problems with QuickVPN client

Unanswered Question
Aug 18th, 2010

Hello,


I experiance problems with QuickVPN client (version 1.4.1.2). I'm trying to connect to router SA520 with 1.1.65 firmware,

vpn tunell is established, but client says "The remote gateway is not responding. Do you want to wait?"

in case i click no, it drops vpn tunell


QuickVPN client log looks like this:

2010/08/18 12:13:27 [STATUS]OS Version: Windows 7
2010/08/18 12:13:27 [STATUS]Windows Firewall Domain Profile Settings: ON
2010/08/18 12:13:27 [STATUS]Windows Firewall Private Profile Settings: ON
2010/08/18 12:13:27 [STATUS]Windows Firewall Private Profile Settings: ON
2010/08/18 12:13:27 [STATUS]One network interface detected with IP address 192.168.1.100
2010/08/18 12:13:27 [STATUS]Connecting...
2010/08/18 12:13:27 [DEBUG]Input VPN Server Address = vpn.in-volv.lv
2010/08/18 12:13:28 [STATUS]Connecting to remote gateway with IP address: 78.28.223.10
2010/08/18 12:13:28 [WARNING]Server's certificate doesn't exist on your local computer.
2010/08/18 12:13:30 [STATUS]Remote gateway was reached by https ...
2010/08/18 12:13:30 [STATUS]Provisioning...
2010/08/18 12:13:39 [STATUS]Success to connect.
2010/08/18 12:13:39 [STATUS]Tunnel is configured. Ping test is about to start.
2010/08/18 12:13:39 [STATUS]Verifying Network...
2010/08/18 12:13:44 [WARNING]Failed to ping remote VPN Router!
2010/08/18 12:13:47 [WARNING]Failed to ping remote VPN Router!
2010/08/18 12:13:50 [WARNING]Failed to ping remote VPN Router!
2010/08/18 12:13:53 [WARNING]Failed to ping remote VPN Router!
2010/08/18 12:13:56 [WARNING]Failed to ping remote VPN Router!
2010/08/18 12:14:08 [WARNING]Ping was blocked, which can be caused by an unexpected disconnect.
2010/08/18 12:14:12 [STATUS]Disconnecting...
2010/08/18 12:14:15 [STATUS]Success to disconnect.


Server logs look like this:

2010-08-18 12:28:49: INFO:  Adding IPSec configuration with identifier "arvils"
2010-08-18 12:29:02: INFO:  Configuration found for 83.243.93.200[500].
2010-08-18 12:29:02: INFO:  Received request for new phase 1 negotiation: 78.28.223.10[500]<=>83.243.93.200[500]
2010-08-18 12:29:02: INFO:  Beginning Identity Protection mode.
2010-08-18 12:29:02: INFO:  Received Vendor ID: MS NT5 ISAKMPOAKLEY
2010-08-18 12:29:02: INFO:  Received Vendor ID: RFC 3947
2010-08-18 12:29:02: INFO:  Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02


2010-08-18 12:29:02: INFO:  Received unknown Vendor ID
2010-08-18 12:29:02: INFO:  Received unknown Vendor ID
2010-08-18 12:29:02: INFO:  Received unknown Vendor ID
2010-08-18 12:29:02: INFO:  Received unknown Vendor ID
2010-08-18 12:29:02: INFO:  For 83.243.93.200[500], Selected NAT-T version: RFC 3947
2010-08-18 12:29:02: INFO:  NAT-D payload matches for 78.28.223.10[500]
2010-08-18 12:29:02: INFO:  NAT-D payload does not match for 83.243.93.200[500]
2010-08-18 12:29:02: INFO:  NAT detected: PEER
2010-08-18 12:29:02: INFO:  Floating ports for NAT-T with peer 83.243.93.200[4500]
2010-08-18 12:29:02: INFO:  ISAKMP-SA established for 78.28.223.10[4500]-83.243.93.200[4500] with spi:e2cd855a75fc0887:6dc3b2e025152444
2010-08-18 12:29:02: INFO:  Sending Informational Exchange: notify payload[INITIAL-CONTACT]
2010-08-18 12:29:02: INFO:  Responding to new phase 2 negotiation: 78.28.223.10[0]<=>83.243.93.200[0]
2010-08-18 12:29:02: INFO:  Using IPsec SA configuration: 192.168.75.0/24<->192.168.1.100/32
2010-08-18 12:29:02: INFO:  Adjusting peer's encmode 3(3)->Tunnel(1)
2010-08-18 12:29:02: INFO:  IPsec-SA established[UDP encap 4500->4500]: ESP/Tunnel 83.243.93.200->78.28.223.10 with spi=47693803(0x2d7bfeb)
2010-08-18 12:29:02: INFO:  IPsec-SA established[UDP encap 4500->4500]: ESP/Tunnel 78.28.223.10->83.243.93.200 with spi=1079189482(0x40531fea)
2010-08-18 12:35:57: INFO:  an undead schedule has been deleted: 'pk_recvupdate'.
2010-08-18 12:35:57: INFO:  Purged IPsec-SA with proto_id=ESP and spi=1079189482(0x40531fea).
2010-08-18 12:40:46: INFO:  Configuration found for 83.243.93.200[500].
2010-08-18 12:40:46: INFO:  Received request for new phase 1 negotiation: 78.28.223.10[500]<=>83.243.93.200[500]
2010-08-18 12:40:46: INFO:  Beginning Identity Protection mode.
2010-08-18 12:40:46: INFO:  Received Vendor ID: MS NT5 ISAKMPOAKLEY
2010-08-18 12:40:46: INFO:  Received Vendor ID: RFC 3947
2010-08-18 12:40:46: INFO:  Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02


2010-08-18 12:40:46: INFO:  Received unknown Vendor ID
2010-08-18 12:40:46: INFO:  Received unknown Vendor ID
2010-08-18 12:40:46: INFO:  Received unknown Vendor ID
2010-08-18 12:40:46: INFO:  For 83.243.93.200[500], Selected NAT-T version: RFC 3947
2010-08-18 12:40:46: INFO:  NAT-D payload matches for 78.28.223.10[500]
2010-08-18 12:40:46: INFO:  NAT-D payload does not match for 83.243.93.200[500]
2010-08-18 12:40:46: INFO:  NAT detected: PEER
2010-08-18 12:40:46: INFO:  Floating ports for NAT-T with peer 83.243.93.200[4500]
2010-08-18 12:40:46: INFO:  ISAKMP-SA established for 78.28.223.10[4500]-83.243.93.200[4500] with spi:28447d39874689f9:a2b7da19d8d86413
2010-08-18 12:40:46: INFO:  Responding to new phase 2 negotiation: 78.28.223.10[0]<=>83.243.93.200[0]
2010-08-18 12:40:46: INFO:  Using IPsec SA configuration: 192.168.75.0/24<->192.168.1.100/32
2010-08-18 12:40:46: INFO:  Adjusting peer's encmode 3(3)->Tunnel(1)
2010-08-18 12:40:47: INFO:  IPsec-SA established[UDP encap 4500->4500]: ESP/Tunnel 83.243.93.200->78.28.223.10 with spi=259246202(0xf73c87a)
2010-08-18 12:40:47: INFO:  IPsec-SA established[UDP encap 4500->4500]: ESP/Tunnel 78.28.223.10->83.243.93.200 with spi=3642234214(0xd9181566)
2010-08-18 12:43:27: INFO:  IPsec-SA expired: ESP/Tunnel 83.243.93.200->78.28.223.10 with spi=33356156(0x1fcf97c)
2010-08-18 12:45:47: INFO:  an undead schedule has been deleted: 'pk_recvupdate'.
2010-08-18 12:45:47: INFO:  Purged IPsec-SA with proto_id=ESP and spi=3642234214(0xd9181566).


The most interesting thing is that sometimes this message appears, sometimes not (with the same configuration).

Please help!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
vaba Wed, 08/18/2010 - 07:39

Hi,


I have some problem. I am using Windows 7 Entreprice x64. I use SA520 Firmware 1.1.65 and QuickVPN 1.4.1.2 port 60443.


"The remote gateway is not responding. Do you want to wait"


2010-08-18 17:25:51: INFO:  Adding IPSec configuration with identifier "username"

2010-08-18 17:25:51: INFO:  Adding IKE configuration with identifer "username"

2010-08-18 17:26:04: INFO:  Configuration found for xxx.xxx.xxx.xxx[235].

2010-08-18 17:26:04: INFO:  Received request for new phase 1 negotiation: 172.22.5.10[500]<=>xxx.xxx.xxx.xxx[235]

2010-08-18 17:26:04: INFO:  Beginning Identity Protection mode.

2010-08-18 17:26:04: INFO:  Received Vendor ID: MS NT5 ISAKMPOAKLEY

2010-08-18 17:26:04: INFO:  Received Vendor ID: RFC 3947

2010-08-18 17:26:04: INFO:  Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02

2010-08-18 17:26:04: INFO:  Received unknown Vendor ID

2010-08-18 17:26:04: INFO:  Received unknown Vendor ID

2010-08-18 17:26:04: INFO:  Received unknown Vendor ID

2010-08-18 17:26:04: INFO:  Received unknown Vendor ID

2010-08-18 17:26:04: INFO:  For xxx.xxx.xxx.xxx[235], Selected NAT-T version: RFC 3947

2010-08-18 17:26:04: INFO:  NAT-D payload does not match for 172.22.5.10[500]

2010-08-18 17:26:04: INFO:  NAT-D payload does not match for xxx.xxx.xxx.xxx[235]

2010-08-18 17:26:04: INFO:  NAT detected: ME PEER

2010-08-18 17:26:04: INFO:  Floating ports for NAT-T with peer xxx.xxx.xxx.xxx[48540]

2010-08-18 17:26:04: INFO:  ISAKMP-SA established for 172.22.5.10[4500]- xxx.xxx.xxx.xxx[48540] with spi:ed4f291c71c1b688:7e6a8a0968f878fb

2010-08-18 17:26:04: INFO:  Sending Informational Exchange: notify payload[INITIAL-CONTACT]

2010-08-18 17:26:04: INFO:  Responding to new phase 2 negotiation: 172.22.5.10[0]<=> xxx.xxx.xxx.xxx[0]

2010-08-18 17:26:04: INFO:  Using IPsec SA configuration: 192.168.75.0/24<->192.168.170.224/32

2010-08-18 17:26:04: INFO:  Adjusting peer's encmode 3(3)->Tunnel(1)

2010-08-18 17:26:05: INFO:  IPsec-SA established[UDP encap 48540->4500]: ESP/Tunnel xxx.xxx.xxx.xxx->172.22.5.10 with spi=239099274(0xe405d8a)

2010-08-18 17:26:05: INFO:  IPsec-SA established[UDP encap 4500->48540]: ESP/Tunnel 172.22.5.10-> xxx.xxx.xxx.xxx with spi=3886848189(0xe7ac98bd)

2010-08-18 17:26:07: INFO:  Configuration found for xxx.xxx.xxx.xxx[235].

2010-08-18 17:26:07: INFO:  Received request for new phase 1 negotiation: 172.22.5.10[500]<=> xxx.xxx.xxx.xxx[235]

2010-08-18 17:26:07: INFO:  Beginning Identity Protection mode.

2010-08-18 17:26:07: INFO:  Received Vendor ID: MS NT5 ISAKMPOAKLEY

2010-08-18 17:26:07: INFO:  Received Vendor ID: RFC 3947

2010-08-18 17:26:07: INFO:  Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02

2010-08-18 17:26:07: INFO:  Received unknown Vendor ID

2010-08-18 17:26:07: INFO:  Received unknown Vendor ID

2010-08-18 17:26:07: INFO:  Received unknown Vendor ID

2010-08-18 17:26:07: INFO:  For xxx.xxx.xxx.xxx[235], Selected NAT-T version: RFC 3947

2010-08-18 17:26:07: INFO:  NAT-D payload does not match for 172.22.5.10[500]

2010-08-18 17:26:07: INFO:  NAT-D payload does not match for xxx.xxx.xxx.xxx[235]

2010-08-18 17:26:07: INFO:  NAT detected: ME PEER

2010-08-18 17:26:07: INFO:  Floating ports for NAT-T with peer xxx.xxx.xxx.xxx[48540]

2010-08-18 17:26:07: INFO:  ISAKMP-SA established for 172.22.5.10[4500]- xxx.xxx.xxx.xxx[48540] with spi:699f34b434d4318c:df4adca414787d36

2010-08-18 17:27:14: INFO:  Purged ISAKMP-SA with proto_id=ISAKMP and spi=699f34b434d4318c:df4adca414787d36.

