Solved

Setup FVS336G L2tp IPSEC VPN. Authentication failed when connecting.

Posted on 2016-11-03
  • Netgear
  • iPad
  • Routers
  • IPsec
  • Networking
  • +1
2
17 Views
Last Modified: 2016-11-22
Hi All,

I’m trying to get a Client to Gateway VPN working with L2tp and IPSEC. I’m using a Netgear FVS336Gv2 which is connected to a fibre modem. The WAN light is green and I am able to surf the internet with a pc wired directly to the router. I’m sorry but this is new ground for me and would appreciate your help on this. I’ve set the iPad with a L2tp connection VPN but everytime I click connect I get the following log on the router and the iPad doesn’t authenticate correctly. What am I doing wrong please?

Error Log:

Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] ERROR:  Failed to get matching proposal for 85.XXX.XXX.XXX[24639].
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] ERROR:  No suitable proposal found for 85.XXX.XXX.XXX[24639].
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING:  Rejected phase 1 proposal as Peer's hashtype "MD5" mismatched with Local "SHA".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING:  Rejected phase 1 proposal as Peer's authentication method "pre-shared key" mismatched with Local "XAuth psk server".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING:  Rejected phase 1 proposal as Peer's encryption type "3DES-CBC" mismatched with Local "AES-CBC".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING:  Rejected phase 1 proposal as Peer's authentication method "pre-shared key" mismatched with Local "XAuth psk server".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING:  Rejected phase 1 proposal as Peer's encryption type "3DES-CBC" mismatched with Local "AES-CBC".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING:  Rejected phase 1 proposal as Peer's hashtype "MD5" mismatched with Local "SHA".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING:  Rejected phase 1 proposal as Peer's authentication method "pre-shared key" mismatched with Local "XAuth psk server".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING:  Rejected phase 1 proposal as Peer's authentication method "pre-shared key" mismatched with Local "XAuth psk server".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING:  Rejected phase 1 proposal as Peer's hashtype "MD5" mismatched with Local "SHA".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING:  Rejected phase 1 proposal as Peer's authentication method "pre-shared key" mismatched with Local "XAuth psk server".
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING:  Rejected phase 1 proposal as Peer's authentication method "pre-shared key" mismatched with Local "XAuth psk server".
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  For 85.XXX.XXX.XXX[24639], Selected NAT-T version: RFC 3947
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Received Vendor ID: DPD
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Received unknown Vendor ID

Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Received unknown Vendor ID
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Received unknown Vendor ID
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Received unknown Vendor ID
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Received unknown Vendor ID
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Received unknown Vendor ID
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Received unknown Vendor ID
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Received unknown Vendor ID
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Received unknown Vendor ID
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Received Vendor ID: RFC 3947
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Beginning Identity Protection mode.
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Received request for new phase 1 negotiation: 109.XXX.XXX.XXX[500]<=>85.XXX.XXX.XXX[24639]
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Configuration found for 85.XXX.XXX.XXX[24639].

L2tp Setup:
 L2tp
IKE Policy Setup:
IKE
VPN Policy:
VPN Policy

Many Thanks Lee
0
Comment
Question by:Codingitup
  • 2
2 Comments
 
LVL 13

Accepted Solution

by:
SIM50 earned 500 total points (awarded by participants)
Comment Utility
You need to configure the same ISAKMP policy on both ends - AES128, SHA1, DH Group 2.
0
 
LVL 13

Expert Comment

by:SIM50
Comment Utility
IKE policy needs to match on both ends.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
SMB Routers with GB WAN 12 30
Printer Settings 3 57
HTTPS/SSL based VPN will full functionality? 2 21
RDP Sonicwall 8 19
#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now