Hopefully this is obvious to someone out there, but I'm completely
stumped.....
I have been over and over the settings for a mobile VPN connection I am
trying to establish.. re-typed Shared Key's, checked and tried again....
but I seem to always fail at the same point... Phase II negotiations.
Phase II settings on the client are:
SA Life: 120 sec
Using ESP, 3DES, SHA-1, Group 2
At Gnatbox the VPN User is set to use the Mobile VPN object, as
described below:
MOBILE VPNs
Name: MOBILE
Authentication required: yes
Gateway: EXTERNAL
Force mobile protocol: no
Local network: 192.168.0.0/24
Phase 1: aggressive 3des hmac-sha1 group 2
Phase 2: 3des hmac-sha1 group 2
From the GBVPNClient Log Viewer the following is a typical connection
attempt:
14:46:11.920 My Connections\VPN01 - Initiating IKE Phase 1 (IP ADDR=x.x.x.x)
14:46:11.960 My Connections\VPN01 - SENDING>>>> ISAKMP OAK AG (SA, KE,
NON, ID, VID, VID, VID, VID)
14:46:13.483 My Connections\VPN01 - RECEIVED<<< ISAKMP OAK AG (SA, KE,
NON, ID, HASH, VID)
14:46:13.503 My Connections\VPN01 - SENDING>>>> ISAKMP OAK AG *(HASH,
NOTIFY:STATUS_INITIAL_CONTACT)
14:46:13.503 My Connections\VPN01 - Established IKE SA
14:46:13.503 MY COOKIE cf 56 57 74 21 c8 f3 45
14:46:13.503 HIS COOKIE 49 a0 a1 ca 57 35 b a4
14:46:13.543 My Connections\VPN01 - Initiating IKE Phase 2 with Client
IDs (message id: 745E2A39)
14:46:13.543 Initiator = IP ADDR=192.168.1.2, prot = 0 port = 0
14:46:13.543 Responder = IP SUBNET/MASK=x.x.x.x/255.255.255.0, prot =
0 port = 0
14:46:13.543 My Connections\VPN01 - SENDING>>>> ISAKMP OAK QM *(HASH,
SA, NON, KE, ID, ID)
14:46:28.614 My Connections\VPN01 - QM re-keying timed out (message id:
745E2A39). Retry count: 1
14:46:28.614 My Connections\VPN01 - SENDING>>>> ISAKMP OAK QM
*(Retransmission)
14:46:43.635 My Connections\VPN01 - QM re-keying timed out (message id:
745E2A39). Retry count: 2
14:46:43.635 My Connections\VPN01 - SENDING>>>> ISAKMP OAK QM
*(Retransmission)
14:46:58.657 My Connections\VPN01 - QM re-keying timed out (message id:
745E2A39). Retry count: 3
14:46:58.657 My Connections\VPN01 - SENDING>>>> ISAKMP OAK QM
*(Retransmission)
14:47:13.678 My Connections\VPN01 - Exceeded 3 re-keying attempts
(message id: 745E2A39)
14:47:39.975 My Connections\VPN01 - RECEIVED<<< ISAKMP OAK INFO *(HASH, DEL)
14:47:39.975 My Connections\VPN01 - Deleting IKE SA (IP ADDR=x.x.x.x)
14:47:39.975 MY COOKIE cf 56 57 74 21 c8 f3 45
14:47:39.975 HIS COOKIE 49 a0 a1 ca 57 35 b a4
Does anyone have any ideas as to where I should look next? I think I'm
suffering from not being able to see the "Wood for the Trees" at the
moment , so any suggestions would be much appreciated...
Oh.... before I forget.. Gnatbox = GBFlash v3.2.5, VPN Client = 701
(build22), Authentication Client = v323
TIA
Matthew Tetzlaff
Asset Information Systems
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
To subscribe to the digest version first unsubscribe, then
e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Archive of the last 1000 messages:
http://www.mail-archive.com/[email protected]
