Re: [vpn-help] FVS338 tunnel established but can't ping remote IP's/SSH/DNS etc.

Tue, 11 Jan 2011 11:00:30 -0800 

Kevin,

I told shrew to use 10.1.1.0/24.  In the FVS338 here is the ModeConfig

Client Pool:
Record Name:    Pool
First IP Pool:  10.1.2.150 - 10.1.2.160
Section IP Pool:        0.0.0.0 - 0.0.0.0
Third IP Pool:  0.0.0.0 - 0.0.0.0
Primary WINS Server:    0.0.0.0
Secondary WINS Server:  0.0.0.0
Primary DNS Server:     8.8.8.8
Secondary DNS Server:   8.8.4.4
Traffic Tunnel Security Level:
PFS Key Group:  Group 2 (1024 bit)
SA Lifetime:    3600
SA Lifebyte:    0
Encryption Algorithm:   3DES
Integrity Algorithm:    SHA-1
Local IP Address:       10.1.1.0
Local Subnet Mask:      255.255.255.0


My internal network is 10.1.1.0/24.  Am I missing something?

Thank you,

David

PS Matthew, I don't see that option in the Shrew Soft Client



On Tue, 2011-01-11 at 13:28 -0500, kevin vpn wrote:
> Hi David,
> 
> To me it looks like you have a policy mismatch ("No policy found"
> error in the Netgear log) which is preventing Phase2 negotiations from
> completing properly.  Double check that the IP ranges that you have
> told Shrew to tunnel match those that the gateway expects.
> 
> > From: [email protected]
> > To: [email protected]
> > Date: Tue, 11 Jan 2011 10:57:03 -0500
> > Subject: [vpn-help] FVS338 tunnel established but can't ping remote
> IP's/SSH/DNS etc.
> > 
> > 
> > Shrew Soft Version 2.1.5
> > Netgear FVS338
> > Ubuntu 11.04
> > 
> > Below is my shrew soft client config:
> >...
> > s:policy-list-include:10.1.1.0 / 255.255.255.0
> > 
> > 
> > Netgear FVS338 VPN Log
> > ...
> > 2011 Jan 11 10:00:09 [FVS338] [IKE] Responding to new phase 2
> > negotiation: x.yy.57.73[0]<=>xx.yy.216.191[0]_
> > 2011 Jan 11 10:00:09 [FVS338] [IKE] Using IPsec SA configuration:
> > 10.1.1.0/24<->10.1.2.0/24_
> > 2011 Jan 11 10:00:09 [FVS338] [IKE] No policy found:
> 10.1.2.150/32[0]
> > 10.1.1.0/24[0] proto=any dir=in_
> > 2011 Jan 11 10:00:09 [FVS338] [IKE] Failed to get proposal for
> > responder._
> > 
> 
> _______________________________________________
> vpn-help mailing list
> [email protected]
> http://lists.shrew.net/mailman/listinfo/vpn-help

-- 
David Borges
Director of Network Administration
3720 Davinci Court, Suite 200
Norcross GA, 30092
www.skitter.tv





_______________________________________________
vpn-help mailing list
[email protected]
http://lists.shrew.net/mailman/listinfo/vpn-help

Reply via email to