Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1714
Views
0
Helpful
1
Replies

RVS4000 VPN with Quick VPN Client Problems connecting

eanderson543
Level 1
Level 1

‎07-30-2010 01:18 PM

I have downloaded and updated the firmware in my RVS4000 as

well as the Quick VPN client software to the latest versions ( July 2010 ).

Test client is an old laptop running XP SP3.  Connection is wireless to Qwest DSL.  Local address is 192.168.1.104  Outside address 67.41.38.xxx

RVS4000 is on CableOne network with outside address of 96.18.153.xxx.  Inside addresses are 192.168.20.1, 192.168.10.1 and 192.168.11.1 on respective VLANS.

RVS4000 client is guest with password of guest ( high security! )

When I try to connect from the remote client, I get to verifying network and then the error box... at this point the RVS4000 shows the connection is online.

There is no connection on the client shown on either the networks screen and no routes are shown in the "router print" DOS command to the RVS4000 inside networks.  Of course I can not ping any of the inside addresses on the RVS4000... hence the error.

Any suggestions on the next step in resolving this issue.  I would like to get back to my home net when out and about with the laptop.

I have tried disabling firewall and/or anti-virus programs on the client and firewall and IPS on the RVS4000 with not change in result.

Thanks.

Ernie

Labels:
0 Helpful
1 Reply 1

eanderson543
Level 1
Level 1

‎07-31-2010 09:50 AM

I tried with two other laptops... on running Windows 7 Ultimate 32

bit and one with Vista Home Premium 32 bit.  The results were similar with both.

I can connect, but can only access the local LAN port on the RVS4000 and can log into the RVS4000 with HTTP.

Still not indication on network screens on the remote that a tunnel connection exists.   My experience with VPN is limited to what I configured on a

Checkpoint firewall at the Transportation Department where I worked.  This client disabled local access and put all traffic through the tunnel for security reasons.  I was able to access the whole statewide net from my home through this tunnel.

Here is the client log from the Windows 7 box:

2010/07/31 10:27:50 [STATUS]OS Version: Windows 7
2010/07/31 10:27:50 [STATUS]Windows Firewall Domain Profile Settings: ON
2010/07/31 10:27:50 [STATUS]Windows Firewall Private Profile Settings: ON
2010/07/31 10:27:50 [STATUS]Windows Firewall Private Profile Settings: ON
2010/07/31 10:27:50 [STATUS]One network interface detected with IP address 192.168.1.111
2010/07/31 10:27:50 [STATUS]Connecting...
2010/07/31 10:27:50 [STATUS]Connecting to remote gateway with IP address: 96.18.153.xxx

2010/07/31 10:27:56 [STATUS]Remote gateway was reached by https ...
2010/07/31 10:27:56 [STATUS]Provisioning...
2010/07/31 10:28:06 [STATUS]Success to connect.
2010/07/31 10:28:06 [STATUS]Tunnel is configured. Ping test is about to start.
2010/07/31 10:28:06 [STATUS]Verifying Network...
2010/07/31 10:28:11 [WARNING]Failed to ping remote VPN Router!
2010/07/31 10:28:14 [WARNING]Failed to ping remote VPN Router!
2010/07/31 10:28:44 [STATUS]Changing password ....
2010/07/31 10:28:49 [WARNING]Failed to change the password.
2010/07/31 10:30:41 [STATUS]Disconnecting...
2010/07/31 10:30:49 [STATUS]Success to disconnect.

Log from RVS4000:

Jul 31 10:26:57 - [VPN Log]: loading secrets from "/etc/ipsec.secrets"
Jul 31 10:27:10 - [VPN Log]: packet from 174.27.68.24:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]
Jul 31 10:27:10 - [VPN Log]: packet from 174.27.68.24:500: ignoring Vendor ID payload [RFC 3947]
Jul 31 10:27:10 - [VPN Log]: packet from 174.27.68.24:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Jul 31 10:27:10 - [VPN Log]: packet from 174.27.68.24:500: ignoring Vendor ID payload [FRAGMENTATION]
Jul 31 10:27:10 - [VPN Log]: packet from 174.27.68.24:500: ignoring unknown Vendor ID payload [fb1de3cdf341b7ea16b7e5be0855f120]
Jul 31 10:27:11 - [VPN Log]: packet from 174.27.68.24:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Jul 31 10:27:11 - [VPN Log]: packet from 174.27.68.24:500: ignoring unknown Vendor ID payload [e3a5966a76379fe707228231e5ce8652]
Jul 31 10:27:11 - [VPN Log]: "guest_rw_rw"[1] 174.27.68.24 #7: responding to Main Mode from unknown peer 174.27.68.24
Jul 31 10:27:11 - [VPN Log]: "guest_rw_rw"[1] 174.27.68.24 #7: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Jul 31 10:27:11 - [VPN Log]: "guest_rw_rw"[1] 174.27.68.24 #7: STATE_MAIN_R1: sent MR1, expecting MI2
Jul 31 10:27:11 - [VPN Log]: "guest_rw_rw"[1] 174.27.68.24 #7: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Jul 31 10:27:11 - [VPN Log]: "guest_rw_rw"[1] 174.27.68.24 #7: STATE_MAIN_R2: sent MR2, expecting MI3
Jul 31 10:27:11 - [VPN Log]: "guest_rw_rw"[1] 174.27.68.24 #7: Main mode peer ID is ID_IPV4_ADDR: '192.168.1.111'
Jul 31 10:27:11 - [VPN Log]: "guest_rw_rw"[2] 174.27.68.24 #7: deleting connection "guest_rw_rw" instance with peer 174.27.68.24 {isakmp=#0/ipsec=#0}
Jul 31 10:27:11 - [VPN Log]: "guest_rw_rw"[2] 174.27.68.24 #7: I did not send a certificate because I do not have one.
Jul 31 10:27:11 - [VPN Log]: "guest_rw_rw"[2] 174.27.68.24 #7: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Jul 31 10:27:11 - [VPN Log]: "guest_rw_rw"[2] 174.27.68.24 #7: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1024}
Jul 31 10:27:11 - [VPN Log]: "guest_rw_rw"[2] 174.27.68.24 #8: responding to Quick Mode {msgid:01000000}
Jul 31 10:27:11 - [VPN Log]: "guest_rw_rw"[2] 174.27.68.24 #8: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Jul 31 10:27:11 - [VPN Log]: "guest_rw_rw"[2] 174.27.68.24 #8: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Jul 31 10:27:13 - [VPN Log]: "guest_rw_rw"[2] 174.27.68.24 #8: route-client output: 0
Jul 31 10:27:13 - [VPN Log]: "guest_rw_rw"[2] 174.27.68.24 #8: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Jul 31 10:27:13 - [VPN Log]: "guest_rw_rw"[2] 174.27.68.24 #8: STATE_QUICK_R2: IPsec SA established {ESP=>0x38107b20 <0xc755c272 xfrm=3DES_0-HMAC_MD5 NATD=none DPD=none}
Jul 31 10:29:43 - [VPN Log]: "guest_rw_rw"[2] 174.27.68.24 #7: received Delete SA(0x38107b20) payload: deleting IPSEC State #8
Jul 31 10:29:43 - [VPN Log]: "guest_rw_rw"[2] 174.27.68.24 #7: terminating SAs using this connection
Jul 31 10:29:43 - [VPN Log]: "guest_rw_rw" #8: deleting state (STATE_QUICK_R2)
Jul 31 10:29:43 - [VPN Log]: "guest_rw_rw" #7: deleting state (STATE_MAIN_R3)
Jul 31 10:29:43 - [VPN Log]: "guest_rw_rw"[2] 174.27.68.24: deleting connection "guest_rw_rw" instance with peer 174.27.68.24 {isakmp=#0/ipsec=#0}
Jul 31 10:29:44 - [VPN Log]: "guest_rw_rw": unroute-client output: 0
Jul 31 10:29:44 - [VPN Log]: packet from 174.27.68.24:500: received and ignored informational message
Jul 31 10:29:44 - [VPN Log]: packet from 174.27.68.24:500: Informational Exchange is for an unknown (expired?) SA
Jul 31 10:29:44 - [VPN Log]: "guest_rw_rw": deleting connection

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents