Hi,
13/07/07 03:50:49 ii :* phase2 rejected, id value mismatch* 13/07/07 03:50:49 ii : - loc ANY:192.168.11.11:* -> ANY:192.168.0.0/24:* 13/07/07 03:50:49 ii : - rmt <UNKNOWN P2ID> -> ANY:192.168.0.0/24:* The settings for phase 2 is not good between the shrew client and your RV082. Regards, On Sun, Jul 7, 2013 at 4:52 AM, Reinhard Szalghary <[email protected]>wrote: > Hi, > > i tried to build a vpn tunnel with shrew 2.2.2 on a windows 7 x64 pc > to a cisco rv082 router with the latest firmare v4.2.2.08. > but i can't get a sa in phase 2. > i tried different settings in shrew, for example > nat traversal, policy and local host... but without success. > > i had seen this guide: > https://www.shrew.net/support/**Howto_Linksys<https://www.shrew.net/support/Howto_Linksys> > > i want to establish a vpn tunnel for each single user instead of a group. > so i set up a vpn tunnel in the rv082 router with a new subnet > outside of booth existing lan subsets (remote & local) and > use e-mail (USER FQDN) authentification: > remote security gateway typ: dynamic ip + email (ufqdn) > remote security group type: subnet > ip: 192.168.11.11 > subset mask: 255.255.255.255 > (i tried remote security group type: ip setting also...) > > i configured shrew accordingly. > > result: i can't establish a phase 2 sa. > the router seems not to have a remote network policy. > it seems to me, that i can't configure such a policy in the router > and i can't disable remote network policy in shrew. > > vpn trace from shew: > > 13/07/07 03:50:49 == : phase2 hash_r ( input ) ( 132 bytes ) > 13/07/07 03:50:49 == : phase2 hash_r ( computed ) ( 20 bytes ) > 13/07/07 03:50:49 == : phase2 hash_r ( received ) ( 20 bytes ) > 13/07/07 03:50:49 ii : matched ipsec-esp proposal #1 transform #1 > 13/07/07 03:50:49 ii : - transform = esp-aes > 13/07/07 03:50:49 ii : - key length = 128 bits > 13/07/07 03:50:49 ii : - encap mode = udp-tunnel ( rfc ) > 13/07/07 03:50:49 ii : - msg auth = hmac-sha1 > 13/07/07 03:50:49 ii : - pfs dh group = group2 ( modp-1024 ) > 13/07/07 03:50:49 ii : - life seconds = 3600 > 13/07/07 03:50:49 ii : - life kbytes = 0 > > 13/07/07 03:50:49 ii : phase2 rejected, id value mismatch > 13/07/07 03:50:49 ii : - loc ANY:192.168.11.11:* -> ANY:192.168.0.0/24:* > 13/07/07 03:50:49 ii : - rmt <UNKNOWN P2ID> -> ANY:192.168.0.0/24:* > > 13/07/07 03:50:49 DB : phase2 resend event canceled ( ref count = 1 ) > 13/07/07 03:50:49 ii : phase2 removal before expire time > 13/07/07 03:50:49 DB : phase2 deleted ( obj count = 0 ) > > any ideas? > > thanks and best regards, Reinhard. > ______________________________**_________________ > vpn-help mailing list > [email protected] > https://lists.shrew.net/**mailman/listinfo/vpn-help<https://lists.shrew.net/mailman/listinfo/vpn-help> >
_______________________________________________ vpn-help mailing list [email protected] https://lists.shrew.net/mailman/listinfo/vpn-help
