Hi Henry, I'm no sure but the Pool Address don't the same with LAN (use a other Pool )
Regards, On Thu, Mar 8, 2012 at 1:34 PM, Henry <[email protected]> wrote: > Hi guys, > > I just set up Netgear FVS318G as gateway-to-client with Shrew VPN > Client. My problem is, the VPN tunnel connection established, but the > PING does not work when ping the local devices reside on the LAN side > of FVS318G. I cannot see any LAN resource as no traffic passing > through the VPN Tunnel. > > My configurations are: > > My PC (LAN IP: 192.168.2.10) with Shrew VPN client Installed --> The > Internet --> BiPAC 7700N [(LAN IP: 10.1.1.1/24, DMZ set to FVS318G > (WAN IP: 10.1.1.2, LAN IP: 192.168.1.1/24, First Pool: starting > 192.168.1.190 Ending IP: 192.168.1.199)] > > The Shrew VPN client configuration was set up by using the guide > www.shrew.net/support/wiki/HowtoNetgear. Under Topology Entry, Type: > Include, Address 192.168.1.0, Netmask: 255.255.255.0 were configured. > > I know the BiPAC 7700N does not allow VPN. But as I set the FVS318G in > DMZ (the DMZ works as I could vpn to FVS318G by Shrew VPN client), > would that be possible the BiPAC 7700N drop the VPN traffic still? I > also changed different IP Schemes in First Pool under Mode Config.But > it did the same, the VPN Tunnel established, but cannot ping the VPN > gateway and cannot access local resources behind the gateway. > > Do you guys have any ideas? I would much appreciate for any input. > > Kind regards, > Henry > > > The FVS318G VPN logs are as below: > > 2012 Mar 8 11:56:54 [FVS318g] [IKE] IPsec-SA established[UDP encap > 4500->55126]: ESP/Tunnel 10.1.1.2->14.200.16.xxx with > spi=2454962505(0x9253c149)_ > 2012 Mar 8 11:56:54 [FVS318g] [IKE] IPsec-SA established[UDP encap > 55126->4500]: ESP/Tunnel 14.200.16.xxx->10.1.1.2 with > spi=240506340(0xe55d5e4)_ > 2012 Mar 8 11:56:53 [FVS318g] [IKE] Adjusting peer's encmode > 61443(61443)->Tunnel(1)_ > 2012 Mar 8 11:56:51 [FVS318g] [IKE] No policy found, generating the > policy : 192.168.1.191/32[0] 192.168.1.0/24[0] proto=any dir=in_ > 2012 Mar 8 11:56:51 [FVS318g] [IKE] Using IPsec SA configuration: > 192.168.1.0/24<->192.168.1.0/24_ > 2012 Mar 8 11:56:51 [FVS318g] [IKE] Responding to new phase 2 > negotiation: 10.1.1.2[0]<=>14.200.16.xxx[0]_ > 2012 Mar 8 11:56:51 [FVS318g] [IKE] 192.168.1.190 IP address is > assigned to remote peer 14.200.16.xxx[55126]_ > 2012 Mar 8 11:56:51 [FVS318g] [IKE] Cannot open "/etc/motd"_ > 2012 Mar 8 11:56:51 [FVS318g] [IKE] Received attribute type > "ISAKMP_CFG_REQUEST" from 14.200.16.xxx[55126]_ > 2012 Mar 8 11:56:51 [FVS318g] [IKE] Login succeeded for user "abc"_ > 2012 Mar 8 11:56:50 [FVS318g] [IKE] Received attribute type > "ISAKMP_CFG_REPLY" from 14.200.16.xxx[55126]_ > 2012 Mar 8 11:56:50 [FVS318g] [IKE] purging spi=162673254._ > 2012 Mar 8 11:56:50 [FVS318g] [IKE] ISAKMP-SA established for > 10.1.1.2[4500]-14.200.16.xxx[55126] with > spi:6cced634bc69f38f:1838b1314f37cdd1_ > 2012 Mar 8 11:56:50 [FVS318g] [IKE] Sending Xauth request to > 14.200.16.xxx[55126]_ > 2012 Mar 8 11:56:50 [FVS318g] [IKE] NAT detected: Local is behind a > NAT device. and alsoPeer is behind a NAT device_ > 2012 Mar 8 11:56:50 [FVS318g] [IKE] NAT-D payload does not match for > 14.200.16.xxx[55126]_ > 2012 Mar 8 11:56:50 [FVS318g] [IKE] NAT-D payload does not match for > 10.1.1.2[4500]_ > 2012 Mar 8 11:56:50 [FVS318g] [IKE] Floating ports for NAT-T with > peer 14.200.16.xxx[55126]_ > 2012 Mar 8 11:56:50 [FVS318g] [IKE] Setting DPD Vendor ID_ > 2012 Mar 8 11:56:49 [FVS318g] [IKE] For 14.200.16.xxx[55028], > Selected NAT-T version: draft-ietf-ipsec-nat-t-ike-02_ > 2012 Mar 8 11:56:49 [FVS318g] [IKE] Received Vendor ID: CISCO-UNITY_ > - Last output repeated 2 times - > 2012 Mar 8 11:56:49 [FVS318g] [IKE] Received unknown Vendor ID_ > 2012 Mar 8 11:56:49 [FVS318g] [IKE] DPD is Enabled_ > 2012 Mar 8 11:56:49 [FVS318g] [IKE] Received Vendor ID: DPD_ > - Last output repeated 2 times - > 2012 Mar 8 11:56:49 [FVS318g] [IKE] Received unknown Vendor ID_ > 2012 Mar 8 11:56:49 [FVS318g] [IKE] Received Vendor ID: > draft-ietf-ipsec-nat-t-ike-02__ > - Last output repeated twice - > 2012 Mar 8 11:56:49 [FVS318g] [IKE] Received unknown Vendor ID_ > 2012 Mar 8 11:56:49 [FVS318g] [IKE] Received Vendor ID: > draft-ietf-ipsra-isakmp-xauth-06.txt_ > 2012 Mar 8 11:56:49 [FVS318g] [IKE] Beginning Aggressive mode._ > 2012 Mar 8 11:56:49 [FVS318g] [IKE] Received request for new phase 1 > negotiation: 10.1.1.2[500]<=>14.200.16.xxx[55028]_ > 2012 Mar 8 11:56:49 [FVS318g] [IKE] Remote configuration for > identifier "client.domain.com" found_ > _______________________________________________ > vpn-help mailing list > [email protected] > http://lists.shrew.net/mailman/listinfo/vpn-help >
_______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