2010-08-18 17:27:14: INFO:  Configuration found for xxx.xxx.xxx.xxx[235].

2010-08-18 17:27:14: INFO:  Received request for new phase 1 negotiation: 172.22.5.10[500]<=> xxx.xxx.xxx.xxx[235]

2010-08-18 17:27:14: INFO:  Beginning Identity Protection mode.

2010-08-18 17:27:14: INFO:  Received Vendor ID: MS NT5 ISAKMPOAKLEY

2010-08-18 17:27:14: INFO:  Received Vendor ID: RFC 3947

2010-08-18 17:27:14: INFO:  Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02

2010-08-18 17:27:14: INFO:  Received unknown Vendor ID

2010-08-18 17:27:14: INFO:  Received unknown Vendor ID

2010-08-18 17:27:14: INFO:  Received unknown Vendor ID

2010-08-18 17:27:14: INFO:  For xxx.xxx.xxx.xxx[235], Selected NAT-T version: RFC 3947

2010-08-18 17:27:14: INFO:  NAT-D payload does not match for 172.22.5.10[500]

2010-08-18 17:27:14: INFO:  NAT-D payload does not match for xxx.xxx.xxx.xxx[235]

2010-08-18 17:27:14: INFO:  NAT detected: ME PEER

2010-08-18 17:27:15: INFO:  ISAKMP-SA deleted for 172.22.5.10[4500]- xxx.xxx.xxx.xxx[48540] with spi:699f34b434d4318c:df4adca414787d36

2010-08-18 17:27:15: INFO:  Floating ports for NAT-T with peer xxx.xxx.xxx.xxx[48540]

2010-08-18 17:27:15: INFO:  ISAKMP-SA established for 172.22.5.10[4500]- xxx.xxx.xxx.xxx[48540] with spi:3fe5eb0bddbf2b9a:f5c11d7f813ca74a

2010-08-18 17:27:15: INFO:  Sending Informational Exchange: notify payload[INITIAL-CONTACT]

2010-08-18 17:28:20: INFO:  Purged ISAKMP-SA with proto_id=ISAKMP and spi=3fe5eb0bddbf2b9a:f5c11d7f813ca74a.

2010-08-18 17:28:21: INFO:  ISAKMP-SA deleted for 172.22.5.10[4500]- xxx.xxx.xxx.xxx[48540] with spi:3fe5eb0bddbf2b9a:f5c11d7f813ca74a




With windows XP Pro i dont have this problem.


Is there a detailed configuration guide?


10x

riroe Mon, 08/23/2010 - 02:43

Have you tried the following?


Verify  Windows  firewall is ON for Windows7 ,  third party firewall disabled, IKE & AuthIPSec enabled in services, run the QVPN as administrator and in compatibility mode as Vista SP 2 .


Also try deleting and then reinstalling the QVPN software and then generate the certificate.


THANKS


Rick Roe

vaba Mon, 08/23/2010 - 03:39

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin-top:0cm; mso-para-margin-right:0cm; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0cm; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;}

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin-top:0cm; mso-para-margin-right:0cm; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0cm; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} Riroe,

Thanks for the information. I don’t have any third party firewall installed, and IKE and IPSec ports are open.

riroe Mon, 08/23/2010 - 04:00

Maybe try deleting and installing the QVPN over again and see if this helps. Also when launching the QVPN be sure to run as administrator and run in compatibility mode as Vista SP2.



THANKS

vaba Mon, 08/23/2010 - 05:21

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin-top:0cm; mso-para-margin-right:0cm; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0cm; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;}

I reinstall QuickVPN 3 or 4 times and used all possible compatible modes Vista SP 2 and Windows XP, but no effect

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin-top:0cm; mso-para-margin-right:0cm; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0cm; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;}

Thanks again

Regards

arvils.freipics Mon, 08/23/2010 - 05:30

Hi,

Today I'm even can't estabilsh vpn tunell at all
Router logs shows:

2010-08-23 14:04:31: ERROR:  Failed to load the       configuration


Client says "Failed to establish a connection."

Clients logs shows:


2010/08/23 14:04:29 [STATUS]OS Version: Windows 7
2010/08/23 14:04:29 [STATUS]Windows Firewall Domain Profile       Settings: ON
2010/08/23 14:04:29 [STATUS]Windows Firewall Private Profile       Settings: ON
2010/08/23 14:04:29 [STATUS]Windows Firewall Private Profile       Settings: ON
2010/08/23 14:04:29 [STATUS]One network interface detected with IP       address 192.168.1.101
2010/08/23 14:04:29 [STATUS]Connecting...
2010/08/23 14:04:29 [DEBUG]Input VPN Server Address =       vpn.in-volv.lv
2010/08/23 14:04:29 [STATUS]Connecting to remote gateway with IP       address: 78.28.223.10
2010/08/23 14:04:29 [WARNING]Server's certificate doesn't exist on       your local computer.
2010/08/23 14:04:31 [STATUS]Remote gateway was reached by https       ...
2010/08/23 14:04:31 [WARNING]Remote gateway wasn't reached...
2010/08/23 14:04:31 [WARNING]Failed to connect.
2010/08/23 14:04:41 [WARNING]Remote gateway wasn't reached...
2010/08/23 14:04:41 [WARNING]Failed to connect.
2010/08/23 14:04:41 [WARNING]Failed to connect!

I'm trying to run Quick VPN client in compatibility mode (Vista SP2)     as administrator.

Without compatibility mode - same result.


Arvils.

arvils.freipics Tue, 08/24/2010 - 02:59

Some update:

Today I tried to recreate VPN user (drop and then create it again).

After these operations I'm able to establish VPN tunell, but agan recieve message "The remote gateway is not responding. Do you want to wait"?


... seems that VPN feature simply don't work or cisco tries to test some early alpha version of product on customers

juliomar Tue, 08/31/2010 - 16:41

Dear Arvils,


Thank you for reporting this issue along with sharing your logs. We are not able to replicate what you are seeing. Can you send us your configuration file, I will load it and try it out locally to try to narrow the cause of the failure. Please change any password and/or sensitive information from the configuration.


Furthermore, if you can attach a packet capture from your PC as it is attempting the connection, that can help us to figure out why your connection is failing. 


If you do not want to post these items in the forum, please feel free to send me these items in a private message. 


Best regards,

Julio

delmonti007 Thu, 09/02/2010 - 05:26

I too am having exactly the same issue.

There's nothing quick about QuickVPN and from what I can see there's also not much VPN'ing going on either. Bit of a shame considering the only reason we bought this damn router was for the intergrated VPN. (it's a WRVS4400N)


Client: Win7. IPsec on, Windows FW on. latest QuickVPN run as administrator Vista SP2 compat. mode


Let me know what you need in the way of logs and I'll supply

arvils.freipics Thu, 09/02/2010 - 08:05

Strange that you are unable to reproduce error.
I recieve same error on 3 different fresh installed W7 32bit comps.


And similar situation was with previous (*.*.42) firmware as well.

Attachment: 
juliomar Thu, 09/02/2010 - 16:10

Hi Arvils,


Thank you for the time to get the captures and sending them to us.

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;} Unfortunately they did not shed light on connection problems.  Would you be willing to attend a WebEx meeting to try to figure out the cause of your VPN problems?  Let me know when would be a convenient time for you so that I can coordinate the meeting.


Regards,

Julio

christophepuget Thu, 10/28/2010 - 04:23

Hello all


Did you finally get a solution for this issue ?


I am experiencing exactly the same problem with RV120W 1.0.1.3 and QuickVPN 1.4.1.2



2010/10/28 13:06:30 [STATUS]OS Version: Windows 7

2010/10/28 13:06:31 [STATUS]Windows Firewall Domain Profile Settings: ON

2010/10/28 13:06:31 [STATUS]Windows Firewall Private Profile Settings: ON

2010/10/28 13:06:31 [STATUS]Windows Firewall Private Profile Settings: ON

2010/10/28 13:06:31 [STATUS]One network interface detected with IP address 192.168.1.22

2010/10/28 13:06:31 [STATUS]Connecting...

2010/10/28 13:06:31 [DEBUG]Input VPN Server Address = xxx.xxx.xxx.xxx

2010/10/28 13:06:31 [STATUS]Connecting to remote gateway with IP address: xxx.xxx.xxx.xxx

2010/10/28 13:06:32 [STATUS]Remote gateway was reached by https ...

2010/10/28 13:06:32 [STATUS]Provisioning...

2010/10/28 13:06:44 [STATUS]Success to connect.

2010/10/28 13:06:44 [STATUS]Tunnel is configured. Ping test is about to start.

2010/10/28 13:06:44 [STATUS]Verifying Network...

2010/10/28 13:06:49 [WARNING]Failed to ping remote VPN Router!

2010/10/28 13:06:52 [WARNING]Failed to ping remote VPN Router!

2010/10/28 13:06:55 [WARNING]Failed to ping remote VPN Router!

2010/10/28 13:06:58 [WARNING]Failed to ping remote VPN Router!

2010/10/28 13:07:01 [WARNING]Failed to ping remote VPN Router!

2010/10/28 13:07:14 [WARNING]Ping was blocked, which can be caused by an unexpected disconnect.

2010/10/28 13:07:17 [STATUS]Disconnecting...

2010/10/28 13:07:22 [STATUS]Success to disconnect.


Thanks for your feedback


Regards

JOHN NIKOLATOS Sat, 10/30/2010 - 07:41

What is the internal network vs. your remote network IP subnets?  maybe they are conflicting?


The error you guys are getting is connectivity type errors... like an internet issue...  or ISP issue.  have you called the ISP to have the line tested at all?


What type of devices if any are in the front of the SA or firewall?  I have seen where a cable modem or DSL router with old firmware can not support IPSEC connections or multiple connections and fails until a firewall upgrade is performed.  This is on both the one in front of the SA or on your remote network.  Also your NIC card drivers...  maybe they need to be updated...

christophepuget Tue, 11/02/2010 - 14:50

Hi


For your information, before posting this question, I downloaded Shrew Soft client and based on a tutorial found in support forums, I could establish VPN in a few min. So, FW, ISP, passthrough and other stuff don't seem involved in the pb.


At short term, I use Shrew client for remote access. I will make deeper investigation when I have some time with QuickVPN


Maybe the best would be to give a simple tutorial on how to configure server and client sides (IKE / VPN profiles), and what server/client logs we are supposed to get, to have a reference helping us to invetigate our own issues.

So, getting elements from someone who succeeded with W7-64 would be really appreciated


Regards

jean_bruder Wed, 11/03/2010 - 00:55

Christophe,


Could you please share the link you used to make the Shrew Soft work under W7/64 ? It would really help me as for now nobody can connect anymore to the company since I changed my router for the Cisco ...


Many thanks in advance,

Regards.

christophepuget Wed, 11/03/2010 - 02:30

Hi Jean,


In a few words :

- on server side :

     - created standard IKE/VPN policies with wizard (using dummy FQDN)

     - modified IKE policy to select "XAUTH Type" "User database"

     - created XAuth users


- on client side :

    - downloaded Shrew client v2.1.7

    - started from a procedure I found at : https://csc-test1.cisco.com/docs/DOC-9378, named "shrewsoft_final.pdf", with some changes :

      - General : Use an existing adapter and current address

      - Name Res : Enable DNS : YES, Obtain Auto : YES

      - Phase 1 / 2 : you can fine tune-algo and key settings to reduce connection time


... and then it worked !


In case of issues, you can make wireshark traces on PC or router side to check ports are opened (UDP 500, 4500, ...)


Be careful not to test from inside your own network


I hope it helps, let us know


Regards

jean_bruder Sat, 10/30/2010 - 11:49

Guys,


I'm experimenting the same issue with the QuickVPN client I installed on a Windows Seven 64bits computer. I first started to try to connect to my WRV210 (running the last online firmware) router using the QuickVPN client v 1.4.0.5. No way to make it work ... Then I found the new update of the client, and installed the version 1.4.1.2, complete uninstall of the last version, 1.4.0.5, with a clean of the registry and the installation directory, but this new version don't solve the issue.


On the client side, I get the "Failed to ping" message, as described in many of the users posts. I did not investigate on the router side, sorry.


Could please the Cisco Small Businees team find a workaround to this situation, as my users cannot connect to the company anymore (I changed my old router and software VPN for the Cisco solution, that doesnt' work for now ...).


Many thanks in advance,

Best regards.

JOHN NIKOLATOS Sat, 10/30/2010 - 18:38

All keep in mind Windows 7 is crazy in the fact that if you disable some services or turn off its built in firewall it will not work properly.  Make sure your windows 7 firewall is on..   also I have another suggestion.  Try using the SSL VPN and see what happens.  Since this discussion started as a SA500 issue.  That device has two built in SSL VPN's and is easy to set up.  Test it out and tell us if the SSL VPN works.

jean_bruder Sun, 10/31/2010 - 03:14

John,


It would be nicer to find a real solution to the issue that seems to be common to many of the Small Business Cisco products instead of trying to use some workarounds ... Anyway, could you give us a "how to" to use the built in SSL VPN ?


Regards.

Scott George Sun, 11/14/2010 - 06:19

Has any solution been found for this issue. I am having the same problem for on the RV

120 W. I am over here in Japan running on an ADLS so I am not sure if anyone over here has depl

oyed this router as it is not being sold here.

levi.kobi Mon, 11/15/2010 - 08:50

I have the same problem with RV 120W. I try to connect with the QuickVPN client and it hangs out. I tryed from one Win7-64 and from 3 Win XP so far.

In the router's log I have lines that say:


2010-11-14 23:49:31: [router88846E] [IKE] ERROR:  Failed to load the configuration


Any solutions yet?

MICHAEL JONES Wed, 05/18/2011 - 21:55

Have had the same problem with an SA540 and not so quickvpn ver. 1.4.1.2. Found it weird that win7 32bit no firewall worked in my office  (we have 2 IPS) but not from 32bit windows7 from home until I turned on the firewall.


I have also had to delete and recreate users and reboot the firewall several times to get "quickvpn" users up and running. It does seem a bit odd that Cisco is still having issues with quickvpn after all the this time. Not being able to browse the network or connect to office resources by name is also an issue.


Would love to see Cisco man up and get this resolved.

Sebastian Jimenez Tue, 11/15/2011 - 21:14

i'm having the same problem with RV120W.. the vpn worked a couple of times creating new users every time but i can never use the same username.. now today it just wont work at all..


Adding IPSec configuration with identifier "cheryl"

2011-11-16 05:01:47: [router2] [IKE] INFO:  Adding IKE configuration with identifier "cheryl"

2011-11-16 05:01:47: [router2] [IKE] ERROR:  parse error is nothing, but yyerrorcount is 16.

2011-11-16 05:02:26: [router2] [IKE] ERROR:  Failed to load the configuration

2011-11-16 05:02:48: [router2] [IKE] ERROR:  Failed to load the configuration


I have 2 of this boxes with a Site to Site VPN and that works fine but i cannot get the quickVPN to work.. did you guys find a way to make it work..


by the way my to networks are on different subnets 192.168.0.0 and 192.168.1.0  so that's not the problem

Sebastian Jimenez Tue, 11/15/2011 - 21:27

tried again with a new user


2011-11-16 05:18:44: [router2] [IKE] ERROR:  Failed to load the configuration

2011-11-16 05:20:25: [router2] [IKE] INFO:  Adding IPSec configuration with identifier "testing"

2011-11-16 05:20:25: [router2] [IKE] INFO:  Adding IKE configuration with identifier "testing"

2011-11-16 05:20:25: [router2] [IKE] ERROR:  parse error is nothing, but yyerrorcount is 21.

2011-11-16 05:22:15: [router2] [IKE] ERROR:  Failed to load the configuration

2011-11-16 05:22:33: [router2] [IKE] ERROR:  Failed to load the configuration


running Win 7 64 bit.. tried with windows firewall on and off, tried with all different compatibility configurations.. still doesn't work.  I guess this problem has been going on for long enough now that i find all these forums.. wondering if it's time to just go return these 2 boxes and try a different vendor.  I'm CCNA certified and love Cisco but i'm very disappointed now