Client is running Windows 7 Home Premium with WatchGuard VPN client 10.10 (I think?)
Symptoms:
Client clicks the connect button on the VPN client. After a brief wait, client displays the message:
"Cannot connect to gateway (waiting for msg 2)."
Log snippet from VPN client:
5/16/2011 8:40:08 AMMONITOR: Installed - WatchGuard Mobile VPN 1010 Build 59 (910)
5/16/2011 8:40:08 AMMONITOR: Licensed - WatchGuard Mobile VPN 1010
5/16/2011 8:40:13 AMIPSec: Start building connection
5/16/2011 8:40:13 AMIke: Outgoing connect request AGGRESSIVE mode - gateway=xx.xx.xx.xx : jsmith
5/16/2011 8:40:13 AMIke: XMIT_MSG1_AGGRESSIVE - jsmith
5/16/2011 8:40:42 AMERROR - 4021: IKE(phase1) - Could not contact Gateway (No response) in state <Wait for Message 2> - jsmith.
5/16/2011 8:40:42 AMIke: phase1:name(jsmith) - error - retry timeout - max retries
Glad to provide setup specs for VPN and/or firewall rules. First time I've run into this problem, but also the first time I've tried to set up with a windows 7 client.
It is being blocked by the default rule as it is trying to contact the firewall on port 581498. The first line shown is the first indication in the log that there's a problem.
how is that even possible?
581498... there are only 65000 and something ports...
jhaffner
ASKER
Sorry. My mistake on the port number. However, The lines shown are the first time the IP address shows up in the Watchguard log.
setasoujiro
can you enable debug logging on vpn?
in system manager -->setup-->logging choose vpn and set it to debug.
then when you try and connect view the debug logs and paste here please
i'm sorry but i need the debug logs from the firewall, not the client connecting...
you need to set the debug on the wg, not the client
but just one question is the ipsec policy on the wg set to agressive mode and not mail?
in case you didn't adjust this manually it is in main mode by deault
Having said that, I'd like to avoid burdening the user's feeble laptop with a VM if I can avoid it.
I'll keep the option in my back pocket.