We help IT Professionals succeed at work.
Get Started
Windows 7 VPN Blocked at Watchguard
Environment: Watchguard Firebox x700 running firebox release "pandora" (Driver version 7.5.0 B2063)
Client is running Windows 7 Home Premium with WatchGuard VPN client 10.10 (I think?)
Symptoms:
Client clicks the connect button on the VPN client. After a brief wait, client displays the message:
"Cannot connect to gateway (waiting for msg 2)."
Log snippet from VPN client:
5/16/2011 8:40:08 AMMONITOR: Installed - WatchGuard Mobile VPN 1010 Build 59 (910)
5/16/2011 8:40:08 AMMONITOR: Licensed - WatchGuard Mobile VPN 1010
5/16/2011 8:40:13 AMIPSec: Start building connection
5/16/2011 8:40:13 AMIke: Outgoing connect request AGGRESSIVE mode - gateway=xx.xx.xx.xx : jsmith
5/16/2011 8:40:13 AMIke: XMIT_MSG1_AGGRESSIVE - jsmith
5/16/2011 8:40:42 AMERROR - 4021: IKE(phase1) - Could not contact Gateway (No response) in state <Wait for Message 2> - jsmith.
5/16/2011 8:40:42 AMIke: phase1:name(jsmith) - error - retry timeout - max retries
End snippet
Firewall log shows my user's IP being blocked:
User's IP is yy.yy.yy.yy. Firewall IP is xx.xx.xx.xx
05/16/11 10:11:18 kernel Temporarily blocking host yy.yy.yy.yy 581498
05/16/11 10:11:18 firewalld[132] deny in eth0 52 udp 20 115 yy.yy.yy.yy xx.xx.xx.xx 38473 53916 (default)
05/16/11 10:11:18 firewalld[132] deny in eth0 52 udp 20 115 yy.yy.yy.yy xx.xx.xx.xx 38473 53917 (blocked site)
05/16/11 10:11:18 firewalld[132] deny in eth0 52 udp 20 115 yy.yy.yy.yy xx.xx.xx.xx 38473 53918 (blocked site)
05/16/11 10:11:18 firewalld[132] deny in eth0 60 udp 20 115 yy.yy.yy.yy xx.xx.xx.xx 38473 53915 (blocked site)
05/16/11 10:11:40 firewalld[132] deny in eth0 52 udp 20 115 yy.yy.yy.yy xx.xx.xx.xx 38474 53999 (blocked site)
05/16/11 10:11:40 firewalld[132] deny in eth0 52 udp 20 115 yy.yy.yy.yy xx.xx.xx.xx 38474 54001 (blocked site)
05/16/11 10:11:40 firewalld[132] deny in eth0 52 udp 20 115 yy.yy.yy.yy xx.xx.xx.xx 38474 54000 (blocked site)
05/16/11 10:11:40 firewalld[132] deny in eth0 52 udp 20 115 yy.yy.yy.yy xx.xx.xx.xx 38474 54002 (blocked site)
05/16/11 10:11:40 firewalld[132] deny in eth0 60 udp 20 115 yy.yy.yy.yy xx.xx.xx.xx 38474 53999 (blocked site)
Glad to provide setup specs for VPN and/or firewall rules. First time I've run into this problem, but also the first time I've tried to set up with a windows 7 client.
Client is running Windows 7 Home Premium with WatchGuard VPN client 10.10 (I think?)
Symptoms:
Client clicks the connect button on the VPN client. After a brief wait, client displays the message:
"Cannot connect to gateway (waiting for msg 2)."
Log snippet from VPN client:
5/16/2011 8:40:08 AMMONITOR: Installed - WatchGuard Mobile VPN 1010 Build 59 (910)
5/16/2011 8:40:08 AMMONITOR: Licensed - WatchGuard Mobile VPN 1010
5/16/2011 8:40:13 AMIPSec: Start building connection
5/16/2011 8:40:13 AMIke: Outgoing connect request AGGRESSIVE mode - gateway=xx.xx.xx.xx : jsmith
5/16/2011 8:40:13 AMIke: XMIT_MSG1_AGGRESSIVE - jsmith
5/16/2011 8:40:42 AMERROR - 4021: IKE(phase1) - Could not contact Gateway (No response) in state <Wait for Message 2> - jsmith.
5/16/2011 8:40:42 AMIke: phase1:name(jsmith) - error - retry timeout - max retries
End snippet
Firewall log shows my user's IP being blocked:
User's IP is yy.yy.yy.yy. Firewall IP is xx.xx.xx.xx
05/16/11 10:11:18 kernel Temporarily blocking host yy.yy.yy.yy 581498
05/16/11 10:11:18 firewalld[132] deny in eth0 52 udp 20 115 yy.yy.yy.yy xx.xx.xx.xx 38473 53916 (default)
05/16/11 10:11:18 firewalld[132] deny in eth0 52 udp 20 115 yy.yy.yy.yy xx.xx.xx.xx 38473 53917 (blocked site)
05/16/11 10:11:18 firewalld[132] deny in eth0 52 udp 20 115 yy.yy.yy.yy xx.xx.xx.xx 38473 53918 (blocked site)
05/16/11 10:11:18 firewalld[132] deny in eth0 60 udp 20 115 yy.yy.yy.yy xx.xx.xx.xx 38473 53915 (blocked site)
05/16/11 10:11:40 firewalld[132] deny in eth0 52 udp 20 115 yy.yy.yy.yy xx.xx.xx.xx 38474 53999 (blocked site)
05/16/11 10:11:40 firewalld[132] deny in eth0 52 udp 20 115 yy.yy.yy.yy xx.xx.xx.xx 38474 54001 (blocked site)
05/16/11 10:11:40 firewalld[132] deny in eth0 52 udp 20 115 yy.yy.yy.yy xx.xx.xx.xx 38474 54000 (blocked site)
05/16/11 10:11:40 firewalld[132] deny in eth0 52 udp 20 115 yy.yy.yy.yy xx.xx.xx.xx 38474 54002 (blocked site)
05/16/11 10:11:40 firewalld[132] deny in eth0 60 udp 20 115 yy.yy.yy.yy xx.xx.xx.xx 38474 53999 (blocked site)
Glad to provide setup specs for VPN and/or firewall rules. First time I've run into this problem, but also the first time I've tried to set up with a windows 7 client.
Why Experts Exchange?
Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.
Jim Murphy
Programmer at Smart IT Solutions
When asked, what has been your best career decision?
Deciding to stick with EE.
Mohamed Asif
Technical Department Head
Being involved with EE helped me to grow personally and professionally.
Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question
Connect with Certified Experts to gain insight and support on specific technology challenges including:
- Troubleshooting
- Research
- Professional Opinions
Did You Know?
We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE