Solved

Pro-safe VPN client

Posted on 2009-04-06
9
1,058 Views
Last Modified: 2012-05-06
Hi ,
I am trying to setup a VPN client for a remote connection, the remote Firewall is a prosafe VPN fvs114. with the following config.

Please verify your inputs:
  Connection Name:  pnd_vpn
  Exchange Type:  Aggressive Mode
  ID Type:  FQDN
  Remote WAN ID:  fvs_remote
  Remote VPN Endpoint:  0.0.0.0
  Remote Client Access:  By Single
  Remote IP:  0.0.0.0
  Local WAN ID:  fvs_local
  Local Client Access:  By Subnet
  Local IP:  192.168.0.0/255.255.255.0

I think i have configured the client correctly.
but it wont connect.
I am using Netgear prosafe VPN Client with license.
I also noticed the log says " this is a GA Version of Netgear prosafe VPN Client.
is it compatible with the fvs114 FW

Here is what the logs say from the VPN Clent.
 4-06: 10:55:33.234 This is a GA version of NETGEAR ProSafe VPN Client.
 4-06: 10:55:33.500 Filter table loaded (2 entries).
 4-06: 10:55:33.500 My Connections\Other Connections - Filter record 2 updated.
 4-06: 10:55:40.469
 4-06: 10:55:40.469 My Connections\Pnv_vpn - Initiating IKE Phase 1 (IP ADDR=*.*.*.)
 4-06: 10:55:40.625 My Connections\Pnv_vpn - SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID 6x)
 4-06: 10:56:26.220 My Connections\Pnv_vpn - message not received! Retransmitting!
 4-06: 10:56:26.220 My Connections\Pnv_vpn - SENDING>>>> ISAKMP OAK AG (Retransmission)
 4-06: 10:57:11.220 My Connections\Pnv_vpn - message not received! Retransmitting!
 4-06: 10:57:11.220 My Connections\Pnv_vpn - SENDING>>>> ISAKMP OAK AG (Retransmission)
 4-06: 10:57:15.876 This is a GA version of NETGEAR ProSafe VPN Client.
 4-06: 10:57:16.142 Filter table loaded (2 entries).
 4-06: 10:57:16.158 My Connections\Other Connections - Filter record 2 updated.
 4-06: 10:57:46.189 This is a GA version of NETGEAR ProSafe VPN Client.
 4-06: 10:57:46.455 Filter table loaded (2 entries).
 4-06: 10:57:46.455 My Connections\Other Connections - Filter record 2 updated.
 4-06: 10:57:58.252
 4-06: 10:57:58.252 My Connections\Pnv_vpn - Initiating IKE Phase 1 (IP ADDR=*.*.*.*)
 4-06: 10:57:58.408 My Connections\Pnv_vpn - SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID 6x)
 4-06: 10:58:43.471 My Connections\Pnv_vpn - message not received! Retransmitting!
 4-06: 10:58:43.471 My Connections\Pnv_vpn - SENDING>>>> ISAKMP OAK AG (Retransmission)
 4-06: 10:59:28.472 My Connections\Pnv_vpn - message not received! Retransmitting!
 4-06: 10:59:28.472 My Connections\Pnv_vpn - SENDING>>>> ISAKMP OAK AG (Retransmission)
 4-06: 11:00:13.472 My Connections\Pnv_vpn - message not received! Retransmitting!
 4-06: 11:00:13.472 My Connections\Pnv_vpn - SENDING>>>> ISAKMP OAK AG (Retransmission)
 4-06: 11:00:43.488 This is a GA version of NETGEAR ProSafe VPN Client.
 4-06: 11:00:43.738 Filter table loaded (1 entries).

Any ideas would be gratefully appericated


 

0
Comment
Question by:pndoyleuk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 32

Expert Comment

by:dpk_wal
ID: 24086043
The logs indicate that phase I itself is not going through; can you check that you have specified the public IP of netgear in client configuration.
Also, that the IP address is proper.

If you have any firewalls on the machine, disable them and check the result. We can create an exception on firewall later if firewall is a problem.

Please check and update.

Thank you.
0
 

Author Comment

by:pndoyleuk
ID: 24086066
will check later, when i get home.
Thanks
0
 
LVL 4

Expert Comment

by:mycroftx
ID: 24113143
you will also want to check that TCP & UDP 500 are open, this is specific to the FVS114.  Not a great router in my opinion...I have a dozen or so in the warehouse that have been replaced by FVS318'2, 338's and FVX538's.
0
Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

 

Author Comment

by:pndoyleuk
ID: 24126214
now I get different errors like
QM re-keying timed out. Retry count: 1

