Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
3312
Views
0
Helpful
2
Replies
RSV4000 VPN
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-21-2011 09:15 AM
I'm trying to set up VPN with RSV4000. I'm trying to connect from Snow Leopard through it's inbuilt Cisco IPSec. So when I try to connect from a machine within the network I get something like this:
Nov 21 17:03:06 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [RFC 3947] method set to=109
Nov 21 17:03:06 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set to=110
Nov 21 17:03:06 - [VPN Log]: packet from 192.168.10.52:500: ignoring unknown Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
Nov 21 17:03:06 - [VPN Log]: packet from 192.168.10.52:500: ignoring unknown Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
Nov 21 17:03:06 - [VPN Log]: packet from 192.168.10.52:500: ignoring unknown Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
Nov 21 17:03:06 - [VPN Log]: packet from 192.168.10.52:500: ignoring unknown Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
Nov 21 17:03:06 - [VPN Log]: packet from 192.168.10.52:500: ignoring unknown Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
Nov 21 17:03:06 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110
Nov 21 17:03:06 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110
Nov 21 17:03:06 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110
Nov 21 17:03:06 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [XAUTH]
Nov 21 17:03:06 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [Cisco-Unity]
Nov 21 17:03:06 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [Dead Peer Detection]
Nov 21 17:03:06 - [VPN Log]: packet from 192.168.10.52:500: initial Main Mode message received on xx.xxx.xx.xxx:500 but no connection has been authorized
Nov 21 17:03:09 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [RFC 3947] method set to=109
Nov 21 17:03:09 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set to=110
Nov 21 17:03:09 - [VPN Log]: packet from 192.168.10.52:500: ignoring unknown Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
Nov 21 17:03:09 - [VPN Log]: packet from 192.168.10.52:500: ignoring unknown Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
Nov 21 17:03:09 - [VPN Log]: packet from 192.168.10.52:500: ignoring unknown Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
Nov 21 17:03:09 - [VPN Log]: packet from 192.168.10.52:500: ignoring unknown Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
Nov 21 17:03:09 - [VPN Log]: packet from 192.168.10.52:500: ignoring unknown Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
Nov 21 17:03:09 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110
Nov 21 17:03:09 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110
Nov 21 17:03:09 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110
Nov 21 17:03:09 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [XAUTH]
Nov 21 17:03:09 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [Cisco-Unity]
Nov 21 17:03:09 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [Dead Peer Detection]
Nov 21 17:03:09 - [VPN Log]: packet from 192.168.10.52:500: initial Main Mode message received on xx.xxx.xx.xxx:500 but no connection has been authorized
Nov 21 17:03:12 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [RFC 3947] method set to=109
Nov 21 17:03:12 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set to=110
Nov 21 17:03:12 - [VPN Log]: packet from 192.168.10.52:500: ignoring unknown Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
Nov 21 17:03:12 - [VPN Log]: packet from 192.168.10.52:500: ignoring unknown Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
Nov 21 17:03:12 - [VPN Log]: packet from 192.168.10.52:500: ignoring unknown Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
Nov 21 17:03:12 - [VPN Log]: packet from 192.168.10.52:500: ignoring unknown Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
Nov 21 17:03:12 - [VPN Log]: packet from 192.168.10.52:500: ignoring unknown Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
Nov 21 17:03:12 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110
Nov 21 17:03:12 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110
Nov 21 17:03:12 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110
Nov 21 17:03:12 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [XAUTH]
Nov 21 17:03:12 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [Cisco-Unity]
Nov 21 17:03:12 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [Dead Peer Detection]
Nov 21 17:03:12 - [VPN Log]: packet from 192.168.10.52:500: initial Main Mode message received on xx.xxx.xx.xxx:500 but no connection has been authorized
Nov 21 17:03:15 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [RFC 3947] method set to=109
Nov 21 17:03:15 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set to=110
Nov 21 17:03:15 - [VPN Log]: packet from 192.168.10.52:500: ignoring unknown Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
Nov 21 17:03:15 - [VPN Log]: packet from 192.168.10.52:500: ignoring unknown Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
Nov 21 17:03:15 - [VPN Log]: packet from 192.168.10.52:500: ignoring unknown Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
Nov 21 17:03:15 - [VPN Log]: packet from 192.168.10.52:500: ignoring unknown Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
Nov 21 17:03:15 - [VPN Log]: packet from 192.168.10.52:500: ignoring unknown Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
Nov 21 17:03:15 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110
Nov 21 17:03:15 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110
Nov 21 17:03:15 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110
Nov 21 17:03:15 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [XAUTH]
Nov 21 17:03:15 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [Cisco-Unity]
Nov 21 17:03:15 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [Dead Peer Detection]
Nov 21 17:03:15 - [VPN Log]: packet from 192.168.10.52:500: initial Main Mode message received on xx.xxx.xx.xxx:500 but no connection has been authorized
Nov 21 17:03:15 - [VPN Log]: initiate on demand from 192.168.10.16:0 to 192.168.20.255:0 proto=0 state: fos_start because: acquire
Nov 21 17:03:29 - [VPN Log]: "LG" #1: max number of retransmissions (2) reached STATE_AGGR_I1
I'm no VPN expert but one has to assume that it should be possible to test VPN from the same newtork. RVS400 is actually connected to a modem that handles all the connecting to internet stuff.
Maybe I set it up wrong, I have couple of accounts and IPSec tunnel set up with following settings:
Local Group Setup
Local Security Gateway Type: IP Only
IP address: Routers' external ip (which is static)
Local Security Group Type: Subnet
IP Address: 192.168.10.1 (router internal ip)
Subnet Mask: 255.255.255.0
Remote Group Setup
Remote Security Gateway Type: IP Only
IP Address: 192.168.20.1
Remote Security Group Type: Subnet
IP Address: 192.168.20.10 (suppose that's the IP that should be assigned remotly)
Subnet Mask: 255.255.255.0
IPSec Setup
Keying Mode: IKE with Preshared key
Phase 1:
Encryption: 3DES
Authentication: MD5
Group: 1024bit
Key Lifetime: 28800
Phase 2:
Encryption: 3DES
Authentication: SHA1
Perfect Forward Secrecy: Enable
Preshared Key: somekey
Group: 1024bit
Key Lifetime: 3600
Advanced:
NetBios Broadcast (enabled)
Should tunnel's status change from Down when pressing Coonect button under Test Tunnel?
Thanks.
Labels:
- Labels:
-
Small Business Routers
2 Replies 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-21-2011 01:17 PM
Hello Alex,
I do wish I knew more about setting up the connection using a Mac, but I did find the following information you may want to check out.
https://supportforums.cisco.com/docs/DOC-10266
I hope this helps with your VPN
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-22-2011 02:20 AM
Thanks for responding, I think I got closer to the..truth (by using IPSecuritas) but not quite there yet. Getting the following in my VPN logs, I also edited my configuration in the router..attached a screenshot this time:
Nov 22 10:10:39 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [Dead Peer Detection]
Nov 22 10:10:39 - [VPN Log]: "LG"[2] 192.168.10.52 #2: responding to Main Mode from unknown peer 192.168.10.52
Nov 22 10:10:39 - [VPN Log]: "LG"[2] 192.168.10.52 #2: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Nov 22 10:10:39 - [VPN Log]: "LG"[2] 192.168.10.52 #2: STATE_MAIN_R1: sent MR1, expecting MI2
Nov 22 10:10:39 - [VPN Log]: "LG"[2] 192.168.10.52 #2: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Nov 22 10:10:39 - [VPN Log]: "LG"[2] 192.168.10.52 #2: STATE_MAIN_R2: sent MR2, expecting MI3
Nov 22 10:10:39 - [VPN Log]: "LG"[2] 192.168.10.52 #2: Main mode peer ID is ID_IPV4_ADDR: '192.168.10.52'
Nov 22 10:10:39 - [VPN Log]: "LG"[2] 192.168.10.52 #2: I did not send a certificate because I do not have one.
Nov 22 10:10:39 - [VPN Log]: "LG"[2] 192.168.10.52 #2: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Nov 22 10:10:39 - [VPN Log]: "LG"[2] 192.168.10.52 #2: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
Nov 22 10:10:39 - [VPN Log]: "LG"[2] 192.168.10.52 #2: ignoring informational payload, type IPSEC_INITIAL_CONTACT
Nov 22 10:10:39 - [VPN Log]: "LG"[2] 192.168.10.52 #2: received and ignored informational message
Nov 22 10:10:39 - [VPN Log]: "LG"[2] 192.168.10.52 #2: cannot respond to IPsec SA request because no connection is known for 192.168.1.0/24===xx.xxx.xx.xxx[S?C]...192.168.10.52[S?C]===174.155.10.10/32
Nov 22 10:10:39 - [VPN Log]: "LG"[2] 192.168.10.52 #2: sending encrypted notification INVALID_ID_INFORMATION to 192.168.10.52:500
Nov 22 10:10:44 - [VPN Log]: "LG"[2] 192.168.10.52 #2: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x5af39783 (perhaps this is a duplicated packet)
Nov 22 10:10:44 - [VPN Log]: "LG"[2] 192.168.10.52 #2: sending encrypted notification INVALID_MESSAGE_ID to 192.168.10.52:500
Nov 22 10:10:49 - [VPN Log]: "LG"[2] 192.168.10.52 #2: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x5af39783 (perhaps this is a duplicated packet)
Nov 22 10:10:49 - [VPN Log]: "LG"[2] 192.168.10.52 #2: sending encrypted notification INVALID_MESSAGE_ID to 192.168.10.52:500
Nov 22 10:11:00 - [VPN Log]: "LG"[2] 192.168.10.52 #2: cannot respond to IPsec SA request because no connection is known for 192.168.1.0/24===xx.xxx.xx.xxx[S?C]...192.168.10.52[S?C]===174.155.10.10/32
Nov 22 10:11:00 - [VPN Log]: "LG"[2] 192.168.10.52 #2: sending encrypted notification INVALID_ID_INFORMATION to 192.168.10.52:500
Nov 22 10:11:04 - [VPN Log]: "LG"[2] 192.168.10.52 #2: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xb94c86ee (perhaps this is a duplicated packet)
Nov 22 10:11:04 - [VPN Log]: "LG"[2] 192.168.10.52 #2: sending encrypted notification INVALID_MESSAGE_ID to 192.168.10.52:500
Nov 22 10:11:09 - [VPN Log]: "LG"[2] 192.168.10.52 #2: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xb94c86ee (perhaps this is a duplicated packet)
Nov 22 10:11:09 - [VPN Log]: "LG"[2] 192.168.10.52 #2: sending encrypted notification INVALID_MESSAGE_ID to 192.168.10.52:500
Nov 22 10:11:12 - [VPN Log]: "LG"[2] 192.168.10.52 #2: received Delete SA payload: deleting ISAKMP State #2
Nov 22 10:11:12 - [VPN Log]: "LG"[2] 192.168.10.52: deleting connection "LG" instance with peer 192.168.10.52 {isakmp=#0/ipsec=#0}
Nov 22 10:11:12 - [VPN Log]: packet from 192.168.10.52:500: received and ignored informational message
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
Customers Also Viewed These Support Documents