Solved

Site to Site VPN Using D-Link DI-804HV and Netgear Prosafe DGFV338 ADSL Routers

Posted on 2010-08-17
4
1,751 Views
Last Modified: 2012-05-10
We have taken on a new customer who has 4 remote sites which are connected via VPN router to router.

1 site has stopped working. When looking at the VPN logs I get the following messages...

2010 Aug 17 15:21:26 [MC.LUTON-DGFV338] [VPNKA] Peer 10.1.1.254 failed 534 of 3 times_
2010 Aug 17 15:21:26 [MC.LUTON-DGFV338] [VPNKA] Failed to send Keep-Alive Request to _
2010 Aug 17 15:21:33 [MC.LUTON-DGFV338] [IKE] accept a request to establish IKE-SA: 213.123.227.14_
2010 Aug 17 15:21:34 [MC.LUTON-DGFV338] [IKE] Configuration found for 213.123.227.14._
2010 Aug 17 15:21:36 [MC.LUTON-DGFV338] [VPNKA] Peer 10.1.1.254 failed 535 of 3 times_
2010 Aug 17 15:21:36 [MC.LUTON-DGFV338] [VPNKA] Failed to send Keep-Alive Request to _
2010 Aug 17 15:21:40 [MC.LUTON-DGFV338] [IKE] The packet is retransmitted by 222.222.222.22[500]._
2010 Aug 17 15:21:41 [MC.LUTON-DGFV338] [IKE] Ignore information because ISAKMP-SA has not been established yet._
2010 Aug 17 15:21:46 [MC.LUTON-DGFV338] [VPNKA] Peer 10.1.1.254 failed 536 of 3 times_
2010 Aug 17 15:21:46 [MC.LUTON-DGFV338] [VPNKA] Failed to send Keep-Alive Request to _
2010 Aug 17 15:21:50 [MC.LUTON-DGFV338] [IKE] Phase 1 negotiation failed due to time up for 222.222.222.22[500]. 64858552ec1cc8d0:27462c5f9167dded_
2010 Aug 17 15:21:56 [MC.LUTON-DGFV338] [VPNKA] Peer 10.1.1.254 failed 537 of 3 times_
2010 Aug 17 15:21:56 [MC.LUTON-DGFV338] [VPNKA] Failed to send Keep-Alive Request to _
2010 Aug 17 15:22:05 [MC.LUTON-DGFV338] [IKE] Invalid SA protocol type: 0_
2010 Aug 17 15:22:05 [MC.LUTON-DGFV338] [IKE] Phase 2 negotiation failed due to time up waiting for phase1. _
2010 Aug 17 15:22:06 [MC.LUTON-DGFV338] [VPNKA] Peer 10.1.1.254 failed 538 of 3 times_
2010 Aug 17 15:22:06 [MC.LUTON-DGFV338] [VPNKA] Failed to send Keep-Alive Request to _
2010 Aug 17 15:22:06 [MC.LUTON-DGFV338] [IKE] Using IPsec SA configuration: 10.3.1.0/24<->10.1.1.0/24_
2010 Aug 17 15:22:06 [MC.LUTON-DGFV338] [IKE] Configuration found for 222.222.222.22._
2010 Aug 17 15:22:06 [MC.LUTON-DGFV338] [IKE] Initiating new phase 1 negotiation: 222.222.222.22[500]<=>222.222.222.21[500]_
2010 Aug 17 15:22:06 [MC.LUTON-DGFV338] [IKE] Beginning Identity Protection mode._
2010 Aug 17 15:22:12 [MC.LUTON-DGFV338] [IKE] The packet is retransmitted by 222.222.222.22[500]._
2010 Aug 17 15:22:16 [MC.LUTON-DGFV338] [VPNKA] Peer 10.1.1.254 failed 539 of 3 times_
2010 Aug 17 15:22:16 [MC.LUTON-DGFV338] [VPNKA] Failed to send Keep-Alive Request to _
2010 Aug 17 15:22:17 [MC.LUTON-DGFV338] [IKE] The packet is retransmitted by 222.222.222.22[500]._

I have tried to create another VPN using the same settings but still get the same error message. As far as we can tell nothing has changed as the other 3 sites are working fine.

I have update the ADSL and Router firmware on the Netgear Prosafe.

Can anyone help me try and find out whats going on?
0
Comment
Question by:techies123
  • 2
4 Comments
 
LVL 33

Expert Comment

by:digitap
ID: 33461065
do you have clients connecting to the netgear?  try disabling the keep alive on the netgear and post back.
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 33464125
Also - look at the logs on the other end, since it may contain more info.

Do you have any saved config ?
Can you compare the settings of the other routers ?

What has changed ?

It may be cheaper to buy another router to test with,
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 33464130
ALso - is there a Dynamic address  involved ( not a static IP ), that may have changed ?

0
 

Accepted Solution

by:
techies123 earned 0 total points
ID: 33464344
After some hours of going over the settings again and again I found the PassPhrase to be incorrect on the D-Link Router.

Recreated the rule again and now connects OK.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question