Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
326
Views
0
Helpful
2
Replies

Netgear/Linksys to Cisco 3005 Concentrator problem

drhodes
Level 1
Level 1

‎01-18-2004 02:01 AM - edited ‎03-09-2019 06:09 AM

Hi,

We are having problems setting a LAN-LAN ipSec tunnel between a Netgear VPN router (the clients) and our 3030 concentrator. It is set up as ipSec with pre-shared keys, using MD5 and 3DES. What I am seeing is ipSec phase 1 completion, but the device fails on phase 2, with the error of being unable to satisfy the SA request of the Netgear router. SA's on both sides look the same.

My questions:

1. has anybody had the netgear VPN routers connect to a VPN concentrator as a LAN-LAN tunnel.

2. What is the message (we were getting initially) of "Malformed payload"

3. Will this also work if the VPN Concentrator local network is not directly attached. (i.e. will the concentrator still proxy arp?)

i.e.

inside netgear device address: 192.168.1.0/24

outside netgear device address: 202.XXX.YYY.0/24

inside vpn 3030 device address: 128.AAA.BBB.0/24

outside vpn 3030 device address: 128.AAA.BBB.1/32

(the 3030 is single armed)

Address to connect to (128.AAA.CCC.10) is attached to 128.AAA.BBB.0/24 network via a router.

Thanks in advance.

David

Labels:
0 Helpful
2 Replies 2

mostiguy
Level 6
Level 6

‎01-19-2004 05:19 AM

inside vpn 3030 device address: 128.AAA.BBB.0/24

outside vpn 3030 device address: 128.AAA.BBB.1/32

these addresses are on the same subnet. are they assigned to the inside and outside interfaces? this would almost assuredly result in a routing problem.

is "address to connect to" a server the netgears' clients are trying to connect to.

0 Helpful

drhodes
Level 1
Level 1
In response to mostiguy

‎01-19-2004 02:46 PM

True,

As the vpn concentrator is one armed (the private interface is also the public), I can only assume the VPN concentrator creates host routes for each of the addresses in the inside range, excluding the outside address (not truely a 128.AAA.BBB.0/24).

We currently use this for our pptp vpn (internal wireless) without problems.

Address to connect to is the end host the clients are trying to connect to by using the LAN-LAN tunnel as a n encrypted bridge.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents