Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1381
Views
0
Helpful
2
Replies

RV130 - received MODECFG message when in state STATE_MAIN_R3

Tommy Grealy
Level 1
Level 1

‎08-08-2017 06:00 AM

Hi, I recently purchased a Cisco RV130 and am trying to setup the IPSEC VPN server on this router. I am experiencing the same issue that another user described in this post but having tried the solution offered there I have had no success. I am starting a new discussion because that post is over 2 years old. 

The messages I am seeing in the router log file are:

7	2017-08-02 3:25:00 PM	warning	pluto[3041]: "shrew"[2] 192.198.151.62 #1: received MODECFG message when in state STATE_MAIN_R3, and we aren't xauth client	 
8	2017-08-02 3:24:57 PM	warning	pluto[3041]: "shrew"[2] 192.198.151.62 #1: received MODECFG message when in state STATE_MAIN_R3, and we aren't xauth client	 
9	2017-08-02 3:24:54 PM	warning	pluto[3041]: "shrew"[2] 192.198.151.62 #1: received MODECFG message when in state STATE_MAIN_R3, and we aren't xauth client	 
10	2017-08-02 3:24:50 PM	warning	pluto[3041]: "shrew"[2] 192.198.151.62 #1: received MODECFG message when in state STATE_MAIN_R3, and we aren't xauth client

I don't know why "shrew" appears in this log as I am not using shrewsoft on the client device. I am using MacOs integrated VPN connection in the "network preferences" But this is the error that is being thrown up in the router logs. 

I have tried many different combinations of settings in the IPSEC VPN page. In the Phase 2 Configuration I have selected both "Single" and "Subnet". When I had "single" selected, the IP address I entered was 192.168.1.50 (which is outside the range of IPs which my router will assign to any locally connected devices) and I left "Subnet" blank. When I had "Subnet" selected, I used the same IP (192.168.1.50) and subnet 255.255.255.0. No combination of these made any change, still seing the "received MODECFG message when in state STATE_MAIN_R3" message. 

I have ensured that "VPN Passthrough" is enabled for IPSEC

I also tried some other things

Firewall->Basic Setttings-LAN/VPN Web Access: tried with http checkbox checked and unchecked, didnt change value of https checkbox

The information provided by Cisco in their support documentation does not clearly describe what should go into the "IP address" and "Subnet Mask" fields . 

Thanks

5 people had this problem
Labels:
0 Helpful
2 Replies 2

surejam
Level 1
Level 1

‎05-25-2019 09:44 AM

Hi everyone,

 

Any answer to this post ?

 

I'm experiencing the same issue, as PPTP has been disabled in Mac OS High Sierra my Mac OS users can't connect to the VPN server anymore.

 

Site-to-site VPN is working fine.

 

Connection is made through a NAT. NAT router private IP network is 192.168.1.0/24 and VPN network is 192.168.10.0/24 (which is the subnet I configured for the IPSec VPN Sever).

 

Like others IKE SA works fine, problem is in phase 2.

 

Regards,

 

Sebastien

0 Helpful

astrosendero
Level 1
Level 1
In response to surejam

‎05-15-2021 08:33 PM

hi

 

have the same problem

0 Helpful
Customers Also Viewed These Support Documents