Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1036
Views
0
Helpful
2
Replies

[RV110W] (firmware 1.2.0.10) IPSEC VPN problem (DynDns + NAT)

Vincent Duvernet
Level 1
Level 1

‎01-08-2014 03:18 PM

Hi,

I've just upgraded from 1.2.0.9 to 1.2.0.10 and the hope to have this working but no :/

- First of all, Firefox don't ask me to save login & password. (But this is working on RV220W with firmware 1.4.0.17)

- What's working on RV220W to mount an IPSEC VPN to a Netgear SRX5308 (and works well) is not working on RV110W.

During VPN Basic VPN Setup, the local Gateway Type don't let choose between IP or FQDN. (This option is present on the RV220W). So we must have a static IP address :/ which is not always possible.

I've clicked on the 'Connect' button from 'IPSec Connection Status' tab.

There's no log. So I've checked on the Netgear SRX5308.

Here it is :

"Thu Jan 09 00:11:15 2014 (GMT +0100): [SRX5308] [IKE] INFO:   [isakmp_ident.c:190]: XXX: setting vendorid: 9

Thu Jan 09 00:11:15 2014 (GMT +0100): [SRX5308] [IKE] INFO:   [isakmp_ident.c:190]: XXX: setting vendorid: 8

Thu Jan 09 00:11:15 2014 (GMT +0100): [SRX5308] [IKE] INFO:   [isakmp_ident.c:190]: XXX: setting vendorid: 4

Thu Jan 09 00:11:15 2014 (GMT +0100): [SRX5308] [IKE] INFO:   [isakmp_ident.c:186]: XXX: NUMNATTVENDORIDS: 3

Thu Jan 09 00:11:15 2014 (GMT +0100): [SRX5308] [IKE] INFO:  Beginning Identity Protection mode.

Thu Jan 09 00:11:15 2014 (GMT +0100): [SRX5308] [IKE] INFO:  Initiating new phase 1 negotiation: 172.19.0.2[500]<=>XXXXXXXXXX[500]

Thu Jan 09 00:11:15 2014 (GMT +0100): [SRX5308] [IKE] INFO:  remote configuration for identifier "XXXXXXXXXX.dyndns.org" found

Thu Jan 09 00:11:15 2014 (GMT +0100): [SRX5308] [IKE] INFO:  remote configuration for identifier "XXXXXXXXXX.dyndns.org" found

Thu Jan 09 00:11:15 2014 (GMT +0100): [SRX5308] [IKE] INFO:  Using IPsec SA configuration: 172.20.21.1/29<->10.61.3.0/24

Thu Jan 09 00:11:06 2014 (GMT +0100): [SRX5308] [IKE] ERROR:  Phase 1 negotiation failed due to time up for XXXXXXXXXX[500]. 0d35f0a76b5ecc6a:0000000000000000

Thu Jan 09 00:10:32 2014 (GMT +0100): [SRX5308] [IKE] ERROR:  Phase 2 negotiation failed due to time up waiting for phase1.

Thu Jan 09 00:10:32 2014 (GMT +0100): [SRX5308] [IKE] ERROR:  Invalid SA protocol type: 0"

Maybe it could be a DynDns + NAT problem.

The RV110W is using LAN IP : 10.61.3.0/24, WAN IP : provider DHCP

The SRX5308 is using LAN IP : 172.20.0.0/16, WAN IP : 172.19.0.2

The SRX5308 WAN IP is connected to Provider Internet Box with LAN IP : 172.19.0.1. The SRX is inside Internet Box' DMZ.

I precise that Netgear SRX5308 configuration works with RV220W, SA540, ASA5505 and other Netgear routers.

So, does a new firmware will correct this issue (and let the possibility to manage 2 IPSEC VPNs too) ?

Thanks,

Vincent Duvernet

Labels:
0 Helpful
2 Replies 2

David Pilcher
Level 1
Level 1

‎01-09-2014 10:52 AM

Suggestion: Make sure you reboot your RV when you think it should be working and everything matches.

Wasted an hour on my RV320 the other night because it had hung up somehow.  Changes were not taking effect and a reboot fixed it.

0 Helpful

Vincent Duvernet
Level 1
Level 1
In response to David Pilcher

‎01-09-2014 01:13 PM

Hi,

yes, already tested.

0 Helpful
Customers Also Viewed These Support Documents