Solved

Setup FVS336G L2tp IPSEC VPN. Authentication failed when connecting.

Posted on 2016-11-03
  • Netgear
  • iPad
  • Routers
  • Internet Protocol Security
  • Networking
  • +1
2
51 Views
Last Modified: 2016-11-22
Hi All,

I’m trying to get a Client to Gateway VPN working with L2tp and IPSEC. I’m using a Netgear FVS336Gv2 which is connected to a fibre modem. The WAN light is green and I am able to surf the internet with a pc wired directly to the router. I’m sorry but this is new ground for me and would appreciate your help on this. I’ve set the iPad with a L2tp connection VPN but everytime I click connect I get the following log on the router and the iPad doesn’t authenticate correctly. What am I doing wrong please?

Error Log:

Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] ERROR:  Failed to get matching proposal for 85.XXX.XXX.XXX[24639].
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] ERROR:  No suitable proposal found for 85.XXX.XXX.XXX[24639].
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING:  Rejected phase 1 proposal as Peer's hashtype "MD5" mismatched with Local "SHA".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING:  Rejected phase 1 proposal as Peer's authentication method "pre-shared key" mismatched with Local "XAuth psk server".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING:  Rejected phase 1 proposal as Peer's encryption type "3DES-CBC" mismatched with Local "AES-CBC".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING:  Rejected phase 1 proposal as Peer's authentication method "pre-shared key" mismatched with Local "XAuth psk server".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING:  Rejected phase 1 proposal as Peer's encryption type "3DES-CBC" mismatched with Local "AES-CBC".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING:  Rejected phase 1 proposal as Peer's hashtype "MD5" mismatched with Local "SHA".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING:  Rejected phase 1 proposal as Peer's authentication method "pre-shared key" mismatched with Local "XAuth psk server".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING:  Rejected phase 1 proposal as Peer's authentication method "pre-shared key" mismatched with Local "XAuth psk server".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING:  Rejected phase 1 proposal as Peer's hashtype "MD5" mismatched with Local "SHA".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING:  Rejected phase 1 proposal as Peer's authentication method "pre-shared key" mismatched with Local "XAuth psk server".
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING:  Rejected phase 1 proposal as Peer's authentication method "pre-shared key" mismatched with Local "XAuth psk server".
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  For 85.XXX.XXX.XXX[24639], Selected NAT-T version: RFC 3947
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Received Vendor ID: DPD
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Received unknown Vendor ID

Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Received unknown Vendor ID
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Received unknown Vendor ID
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Received unknown Vendor ID
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Received unknown Vendor ID
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Received unknown Vendor ID
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Received unknown Vendor ID
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Received unknown Vendor ID
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Received unknown Vendor ID
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Received Vendor ID: RFC 3947
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Beginning Identity Protection mode.
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Received request for new phase 1 negotiation: 109.XXX.XXX.XXX[500]<=>85.XXX.XXX.XXX[24639]
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Configuration found for 85.XXX.XXX.XXX[24639].

L2tp Setup:
 L2tp
IKE Policy Setup:
IKE
VPN Policy:
VPN Policy

Many Thanks Lee
0
Comment
Question by:Codingitup
  • 2
2 Comments
 
LVL 14

Accepted Solution

by:
SIM50 earned 500 total points (awarded by participants)
ID: 41872584
You need to configure the same ISAKMP policy on both ends - AES128, SHA1, DH Group 2.
0
 
LVL 14

Expert Comment

by:SIM50
ID: 41897226
IKE policy needs to match on both ends.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
A professional opinion on which Apple product to buy, and a tidbit about the WWDC.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question