cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
889
Views
0
Helpful
5
Replies

RV082 QuickVPN Verifying network.... loop error

ambrosimassimo
Level 1
Level 1

Dear Sir,

I tryed all the solution found in this discussion group but nothing working, included activate firewall of Windows 7 and add a ICMP inbound rule.

 

In the firm I have my RV082 under a modem router Zyxel, I nat 1-1 one of my IP to RV082. If I ping this IP  from home all working.

At home I have a computer with Windows 7 under a firewall Zyxel, here I have only 1 IP. I connect with RDP to my firm and I ping my home IP, all is working.

I can connect with https to RV082.

I opened all the port in both firewall (home ad firm) but nothing happened.

This is the log of RV082.

 
Current Time : Sun Apr 20 19:32:06 2014
Time Event-Type Message
Apr 20 19:31:26 2014 VPN Log added connection description (qknips2)
Apr 20 19:31:26 2014 VPN Log listening for IKE messages
Apr 20 19:31:26 2014 VPN Log forgetting secrets
Apr 20 19:31:26 2014 VPN Log loading secrets from '/etc/ipsec.d/ipsec.secrets'
Apr 20 19:31:40 2014 VPN Log packet from --.--.--.--:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]
Apr 20 19:31:40 2014 VPN Log packet from --.--.--.--:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]
Apr 20 19:31:40 2014 VPN Log packet from --.--.--.--:500: received Vendor ID payload [RFC 3947]
Apr 20 19:31:40 2014 VPN Log packet from --.--.--.--:500: received Vendor ID payload [RFC 3947]
Apr 20 19:31:40 2014 VPN Log packet from --.--.--.--:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Apr 20 19:31:40 2014 VPN Log packet from --.--.--.--:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Apr 20 19:31:40 2014 VPN Log packet from --.--.--.--:500: ignoring Vendor ID payload [FRAGMENTATION]
Apr 20 19:31:40 2014 VPN Log packet from --.--.--.--:500: ignoring Vendor ID payload [FRAGMENTATION]
Apr 20 19:31:40 2014 VPN Log packet from --.--.--.--:500: ignoring Vendor ID payload [fb1de3cdf341b7ea16b7e5be0855f120]
Apr 20 19:31:40 2014 VPN Log packet from --.--.--.--:500: ignoring Vendor ID payload [fb1de3cdf341b7ea16b7e5be0855f120]
Apr 20 19:31:40 2014 VPN Log packet from --.--.--.--:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Apr 20 19:31:40 2014 VPN Log packet from --.--.--.--:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Apr 20 19:31:40 2014 VPN Log packet from --.--.--.--:500: ignoring Vendor ID payload [e3a5966a76379fe707228231e5ce8652]
Apr 20 19:31:40 2014 VPN Log packet from --.--.--.--:500: ignoring Vendor ID payload [e3a5966a76379fe707228231e5ce8652]
Apr 20 19:31:40 2014 VPN Log packet from --.--.--.--:500: [Tunnel Negotiation Info] <<< Responder Received Main Mode 1st packet
Apr 20 19:31:40 2014 VPN Log packet from --.--.--.--:500: [Tunnel Negotiation Info] <<< Responder Received Main Mode 1st packet
Apr 20 19:31:40 2014 VPN Log (qknips2) #459: responding to Main Mode
Apr 20 19:31:40 2014 VPN Log (qknips2) #459: [Tunnel Negotiation Info] >>> Responder Send Main Mode 2nd packet
Apr 20 19:31:40 2014 VPN Log (qknips2) #459: [Tunnel Negotiation Info] >>> Responder Send Main Mode 2nd packet
Apr 20 19:31:40 2014 VPN Log (qknips2) #459: [Tunnel Negotiation Info] <<< Responder Received Main Mode 3rd packet
Apr 20 19:31:40 2014 VPN Log (qknips2) #459: [Tunnel Negotiation Info] <<< Responder Received Main Mode 3rd packet
Apr 20 19:31:40 2014 VPN Log (qknips2) #459: [Tunnel Negotiation Info] >>> Responder send Main Mode 4th packet
Apr 20 19:31:40 2014 VPN Log (qknips2) #459: [Tunnel Negotiation Info] >>> Responder send Main Mode 4th packet
Apr 20 19:31:42 2014 VPN Log (qknips2) #459: discarding duplicate packet; already STATE_MAIN_R2
Apr 20 19:31:42 2014 VPN Log (qknips2) #459: discarding duplicate packet; already STATE_MAIN_R2
Apr 20 19:31:42 2014 VPN Log (qknips2) #459: [Tunnel Negotiation Info] <<< Responder Received Main Mode 5th packet
Apr 20 19:31:42 2014 VPN Log (qknips2) #459: [Tunnel Negotiation Info] <<< Responder Received Main Mode 5th packet
Apr 20 19:31:42 2014 VPN Log (qknips2) #459: Peer ID is ID_IPV4_ADDR: '192.168.1.20'
Apr 20 19:31:42 2014 VPN Log (qknips2) #459: [Tunnel Negotiation Info] >>> Responder Send Main Mode 6th packet
Apr 20 19:31:42 2014 VPN Log (qknips2) #459: [Tunnel Negotiation Info] >>> Responder Send Main Mode 6th packet
Apr 20 19:31:42 2014 VPN Log (qknips2) #459: [Tunnel Negotiation Info] Main Mode Phase 1 SA Established
Apr 20 19:31:42 2014 VPN Log (qknips2) #459: [Tunnel Negotiation Info] Main Mode Phase 1 SA Established
Apr 20 19:31:42 2014 VPN Log (qknips2) #459: sent MR3, ISAKMP SA established
Apr 20 19:31:42 2014 VPN Log (qknips2) #459: [Tunnel Negotiation Info] <<< Responder Received Quick Mode 1st packet
Apr 20 19:31:42 2014 VPN Log (qknips2) #459: [Tunnel Negotiation Info] <<< Responder Received Quick Mode 1st packet
Apr 20 19:31:42 2014 VPN Log (qknips2) #460: esp_ealg_id=3-3,esp_ealg_keylen=0, key_len=192,esp_aalg_id=1-1.
Apr 20 19:31:42 2014 VPN Log (qknips2) #460: esp_ealg_id=3-3,esp_ealg_keylen=0, key_len=192,esp_aalg_id=1-1.
Apr 20 19:31:42 2014 VPN Log (qknips2) #460: responding to Quick Mode
Apr 20 19:31:42 2014 VPN Log (qknips2) #460: [Tunnel Negotiation Info] Inbound SPI value = 92330fef
Apr 20 19:31:42 2014 VPN Log (qknips2) #460: [Tunnel Negotiation Info] Inbound SPI value = 92330fef
Apr 20 19:31:42 2014 VPN Log (qknips2) #460: [Tunnel Negotiation Info] Outbound SPI value = 3df76904
Apr 20 19:31:42 2014 VPN Log (qknips2) #460: [Tunnel Negotiation Info] Outbound SPI value = 3df76904
Apr 20 19:31:42 2014 VPN Log (qknips2) #460: [Tunnel Negotiation Info] >>> Responder send Quick Mode 2nd packet
Apr 20 19:31:42 2014 VPN Log (qknips2) #460: [Tunnel Negotiation Info] >>> Responder send Quick Mode 2nd packet
Apr 20 19:31:42 2014 VPN Log (qknips2) #460: [Tunnel Negotiation Info] <<< Responder Received Quick Mode 3rd packet
Apr 20 19:31:42 2014 VPN Log (qknips2) #460: [Tunnel Negotiation Info] <<< Responder Received Quick Mode 3rd packet
Apr 20 19:31:42 2014 VPN Log (qknips2) #460: [Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected
Apr 20 19:31:42 2014 VPN Log (qknips2) #460: [Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected
Apr 20 19:31:42 2014 VPN Log (qknips2) #460: IPsec SA established {ESP=>0x3df76904 <0x92330fef
Apr 20 19:32:01 2014 VPN Log (qknips2) #459: received Delete SA payload: deleting ISAKMP State #459
Apr 20 19:32:01 2014 VPN Log (qknips2) #459: received Delete SA payload: deleting ISAKMP State #459
Apr 20 19:32:01 2014 VPN Log (qknips2) #459: received Delete SA(0x3df76904) payload: deleting IPSEC State #460
Apr 20 19:32:01 2014 VPN Log (qknips2) #459: received Delete SA(0x3df76904) payload: deleting IPSEC State #460
Apr 20 19:32:01 2014 VPN Log (qknips2) #460: deleting state (STATE_QUICK_R2)
Apr 20 19:32:01 2014 VPN Log (qknips2) #459: deleting state (STATE_MAIN_R3)
Apr 20 19:32:02 2014 VPN Log (qknips2): deleting connection
 
and this is the log of Quick VPN:
 
2014/04/20 19:30:13 [STATUS]OS Version: Windows 7
2014/04/20 19:30:13 [STATUS]Windows Firewall Domain Profile Settings: ON
2014/04/20 19:30:13 [STATUS]Windows Firewall Private Profile Settings: ON
2014/04/20 19:30:13 [STATUS]Windows Firewall Private Profile Settings: ON
2014/04/20 19:30:13 [STATUS]One network interface detected with IP address 192.168.1.20
2014/04/20 19:30:13 [STATUS]Connecting...
2014/04/20 19:30:13 [DEBUG]Input VPN Server Address = --.--.--.--
2014/04/20 19:30:13 [STATUS]Connecting to remote gateway with IP address: --.--.--.--
2014/04/20 19:30:17 [WARNING]Server's certificate doesn't exist on your local computer.
2014/04/20 19:30:19 [STATUS]Remote gateway was reached by https ...
2014/04/20 19:30:19 [STATUS]Provisioning...
2014/04/20 19:30:29 [STATUS]Success to connect.
2014/04/20 19:30:29 [STATUS]Tunnel is configured. Ping test is about to start.
2014/04/20 19:30:29 [STATUS]Verifying Network...
2014/04/20 19:30:35 [WARNING]Failed to ping remote VPN Router!
2014/04/20 19:30:38 [WARNING]Failed to ping remote VPN Router!
2014/04/20 19:30:41 [WARNING]Failed to ping remote VPN Router!
2014/04/20 19:30:44 [WARNING]Failed to ping remote VPN Router!
2014/04/20 19:30:47 [WARNING]Failed to ping remote VPN Router!
2014/04/20 19:30:50 [WARNING]Ping was blocked, which can be caused by an unexpected disconnect.
2014/04/20 19:30:58 [WARNING]Failed to ping remote VPN Router!
2014/04/20 19:31:01 [WARNING]Failed to ping remote VPN Router!
2014/04/20 19:31:04 [WARNING]Failed to ping remote VPN Router!
2014/04/20 19:31:07 [WARNING]Failed to ping remote VPN Router!
2014/04/20 19:31:10 [WARNING]Failed to ping remote VPN Router!
2014/04/20 19:31:16 [WARNING]Ping was blocked, which can be caused by an unexpected disconnect.
2014/04/20 19:31:25 [STATUS]Disconnecting...
2014/04/20 19:31:30 [WARNING]Failed to disconnect.
2014/04/20 19:32:18 [STATUS]OS Version: Windows 7
2014/04/20 19:32:18 [STATUS]Windows Firewall Domain Profile Settings: ON
2014/04/20 19:32:18 [STATUS]Windows Firewall Private Profile Settings: ON
2014/04/20 19:32:18 [STATUS]Windows Firewall Private Profile Settings: ON
2014/04/20 19:32:18 [STATUS]One network interface detected with IP address 192.168.1.20
2014/04/20 19:32:18 [STATUS]Connecting...
2014/04/20 19:32:18 [DEBUG]Input VPN Server Address = --.--.--.--
2014/04/20 19:32:18 [STATUS]Connecting to remote gateway with IP address: --.--.--.--
2014/04/20 19:32:18 [WARNING]Server's certificate doesn't exist on your local computer.
2014/04/20 19:32:21 [STATUS]Remote gateway was reached by https ...
2014/04/20 19:32:21 [STATUS]Provisioning...
2014/04/20 19:32:31 [STATUS]Success to connect.
2014/04/20 19:32:31 [STATUS]Tunnel is configured. Ping test is about to start.
2014/04/20 19:32:31 [STATUS]Verifying Network...
2014/04/20 19:32:37 [WARNING]Failed to ping remote VPN Router!
2014/04/20 19:32:40 [WARNING]Failed to ping remote VPN Router!
2014/04/20 19:32:43 [WARNING]Failed to ping remote VPN Router!
2014/04/20 19:32:46 [WARNING]Failed to ping remote VPN Router!
2014/04/20 19:32:49 [WARNING]Failed to ping remote VPN Router!
2014/04/20 19:32:53 [WARNING]Ping was blocked, which can be caused by an unexpected disconnect.
2014/04/20 19:32:56 [STATUS]Disconnecting...
2014/04/20 19:33:00 [STATUS]Success to disconnect.
2014/04/20 19:46:20 [STATUS]OS Version: Windows 7
2014/04/20 19:46:20 [STATUS]Windows Firewall Domain Profile Settings: ON
2014/04/20 19:46:20 [STATUS]Windows Firewall Private Profile Settings: ON
2014/04/20 19:46:20 [STATUS]Windows Firewall Private Profile Settings: ON
2014/04/20 19:46:20 [STATUS]One network interface detected with IP address 192.168.1.20
2014/04/20 19:46:21 [STATUS]Connecting...
2014/04/20 19:46:21 [DEBUG]Input VPN Server Address = --.--.--.--
2014/04/20 19:46:21 [STATUS]Connecting to remote gateway with IP address: --.--.--.--
2014/04/20 19:46:42 [WARNING]Server's certificate doesn't exist on your local computer.
2014/04/20 19:46:45 [WARNING]Remote gateway wasn't reached...
2014/04/20 19:46:45 [WARNING]Failed to connect.
2014/04/20 19:46:45 [WARNING]Server's certificate doesn't exist on your local computer.
2014/04/20 19:46:46 [STATUS]Remote gateway was reached by https ...
2014/04/20 19:46:46 [STATUS]Provisioning...
2014/04/20 19:46:57 [STATUS]Success to connect.
2014/04/20 19:46:57 [STATUS]Tunnel is configured. Ping test is about to start.
2014/04/20 19:46:57 [STATUS]Verifying Network...
2014/04/20 19:47:03 [WARNING]Failed to ping remote VPN Router!
2014/04/20 19:47:06 [WARNING]Failed to ping remote VPN Router!
2014/04/20 19:47:09 [WARNING]Failed to ping remote VPN Router!
2014/04/20 19:47:12 [WARNING]Failed to ping remote VPN Router!
2014/04/20 19:47:15 [WARNING]Failed to ping remote VPN Router!
2014/04/20 19:47:27 [WARNING]Ping was blocked, which can be caused by an unexpected disconnect.
2014/04/20 19:47:30 [STATUS]Disconnecting...
2014/04/20 19:47:35 [WARNING]Failed to disconnect.
2014/04/20 19:50:24 [STATUS]OS Version: Windows 7
2014/04/20 19:50:24 [STATUS]Windows Firewall Domain Profile Settings: ON
2014/04/20 19:50:24 [STATUS]Windows Firewall Private Profile Settings: ON
2014/04/20 19:50:24 [STATUS]Windows Firewall Private Profile Settings: ON
2014/04/20 19:50:24 [STATUS]One network interface detected with IP address 192.168.1.20
2014/04/20 19:50:24 [STATUS]Connecting...
2014/04/20 19:50:24 [DEBUG]Input VPN Server Address = --.--.--.--
2014/04/20 19:50:24 [STATUS]Connecting to remote gateway with IP address: --.--.--.--
2014/04/20 19:50:28 [WARNING]Server's certificate doesn't exist on your local computer.
2014/04/20 19:50:30 [STATUS]Remote gateway was reached by https ...
2014/04/20 19:50:30 [STATUS]Provisioning...
2014/04/20 19:50:41 [STATUS]Success to connect.
2014/04/20 19:50:41 [STATUS]Tunnel is configured. Ping test is about to start.
2014/04/20 19:50:41 [STATUS]Verifying Network...
2014/04/20 19:50:46 [WARNING]Failed to ping remote VPN Router!
2014/04/20 19:50:49 [WARNING]Failed to ping remote VPN Router!
2014/04/20 19:50:52 [WARNING]Failed to ping remote VPN Router!
2014/04/20 19:50:55 [WARNING]Failed to ping remote VPN Router!
2014/04/20 19:50:58 [WARNING]Failed to ping remote VPN Router!
2014/04/20 19:51:01 [WARNING]Ping was blocked, which can be caused by an unexpected disconnect.
2014/04/20 19:51:04 [STATUS]Disconnecting...
2014/04/20 19:51:09 [WARNING]Failed to disconnect.
2014/04/20 19:51:16 [STATUS]OS Version: Windows 7
2014/04/20 19:51:16 [STATUS]Windows Firewall Domain Profile Settings: ON
2014/04/20 19:51:16 [STATUS]Windows Firewall Private Profile Settings: ON
2014/04/20 19:51:16 [STATUS]Windows Firewall Private Profile Settings: ON
2014/04/20 19:51:16 [STATUS]One network interface detected with IP address 192.168.1.20
2014/04/20 19:51:16 [STATUS]Connecting...
2014/04/20 19:51:16 [DEBUG]Input VPN Server Address = --.--.--.--
2014/04/20 19:51:16 [STATUS]Connecting to remote gateway with IP address: --.--.--.--
2014/04/20 19:51:17 [WARNING]Server's certificate doesn't exist on your local computer.
2014/04/20 19:51:18 [STATUS]Remote gateway was reached by https ...
2014/04/20 19:51:18 [STATUS]Provisioning...
2014/04/20 19:51:29 [STATUS]Success to connect.
2014/04/20 19:51:29 [STATUS]Tunnel is configured. Ping test is about to start.
2014/04/20 19:51:29 [STATUS]Verifying Network...
2014/04/20 19:51:35 [WARNING]Failed to ping remote VPN Router!
2014/04/20 19:51:38 [WARNING]Failed to ping remote VPN Router!
2014/04/20 19:51:41 [WARNING]Failed to ping remote VPN Router!
2014/04/20 19:51:44 [WARNING]Failed to ping remote VPN Router!
2014/04/20 19:51:47 [WARNING]Failed to ping remote VPN Router!
2014/04/20 19:51:49 [WARNING]Ping was blocked, which can be caused by an unexpected disconnect.
2014/04/20 19:51:52 [STATUS]Disconnecting...
2014/04/20 19:51:57 [WARNING]Failed to disconnect.
 
 
If I check the connection status in the RV082 VPN I find Connect.
 
Thanks for any help 
Massimo
5 Replies 5

ambrosimassimo
Level 1
Level 1

Now I tryed

with nat in zyxel port 60443 to RV082 and remove nat 1-1.

And at home I tryed with Windows XP.

 

Same problem.sad

Massimo

P.S. There is someone in this forum?

Hi Massimo,

In any cases we recommend the router which is making the VPN connection to be with the public IP and not behind NAT, especially when Quick VPN is used.

If, for some reason you cannot use such configuration, than the router, which is in front of RV082, should be configured with the IP address of RV082 in DMZ, or like you do One to One NAT - this should allow all ports. But apart from that configuration, the Zyxell should support IPSec Passthrough option. If this is not supported, the Zyxell will not allow ESP packets to enter from WAN to LAN. 

I think it would be better to call the Small Business support line. An engineer can help you find out where the conversation is stopping. Hereby the contact details: http://www.cisco.com/c/en/us/support/web/tsd-cisco-small-business-support-center-contacts.html

 

Regards,

Kremena

 

 

Kremena Ivanova
Cisco Employee
Cisco Employee

Hi,

 

Do you have IPSec passthrough activated on the Zyxell in front of RV082.

It looks like the negotiation process completes successfully - meaning the conversation on ports UDP 500 and/or 4500, but after that when qcuick VPN sends ping to the RV082 local IP, encapsulated in ESP packets they do not receive reply. So the question is, do they reach RV082.

 

Regards,

Kremena

Hi,

now I have tried with a simple Netgear modem/router/firewall.

I make a nat of all ports and protocols tcp udp (excluded https 443; rdp 3389) to RV082, but I have the same problem (like zyxel). This modem not allow me to set ICMP.

Let me to explain what I'm going to do.

I'm a manufacturer of  automatic machines with plc, panel-pc etc., I need to have tele assistance.

I don't know what is the modem of customer and his LAN, I want tell him make this nat so I can open a VPN with the machines. I bought a RV082 and a RV042 in order to have a standard solution for tele assistance.

I don't know what else to do.

Any help would be appreciated.

Massimo

open port 60443 tcp and port 500 udp in the firewall only and all working, no icmp need.