Solved

Pro-safe VPN client

Posted on 2009-04-06
9
1,009 Views
Last Modified: 2012-05-06
Hi ,
I am trying to setup a VPN client for a remote connection, the remote Firewall is a prosafe VPN fvs114. with the following config.

Please verify your inputs:
  Connection Name:  pnd_vpn
  Exchange Type:  Aggressive Mode
  ID Type:  FQDN
  Remote WAN ID:  fvs_remote
  Remote VPN Endpoint:  0.0.0.0
  Remote Client Access:  By Single
  Remote IP:  0.0.0.0
  Local WAN ID:  fvs_local
  Local Client Access:  By Subnet
  Local IP:  192.168.0.0/255.255.255.0

I think i have configured the client correctly.
but it wont connect.
I am using Netgear prosafe VPN Client with license.
I also noticed the log says " this is a GA Version of Netgear prosafe VPN Client.
is it compatible with the fvs114 FW

Here is what the logs say from the VPN Clent.
 4-06: 10:55:33.234 This is a GA version of NETGEAR ProSafe VPN Client.
 4-06: 10:55:33.500 Filter table loaded (2 entries).
 4-06: 10:55:33.500 My Connections\Other Connections - Filter record 2 updated.
 4-06: 10:55:40.469
 4-06: 10:55:40.469 My Connections\Pnv_vpn - Initiating IKE Phase 1 (IP ADDR=*.*.*.)
 4-06: 10:55:40.625 My Connections\Pnv_vpn - SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID 6x)
 4-06: 10:56:26.220 My Connections\Pnv_vpn - message not received! Retransmitting!
 4-06: 10:56:26.220 My Connections\Pnv_vpn - SENDING>>>> ISAKMP OAK AG (Retransmission)
 4-06: 10:57:11.220 My Connections\Pnv_vpn - message not received! Retransmitting!
 4-06: 10:57:11.220 My Connections\Pnv_vpn - SENDING>>>> ISAKMP OAK AG (Retransmission)
 4-06: 10:57:15.876 This is a GA version of NETGEAR ProSafe VPN Client.
 4-06: 10:57:16.142 Filter table loaded (2 entries).
 4-06: 10:57:16.158 My Connections\Other Connections - Filter record 2 updated.
 4-06: 10:57:46.189 This is a GA version of NETGEAR ProSafe VPN Client.
 4-06: 10:57:46.455 Filter table loaded (2 entries).
 4-06: 10:57:46.455 My Connections\Other Connections - Filter record 2 updated.
 4-06: 10:57:58.252
 4-06: 10:57:58.252 My Connections\Pnv_vpn - Initiating IKE Phase 1 (IP ADDR=*.*.*.*)
 4-06: 10:57:58.408 My Connections\Pnv_vpn - SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID 6x)
 4-06: 10:58:43.471 My Connections\Pnv_vpn - message not received! Retransmitting!
 4-06: 10:58:43.471 My Connections\Pnv_vpn - SENDING>>>> ISAKMP OAK AG (Retransmission)
 4-06: 10:59:28.472 My Connections\Pnv_vpn - message not received! Retransmitting!
 4-06: 10:59:28.472 My Connections\Pnv_vpn - SENDING>>>> ISAKMP OAK AG (Retransmission)
 4-06: 11:00:13.472 My Connections\Pnv_vpn - message not received! Retransmitting!
 4-06: 11:00:13.472 My Connections\Pnv_vpn - SENDING>>>> ISAKMP OAK AG (Retransmission)
 4-06: 11:00:43.488 This is a GA version of NETGEAR ProSafe VPN Client.
 4-06: 11:00:43.738 Filter table loaded (1 entries).

Any ideas would be gratefully appericated


 

0
Comment
Question by:pndoyleuk
  • 4
  • 3
  • 2
9 Comments
 
LVL 32

Expert Comment

by:dpk_wal
Comment Utility
The logs indicate that phase I itself is not going through; can you check that you have specified the public IP of netgear in client configuration.
Also, that the IP address is proper.

If you have any firewalls on the machine, disable them and check the result. We can create an exception on firewall later if firewall is a problem.

Please check and update.

Thank you.
0
 

Author Comment

by:pndoyleuk
Comment Utility
will check later, when i get home.
Thanks
0
 
LVL 4

Expert Comment

by:mycroftx
Comment Utility
you will also want to check that TCP & UDP 500 are open, this is specific to the FVS114.  Not a great router in my opinion...I have a dozen or so in the warehouse that have been replaced by FVS318'2, 338's and FVX538's.
0
 

Author Comment

by:pndoyleuk
Comment Utility
now I get different errors like
QM re-keying timed out. Retry count: 1

  MY COOKIE 4f 55 e7 2d 26 58 71 20
 4-12: 16:58:02.281 My Connections\vpn_home -   HIS COOKIE b1 da 5d 30 8e 69 d5 f7
 4-12: 16:58:02.437 My Connections\vpn_home - Initiating IKE Phase 2 with Client IDs (message id: 8FC722EF)
 4-12: 16:58:02.437 My Connections\vpn_home -   Initiator = IP ADDR=192.168.1.2, prot = 0 port = 0
 4-12: 16:58:02.437 My Connections\vpn_home -   Responder = IP SUBNET/MASK=192.168.0.1/255.255.255.255, prot = 0 port = 0
 4-12: 16:58:02.437 My Connections\vpn_home - SENDING>>>> ISAKMP OAK QM *(HASH, SA, NON, KE, ID 2x)
 4-12: 16:58:47.703 My Connections\vpn_home - QM re-keying timed out. Retry count: 1
 4-12: 16:58:47.703 My Connections\vpn_home - SENDING>>>> ISAKMP OAK QM *(Retransmission)
 4-12: 16:59:11.343 My Connections\vpn_home - Deleting IKE SA (IP ADDR=82.35.9.195)
 4-12: 16:59:11.343 My Connections\vpn_home -   MY COOKIE 4f 55 e7 2d 26 58 71 20
 4-12: 16:59:11.343 My Connections\vpn_home -   HIS COOKIE b1 da 5d 30 8e 69 d5 f7
 4-12: 16:59:11.343 My Connections\vpn_home - SENDING>>>> ISAKMP OAK INFO *(HASH, DEL)
 4-12: 16:59:11.343 This is a GA version of NETGEAR ProSafe VPN Client.
 4-12: 16:59:11.625 Filter table loaded (2 entries).
 4-12: 16:59:31.953
 4-12: 16:59:31.953 My Connections\vpn_home - Initiating IKE Phase 1 (IP ADDR=*.*.*.*.*)
 4-12: 16:59:32.109 My Connections\vpn_home - SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID 6x)
 4-12: 16:59:35.062 My Connections\vpn_home - RECEIVED<<< ISAKMP OAK AG (SA, KE, NON, ID, HASH)
 4-12: 16:59:35.171 My Connections\vpn_home - SENDING>>>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_REPLAY_STATUS, NOTIFY:STATUS_INITIAL_CONTACT)
 4-12: 16:59:35.171 My Connections\vpn_home - Established IKE SA
 4-12: 16:59:35.171 My Connections\vpn_home -   MY COOKIE 43 7b 22 35 66 90 16 96
 4-12: 16:59:35.171 My Connections\vpn_home -   HIS COOKIE 7a 27 bd 7d 32 52 96 1c
 4-12: 16:59:35.312 My Connections\vpn_home - Initiating IKE Phase 2 with Client IDs (message id: CA0E6672)
 4-12: 16:59:35.312 My Connections\vpn_home -   Initiator = IP ADDR=192.168.1.2, prot = 0 port = 0
 4-12: 16:59:35.312 My Connections\vpn_home -   Responder = IP SUBNET/MASK=192.168.0.1/255.255.255.255, prot = 0 port = 0
 4-12: 16:59:35.312 My Connections\vpn_home - SENDING>>>> ISAKMP OAK QM *(HASH, SA, NON, KE, ID 2x)
 4-12: 17:00:20.703 My Connections\vpn_home - QM re-keying timed out. Retry count: 1
 4-12: 17:00:20.703 My Connections\vpn_home - SENDING>>>> ISAKMP OAK QM *(Retransmission)
 4-12: 17:01:05.703 My Connections\vpn_home - QM re-keying timed out. Retry count: 2
 4-12: 17:01:05.703 My Connections\vpn_home - SENDING>>>> ISAKMP OAK QM *(Retransmission)
 4-12: 17:01:19.765 My Connections\vpn_home - Deleting IKE SA (IP ADDR=82.35.9.195)
 4-12: 17:01:19.765 My Connections\vpn_home -   MY COOKIE 43 7b 22 35 66 90 16 96
 4-12: 17:01:19.765 My Connections\vpn_home -   HIS COOKIE 7a 27 bd 7d 32 52 96 1c
 4-12: 17:01:19.765 My Connections\vpn_home - SENDING>>>> ISAKMP OAK INFO *(HASH, DEL)
 4-12: 17:01:19.765 This is a GA version of NETGEAR ProSafe VPN Client.
 4-12: 17:01:20.031 Filter table loaded (2 entries).
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 4

Accepted Solution

by:
mycroftx earned 500 total points
Comment Utility
Do you have the 1.1_5 firmware update?  If not, get it here... http://kb.netgear.com/app/answers/detail/a_id/438
Try looking at this 'How To' and see if it fits you application, it for Win 2000 but should be close.  Configuring VPN with a NETGEAR VPN Router and a Computer Running Windows 2000... http://kb.netgear.com/app/answers/detail/a_id/970

 
0
 
LVL 32

Expert Comment

by:dpk_wal
Comment Utility
QM means that Quick mode or phase II of the VPN tunnel is not going through; can you make sure that the subnet IP you have specified under Remote party identity and Addressing on the client, matches the subnet IP behind router.
Also, under phase II proposals the specified parameters match with configuration on router.

Please check and update.

Thank you.
0
 

Author Comment

by:pndoyleuk
Comment Utility
Hi
Anyone know what this means
"QM re-keying timed out. Retry count: 1"
0
 
LVL 4

Expert Comment

by:mycroftx
Comment Utility
I think that is a PSK failure, or one side of the VPN is failing to respond.  Might be a port block issue.  You might try looking at this guide...just ran up on it.
http://forum1.netgear.com/showthread.php?t=7040
 
0
 

Author Comment

by:pndoyleuk
Comment Utility
Will Check Later. Thanks
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now