  MY COOKIE 4f 55 e7 2d 26 58 71 20
 4-12: 16:58:02.281 My Connections\vpn_home -   HIS COOKIE b1 da 5d 30 8e 69 d5 f7
 4-12: 16:58:02.437 My Connections\vpn_home - Initiating IKE Phase 2 with Client IDs (message id: 8FC722EF)
 4-12: 16:58:02.437 My Connections\vpn_home -   Initiator = IP ADDR=192.168.1.2, prot = 0 port = 0
 4-12: 16:58:02.437 My Connections\vpn_home -   Responder = IP SUBNET/MASK=192.168.0.1/255.255.255.255, prot = 0 port = 0
 4-12: 16:58:02.437 My Connections\vpn_home - SENDING>>>> ISAKMP OAK QM *(HASH, SA, NON, KE, ID 2x)
 4-12: 16:58:47.703 My Connections\vpn_home - QM re-keying timed out. Retry count: 1
 4-12: 16:58:47.703 My Connections\vpn_home - SENDING>>>> ISAKMP OAK QM *(Retransmission)
 4-12: 16:59:11.343 My Connections\vpn_home - Deleting IKE SA (IP ADDR=82.35.9.195)
 4-12: 16:59:11.343 My Connections\vpn_home -   MY COOKIE 4f 55 e7 2d 26 58 71 20
 4-12: 16:59:11.343 My Connections\vpn_home -   HIS COOKIE b1 da 5d 30 8e 69 d5 f7
 4-12: 16:59:11.343 My Connections\vpn_home - SENDING>>>> ISAKMP OAK INFO *(HASH, DEL)
 4-12: 16:59:11.343 This is a GA version of NETGEAR ProSafe VPN Client.
 4-12: 16:59:11.625 Filter table loaded (2 entries).
 4-12: 16:59:31.953
 4-12: 16:59:31.953 My Connections\vpn_home - Initiating IKE Phase 1 (IP ADDR=*.*.*.*.*)
 4-12: 16:59:32.109 My Connections\vpn_home - SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID 6x)
 4-12: 16:59:35.062 My Connections\vpn_home - RECEIVED<<< ISAKMP OAK AG (SA, KE, NON, ID, HASH)
 4-12: 16:59:35.171 My Connections\vpn_home - SENDING>>>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_REPLAY_STATUS, NOTIFY:STATUS_INITIAL_CONTACT)
 4-12: 16:59:35.171 My Connections\vpn_home - Established IKE SA
 4-12: 16:59:35.171 My Connections\vpn_home -   MY COOKIE 43 7b 22 35 66 90 16 96
 4-12: 16:59:35.171 My Connections\vpn_home -   HIS COOKIE 7a 27 bd 7d 32 52 96 1c
 4-12: 16:59:35.312 My Connections\vpn_home - Initiating IKE Phase 2 with Client IDs (message id: CA0E6672)
 4-12: 16:59:35.312 My Connections\vpn_home -   Initiator = IP ADDR=192.168.1.2, prot = 0 port = 0
 4-12: 16:59:35.312 My Connections\vpn_home -   Responder = IP SUBNET/MASK=192.168.0.1/255.255.255.255, prot = 0 port = 0
 4-12: 16:59:35.312 My Connections\vpn_home - SENDING>>>> ISAKMP OAK QM *(HASH, SA, NON, KE, ID 2x)
 4-12: 17:00:20.703 My Connections\vpn_home - QM re-keying timed out. Retry count: 1
 4-12: 17:00:20.703 My Connections\vpn_home - SENDING>>>> ISAKMP OAK QM *(Retransmission)
 4-12: 17:01:05.703 My Connections\vpn_home - QM re-keying timed out. Retry count: 2
 4-12: 17:01:05.703 My Connections\vpn_home - SENDING>>>> ISAKMP OAK QM *(Retransmission)
 4-12: 17:01:19.765 My Connections\vpn_home - Deleting IKE SA (IP ADDR=82.35.9.195)
 4-12: 17:01:19.765 My Connections\vpn_home -   MY COOKIE 43 7b 22 35 66 90 16 96
 4-12: 17:01:19.765 My Connections\vpn_home -   HIS COOKIE 7a 27 bd 7d 32 52 96 1c
 4-12: 17:01:19.765 My Connections\vpn_home - SENDING>>>> ISAKMP OAK INFO *(HASH, DEL)
 4-12: 17:01:19.765 This is a GA version of NETGEAR ProSafe VPN Client.
 4-12: 17:01:20.031 Filter table loaded (2 entries).
0
 
LVL 4

Accepted Solution

by:
mycroftx earned 500 total points
ID: 24127106
Do you have the 1.1_5 firmware update?  If not, get it here... http://kb.netgear.com/app/answers/detail/a_id/438
Try looking at this 'How To' and see if it fits you application, it for Win 2000 but should be close.  Configuring VPN with a NETGEAR VPN Router and a Computer Running Windows 2000... http://kb.netgear.com/app/answers/detail/a_id/970

 
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 24127860
QM means that Quick mode or phase II of the VPN tunnel is not going through; can you make sure that the subnet IP you have specified under Remote party identity and Addressing on the client, matches the subnet IP behind router.
Also, under phase II proposals the specified parameters match with configuration on router.

Please check and update.

Thank you.
0
 

Author Comment

by:pndoyleuk
ID: 24135298
Hi
Anyone know what this means
"QM re-keying timed out. Retry count: 1"
0
 
LVL 4

Expert Comment

by:mycroftx
ID: 24143918
I think that is a PSK failure, or one side of the VPN is failing to respond.  Might be a port block issue.  You might try looking at this guide...just ran up on it.
http://forum1.netgear.com/showthread.php?t=7040
 
0
 

Author Comment

by:pndoyleuk
ID: 24145551
Will Check Later. Thanks
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Like many others, when I created a Windows 2008 RRAS VPN server, I connected via PPTP, and still do, but there are problems that can arise from solely using PPTP.  One particular problem was that the CFO of the company used a Virgin Broadband Wirele…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question