Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1074
  • Last Modified:

Pro-safe VPN client

Hi ,
I am trying to setup a VPN client for a remote connection, the remote Firewall is a prosafe VPN fvs114. with the following config.

Please verify your inputs:
  Connection Name:  pnd_vpn
  Exchange Type:  Aggressive Mode
  ID Type:  FQDN
  Remote WAN ID:  fvs_remote
  Remote VPN Endpoint:  0.0.0.0
  Remote Client Access:  By Single
  Remote IP:  0.0.0.0
  Local WAN ID:  fvs_local
  Local Client Access:  By Subnet
  Local IP:  192.168.0.0/255.255.255.0

I think i have configured the client correctly.
but it wont connect.
I am using Netgear prosafe VPN Client with license.
I also noticed the log says " this is a GA Version of Netgear prosafe VPN Client.
is it compatible with the fvs114 FW

Here is what the logs say from the VPN Clent.
 4-06: 10:55:33.234 This is a GA version of NETGEAR ProSafe VPN Client.
 4-06: 10:55:33.500 Filter table loaded (2 entries).
 4-06: 10:55:33.500 My Connections\Other Connections - Filter record 2 updated.
 4-06: 10:55:40.469
 4-06: 10:55:40.469 My Connections\Pnv_vpn - Initiating IKE Phase 1 (IP ADDR=*.*.*.)
 4-06: 10:55:40.625 My Connections\Pnv_vpn - SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID 6x)
 4-06: 10:56:26.220 My Connections\Pnv_vpn - message not received! Retransmitting!
 4-06: 10:56:26.220 My Connections\Pnv_vpn - SENDING>>>> ISAKMP OAK AG (Retransmission)
 4-06: 10:57:11.220 My Connections\Pnv_vpn - message not received! Retransmitting!
 4-06: 10:57:11.220 My Connections\Pnv_vpn - SENDING>>>> ISAKMP OAK AG (Retransmission)
 4-06: 10:57:15.876 This is a GA version of NETGEAR ProSafe VPN Client.
 4-06: 10:57:16.142 Filter table loaded (2 entries).
 4-06: 10:57:16.158 My Connections\Other Connections - Filter record 2 updated.
 4-06: 10:57:46.189 This is a GA version of NETGEAR ProSafe VPN Client.
 4-06: 10:57:46.455 Filter table loaded (2 entries).
 4-06: 10:57:46.455 My Connections\Other Connections - Filter record 2 updated.
 4-06: 10:57:58.252
 4-06: 10:57:58.252 My Connections\Pnv_vpn - Initiating IKE Phase 1 (IP ADDR=*.*.*.*)
 4-06: 10:57:58.408 My Connections\Pnv_vpn - SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID 6x)
 4-06: 10:58:43.471 My Connections\Pnv_vpn - message not received! Retransmitting!
 4-06: 10:58:43.471 My Connections\Pnv_vpn - SENDING>>>> ISAKMP OAK AG (Retransmission)
 4-06: 10:59:28.472 My Connections\Pnv_vpn - message not received! Retransmitting!
 4-06: 10:59:28.472 My Connections\Pnv_vpn - SENDING>>>> ISAKMP OAK AG (Retransmission)
 4-06: 11:00:13.472 My Connections\Pnv_vpn - message not received! Retransmitting!
 4-06: 11:00:13.472 My Connections\Pnv_vpn - SENDING>>>> ISAKMP OAK AG (Retransmission)
 4-06: 11:00:43.488 This is a GA version of NETGEAR ProSafe VPN Client.
 4-06: 11:00:43.738 Filter table loaded (1 entries).

Any ideas would be gratefully appericated


 

0
pndoyleuk
Asked:
pndoyleuk
  • 4
  • 3
  • 2
1 Solution
 
dpk_walCommented:
The logs indicate that phase I itself is not going through; can you check that you have specified the public IP of netgear in client configuration.
Also, that the IP address is proper.

If you have any firewalls on the machine, disable them and check the result. We can create an exception on firewall later if firewall is a problem.

Please check and update.

Thank you.
0
 
pndoyleukAuthor Commented:
will check later, when i get home.
Thanks
0
 
mycroftxCommented:
you will also want to check that TCP & UDP 500 are open, this is specific to the FVS114.  Not a great router in my opinion...I have a dozen or so in the warehouse that have been replaced by FVS318'2, 338's and FVX538's.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
pndoyleukAuthor Commented:
now I get different errors like
QM re-keying timed out. Retry count: 1

  MY COOKIE 4f 55 e7 2d 26 58 71 20
 4-12: 16:58:02.281 My Connections\vpn_home -   HIS COOKIE b1 da 5d 30 8e 69 d5 f7
 4-12: 16:58:02.437 My Connections\vpn_home - Initiating IKE Phase 2 with Client IDs (message id: 8FC722EF)
 4-12: 16:58:02.437 My Connections\vpn_home -   Initiator = IP ADDR=192.168.1.2, prot = 0 port = 0
 4-12: 16:58:02.437 My Connections\vpn_home -   Responder = IP SUBNET/MASK=192.168.0.1/255.255.255.255, prot = 0 port = 0
 4-12: 16:58:02.437 My Connections\vpn_home - SENDING>>>> ISAKMP OAK QM *(HASH, SA, NON, KE, ID 2x)
 4-12: 16:58:47.703 My Connections\vpn_home - QM re-keying timed out. Retry count: 1
 4-12: 16:58:47.703 My Connections\vpn_home - SENDING>>>> ISAKMP OAK QM *(Retransmission)
 4-12: 16:59:11.343 My Connections\vpn_home - Deleting IKE SA (IP ADDR=82.35.9.195)
 4-12: 16:59:11.343 My Connections\vpn_home -   MY COOKIE 4f 55 e7 2d 26 58 71 20
 4-12: 16:59:11.343 My Connections\vpn_home -   HIS COOKIE b1 da 5d 30 8e 69 d5 f7
 4-12: 16:59:11.343 My Connections\vpn_home - SENDING>>>> ISAKMP OAK INFO *(HASH, DEL)
 4-12: 16:59:11.343 This is a GA version of NETGEAR ProSafe VPN Client.
 4-12: 16:59:11.625 Filter table loaded (2 entries).
 4-12: 16:59:31.953
 4-12: 16:59:31.953 My Connections\vpn_home - Initiating IKE Phase 1 (IP ADDR=*.*.*.*.*)
 4-12: 16:59:32.109 My Connections\vpn_home - SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID 6x)
 4-12: 16:59:35.062 My Connections\vpn_home - RECEIVED<<< ISAKMP OAK AG (SA, KE, NON, ID, HASH)
 4-12: 16:59:35.171 My Connections\vpn_home - SENDING>>>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_REPLAY_STATUS, NOTIFY:STATUS_INITIAL_CONTACT)
 4-12: 16:59:35.171 My Connections\vpn_home - Established IKE SA
 4-12: 16:59:35.171 My Connections\vpn_home -   MY COOKIE 43 7b 22 35 66 90 16 96
 4-12: 16:59:35.171 My Connections\vpn_home -   HIS COOKIE 7a 27 bd 7d 32 52 96 1c
 4-12: 16:59:35.312 My Connections\vpn_home - Initiating IKE Phase 2 with Client IDs (message id: CA0E6672)
 4-12: 16:59:35.312 My Connections\vpn_home -   Initiator = IP ADDR=192.168.1.2, prot = 0 port = 0
 4-12: 16:59:35.312 My Connections\vpn_home -   Responder = IP SUBNET/MASK=192.168.0.1/255.255.255.255, prot = 0 port = 0
 4-12: 16:59:35.312 My Connections\vpn_home - SENDING>>>> ISAKMP OAK QM *(HASH, SA, NON, KE, ID 2x)
 4-12: 17:00:20.703 My Connections\vpn_home - QM re-keying timed out. Retry count: 1
 4-12: 17:00:20.703 My Connections\vpn_home - SENDING>>>> ISAKMP OAK QM *(Retransmission)
 4-12: 17:01:05.703 My Connections\vpn_home - QM re-keying timed out. Retry count: 2
 4-12: 17:01:05.703 My Connections\vpn_home - SENDING>>>> ISAKMP OAK QM *(Retransmission)
 4-12: 17:01:19.765 My Connections\vpn_home - Deleting IKE SA (IP ADDR=82.35.9.195)
 4-12: 17:01:19.765 My Connections\vpn_home -   MY COOKIE 43 7b 22 35 66 90 16 96
 4-12: 17:01:19.765 My Connections\vpn_home -   HIS COOKIE 7a 27 bd 7d 32 52 96 1c
 4-12: 17:01:19.765 My Connections\vpn_home - SENDING>>>> ISAKMP OAK INFO *(HASH, DEL)
 4-12: 17:01:19.765 This is a GA version of NETGEAR ProSafe VPN Client.
 4-12: 17:01:20.031 Filter table loaded (2 entries).
0
 
mycroftxCommented:
Do you have the 1.1_5 firmware update?  If not, get it here... http://kb.netgear.com/app/answers/detail/a_id/438
Try looking at this 'How To' and see if it fits you application, it for Win 2000 but should be close.  Configuring VPN with a NETGEAR VPN Router and a Computer Running Windows 2000... http://kb.netgear.com/app/answers/detail/a_id/970

 
0
 
dpk_walCommented:
QM means that Quick mode or phase II of the VPN tunnel is not going through; can you make sure that the subnet IP you have specified under Remote party identity and Addressing on the client, matches the subnet IP behind router.
Also, under phase II proposals the specified parameters match with configuration on router.

Please check and update.

Thank you.
0
 
pndoyleukAuthor Commented:
Hi
Anyone know what this means
"QM re-keying timed out. Retry count: 1"
0
 
mycroftxCommented:
I think that is a PSK failure, or one side of the VPN is failing to respond.  Might be a port block issue.  You might try looking at this guide...just ran up on it.
http://forum1.netgear.com/showthread.php?t=7040
 
0
 
pndoyleukAuthor Commented:
Will Check Later. Thanks
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 4
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now