06-21-2010 01:38 PM
I have been attempting to setup a router to router VPN between a Symantec 360 router and a
WRV210. I have tried a number of different configurations and haven't been able to get
the VPN up and running. It would appear that I have the proper Security methods enabled on both end but it
still doesn't work. Has anyone had experience with configuring a VPN with these 2 routers? Are the VPN negotiations compatible?
Any input would be much appreciated.
Tyler
06-21-2010 01:40 PM
Hi,
Does the tunnel come up at all?
The VPN will first establish phase 1, then phase 2 and finally will pass traffic through the tunnel.
You need to make sure if the encryption, hashing, etc parameters match in both phases.
Are you getting any logs or errors that might help us know where the problem is?
Federico.
06-21-2010 01:50 PM
Here is the log I am getting from the WRV210
000 "TunnelA": srcip=unset; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown;
000 "TunnelA": ike_life: 28800s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3
000 "TunnelA": policy: PSK+ENCRYPT+TUNNEL+PFS+UP+AGGRESSIVE; prio: 24,24; interface: ppp0;
000 "TunnelA": newest ISAKMP SA: #484; newest IPsec SA: #0;
000 "TunnelA": IKE algorithms wanted: 5_000-2-2, flags=strict
000 "TunnelA": IKE algorithms found: 5_192-2_096-2,
000 "TunnelA": IKE algorithm newest: 3DES_CBC_192-SHA1-MODP1024
000 "TunnelA": ESP algorithms wanted: 3_000-2, flags=strict
000 "TunnelA": ESP algorithms loaded: 3_000-2, flags=strict
000 #485: "TunnelA":500 STATE_QUICK_I1 (sent QI1, expecting QR1); EVENT_RETRANSMIT in 2s; nodpd
000 #484: "TunnelA":500 STATE_AGGR_I2 (sent AI2, ISAKMP SA established); EVENT_SA_REPLACE in 28174s; newest ISAKMP; nodpd
The local subnet, Remote Subnet and Remote Security Gateway are correct:
Key Settings
Key Exchange IKE Auto
Operation mode: Aggressive
ISAKMP Encrypt Method: 3DES
ISAKMP Auth Method: SHA1
ISAKMP DH: Group 2
ISAKMP Lifetime: 28800
PFS Enabled
IPSec Encrypt: 3DES
IPSec Auth: SHA1
IPSec Lifetime: 28800
I have mirrored these settings on the Symantec router through the Dynamic VPN tab and the VPN Policy Tab.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: