Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
944
Views
0
Helpful
2
Replies

Setup WRV210 Vpn with Symantec 360 Router

twalsh226
Level 1
Level 1

‎06-21-2010 01:38 PM

I have been attempting to setup a router to router VPN between a Symantec 360 router and a

WRV210.  I have tried a number of different configurations and haven't been able to get

the VPN up and running.  It would appear that I have the proper Security methods enabled on both end but it

still doesn't work.  Has anyone had experience with configuring a VPN with these 2 routers?  Are the VPN negotiations compatible?

Any input would be much appreciated.

Tyler

Labels:
0 Helpful
2 Replies 2

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎06-21-2010 01:40 PM

Hi,

Does the tunnel come up at all?

The VPN will first establish phase 1, then phase 2 and finally will pass traffic through the tunnel.

You need to make sure if the encryption, hashing, etc parameters match in both phases.

Are you getting any logs or errors that might help us know where the problem is?

Federico.

0 Helpful

twalsh226
Level 1
Level 1
In response to Federico Coto Fajardo

‎06-21-2010 01:50 PM

Here is the log I am getting from the WRV210

000 "TunnelA":     srcip=unset; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown;
000 "TunnelA":   ike_life: 28800s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3
000 "TunnelA":   policy: PSK+ENCRYPT+TUNNEL+PFS+UP+AGGRESSIVE; prio: 24,24; interface: ppp0;
000 "TunnelA":   newest ISAKMP SA: #484; newest IPsec SA: #0;
000 "TunnelA":   IKE algorithms wanted: 5_000-2-2, flags=strict
000 "TunnelA":   IKE algorithms found:  5_192-2_096-2,
000 "TunnelA":   IKE algorithm newest: 3DES_CBC_192-SHA1-MODP1024
000 "TunnelA":   ESP algorithms wanted: 3_000-2, flags=strict
000 "TunnelA":   ESP algorithms loaded: 3_000-2, flags=strict
000 #485: "TunnelA":500 STATE_QUICK_I1 (sent QI1, expecting QR1); EVENT_RETRANSMIT in 2s; nodpd
000 #484: "TunnelA":500 STATE_AGGR_I2 (sent AI2, ISAKMP SA established); EVENT_SA_REPLACE in 28174s; newest ISAKMP; nodpd

The local subnet, Remote Subnet and Remote Security Gateway are correct:

Key Settings

Key Exchange IKE Auto

Operation mode: Aggressive

ISAKMP Encrypt Method: 3DES

ISAKMP Auth Method: SHA1

ISAKMP DH: Group 2

ISAKMP Lifetime: 28800    

PFS Enabled

IPSec Encrypt: 3DES

IPSec Auth: SHA1

IPSec Lifetime: 28800

I have mirrored these settings on the Symantec router through the Dynamic VPN tab and the VPN Policy Tab.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents