Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
1581
Views
0
Helpful
4
Replies

RV016 10/100 16-Port VPN Router - IPsec not woking

mansaxellcisco
Level 1
Level 1

ā€Ž10-15-2012 05:13 AM

Hi

Problem: IPsec VPN setup seems ok (Client to gateway) but is not responding from client requests. However, remote manage works, PPTP works.

My environment:

Hardware: RV016  10/100 16-Port VPN Router

Firmware: v4.2.1.02 (Jan 18 2012 14:10:55)

Clients: Mac OS X 10.8 (integrated VPN client) , Windows 7 (build in VPN client) OR both with NCP-E VPN client.

None of the above works with IPsec. I have tried all kinds of combinations. I don't think the problem is wether I use Group1 or Group2 or DES or AES...

It must be something else... Neither of the built-in VPN (IPsec) clients in Mac OS X or Windows can be configured in an easy way. BUT the NCP-E client can. I have tried to set it up to exactly meet the settings on the server but no progress...

How do I setup an IPsec VPN group so that I can use any of my VPN clients to work?

PS. I have also tried the client that comes delivered. 1- It does not work and 2- it's only available for Windows.

Thank you for your precious time!

MĆ„ns

Labels:
0 Helpful
4 Replies 4

Tom Watts
VIP Alumni
VIP Alumni

ā€Ž10-15-2012 09:41 AM

MAC built-in client is unsupported. Need to use 3rd party client such as ipsecuritas, greenbow, shrewsoft, etc.

The MAC client is the same as Cisco 5.x vpn software (which works only with SRP500, SA500 and IOS routers by Cisco)

Here is how to make it work using ipsecuritas

1.) set up the router

2.) set the IP

3.) set phase 1

4.) set phase 2

5.) set the ID

6.) Set the options

7.) connected

-Tom
Please rate helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
0 Helpful

mansaxellcisco
Level 1
Level 1
In response to Tom Watts

ā€Ž10-15-2012 02:03 PM

Hi Tom

Thanks for your very detailed and nice description. Well, this is also what I expected. I have done the same setup

as your description but it still won't work...

Here is the log:

IPSecuritas 3.5rc build 3012, 2011-11-07 16:28:34, nadig

Darwin 11.2.0 Darwin Kernel Version 11.2.0: Tue Aug  9 20:54:00 PDT 2011; root:xnu-1699.24.8~1/RELEASE_X86_64 x86_64

Oct 15, 22:57:54  Info     APP  IPSec authenticating

Oct 15, 22:57:54  Info     APP  Connection NCIPsec is started

Oct 15, 22:57:54  Info     APP  IKE daemon started

Oct 15, 22:57:54  Info     APP  IPSec started

Oct 15, 22:57:54  Error    IKE  Foreground mode.

Oct 15, 22:57:54  Info     IKE  @(#)ipsec-tools CVS (http://ipsec-tools.sourceforge.net)

Oct 15, 22:57:54  Info     IKE  @(#)This product linked OpenSSL 0.9.7l 28 Sep 2006 (http://www.openssl.org/)

Oct 15, 22:57:54  Info     IKE  Reading configuration from "/Library/Application Support/Lobotomo Software/IPSecuritas/racoon.conf"

Oct 15, 22:57:54  Info     IKE  Resize address pool from 0 to 255

Oct 15, 22:57:55  Info     APP  Initiated connection NCIPsec

Oct 15, 22:58:02  Info     APP  Initiated connection NCIPsec

Oct 15, 22:58:09  Info     APP  Initiated connection NCIPsec

Oct 15, 22:58:11  Error    IKE  phase2 negotiation failed due to time up waiting for phase1. ESP 213.67.247.92[500]->192.168.1.10[500]

Oct 15, 22:58:16  Info     APP  Initiated connection NCIPsec

Oct 15, 22:58:18  Error    IKE  phase2 negotiation failed due to time up waiting for phase1. ESP 213.67.247.92[500]->192.168.1.10[500]

Oct 15, 22:58:23  Info     APP  Initiated connection NCIPsec

Oct 15, 22:58:25  Error    IKE  phase1 negotiation failed due to time up. 8a8e3a963cbff550:0000000000000000

Oct 15, 22:58:25  Error    IKE  phase2 negotiation failed due to time up waiting for phase1. ESP 213.67.247.92[500]->192.168.1.10[500]

Oct 15, 22:58:28  Warning  APP  Connection NCIPsec timed out

Oct 15, 22:58:28  Warning  APP  Giving up

Oct 15, 22:58:32  Error    IKE  phase2 negotiation failed due to time up waiting for phase1. ESP 213.67.247.92[500]->192.168.1.10[500]

Oct 15, 22:58:39  Error    IKE  phase2 negotiation failed due to time up waiting for phase1. ESP 213.67.247.92[500]->192.168.1.10[500]

Oct 15, 22:59:03  Info     APP  IPSec stopping

Oct 15, 22:59:04  Info     APP  IKE daemon terminated

Oct 15, 22:59:04  Info     APP  IPSec stopped

I'm using a dynamic dns for my remote end point. This used to work with our previous device. AND PPTP works flawlessly.

It looks like my local address is not responding. This shouldn't be the case because it works with other devices using my built in VPN client and 3'rd part software...

Any ideas?

Thanks a bunch!

MĆ„ns

0 Helpful

mansaxellcisco
Level 1
Level 1
In response to mansaxellcisco

ā€Ž10-16-2012 06:21 AM

Tom,

You mention some devices in your reply.

Do you know if the ASA 5505 would support Mac OS X client as well as the Windows 7 client?

Thanks.

/MĆ„ns

0 Helpful

Tom Watts
VIP Alumni
VIP Alumni
In response to mansaxellcisco

ā€Ž10-16-2012 09:52 AM

Mans, I believe the ASA5505 will support it (since it is the same as the Cisco VPN client). But this is not a platform I work with or have much familiarity to.

-Tom
Please rate helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
0 Helpful
Customers Also Viewed These Support Documents