q3tech15
asked on
Cisco RVS4000 VPN Router Setup
I have a RVS4000 VPN Router that's giving me some issues with the VPN setup. My goal is to setup VPN so that I can use my laptop from anywhere and connect to my home network resources (I have a few servers that I would like to be able to access data from). With that said, I think perhaps I might be getting confused with the terminology this router uses and I'm setting it wrong? Here are my current settings:
Select Tunnel Entry: Test
IPSec VPN Tunnel: Enable
Tunnel Name: Test
Local Group Setup
Local Security Gateway Type: IP Only
IP address: XXX.XXX.XXX.196
Local Security Group Type: Subnet
IP Address: 15.10.5.1 <--(my router address)
Subnet Mask: 255.255.255.0
Remote Group Setup
Remote Security Gateway Type: Any
This Gateway accepts requests from any IP address.
Remote Security Group Type: Subnet
IP Address: 15.10.2.1
Subnet Mask: 255.255.255.0
IPSec Setup
Keying Mode: IKE with pre-shared key
Phase 1:
Encryption: 3DES
Authentication: SHA1
Group: 768-bit
Key Lifetime: 28800 sec
Phase 2:
Encryption: 3DES
Authentication: SHA1
Perfect Forward Secrecy: Enable
Preshared Key: XXXXXXX <---password
Group: 768-bit
Key Lifetime: 3600 sec
Status
Down
Any ideas? I have all forms of VPN Passthrough enabled.
Select Tunnel Entry: Test
IPSec VPN Tunnel: Enable
Tunnel Name: Test
Local Group Setup
Local Security Gateway Type: IP Only
IP address: XXX.XXX.XXX.196
Local Security Group Type: Subnet
IP Address: 15.10.5.1 <--(my router address)
Subnet Mask: 255.255.255.0
Remote Group Setup
Remote Security Gateway Type: Any
This Gateway accepts requests from any IP address.
Remote Security Group Type: Subnet
IP Address: 15.10.2.1
Subnet Mask: 255.255.255.0
IPSec Setup
Keying Mode: IKE with pre-shared key
Phase 1:
Encryption: 3DES
Authentication: SHA1
Group: 768-bit
Key Lifetime: 28800 sec
Phase 2:
Encryption: 3DES
Authentication: SHA1
Perfect Forward Secrecy: Enable
Preshared Key: XXXXXXX <---password
Group: 768-bit
Key Lifetime: 3600 sec
Status
Down
Any ideas? I have all forms of VPN Passthrough enabled.
ASKER
There is no option that I see to determine whether you want a gateway <-> gateway connection or a gateway <-> client. I'm baffled.
On my RV042 (I know it is not the same machine), I log into the router. Across the top I see Summary, Setup, DHCP, blah, blah, VPN, blah, blah. I click on VPN (that is where the tunnel setup is). I see the summary VPN setups (I have multiple Gateway <-> Gateway). I click on Add Tunnel and I see two choices: Gateway <-> Gateway and Client <-> Gateway). The product literature suggests your machine will do it, but you would have to check through its manual. It will reference QuickVPN for application access. ... Thinkpads_User
This manual describes the two methods for your router:
http://www.cisco.com/en/US/docs/routers/csbr/rvs4000/administration/guide/RVS4000_Admin_Guide.pdf
See page 101 .... Thinkpads_User
http://www.cisco.com/en/US/docs/routers/csbr/rvs4000/administration/guide/RVS4000_Admin_Guide.pdf
See page 101 .... Thinkpads_User
ASKER
From that its still only allowing/showing a router to router connection.
You probably need to read through the manual more completely. In my post above I noted QuickVPN. See the diagram on page 17 and it is precisely what you want. So now trail through the manual from that to build the VPN connection. That starts on page 133. It may be that QuickVPN is acting as the Client part of the connection. For sure, as I noted at the beginning, you need a client application, so start here.
... Thinkpads_User
... Thinkpads_User
The RVS model, just like the RV042 model only has a client to router ipsec option that must use the QuickVPN app that came with the unit. You can also download the latest quickVPN client from cisco as well if you need it.
Quick VPN has some issues, especially when used from behind other NAT devices... but for the most part it works well enough.
Quick VPN has some issues, especially when used from behind other NAT devices... but for the most part it works well enough.
ASKER
I'll try the Quick VPN tonight on a work laptop since my laptop is running Windows 7 x64 and last I checked Quick VPN isnt compatible with it. I'll let you know the results.
ASKER
Quick VPN still will not connect. Just gives me a list of possible problems.
Quick VPN is not a robust client in my experience (and as noted by MikeKane above). Take a look at NCP Secure Entry (www.ncp-e.com). It is the most reliable VPN client I have seen and/or used to date. They have a full function free trial so that you can see if it fits your needs. .... Thinkpads_User
ASKER
Here are the log files I have from both the NCP program and my router.
NCP
11/12/2010 10:47:42 AMIPSec: Start building connection
11/12/2010 10:47:42 AMIPSec: DNSREQ: resolving dnserver over lan: domainname.org
11/12/2010 10:47:42 AMIPSec: DNSREQ: resolved ipadr: 0xx.0xx.004.196
11/12/2010 10:47:42 AMIke: Outgoing connect request MAIN mode - gateway=xx.xx.4.196 : q3
11/12/2010 10:47:42 AMIke: XMIT_MSG1_MAIN - q3
11/12/2010 10:47:42 AMIke: RECV_MSG2_MAIN - q3
11/12/2010 10:47:42 AMIke: IKE phase I: Setting LifeTime to 28800 seconds
11/12/2010 10:47:42 AMIke: IkeSa negotiated with the following properties -
11/12/2010 10:47:42 AM Authentication=PRE_SHARED_
11/12/2010 10:47:42 AMIPSec: Final Tunnel EndPoint is:0xx.0xx.004.196
11/12/2010 10:47:42 AMIke: q3 ->Support for NAT-T version - 9
11/12/2010 10:47:42 AMIke: XMIT_MSG3_MAIN - q3
11/12/2010 10:47:43 AMIke: RECV_MSG4_MAIN - q3
11/12/2010 10:47:43 AMIke: Turning on NATD mode - q3 - 1
11/12/2010 10:47:43 AMIke: XMIT_MSG5_MAIN - q3
11/12/2010 10:48:10 AMERROR - 4023: IKE(phase1):Lost contact to Gateway (No Response) in state <Wait for Message 6> - q3.
11/12/2010 10:48:10 AMIke: phase1:name(q3) -
And here is what my log from the router says
Nov 12 07:44:55 - [VPN Log]: packet from xx.xxx.163.27:500: ignoring unknown Vendor ID payload [da8e937880010000]
Nov 12 07:44:55 - [VPN Log]: packet from xx.xxx.163.27:500: received Vendor ID payload [XAUTH]
Nov 12 07:44:55 - [VPN Log]: packet from xx.xxx.163.27:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ik
Nov 12 07:44:55 - [VPN Log]: packet from xx.xxx.163.27:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ik
Nov 12 07:44:55 - [VPN Log]: packet from xx.xxx.163.27:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ik
Nov 12 07:44:55 - [VPN Log]: packet from xx.xxx.163.27:500: received Vendor ID payload [RFC 3947] method set to=109
Nov 12 07:44:55 - [VPN Log]: packet from xx.xxx.163.27:500: received Vendor ID payload [Dead Peer Detection]
Nov 12 07:44:55 - [VPN Log]: packet from xx.xxx.163.27:500: ignoring unknown Vendor ID payload [eb4c1b788afd4a9cb7730a68d
Nov 12 07:44:55 - [VPN Log]: packet from xx.xxx.163.27:500: ignoring unknown Vendor ID payload [c61baca1f1a60cc1080000000
Nov 12 07:44:55 - [VPN Log]: packet from xx.xxx.163.27:500: ignoring unknown Vendor ID payload [4048b7d56ebce88525e7de7f0
Nov 12 07:44:55 - [VPN Log]: packet from xx.xxx.163.27:500: received Vendor ID payload [Cisco-Unity]
Nov 12 07:44:55 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: responding to Main Mode from unknown peer xx.xxx.163.27
Nov 12 07:44:55 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder). Attribute OAKLEY_AUTHENTICATION_METH
Nov 12 07:44:55 - [VPN Log]: "Test"[3] xx.xxx.163.27#3: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder). Attribute OAKLEY_AUTHENTICATION_METH
Nov 12 07:44:55 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: Oakley Transform [OAKLEY_AES_CBC (128), OAKLEY_SHA1, OAKLEY_GROUP_MODP1024] refused due to strict flag
Nov 12 07:44:55 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: Oakley Transform [OAKLEY_AES_CBC (128), OAKLEY_MD5, OAKLEY_GROUP_MODP1024] refused due to strict flag
Nov 12 07:44:55 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder). Attribute OAKLEY_AUTHENTICATION_METH
Nov 12 07:44:55 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder). Attribute OAKLEY_AUTHENTICATION_METH
Nov 12 07:44:55 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: Pluto does not support HybridInitRSA authentication. Attribute OAKLEY_AUTHENTICATION_METH
Nov 12 07:44:55 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: Pluto does not support HybridInitRSA authentication. Attribute OAKLEY_AUTHENTICATION_METH
Nov 12 07:44:55 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: Oakley Transform [OAKLEY_3DES_CBC (192), OAKLEY_SHA1, OAKLEY_GROUP_MODP1024] refused due to strict flag
Nov 12 07:44:55 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Nov 12 07:44:55 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: STATE_MAIN_R1: sent MR1, expecting MI2
Nov 12 07:44:55 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: NAT-Traversal: Result using 3: peer is NATed
Nov 12 07:44:56 - [VPN Log]: "Test"[3] 71.xx.xxx.163.27 #3: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Nov 12 07:44:56 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: STATE_MAIN_R2: sent MR2, expecting MI3
Nov 12 07:44:56 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: ignoring informational payload, type IPSEC_INITIAL_CONTACT
Nov 12 07:44:56 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: peer's ID_USER_FQDN contains no @
Nov 12 07:44:56 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: sending encrypted notification INVALID_ID_INFORMATION to xx.xxx.163.27:500
Nov 12 07:45:05 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: ignoring informational payload, type IPSEC_INITIAL_CONTACT
Nov 12 07:45:05 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: peer's ID_USER_FQDN contains no @
Nov 12 07:45:05 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: sending encrypted notification INVALID_ID_INFORMATION to xx.xxx.163.27:500
Nov 12 07:45:06 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: ignoring informational payload, type IPSEC_INITIAL_CONTACT
Nov 12 07:45:06 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: peer's ID_USER_FQDN contains no @
Nov 12 07:45:06 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: sending encrypted notification INVALID_ID_INFORMATION to xx.xxx.163.27:500
Nov 12 07:45:10 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: ignoring informational payload, type IPSEC_INITIAL_CONTACT
Nov 12 07:45:10 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: peer's ID_USER_FQDN contains no @
Nov 12 07:45:10 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: sending encrypted notification INVALID_ID_INFORMATION to xx.xxx.163.27:500
Nov 12 07:45:16 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: ignoring informational payload, type IPSEC_INITIAL_CONTACT
Nov 12 07:45:16 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: peer's ID_USER_FQDN contains no @
Nov 12 07:45:16 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: sending encrypted notification INVALID_ID_INFORMATION to xx.xxx.163.27:500
Nov 12 07:45:23 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: byte 2 of ISAKMP Hash Payload must be zero, but is not
Nov 12 07:45:23 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: malformed payload in packet
Nov 12 07:45:23 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: sending notification PAYLOAD_MALFORMED to xx.xxx.163.27:500
--------------------------
Anything you can take from that?
NCP
11/12/2010 10:47:42 AMIPSec: Start building connection
11/12/2010 10:47:42 AMIPSec: DNSREQ: resolving dnserver over lan: domainname.org
11/12/2010 10:47:42 AMIPSec: DNSREQ: resolved ipadr: 0xx.0xx.004.196
11/12/2010 10:47:42 AMIke: Outgoing connect request MAIN mode - gateway=xx.xx.4.196 : q3
11/12/2010 10:47:42 AMIke: XMIT_MSG1_MAIN - q3
11/12/2010 10:47:42 AMIke: RECV_MSG2_MAIN - q3
11/12/2010 10:47:42 AMIke: IKE phase I: Setting LifeTime to 28800 seconds
11/12/2010 10:47:42 AMIke: IkeSa negotiated with the following properties -
11/12/2010 10:47:42 AM Authentication=PRE_SHARED_
11/12/2010 10:47:42 AMIPSec: Final Tunnel EndPoint is:0xx.0xx.004.196
11/12/2010 10:47:42 AMIke: q3 ->Support for NAT-T version - 9
11/12/2010 10:47:42 AMIke: XMIT_MSG3_MAIN - q3
11/12/2010 10:47:43 AMIke: RECV_MSG4_MAIN - q3
11/12/2010 10:47:43 AMIke: Turning on NATD mode - q3 - 1
11/12/2010 10:47:43 AMIke: XMIT_MSG5_MAIN - q3
11/12/2010 10:48:10 AMERROR - 4023: IKE(phase1):Lost contact to Gateway (No Response) in state <Wait for Message 6> - q3.
11/12/2010 10:48:10 AMIke: phase1:name(q3) -
And here is what my log from the router says
Nov 12 07:44:55 - [VPN Log]: packet from xx.xxx.163.27:500: ignoring unknown Vendor ID payload [da8e937880010000]
Nov 12 07:44:55 - [VPN Log]: packet from xx.xxx.163.27:500: received Vendor ID payload [XAUTH]
Nov 12 07:44:55 - [VPN Log]: packet from xx.xxx.163.27:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ik
Nov 12 07:44:55 - [VPN Log]: packet from xx.xxx.163.27:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ik
Nov 12 07:44:55 - [VPN Log]: packet from xx.xxx.163.27:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ik
Nov 12 07:44:55 - [VPN Log]: packet from xx.xxx.163.27:500: received Vendor ID payload [RFC 3947] method set to=109
Nov 12 07:44:55 - [VPN Log]: packet from xx.xxx.163.27:500: received Vendor ID payload [Dead Peer Detection]
Nov 12 07:44:55 - [VPN Log]: packet from xx.xxx.163.27:500: ignoring unknown Vendor ID payload [eb4c1b788afd4a9cb7730a68d
Nov 12 07:44:55 - [VPN Log]: packet from xx.xxx.163.27:500: ignoring unknown Vendor ID payload [c61baca1f1a60cc1080000000
Nov 12 07:44:55 - [VPN Log]: packet from xx.xxx.163.27:500: ignoring unknown Vendor ID payload [4048b7d56ebce88525e7de7f0
Nov 12 07:44:55 - [VPN Log]: packet from xx.xxx.163.27:500: received Vendor ID payload [Cisco-Unity]
Nov 12 07:44:55 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: responding to Main Mode from unknown peer xx.xxx.163.27
Nov 12 07:44:55 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder). Attribute OAKLEY_AUTHENTICATION_METH
Nov 12 07:44:55 - [VPN Log]: "Test"[3] xx.xxx.163.27#3: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder). Attribute OAKLEY_AUTHENTICATION_METH
Nov 12 07:44:55 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: Oakley Transform [OAKLEY_AES_CBC (128), OAKLEY_SHA1, OAKLEY_GROUP_MODP1024] refused due to strict flag
Nov 12 07:44:55 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: Oakley Transform [OAKLEY_AES_CBC (128), OAKLEY_MD5, OAKLEY_GROUP_MODP1024] refused due to strict flag
Nov 12 07:44:55 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder). Attribute OAKLEY_AUTHENTICATION_METH
Nov 12 07:44:55 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder). Attribute OAKLEY_AUTHENTICATION_METH
Nov 12 07:44:55 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: Pluto does not support HybridInitRSA authentication. Attribute OAKLEY_AUTHENTICATION_METH
Nov 12 07:44:55 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: Pluto does not support HybridInitRSA authentication. Attribute OAKLEY_AUTHENTICATION_METH
Nov 12 07:44:55 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: Oakley Transform [OAKLEY_3DES_CBC (192), OAKLEY_SHA1, OAKLEY_GROUP_MODP1024] refused due to strict flag
Nov 12 07:44:55 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Nov 12 07:44:55 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: STATE_MAIN_R1: sent MR1, expecting MI2
Nov 12 07:44:55 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: NAT-Traversal: Result using 3: peer is NATed
Nov 12 07:44:56 - [VPN Log]: "Test"[3] 71.xx.xxx.163.27 #3: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Nov 12 07:44:56 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: STATE_MAIN_R2: sent MR2, expecting MI3
Nov 12 07:44:56 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: ignoring informational payload, type IPSEC_INITIAL_CONTACT
Nov 12 07:44:56 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: peer's ID_USER_FQDN contains no @
Nov 12 07:44:56 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: sending encrypted notification INVALID_ID_INFORMATION to xx.xxx.163.27:500
Nov 12 07:45:05 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: ignoring informational payload, type IPSEC_INITIAL_CONTACT
Nov 12 07:45:05 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: peer's ID_USER_FQDN contains no @
Nov 12 07:45:05 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: sending encrypted notification INVALID_ID_INFORMATION to xx.xxx.163.27:500
Nov 12 07:45:06 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: ignoring informational payload, type IPSEC_INITIAL_CONTACT
Nov 12 07:45:06 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: peer's ID_USER_FQDN contains no @
Nov 12 07:45:06 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: sending encrypted notification INVALID_ID_INFORMATION to xx.xxx.163.27:500
Nov 12 07:45:10 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: ignoring informational payload, type IPSEC_INITIAL_CONTACT
Nov 12 07:45:10 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: peer's ID_USER_FQDN contains no @
Nov 12 07:45:10 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: sending encrypted notification INVALID_ID_INFORMATION to xx.xxx.163.27:500
Nov 12 07:45:16 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: ignoring informational payload, type IPSEC_INITIAL_CONTACT
Nov 12 07:45:16 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: peer's ID_USER_FQDN contains no @
Nov 12 07:45:16 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: sending encrypted notification INVALID_ID_INFORMATION to xx.xxx.163.27:500
Nov 12 07:45:23 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: byte 2 of ISAKMP Hash Payload must be zero, but is not
Nov 12 07:45:23 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: malformed payload in packet
Nov 12 07:45:23 - [VPN Log]: "Test"[3] xx.xxx.163.27 #3: sending notification PAYLOAD_MALFORMED to xx.xxx.163.27:500
--------------------------
Anything you can take from that?
ASKER
Actually, look at this one for my router -- turned off the extended authentication in NCP
Nov 12 08:10:01 - [VPN Log]: packet from 71.115.163.27:500: ignoring unknown Vendor ID payload [da8e937880010000]
Nov 12 08:10:01 - [VPN Log]: packet from 71.115.163.27:500: received Vendor ID payload [XAUTH]
Nov 12 08:10:01 - [VPN Log]: packet from 71.115.163.27:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ik
Nov 12 08:10:01 - [VPN Log]: packet from 71.115.163.27:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ik
Nov 12 08:10:01 - [VPN Log]: packet from 71.115.163.27:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ik
Nov 12 08:10:01 - [VPN Log]: packet from 71.115.163.27:500: received Vendor ID payload [RFC 3947] method set to=109
Nov 12 08:10:01 - [VPN Log]: packet from 71.115.163.27:500: received Vendor ID payload [Dead Peer Detection]
Nov 12 08:10:01 - [VPN Log]: packet from 71.115.163.27:500: ignoring unknown Vendor ID payload [eb4c1b788afd4a9cb7730a68d
Nov 12 08:10:01 - [VPN Log]: packet from 71.115.163.27:500: ignoring unknown Vendor ID payload [c61baca1f1a60cc1080000000
Nov 12 08:10:01 - [VPN Log]: packet from 71.115.163.27:500: ignoring unknown Vendor ID payload [4048b7d56ebce88525e7de7f0
Nov 12 08:10:01 - [VPN Log]: packet from 71.115.163.27:500: received Vendor ID payload [Cisco-Unity]
Nov 12 08:10:01 - [VPN Log]: "Test"[2] 71.115.163.27 #2: responding to Main Mode from unknown peer 71.115.163.27
Nov 12 08:10:01 - [VPN Log]: "Test"[2] 71.115.163.27 #2: Oakley Transform [OAKLEY_AES_CBC (128), OAKLEY_SHA1, OAKLEY_GROUP_MODP1024] refused due to strict flag
Nov 12 08:10:01 - [VPN Log]: "Test"[2] 71.115.163.27 #2: Oakley Transform [OAKLEY_AES_CBC (128), OAKLEY_MD5, OAKLEY_GROUP_MODP1024] refused due to strict flag
Nov 12 08:10:01 - [VPN Log]: "Test"[2] 71.115.163.27 #2: Oakley Transform [OAKLEY_3DES_CBC (192), OAKLEY_SHA1, OAKLEY_GROUP_MODP1024] refused due to strict flag
Nov 12 08:10:01 - [VPN Log]: "Test"[2] 71.115.163.27 #2: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Nov 12 08:10:01 - [VPN Log]: "Test"[2] 71.115.163.27 #2: STATE_MAIN_R1: sent MR1, expecting MI2
Nov 12 08:10:01 - [VPN Log]: "Test"[2] 71.115.163.27 #2: NAT-Traversal: Result using 3: peer is NATed
Nov 12 08:10:01 - [VPN Log]: "Test"[2] 71.115.163.27 #2: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Nov 12 08:10:01 - [VPN Log]: "Test"[2] 71.115.163.27 #2: STATE_MAIN_R2: sent MR2, expecting MI3
Nov 12 08:10:01 - [VPN Log]: "Test"[2] 71.115.163.27 #2: ignoring informational payload, type IPSEC_INITIAL_CONTACT
Nov 12 08:10:01 - [VPN Log]: "Test"[2] 71.115.163.27 #2: peer's ID_USER_FQDN contains no @
Nov 12 08:10:01 - [VPN Log]: "Test"[2] 71.115.163.27 #2: sending encrypted notification INVALID_ID_INFORMATION to 71.115.163.27:500
Nov 12 08:10:11 - [VPN Log]: "Test"[2] 71.115.163.27 #2: ignoring informational payload, type IPSEC_INITIAL_CONTACT
Nov 12 08:10:11 - [VPN Log]: "Test"[2] 71.115.163.27 #2: peer's ID_USER_FQDN contains no @
Nov 12 08:10:11 - [VPN Log]: "Test"[2] 71.115.163.27 #2: sending encrypted notification INVALID_ID_INFORMATION to 71.115.163.27:500
Nov 12 08:10:11 - [VPN Log]: "Test"[2] 71.115.163.27 #2: ignoring informational payload, type IPSEC_INITIAL_CONTACT
Nov 12 08:10:11 - [VPN Log]: "Test"[2] 71.115.163.27 #2: peer's ID_USER_FQDN contains no @
Nov 12 08:10:11 - [VPN Log]: "Test"[2] 71.115.163.27 #2: sending encrypted notification INVALID_ID_INFORMATION to 71.115.163.27:500
Nov 12 08:10:16 - [VPN Log]: "Test"[2] 71.115.163.27 #2: ignoring informational payload, type IPSEC_INITIAL_CONTACT
Nov 12 08:10:16 - [VPN Log]: "Test"[2] 71.115.163.27 #2: peer's ID_USER_FQDN contains no @
Nov 12 08:10:16 - [VPN Log]: "Test"[2] 71.115.163.27 #2: sending encrypted notification INVALID_ID_INFORMATION to 71.115.163.27:500
Nov 12 08:10:22 - [VPN Log]: "Test"[2] 71.115.163.27 #2: ignoring informational payload, type IPSEC_INITIAL_CONTACT
Nov 12 08:10:22 - [VPN Log]: "Test"[2] 71.115.163.27 #2: peer's ID_USER_FQDN contains no @
Nov 12 08:10:22 - [VPN Log]: "Test"[2] 71.115.163.27 #2: sending encrypted notification INVALID_ID_INFORMATION to 71.115.163.27:500
Nov 12 08:10:29 - [VPN Log]: "Test"[2] 71.115.163.27 #2: next payload type of ISAKMP Hash Payload has an unknown value: 216
Nov 12 08:10:29 - [VPN Log]: "Test"[2] 71.115.163.27 #2: malformed payload in packet
Nov 12 08:10:29 - [VPN Log]: "Test"[2] 71.115.163.27 #2: sending notification PAYLOAD_MALFORMED to 71.115.163.27:500
Nov 12 08:10:01 - [VPN Log]: packet from 71.115.163.27:500: ignoring unknown Vendor ID payload [da8e937880010000]
Nov 12 08:10:01 - [VPN Log]: packet from 71.115.163.27:500: received Vendor ID payload [XAUTH]
Nov 12 08:10:01 - [VPN Log]: packet from 71.115.163.27:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ik
Nov 12 08:10:01 - [VPN Log]: packet from 71.115.163.27:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ik
Nov 12 08:10:01 - [VPN Log]: packet from 71.115.163.27:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ik
Nov 12 08:10:01 - [VPN Log]: packet from 71.115.163.27:500: received Vendor ID payload [RFC 3947] method set to=109
Nov 12 08:10:01 - [VPN Log]: packet from 71.115.163.27:500: received Vendor ID payload [Dead Peer Detection]
Nov 12 08:10:01 - [VPN Log]: packet from 71.115.163.27:500: ignoring unknown Vendor ID payload [eb4c1b788afd4a9cb7730a68d
Nov 12 08:10:01 - [VPN Log]: packet from 71.115.163.27:500: ignoring unknown Vendor ID payload [c61baca1f1a60cc1080000000
Nov 12 08:10:01 - [VPN Log]: packet from 71.115.163.27:500: ignoring unknown Vendor ID payload [4048b7d56ebce88525e7de7f0
Nov 12 08:10:01 - [VPN Log]: packet from 71.115.163.27:500: received Vendor ID payload [Cisco-Unity]
Nov 12 08:10:01 - [VPN Log]: "Test"[2] 71.115.163.27 #2: responding to Main Mode from unknown peer 71.115.163.27
Nov 12 08:10:01 - [VPN Log]: "Test"[2] 71.115.163.27 #2: Oakley Transform [OAKLEY_AES_CBC (128), OAKLEY_SHA1, OAKLEY_GROUP_MODP1024] refused due to strict flag
Nov 12 08:10:01 - [VPN Log]: "Test"[2] 71.115.163.27 #2: Oakley Transform [OAKLEY_AES_CBC (128), OAKLEY_MD5, OAKLEY_GROUP_MODP1024] refused due to strict flag
Nov 12 08:10:01 - [VPN Log]: "Test"[2] 71.115.163.27 #2: Oakley Transform [OAKLEY_3DES_CBC (192), OAKLEY_SHA1, OAKLEY_GROUP_MODP1024] refused due to strict flag
Nov 12 08:10:01 - [VPN Log]: "Test"[2] 71.115.163.27 #2: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Nov 12 08:10:01 - [VPN Log]: "Test"[2] 71.115.163.27 #2: STATE_MAIN_R1: sent MR1, expecting MI2
Nov 12 08:10:01 - [VPN Log]: "Test"[2] 71.115.163.27 #2: NAT-Traversal: Result using 3: peer is NATed
Nov 12 08:10:01 - [VPN Log]: "Test"[2] 71.115.163.27 #2: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Nov 12 08:10:01 - [VPN Log]: "Test"[2] 71.115.163.27 #2: STATE_MAIN_R2: sent MR2, expecting MI3
Nov 12 08:10:01 - [VPN Log]: "Test"[2] 71.115.163.27 #2: ignoring informational payload, type IPSEC_INITIAL_CONTACT
Nov 12 08:10:01 - [VPN Log]: "Test"[2] 71.115.163.27 #2: peer's ID_USER_FQDN contains no @
Nov 12 08:10:01 - [VPN Log]: "Test"[2] 71.115.163.27 #2: sending encrypted notification INVALID_ID_INFORMATION to 71.115.163.27:500
Nov 12 08:10:11 - [VPN Log]: "Test"[2] 71.115.163.27 #2: ignoring informational payload, type IPSEC_INITIAL_CONTACT
Nov 12 08:10:11 - [VPN Log]: "Test"[2] 71.115.163.27 #2: peer's ID_USER_FQDN contains no @
Nov 12 08:10:11 - [VPN Log]: "Test"[2] 71.115.163.27 #2: sending encrypted notification INVALID_ID_INFORMATION to 71.115.163.27:500
Nov 12 08:10:11 - [VPN Log]: "Test"[2] 71.115.163.27 #2: ignoring informational payload, type IPSEC_INITIAL_CONTACT
Nov 12 08:10:11 - [VPN Log]: "Test"[2] 71.115.163.27 #2: peer's ID_USER_FQDN contains no @
Nov 12 08:10:11 - [VPN Log]: "Test"[2] 71.115.163.27 #2: sending encrypted notification INVALID_ID_INFORMATION to 71.115.163.27:500
Nov 12 08:10:16 - [VPN Log]: "Test"[2] 71.115.163.27 #2: ignoring informational payload, type IPSEC_INITIAL_CONTACT
Nov 12 08:10:16 - [VPN Log]: "Test"[2] 71.115.163.27 #2: peer's ID_USER_FQDN contains no @
Nov 12 08:10:16 - [VPN Log]: "Test"[2] 71.115.163.27 #2: sending encrypted notification INVALID_ID_INFORMATION to 71.115.163.27:500
Nov 12 08:10:22 - [VPN Log]: "Test"[2] 71.115.163.27 #2: ignoring informational payload, type IPSEC_INITIAL_CONTACT
Nov 12 08:10:22 - [VPN Log]: "Test"[2] 71.115.163.27 #2: peer's ID_USER_FQDN contains no @
Nov 12 08:10:22 - [VPN Log]: "Test"[2] 71.115.163.27 #2: sending encrypted notification INVALID_ID_INFORMATION to 71.115.163.27:500
Nov 12 08:10:29 - [VPN Log]: "Test"[2] 71.115.163.27 #2: next payload type of ISAKMP Hash Payload has an unknown value: 216
Nov 12 08:10:29 - [VPN Log]: "Test"[2] 71.115.163.27 #2: malformed payload in packet
Nov 12 08:10:29 - [VPN Log]: "Test"[2] 71.115.163.27 #2: sending notification PAYLOAD_MALFORMED to 71.115.163.27:500
It appears that the initial setup on the client is not getting through at all. The LinkSys says it does not a proper userid and the NCP client says it loses contact in phase 1.
All I can suggest here is that you mirror your settings in the LinkSys to settings in NCP, but you may need to get some local setup assistance here as well. ... Thinkpads_User
All I can suggest here is that you mirror your settings in the LinkSys to settings in NCP, but you may need to get some local setup assistance here as well. ... Thinkpads_User
I've used the RVS4000 in multiple locations, but have never seen it work for client to network. I don't think that unit supprts that configuration. For client to network, you'd new to go to a RV042.
I use an RV042 (noted much earlier) and the RV0xx series does work. ... Thinkpads_User
The RV0 Series does work from client to router... although the VPN client for IPSEC that LInksys provides is not the best...
The best client for VPN at this point is the NCP Secure Entry client and it works with Linksys RV0xx routers as well as Juniper Netscreen and others. ... Thinkpads_User
ASKER
Well I dont understand why the connection isn't being made. Still working on the issue.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
yes, i am going to try to troubleshoot a little bit longer, then i'm going to try to use my server instead of the router.
ASKER
Come to realize that I'm just screwed while using this router for VPN other than branch connections.
In a LinkSys RV042 (probably quite similar) there are two types of tunnels: Gateway <-> Gateway for two like routers connected to each other and Gateway <-> Client for one router and one client machine.
Then the Local setting above (assuming this is the machine with the router) looks fine (same as mine).
The remote end is very different. You looked like you used the Gateway <-> Gateway, and you need a Client setting for the remote end. Further, you would need an IPsec VPN application on the laptop to access your home machine. Check the remote end settings.
... Thinkpads_User