgear in client configuration.
Also, that the IP address is proper.

If you have any firewalls on the machine, disable them and check the result. We can create an exception on firewall later if firewall is a problem.

Please check and update.

Thank you.
0
 

Author Comment

by:pndoyleuk
ID: 24086066
will check later, when i get home.
Thanks
0
 
LVL 4

Expert Comment

by:mycroftx
ID: 24113143
you will also want to check that TCP & UDP 500 are open, this is specific to the FVS114.  Not a great router in my opinion...I have a dozen or so in the warehouse that have been replaced by FVS318'2, 338's and FVX538's.
0
Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

 

Author Comment

by:pndoyleuk
ID: 24126214
now I get different errors like
QM re-keying timed out. Retry count: 1

  MY COOKIE 4f 55 e7 2d 26 58 71 20
 4-12: 16:58:02.281 My Connections\vpn_home -   HIS COOKIE b1 da 5d 30 8e 69 d5 f7
 4-12: 16:58:02.437 My Connections\vpn_home - Initiating IKE Phase 2 with Client IDs (message id: 8FC722EF)
 4-12: 16:58:02.437 My Connections\vpn_home -   Initiator = IP ADDR=192.168.1.2, prot = 0 port = 0
 4-12: 16:58:02.437 My Connections\vpn_home -   Responder = IP SUBNET/MASK=192.168.0.1/255.255.255.255, prot = 0 port = 0
 4-12: 16:58:02.437 My Connections\vpn_home - SENDING>>>> ISAKMP OAK QM *(HASH, SA, NON, KE, ID 2x)
 4-12: 16:58:47.703 My Connections\vpn_home - QM re-keying timed out. Retry count: 1
 4-12: 16:58:47.703 My Connections\vpn_home - SENDING>>>> ISAKMP OAK QM *(Retransmission)
 4-12: 16:59:11.343 My Connections\vpn_home - Deleting IKE SA (IP ADDR=82.35.9.195)
 4-12: 16:59:11.343 My Connections\vpn_home -   MY COOKIE 4f 55 e7 2d 26 58 71 20
 4-12: 16:59:11.343 My Connections\vpn_home -   HIS COOKIE b1 da 5d 30 8e 69 d5 f7
 4-12: 16:59:11.343 My Connections\vpn_home - SENDING>>>> ISAKMP OAK INFO *(HASH, DEL)
 4-12: 16:59:11.343 This is a GA version of NETGEAR ProSafe VPN Client.
 4-12: 16:59:11.625 Filter table loaded (2 entries).
 4-12: 16:59:31.953
 4-12: 16:59:31.953 My Connections\vpn_home - Initiating IKE Phase 1 (IP ADDR=*.*.*.*.*)
 4-12: 16:59:32.109 My Connections\vpn_home - SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID 6x)
 4-12: 16:59:35.062 My Connections\vpn_home - RECEIVED<<< ISAKMP OAK AG (SA, KE, NON, ID, HASH)
 4-12: 16:59:35.171 My Connections\vpn_home - SENDING>>>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_REPLAY_STATUS, NOTIFY:STATUS_INITIAL_CONTACT)
 4-12: 16:59:35.171 My Connections\vpn_home - Established IKE SA
 4-12: 16:59:35.171 My Connections\vpn_home -   MY COOKIE 43 7b 22 35 66 90 16 96
 4-12: 16:59:35.171 My Connections\vpn_home -   HIS COOKIE 7a 27 bd 7d 32 52 96 1c
 4-12: 16:59:35.312 My Connections\vpn_home - Initiating IKE Phase 2 with Client IDs (message id: CA0E6672)
 4-12: 16:59:35.312 My Connections\vpn_home -   Initiator = IP ADDR=192.168.1.2, prot = 0 port = 0
 4-12: 16:59:35.312 My Connections\vpn_home -   Responder = IP SUBNET/MASK=192.168.0.1/255.255.255.255, prot = 0 port = 0
 4-12: 16:59:35.312 My Connections\vpn_home - SENDING>>>> ISAKMP OAK QM *(HASH, SA, NON, KE, ID 2x)
 4-12: 17:00:20.703 My Connections\vpn_home - QM re-keying timed out. Retry count: 1
 4-12: 17:00:20.703 My Connections\vpn_home - SENDING>>>> ISAKMP OAK QM *(Retransmission)
 4-12: 17:01:05.703 My Connections\vpn_home - QM re-keying timed out. Retry count: 2
 4-12: 17:01:05.703 My Connections\vpn_home - SENDING>>>> ISAKMP OAK QM *(Retransmission)
 4-12: 17:01:19.765 My Connections\vpn_home - Deleting IKE SA (IP ADDR=82.35.9.195)
 4-12: 17:01:19.765 My Connections\vpn_home -   MY COOKIE 43 7b 22 35 66 90 16 96
 4-12: 17:01:19.765 My Connections\vpn_home -   HIS COOKIE 7a 27 bd 7d 32 52 96 1c
 4-12: 17:01:19.765 My Connections\vpn_home - SENDING>>>> ISAKMP OAK INFO *(HASH, DEL)
 4-12: 17:01:19.765 This is a GA version of NETGEAR ProSafe VPN Client.
 4-12: 17:01:20.031 Filter table loaded (2 entries).
0
 
LVL 4

Accepted Solution

by:
mycroftx earned 2000 total points
ID: 24127106
Do you have the 1.1_5 firmware update?  If not, get it here... http://kb.netgear.com/app/answers/detail/a_id/438
Try looking at this 'How To' and see if it fits you application, it for Win 2000 but should be close.  Configuring VPN with a NETGEAR VPN Router and a Computer Running Windows 2000... http://kb.netgear.com/app/answers/detail/a_id/970

 
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 24127860
QM means that Quick mode or phase II of the VPN tunnel is not going through; can you make sure that the subnet IP you have specified under Remote party identity and Addressing on the client, matches the subnet IP behind router.
Also, under phase II proposals the specified parameters match with configuration on router.

Please check and update.

Thank you.
0
 

Author Comment

by:pndoyleuk
ID: 24135298
Hi
Anyone know what this means
"QM re-keying timed out. Retry count: 1"
0
 
LVL 4

Expert Comment

by:mycroftx
ID: 24143918
I think that is a PSK failure, or one side of the VPN is failing to respond.  Might be a port block issue.  You might try looking at this guide...just ran up on it.
http://forum1.netgear.com/showthread.php?t=7040
 
0
 

Author Comment

by:pndoyleuk
ID: 24145551
Will Check Later. Thanks
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question