Probleme de mise en place de VPN sur WRV210

Unanswered Question
Jan 22nd, 2010
User Badges:

Bonjour


J'ai des probleme sur la mise en place de deux type de connection VPN sur mon WRV210.

Je doit mettre en place des connection provenant de personne itinerante vers le WRV210.

C'est client on deux moyen de conection en Quicl VPN et avec un logiciel tier de conection VPN (Netgear Pro Safe VPN client).


Dans le prmier cas avec quick vpn le tunnel commence a bien se monter mais au moment de verifier le reseau il affiche un message de non reponse du routeur sur le poste client.

J'ai bien fait attention de ne pas mettre les mme plage de sous reseaux. qui sont 192.168.0.0 mask 255.255.255.0 pour le client ou une adresse ip public fournie par une cle 3g, et 192.168.70.0 mask 255.255.255.0 pour le WRV210.


Pour le second probleme avec une conection IPsec et le logiciel tier la discution se fai bien pour la premier phase mais la seconde phase me met un erreur dans les log dont voici les copie du log du logiciel:


1-22: 17:03:47.328 My Connections\Tactique ROIP - Initiating IKE Phase 1 (IP ADDR=192.168.0.212)
1-22: 17:03:47.546 My Connections\Tactique ROIP - SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID 6x)
1-22: 17:03:47.750 My Connections\Tactique ROIP - RECEIVED<<< ISAKMP OAK AG (SA, KE, NON, ID, HASH, VID 2x, NAT-D 2x)
1-22: 17:03:47.750 My Connections\Tactique ROIP - Peer supports Dead Peer Detection Version 1.0
1-22: 17:03:47.750 My Connections\Tactique ROIP - Peer is NAT-T draft-02 capable
1-22: 17:03:47.750 My Connections\Tactique ROIP - Dead Peer Detection enabled
1-22: 17:03:47.859 My Connections\Tactique ROIP - SENDING>>>> ISAKMP OAK AG *(HASH, NAT-D 2x, NOTIFY:STATUS_REPLAY_STATUS, NOTIFY:STATUS_INITIAL_CONTACT)
1-22: 17:03:47.859 My Connections\Tactique ROIP - Established IKE SA
1-22: 17:03:47.859 My Connections\Tactique ROIP -   MY COOKIE 61 a3 ee 78 20 82 a4 12
1-22: 17:03:47.859 My Connections\Tactique ROIP -   HIS COOKIE 92 bc 66 c5 2a 19 97 5e
1-22: 17:03:48.078 My Connections\Tactique ROIP - Initiating IKE Phase 2 with Client IDs (message id: DCE49932)
1-22: 17:03:48.078 My Connections\Tactique ROIP -   Initiator = IP ADDR=192.168.0.193, prot = 0 port = 0
1-22: 17:03:48.078 My Connections\Tactique ROIP -   Responder = IP SUBNET/MASK=192.168.70.0/255.255.255.0, prot = 0 port = 0
1-22: 17:03:48.078 My Connections\Tactique ROIP - SENDING>>>> ISAKMP OAK QM *(HASH, SA, NON, KE, ID 2x)
1-22: 17:03:48.078 My Connections\Tactique ROIP - RECEIVED<<< ISAKMP OAK INFO *(HASH, 112)
1-22: 17:03:48.078 My Connections\Tactique ROIP - Received malformed message or negotiation no longer active (message id: 51404955)
1-22: 17:03:48.093 My Connections\Tactique ROIP - RECEIVED<<< ISAKMP OAK INFO (NOTIFY:PAYLOAD_MALFORMED)
1-22: 17:03:48.093 My Connections\Tactique ROIP - Discarding SA negotiation
1-22: 17:03:48.093 My Connections\Tactique ROIP -   MY COOKIE 61 a3 ee 78 20 82 a4 12
1-22: 17:03:48.093 My Connections\Tactique ROIP - Deleting IKE SA (IP ADDR=192.168.0.212)
1-22: 17:03:48.093 My Connections\Tactique ROIP -   HIS COOKIE 92 bc 66 c5 2a 19 97 5e
1-22: 17:03:58.078 My Connections\Tactique ROIP - RECEIVED<<< ISAKMP OAK AG (SA, KE, NON, ID, HASH, VID 2x, NAT-D 2x)
1-22: 17:03:58.078 My Connections\Tactique ROIP - Received message for non-active IKE SA


  • Voici les log du WRV210:


089   [Fri 17:03:47]  packet from 192.168.0.193:500: ignoring unknown Vendor ID payload [da8e937880010000]
090   [Fri 17:03:47]  packet from 192.168.0.193:500: received Vendor ID payload [Dead Peer Detection]
091   [Fri 17:03:47]  packet from 192.168.0.193:500: received Vendor ID payload [XAUTH]
092   [Fri 17:03:47]  packet from 192.168.0.193:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
093   [Fri 17:03:47]  packet from 192.168.0.193:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
094   [Fri 17:03:47]  "TunnelA"[1] 192.168.0.193 #9: Aggressive mode peer ID is ID_IPV4_ADDR: '192.168.0.193'
095   [Fri 17:03:47]  "TunnelA"[1] 192.168.0.193 #9: responding to Aggressive Mode, state #9, connection "TunnelA" from 192.168.0.193
096   [Fri 17:03:47]  "TunnelA"[1] 192.168.0.193 #9: transition from state STATE_AGGR_R0 to state STATE_AGGR_R1
097   [Fri 17:03:47]  "TunnelA"[1] 192.168.0.193 #9: STATE_AGGR_R1: sent AR1, expecting AI2
098   [Fri 17:03:47]  "TunnelA"[1] 192.168.0.193 #9: ignoring informational payload, type IPSEC_REPLAY_STATUS
099   [Fri 17:03:47]  "TunnelA"[1] 192.168.0.193 #9: ignoring informational payload, type IPSEC_INITIAL_CONTACT
100   [Fri 17:03:47]  "TunnelA"[1] 192.168.0.193 #9: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected
101   [Fri 17:03:47]  "TunnelA"[1] 192.168.0.193 #9: Aggressive mode peer ID is ID_IPV4_ADDR: '192.168.0.193'
102   [Fri 17:03:47]  "TunnelA"[1] 192.168.0.193 #9: received Hash Payload does not match computed value
103   [Fri 17:03:47]  "TunnelA"[1] 192.168.0.193 #9: sending encrypted notification INVALID_HASH_INFORMATION to 192.168.0.193:500
104   [Fri 17:03:47]  "TunnelA"[1] 192.168.0.193 #9: Quick Mode message is unacceptable because it is for an incomplete ISAKMP SA
105   [Fri 17:03:47]  "TunnelA"[1] 192.168.0.193 #9: sending notification PAYLOAD_MALFORMED to 192.168.0.193:500
106   [Fri 17:04:57]  "TunnelA"[1] 192.168.0.193 #9: max number of retransmissions (2) reached STATE_AGGR_R1
107   [Fri 17:04:57]  "TunnelA"[1] 192.168.0.193: deleting connection "TunnelA" instance with peer 192.168.0.193 {isakmp=#0/ipsec=#0}


Le firmware du WRV210 et le plus recent.


Merci de m'aider car la je seche!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion