Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Setup FVS336G L2tp IPSEC VPN. Authentication failed when connecting.

Posted on 2016-11-03
2
Medium Priority
?
112 Views
Last Modified: 2016-11-22
Hi All,

I’m trying to get a Client to Gateway VPN working with L2tp and IPSEC. I’m using a Netgear FVS336Gv2 which is connected to a fibre modem. The WAN light is green and I am able to surf the internet with a pc wired directly to the router. I’m sorry but this is new ground for me and would appreciate your help on this. I’ve set the iPad with a L2tp connection VPN but everytime I click connect I get the following log on the router and the iPad doesn’t authenticate correctly. What am I doing wrong please?

Error Log:

Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] ERROR:  Failed to get matching proposal for 85.XXX.XXX.XXX[24639].
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] ERROR:  No suitable proposal found for 85.XXX.XXX.XXX[24639].
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING:  Rejected phase 1 proposal as Peer's hashtype "MD5" mismatched with Local "SHA".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING:  Rejected phase 1 proposal as Peer's authentication method "pre-shared key" mismatched with Local "XAuth psk server".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING:  Rejected phase 1 proposal as Peer's encryption type "3DES-CBC" mismatched with Local "AES-CBC".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING:  Rejected phase 1 proposal as Peer's authentication method "pre-shared key" mismatched with Local "XAuth psk server".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING:  Rejected phase 1 proposal as Peer's encryption type "3DES-CBC" mismatched with Local "AES-CBC".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING:  Rejected phase 1 proposal as Peer's hashtype "MD5" mismatched with Local "SHA".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING:  Rejected phase 1 proposal as Peer's authentication method "pre-shared key" mismatched with Local "XAuth psk server".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING:  Rejected phase 1 proposal as Peer's authentication method "pre-shared key" mismatched with Local "XAuth psk server".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING:  Rejected phase 1 proposal as Peer's hashtype "MD5" mismatched with Local "SHA".
Thu Nov 03 10:50:23 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING:  Rejected phase 1 proposal as Peer's authentication method "pre-shared key" mismatched with Local "XAuth psk server".
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] WARNING:  Rejected phase 1 proposal as Peer's authentication method "pre-shared key" mismatched with Local "XAuth psk server".
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  For 85.XXX.XXX.XXX[24639], Selected NAT-T version: RFC 3947
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Received Vendor ID: DPD
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Received unknown Vendor ID

Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Received unknown Vendor ID
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Received unknown Vendor ID
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Received unknown Vendor ID
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Received unknown Vendor ID
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Received unknown Vendor ID
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Received unknown Vendor ID
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Received unknown Vendor ID
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Received unknown Vendor ID
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Received Vendor ID: RFC 3947
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Beginning Identity Protection mode.
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Received request for new phase 1 negotiation: 109.XXX.XXX.XXX[500]<=>85.XXX.XXX.XXX[24639]
Thu Nov 03 10:50:22 2016 (GMT +0000): [FVS336Gv2] [IKE] INFO:  Configuration found for 85.XXX.XXX.XXX[24639].

L2tp Setup:
 L2tp
IKE Policy Setup:
IKE
VPN Policy:
VPN Policy

Many Thanks Lee
0
Comment
Question by:Codingitup
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 
LVL 14

Accepted Solution

by:
SIM50 earned 2000 total points (awarded by participants)
ID: 41872584
You need to configure the same ISAKMP policy on both ends - AES128, SHA1, DH Group 2.
0
 
LVL 14

Expert Comment

by:SIM50
ID: 41897226
IKE policy needs to match on both ends.
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
This program is used to assist in finding and resolving common problems with wireless connections.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question