• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 196
  • Last Modified:

Setup FVS336G L2tp IPSEC VPN. Authentication failed when connecting.

Hi All,

I’m trying to get a Client to Gateway VPN working with L2tp and IPSEC. I’m using a Netgear FVS336Gv2 which is connected to a fibre modem. The WAN light is green and I am able to surf the internet with a pc wired directly to the router. I’m sorry but this is new ground for me and would appreciate your help on this. I’ve set the iPad with a L2tp connection VPN but everytime I click connect I get the following log on the router and the iPad doesn’t authenticate correctly. What am I doing wrong please?

Error Log:

Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] ERROR:  Failed to get matching proposal for 85.XXX.XXX.XXX[24639].
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] ERROR:  No suitable proposal found for 85.XXX.XXX.XXX[24639].
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING:  Rejected phase 1 proposal as Peer's hashtype "MD5" mismatched with Local "SHA".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING:  Rejected phase 1 proposal as Peer's authentication method "pre-shared key" mismatched with Local "XAuth psk server".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING:  Rejected phase 1 proposal as Peer's encryption type "3DES-CBC" mismatched with Local "AES-CBC".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING:  Rejected phase 1 proposal as Peer's authentication method "pre-shared key" mismatched with Local "XAuth psk server".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING:  Rejected phase 1 proposal as Peer's encryption type "3DES-CBC" mismatched with Local "AES-CBC".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING:  Rejected phase 1 proposal as Peer's hashtype "MD5" mismatched with Local "SHA".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING:  Rejected phase 1 proposal as Peer's authentication method "pre-shared key" mismatched with Local "XAuth psk server".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING:  Rejected phase 1 proposal as Peer's authentication method "pre-shared key" mismatched with Local "XAuth psk server".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING:  Rejected phase 1 proposal as Peer's hashtype "MD5" mismatched with Local "SHA".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING:  Rejected phase 1 proposal as Peer's authentication method "pre-shared key" mismatched with Local "XAuth psk server".
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING:  Rejected phase 1 proposal as Peer's authentication method "pre-shared key" mismatched with Local "XAuth psk server".
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  For 85.XXX.XXX.XXX[24639], Selected NAT-T version: RFC 3947
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Received Vendor ID: DPD
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Received unknown Vendor ID

Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Received unknown Vendor ID
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Received unknown Vendor ID
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Received unknown Vendor ID
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Received unknown Vendor ID
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Received unknown Vendor ID
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Received unknown Vendor ID
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Received unknown Vendor ID
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Received unknown Vendor ID
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Received Vendor ID: RFC 3947
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Beginning Identity Protection mode.
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Received request for new phase 1 negotiation: 109.XXX.XXX.XXX[500]<=>85.XXX.XXX.XXX[24639]
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Configuration found for 85.XXX.XXX.XXX[24639].

L2tp Setup:
 L2tp
IKE Policy Setup:
IKE
VPN Policy:
VPN Policy

Many Thanks Lee
0
Codingitup
Asked:
Codingitup
  • 2
1 Solution
 
SIM50Commented:
You need to configure the same ISAKMP policy on both ends - AES128, SHA1, DH Group 2.
0
 
SIM50Commented:
IKE policy needs to match on both ends.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now