Hi,
VPN = Netgear FVS318G. Shrew Client v 2.1.6 running on Windows XP SP3.
Does this log output scream anything that I've done incorrectly? This was
previously working with no changes made to either client or VPN Router. I'm a
bit baffled.
VPN Trace:
The SP tab looks good. The SA tab shows traffic from client to router but
there's 0 bytes from Router to Client.
The IP address of the Remote LAN is 192.168.1.1/255.255.255.0. The Mode config
DHCP range is in the 192.168.2.x subnet 255.255.255.0.
The Local LAN is 10.0.0.x/255.255.255.0 subnet.
The VPN log output:
- Last output repeated 2 times -
2010 May 19 20:14:01 [FVS318g] [IKE] an undead schedule has been deleted:
'pk_recvupdate'._
2010 May 19 20:14:01 [FVS318g] [IKE] Purged IPsec-SA with proto_id=ESP and
spi=2557767751(0x98747047)._
2010 May 19 20:14:01 [FVS318g] [IKE] Purged ISAKMP-SA with proto_id=ISAKMP and
spi=4ffe558a9287ad0d:57a38005c87b2bca._
2010 May 19 20:14:02 [FVS318g] [IKE] ISAKMP-SA deleted for
66.30.154.165[4500]-98.216.225.129[4500] with
spi:4ffe558a9287ad0d:57a38005c87b2bca_
2010 May 19 20:14:03 [FVS318g] [IKE] 192.168.2.50 IP address has been released
by remote peer._
2010 May 19 20:14:08 [FVS318g] [IKE] Remote configuration for identifier
"client.domain.com" found_
2010 May 19 20:14:08 [FVS318g] [IKE] Received request for new phase 1
negotiation: 66.30.154.165[500]<=>98.216.225.129[500]_
2010 May 19 20:14:08 [FVS318g] [IKE] Beginning Aggressive mode._
2010 May 19 20:14:08 [FVS318g] [IKE] Received Vendor ID:
draft-ietf-ipsra-isakmp-xauth-06.txt_
2010 May 19 20:14:08 [FVS318g] [IKE] Received unknown Vendor ID_
- Last output repeated twice -
2010 May 19 20:14:08 [FVS318g] [IKE] Received Vendor ID:
draft-ietf-ipsec-nat-t-ike-02__
2010 May 19 20:14:08 [FVS318g] [IKE] Received unknown Vendor ID_
- Last output repeated 2 times -
2010 May 19 20:14:08 [FVS318g] [IKE] Received Vendor ID: DPD_
2010 May 19 20:14:08 [FVS318g] [IKE] Received unknown Vendor ID_
- Last output repeated 2 times -
2010 May 19 20:14:08 [FVS318g] [IKE] Received Vendor ID: CISCO-UNITY_
2010 May 19 20:14:08 [FVS318g] [IKE] For 98.216.225.129[500], Selected NAT-T
version: draft-ietf-ipsec-nat-t-ike-02_
2010 May 19 20:14:09 [FVS318g] [IKE] Floating ports for NAT-T with peer
98.216.225.129[4500]_
2010 May 19 20:14:09 [FVS318g] [IKE] NAT-D payload does not match for
66.30.154.165[4500]_
2010 May 19 20:14:09 [FVS318g] [IKE] NAT-D payload does not match for
98.216.225.129[4500]_
2010 May 19 20:14:10 [FVS318g] [IKE] NAT detected: Local is behind a NAT
device. and alsoPeer is behind a NAT device_
2010 May 19 20:14:10 [FVS318g] [IKE] Sending Xauth request to
98.216.225.129[4500]_
2010 May 19 20:14:10 [FVS318g] [IKE] ISAKMP-SA established for
66.30.154.165[4500]-98.216.225.129[4500] with
spi:cdff094ce5ec83fd:b37ec0139449df85_
2010 May 19 20:14:10 [FVS318g] [IKE] purging spi=50156922._
2010 May 19 20:14:10 [FVS318g] [IKE] Received attribute type "ISAKMP_CFG_REPLY"
from 98.216.225.129[4500]_
2010 May 19 20:14:10 [FVS318g] [IKE] Login succeeded for user "necb"_
2010 May 19 20:14:10 [FVS318g] [IKE] Received attribute type
"ISAKMP_CFG_REQUEST" from 98.216.225.129[4500]_
2010 May 19 20:14:10 [FVS318g] [IKE] 192.168.2.50 IP address is assigned to
remote peer 98.216.225.129[4500]_
2010 May 19 20:14:10 [FVS318g] [IKE] Ignored attribute 5_
2010 May 19 20:14:16 [FVS318g] [IKE] Responding to new phase 2 negotiation:
66.30.154.165[0]<=>98.216.225.129[0]_
2010 May 19 20:14:16 [FVS318g] [IKE] Using IPsec SA configuration:
192.168.1.0/24<->192.168.2.0/24_
2010 May 19 20:14:17 [FVS318g] [IKE] Adjusting peer's encmode
61443(61443)->Tunnel(1)_
2010 May 19 20:14:17 [FVS318g] [IKE] IPsec-SA established[UDP encap
4500->4500]: ESP/Tunnel 98.216.225.129->66.30.154.165 with
spi=1265547(0x134f8b)_
2010 May 19 20:14:17 [FVS318g] [IKE] IPsec-SA established[UDP encap
4500->4500]: ESP/Tunnel 66.30.154.165->98.216.225.129 with
spi=3340201975(0xc7176ff7)_
2010 May 19 20:14:25 [FVS318g] [IKE] Sending Informational Exchange: notify
payload[10637]_
Thanks in advance,
Mike
_______________________________________________
vpn-help mailing list
[email protected]
http://lists.shrew.net/mailman/listinfo/vpn-help
