We help IT Professionals succeed at work.
Get Started

Windows 7 VPN Blocked at Watchguard

5,881 Views
Last Modified: 2013-11-16
Environment: Watchguard Firebox x700 running firebox release "pandora" (Driver version 7.5.0 B2063)

Client is running Windows 7 Home Premium with WatchGuard VPN client 10.10 (I think?)

Symptoms:
Client clicks the connect button on the VPN client. After a brief wait, client displays the message:
"Cannot connect to gateway (waiting for msg 2)."

Log snippet from VPN client:

5/16/2011 8:40:08 AMMONITOR: Installed - WatchGuard Mobile VPN 1010 Build 59 (910)
5/16/2011 8:40:08 AMMONITOR: Licensed - WatchGuard Mobile VPN 1010
5/16/2011 8:40:13 AMIPSec: Start building connection
5/16/2011 8:40:13 AMIke: Outgoing connect request AGGRESSIVE mode - gateway=xx.xx.xx.xx : jsmith
5/16/2011 8:40:13 AMIke: XMIT_MSG1_AGGRESSIVE - jsmith
5/16/2011 8:40:42 AMERROR - 4021: IKE(phase1) - Could not contact Gateway (No response) in state <Wait for Message 2> - jsmith.
5/16/2011 8:40:42 AMIke: phase1:name(jsmith) - error - retry timeout - max retries

End snippet

Firewall log shows my user's IP being blocked:

User's IP is yy.yy.yy.yy. Firewall IP is xx.xx.xx.xx
05/16/11 10:11:18 kernel Temporarily blocking host yy.yy.yy.yy 581498
05/16/11 10:11:18 firewalld[132] deny in eth0 52 udp 20 115 yy.yy.yy.yy xx.xx.xx.xx 38473 53916 (default)
05/16/11 10:11:18 firewalld[132] deny in eth0 52 udp 20 115 yy.yy.yy.yy xx.xx.xx.xx 38473 53917 (blocked site)
05/16/11 10:11:18 firewalld[132] deny in eth0 52 udp 20 115 yy.yy.yy.yy xx.xx.xx.xx 38473 53918 (blocked site)
05/16/11 10:11:18 firewalld[132] deny in eth0 60 udp 20 115 yy.yy.yy.yy xx.xx.xx.xx 38473 53915 (blocked site)
05/16/11 10:11:40 firewalld[132] deny in eth0 52 udp 20 115 yy.yy.yy.yy xx.xx.xx.xx 38474 53999 (blocked site)
05/16/11 10:11:40 firewalld[132] deny in eth0 52 udp 20 115 yy.yy.yy.yy xx.xx.xx.xx 38474 54001 (blocked site)
05/16/11 10:11:40 firewalld[132] deny in eth0 52 udp 20 115 yy.yy.yy.yy xx.xx.xx.xx 38474 54000 (blocked site)
05/16/11 10:11:40 firewalld[132] deny in eth0 52 udp 20 115 yy.yy.yy.yy xx.xx.xx.xx 38474 54002 (blocked site)
05/16/11 10:11:40 firewalld[132] deny in eth0 60 udp 20 115 yy.yy.yy.yy xx.xx.xx.xx 38474 53999 (blocked site)

Glad to provide setup specs for VPN and/or firewall rules. First time I've run into this problem, but also the first time I've tried to set up with a windows 7 client.

Comment
Watch Question
Commented:
This problem has been solved!
Unlock 3 Answers and 14 Comments.
See Answers
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE