VPN Tunnel is not establishing on Site to Site VPN on Router RV220W

Unanswered Question
Jan 14th, 2012
User Badges:

I have recently bought two CISCO routers RV220W for our main and brach office mainly for VPN tunneling. I didnt know they are routers only not modems. so I have set it up using BT 2wire Router as modem only.

I have successfuly setup the routers and manage to establish the VPN tunneling between two routers.

AS bt doesnt give static WAN IP address so I have used Dyndns which works fine. although I have 5 static ip address which cannot be used for WAN unless i cahnge to one IP address even then BT tech said it will not work.

when I created the tunnel i could ping both servers with their IP only not with the names. I can ping them fine locally. I could also see the network from branch office to main office but not from main office to branch office. today when I restarted the server I cannot ping both server i mean vice versa but VPN tunnel is established. now I cannot see the network from branch office to main office as well.

both sites running windows server 2008 standard. main office server has 6 NIC cards two wwith public and three with private ip addresses, its also runing Terminal server, exchange, file etc. the branch office has two NIC card one with private and one with public ip.

intially I could establish the VPN tunnel as the network range was same on both sites so I changed one in th e10.0.0.0 range other in 192.168.1.0 range and VPN tunnel was established straightaway.


As soon as the VPN tunnel was created I manage to creat an external trust without any problems and both servers are added in each other forward zones as name servers.


in the main office the fues went off and I had to re-start the router and now the VPN tunnel is not establishing, mainly the error is ISAKMP-SA Expired I will paste the log of both routers below 


Now I need your help.


1. How to Clear Old or Existing Security Associations (Tunnels) on RV220W

2. how to fix the problem where I can ping the server with their IP as well as domain names ?

3. how to set it up so that both sides can see the network resources as well as access it ?

4. how to set it up so if the staff in branch office wants to log on the domain in main office he can simply do it as he does it in his office.


I can remote desktop both servers without any problems.


I have rebooted both servers few times, I have changed the share key, I also deleted the old setup and created new on both server but still no luck


Any urgent help will be appricated

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
caveatsolicitors Sat, 01/14/2012 - 15:41
User Badges:

Router1 log

2012-01-14 09:23:03: [rv220w][IKE] INFO: Sending Informational Exchange: delete payload[]

2012-01-14 09:23:04: [rv220w][IKE] INFO: ISAKMP-SA deleted for 197.127.128.1[500]-197.143

.198.1[500

] with spi:9dd3d5f20fabee3d:2bc2b

c5c6660437

f

2012-01-14 09:23:12: [rv220w][IKE] INFO: remote configuration for identifier "router1.vpn.com" found

2012-01-14 09:23:12: [rv220w][IKE] INFO: Received request for new phase 1 negotiation: 197.127.128.1[500]<=>197.1

43.198.1[5

00]

2012-01-14 09:23:12: [rv220w][IKE] INFO: Beginning Identity Protection mode.

2012-01-14 09:23:12: [rv220w][IKE] INFO: Received Vendor ID: RFC XXXX

2012-01-14 09:23:12: [rv220w][IKE] INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike

-02


2012-01-14 09:23:12: [rv220w][IKE] INFO: Received Vendor ID: RFC 3947

2012-01-14 09:23:12: [rv220w][IKE] INFO: Received Vendor ID: DPD

2012-01-14 09:23:12: [rv220w][IKE] INFO: For 197.143.198.1[500], Selected NAT-T version: RFC 3947

2012-01-14 09:23:13: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:23:13: [rv220w][IKE] INFO: NAT-D payload matches for 197.127.128.1[500]

2012-01-14 09:23:13: [rv220w][IKE] INFO: NAT-D payload matches for 197.143.198.1[500]

2012-01-14 09:23:13: [rv220w][IKE] INFO: NAT not detected

2012-01-14 09:23:13: [rv220w][IKE] INFO: ISAKMP-SA established for 197.127.128.1[500]-197.143

.198.1[500

] with spi:43e947c9f4344673:8059b

360776508e

9

2012-01-14 09:23:13: [rv220w][IKE] INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]

2012-01-14 09:23:13: [rv220w][IKE] INFO: ISAKMP-SA expired 197.127.128.1[500]-197.143

.198.1[500

] spi:43e947c9f4344673:8059b

360776508e

9

2012-01-14 09:23:13: [rv220w][IKE] INFO: Sending Informational Exchange: delete payload[]

2012-01-14 09:23:14: [rv220w][IKE] INFO: ISAKMP-SA deleted for 197.127.128.1[500]-197.143

.198.1[500

] with spi:43e947c9f4344673:8059b

360776508e

9

2012-01-14 09:23:33: [rv220w][IKE] ERROR: Phase 2 negotiation failed due to time up waiting for phase1. ESP 197.143.198.1->197.127.128

.1

2012-01-14 09:24:02: [rv220w][IKE] INFO: Using IPsec SA configuration: 10.0.0.0/24<->192.168.100.

0/24

2012-01-14 09:24:02: [rv220w][IKE] INFO: remote configuration for identifier "router1.vpn.com" found

2012-01-14 09:24:02: [rv220w][IKE] INFO: Initiating new phase 1 negotiation: 197.127.128.1[500]<=>197.1

43.198.1[5

00]

2012-01-14 09:24:02: [rv220w][IKE] INFO: Beginning Identity Protection mode.

2012-01-14 09:24:02: [rv220w][IKE] INFO: [ident_i1send:180]: XXX: NUMNATTVENDORIDS: 3

2012-01-14 09:24:02: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 4

2012-01-14 09:24:02: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 8

2012-01-14 09:24:02: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 9

2012-01-14 09:24:02: [rv220w][IKE] INFO: Received Vendor ID: RFC 3947

2012-01-14 09:24:02: [rv220w][IKE] INFO: Received Vendor ID: DPD

2012-01-14 09:24:02: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:24:02: [rv220w][IKE] INFO: For 197.143.198.1[500], Selected NAT-T version: RFC 3947

2012-01-14 09:24:03: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:24:03: [rv220w][IKE] INFO: NAT-D payload matches for 197.127.128.1[500]

2012-01-14 09:24:03: [rv220w][IKE] INFO: NAT-D payload matches for 197.143.198.1[500]

2012-01-14 09:24:03: [rv220w][IKE] INFO: NAT not detected

2012-01-14 09:24:03: [rv220w][IKE] INFO: ISAKMP-SA established for 197.127.128.1[500]-197.143

.198.1[500

] with spi:3e55c80741ba280c:dd313

67ffdf353b

8

2012-01-14 09:24:03: [rv220w][IKE] INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]

2012-01-14 09:24:03: [rv220w][IKE] INFO: ISAKMP-SA expired 197.127.128.1[500]-197.143

.198.1[500

] spi:3e55c80741ba280c:dd313

67ffdf353b

8

2012-01-14 09:24:03: [rv220w][IKE] INFO: Sending Informational Exchange: delete payload[]

2012-01-14 09:24:04: [rv220w][IKE] INFO: ISAKMP-SA deleted for 197.127.128.1[500]-197.143

.198.1[500

] with spi:3e55c80741ba280c:dd313

67ffdf353b

8

2012-01-14 09:24:27: [rv220w][IKE] INFO: remote configuration for identifier "router1.vpn.com" found

2012-01-14 09:24:27: [rv220w][IKE] INFO: Received request for new phase 1 negotiation: 197.127.128.1[500]<=>197.1

43.198.1[5

00]

2012-01-14 09:24:27: [rv220w][IKE] INFO: Beginning Identity Protection mode.

2012-01-14 09:24:27: [rv220w][IKE] INFO: Received Vendor ID: RFC XXXX

2012-01-14 09:24:27: [rv220w][IKE] INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike

-02


2012-01-14 09:24:27: [rv220w][IKE] INFO: Received Vendor ID: RFC 3947

2012-01-14 09:24:27: [rv220w][IKE] INFO: Received Vendor ID: DPD

2012-01-14 09:24:27: [rv220w][IKE] INFO: For 197.143.198.1[500], Selected NAT-T version: RFC 3947

2012-01-14 09:24:27: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:24:27: [rv220w][IKE] INFO: NAT-D payload matches for 197.127.128.1[500]

2012-01-14 09:24:27: [rv220w][IKE] INFO: NAT-D payload matches for 197.143.198.1[500]

2012-01-14 09:24:27: [rv220w][IKE] INFO: NAT not detected

2012-01-14 09:24:27: [rv220w][IKE] INFO: ISAKMP-SA established for 197.127.128.1[500]-197.143

.198.1[500

] with spi:bf736f5e71444cab:30d24

12dc75cb60

2

2012-01-14 09:24:27: [rv220w][IKE] INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]

2012-01-14 09:24:27: [rv220w][IKE] INFO: ISAKMP-SA expired 197.127.128.1[500]-197.143

.198.1[500

] spi:bf736f5e71444cab:30d24

12dc75cb60

2

2012-01-14 09:24:27: [rv220w][IKE] INFO: Sending Informational Exchange: delete payload[]

2012-01-14 09:24:28: [rv220w][IKE] INFO: ISAKMP-SA deleted for 197.127.128.1[500]-197.143

.198.1[500

] with spi:bf736f5e71444cab:30d24

12dc75cb60

2

2012-01-14 09:24:33: [rv220w][IKE] ERROR: Phase 2 negotiation failed due to time up waiting for phase1. ESP 197.143.198.1->197.127.128

.1

2012-01-14 09:24:43: [rv220w][IKE] INFO: Using IPsec SA configuration: 10.0.0.0/24<->192.168.100.

0/24

2012-01-14 09:24:43: [rv220w][IKE] INFO: remote configuration for identifier "router1.vpn.com" found

2012-01-14 09:24:43: [rv220w][IKE] INFO: Initiating new phase 1 negotiation: 197.127.128.1[500]<=>197.1

43.198.1[5

00]

2012-01-14 09:24:43: [rv220w][IKE] INFO: Beginning Identity Protection mode.

2012-01-14 09:24:43: [rv220w][IKE] INFO: [ident_i1send:180]: XXX: NUMNATTVENDORIDS: 3

2012-01-14 09:24:43: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 4

2012-01-14 09:24:43: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 8

2012-01-14 09:24:43: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 9

2012-01-14 09:24:43: [rv220w][IKE] INFO: Received Vendor ID: RFC 3947

2012-01-14 09:24:43: [rv220w][IKE] INFO: Received Vendor ID: DPD

2012-01-14 09:24:43: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:24:43: [rv220w][IKE] INFO: For 197.143.198.1[500], Selected NAT-T version: RFC 3947

2012-01-14 09:24:43: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:24:43: [rv220w][IKE] INFO: NAT-D payload matches for 197.127.128.1[500]

2012-01-14 09:24:43: [rv220w][IKE] INFO: NAT-D payload matches for 197.143.198.1[500]

2012-01-14 09:24:43: [rv220w][IKE] INFO: NAT not detected

2012-01-14 09:24:44: [rv220w][IKE] INFO: ISAKMP-SA established for 197.127.128.1[500]-197.143

.198.1[500

] with spi:01055a0e8b3c2d3c:ecbef

bd9ed57340

3

2012-01-14 09:24:44: [rv220w][IKE] INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]

2012-01-14 09:24:44: [rv220w][IKE] INFO: ISAKMP-SA expired 197.127.128.1[500]-197.143

.198.1[500

] spi:01055a0e8b3c2d3c:ecbef

bd9ed57340

3

2012-01-14 09:24:44: [rv220w][IKE] INFO: Sending Informational Exchange: delete payload[]

2012-01-14 09:24:45: [rv220w][IKE] INFO: ISAKMP-SA deleted for 197.127.128.1[500]-197.143

.198.1[500

] with spi:01055a0e8b3c2d3c:ecbef

bd9ed57340

3

2012-01-14 09:25:14: [rv220w][IKE] ERROR: Phase 2 negotiation failed due to time up waiting for phase1. ESP 197.143.198.1->197.127.128

.1

2012-01-14 09:26:02: [rv220w][IKE] INFO: Using IPsec SA configuration: 10.0.0.0/24<->192.168.100.

0/24

2012-01-14 09:26:02: [rv220w][IKE] INFO: remote configuration for identifier "router1.vpn.com" found

2012-01-14 09:26:02: [rv220w][IKE] INFO: Initiating new phase 1 negotiation: 197.127.128.1[500]<=>197.1

43.198.1[5

00]

2012-01-14 09:26:02: [rv220w][IKE] INFO: Beginning Identity Protection mode.

2012-01-14 09:26:02: [rv220w][IKE] INFO: [ident_i1send:180]: XXX: NUMNATTVENDORIDS: 3

2012-01-14 09:26:02: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 4

2012-01-14 09:26:02: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 8

2012-01-14 09:26:02: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 9

2012-01-14 09:26:02: [rv220w][IKE] INFO: Received Vendor ID: RFC 3947

2012-01-14 09:26:02: [rv220w][IKE] INFO: Received Vendor ID: DPD

2012-01-14 09:26:02: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:26:02: [rv220w][IKE] INFO: For 197.143.198.1[500], Selected NAT-T version: RFC 3947

2012-01-14 09:26:03: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:26:03: [rv220w][IKE] INFO: NAT-D payload matches for 197.127.128.1[500]

2012-01-14 09:26:03: [rv220w][IKE] INFO: NAT-D payload matches for 197.143.198.1[500]

2012-01-14 09:26:03: [rv220w][IKE] INFO: NAT not detected

2012-01-14 09:26:03: [rv220w][IKE] INFO: ISAKMP-SA established for 197.127.128.1[500]-197.143

.198.1[500

] with spi:bee67d28e1abcb44:8154b

5e19a4d737

f

2012-01-14 09:26:03: [rv220w][IKE] INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]

2012-01-14 09:26:03: [rv220w][IKE] INFO: ISAKMP-SA expired 197.127.128.1[500]-197.143

.198.1[500

] spi:bee67d28e1abcb44:8154b

5e19a4d737

f

2012-01-14 09:26:03: [rv220w][IKE] INFO: Sending Informational Exchange: delete payload[]

2012-01-14 09:26:04: [rv220w][IKE] INFO: ISAKMP-SA deleted for 197.127.128.1[500]-197.143

.198.1[500

] with spi:bee67d28e1abcb44:8154b

5e19a4d737

f

2012-01-14 09:26:22: [rv220w][IKE] INFO: remote configuration for identifier "router1.vpn.com" found

2012-01-14 09:26:22: [rv220w][IKE] INFO: Received request for new phase 1 negotiation: 197.127.128.1[500]<=>197.1

43.198.1[5

00]

2012-01-14 09:26:22: [rv220w][IKE] INFO: Beginning Identity Protection mode.

2012-01-14 09:26:22: [rv220w][IKE] INFO: Received Vendor ID: RFC XXXX

2012-01-14 09:26:22: [rv220w][IKE] INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike

-02


2012-01-14 09:26:22: [rv220w][IKE] INFO: Received Vendor ID: RFC 3947

2012-01-14 09:26:22: [rv220w][IKE] INFO: Received Vendor ID: DPD

2012-01-14 09:26:22: [rv220w][IKE] INFO: For 197.143.198.1[500], Selected NAT-T version: RFC 3947

2012-01-14 09:26:22: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:26:22: [rv220w][IKE] INFO: NAT-D payload matches for 197.127.128.1[500]

2012-01-14 09:26:22: [rv220w][IKE] INFO: NAT-D payload matches for 197.143.198.1[500]

2012-01-14 09:26:22: [rv220w][IKE] INFO: NAT not detected

2012-01-14 09:26:22: [rv220w][IKE] INFO: ISAKMP-SA established for 197.127.128.1[500]-197.143

.198.1[500

] with spi:8608af37edbabe3c:7c9a4

0fe6f8c5a1

d

2012-01-14 09:26:22: [rv220w][IKE] INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]

2012-01-14 09:26:22: [rv220w][IKE] INFO: ISAKMP-SA expired 197.127.128.1[500]-197.143

.198.1[500

] spi:8608af37edbabe3c:7c9a4

0fe6f8c5a1

d

2012-01-14 09:26:22: [rv220w][IKE] INFO: Sending Informational Exchange: delete payload[]

2012-01-14 09:26:23: [rv220w][IKE] INFO: ISAKMP-SA deleted for 197.127.128.1[500]-197.143

.198.1[500

] with spi:8608af37edbabe3c:7c9a4

0fe6f8c5a1

d

2012-01-14 09:26:33: [rv220w][IKE] ERROR: Phase 2 negotiation failed due to time up waiting for phase1. ESP 197.143.198.1->197.127.128

.1

2012-01-14 09:28:13: [rv220w][IKE] INFO: Using IPsec SA configuration: 10.0.0.0/24<->192.168.100.

0/24

2012-01-14 09:28:13: [rv220w][IKE] INFO: remote configuration for identifier "router1.vpn.com" found

2012-01-14 09:28:13: [rv220w][IKE] INFO: Initiating new phase 1 negotiation: 197.127.128.1[500]<=>197.1

43.198.1[5

00]

2012-01-14 09:28:13: [rv220w][IKE] INFO: Beginning Identity Protection mode.

2012-01-14 09:28:13: [rv220w][IKE] INFO: [ident_i1send:180]: XXX: NUMNATTVENDORIDS: 3

2012-01-14 09:28:13: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 4

2012-01-14 09:28:13: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 8

2012-01-14 09:28:13: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 9

2012-01-14 09:28:14: [rv220w][IKE] INFO: Received Vendor ID: RFC 3947

2012-01-14 09:28:14: [rv220w][IKE] INFO: Received Vendor ID: DPD

2012-01-14 09:28:14: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:28:14: [rv220w][IKE] INFO: For 197.143.198.1[500], Selected NAT-T version: RFC 3947

2012-01-14 09:28:14: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:28:14: [rv220w][IKE] INFO: NAT-D payload matches for 197.127.128.1[500]

2012-01-14 09:28:14: [rv220w][IKE] INFO: NAT-D payload matches for 197.143.198.1[500]

2012-01-14 09:28:14: [rv220w][IKE] INFO: NAT not detected

2012-01-14 09:28:14: [rv220w][IKE] INFO: ISAKMP-SA established for 197.127.128.1[500]-197.143

.198.1[500

] with spi:6e3e37112f726505:d538c

7b380d1bb7

b

2012-01-14 09:28:14: [rv220w][IKE] INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]

2012-01-14 09:28:14: [rv220w][IKE] INFO: ISAKMP-SA expired 197.127.128.1[500]-197.143

.198.1[500

] spi:6e3e37112f726505:d538c

7b380d1bb7

b

2012-01-14 09:28:14: [rv220w][IKE] INFO: Sending Informational Exchange: delete payload[]

2012-01-14 09:28:15: [rv220w][IKE] INFO: ISAKMP-SA deleted for 197.127.128.1[500]-197.143

.198.1[500

] with spi:6e3e37112f726505:d538c

7b380d1bb7

b

2012-01-14 09:28:44: [rv220w][IKE] ERROR: Phase 2 negotiation failed due to time up waiting for phase1. ESP 197.143.198.1->197.127.128

.1

2012-01-14 09:29:01: [rv220w][IKE] INFO: Using IPsec SA configuration: 10.0.0.0/24<->192.168.100.

0/24

2012-01-14 09:29:01: [rv220w][IKE] INFO: remote configuration for identifier "router1.vpn.com" found

2012-01-14 09:29:01: [rv220w][IKE] INFO: Initiating new phase 1 negotiation: 197.127.128.1[500]<=>197.1

43.198.1[5

00]

2012-01-14 09:29:01: [rv220w][IKE] INFO: Beginning Identity Protection mode.

2012-01-14 09:29:01: [rv220w][IKE] INFO: [ident_i1send:180]: XXX: NUMNATTVENDORIDS: 3

2012-01-14 09:29:01: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 4

2012-01-14 09:29:01: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 8

2012-01-14 09:29:01: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 9

2012-01-14 09:29:01: [rv220w][IKE] INFO: Received Vendor ID: RFC 3947

2012-01-14 09:29:01: [rv220w][IKE] INFO: Received Vendor ID: DPD

2012-01-14 09:29:01: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:29:01: [rv220w][IKE] INFO: For 197.143.198.1[500], Selected NAT-T version: RFC 3947

2012-01-14 09:29:02: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:29:02: [rv220w][IKE] INFO: NAT-D payload matches for 197.127.128.1[500]

2012-01-14 09:29:02: [rv220w][IKE] INFO: NAT-D payload matches for 197.143.198.1[500]

2012-01-14 09:29:02: [rv220w][IKE] INFO: NAT not detected

2012-01-14 09:29:02: [rv220w][IKE] INFO: ISAKMP-SA established for 197.127.128.1[500]-197.143

.198.1[500

] with spi:ed4a08158ec9e2d6:728b8

2b6fd1f4ac

8

2012-01-14 09:29:02: [rv220w][IKE] INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]

2012-01-14 09:29:02: [rv220w][IKE] INFO: ISAKMP-SA expired 197.127.128.1[500]-197.143

.198.1[500

] spi:ed4a08158ec9e2d6:728b8

2b6fd1f4ac

8

2012-01-14 09:29:02: [rv220w][IKE] INFO: Sending Informational Exchange: delete payload[]

2012-01-14 09:29:03: [rv220w][IKE] INFO: ISAKMP-SA deleted for 197.127.128.1[500]-197.143

.198.1[500

] with spi:ed4a08158ec9e2d6:728b8

2b6fd1f4ac

8

2012-01-14 09:29:32: [rv220w][IKE] ERROR: Phase 2 negotiation failed due to time up waiting for phase1. ESP 197.143.198.1->197.127.128

.1

2012-01-14 09:29:53: [rv220w][IKE] INFO: Using IPsec SA configuration: 10.0.0.0/24<->192.168.100.

0/24

2012-01-14 09:29:53: [rv220w][IKE] INFO: remote configuration for identifier "router1.vpn.com" found

2012-01-14 09:29:53: [rv220w][IKE] INFO: Initiating new phase 1 negotiation: 197.127.128.1[500]<=>197.1

43.198.1[5

00]

2012-01-14 09:29:53: [rv220w][IKE] INFO: Beginning Identity Protection mode.

2012-01-14 09:29:53: [rv220w][IKE] INFO: [ident_i1send:180]: XXX: NUMNATTVENDORIDS: 3

2012-01-14 09:29:53: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 4

2012-01-14 09:29:53: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 8

2012-01-14 09:29:53: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 9

2012-01-14 09:29:53: [rv220w][IKE] INFO: Received Vendor ID: RFC 3947

2012-01-14 09:29:53: [rv220w][IKE] INFO: Received Vendor ID: DPD

2012-01-14 09:29:53: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:29:53: [rv220w][IKE] INFO: For 197.143.198.1[500], Selected NAT-T version: RFC 3947

2012-01-14 09:29:53: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:29:53: [rv220w][IKE] INFO: NAT-D payload matches for 197.127.128.1[500]

2012-01-14 09:29:53: [rv220w][IKE] INFO: NAT-D payload matches for 197.143.198.1[500]

2012-01-14 09:29:53: [rv220w][IKE] INFO: NAT not detected

2012-01-14 09:29:53: [rv220w][IKE] INFO: ISAKMP-SA established for 197.127.128.1[500]-197.143

.198.1[500

] with spi:d18758312c138e74:463cf

cd4bc16eb8

9

2012-01-14 09:29:53: [rv220w][IKE] INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]

2012-01-14 09:29:53: [rv220w][IKE] INFO: ISAKMP-SA expired 197.127.128.1[500]-197.143

.198.1[500

] spi:d18758312c138e74:463cf

cd4bc16eb8

9

2012-01-14 09:29:53: [rv220w][IKE] INFO: Sending Informational Exchange: delete payload[]

2012-01-14 09:29:54: [rv220w][IKE] INFO: ISAKMP-SA deleted for 197.127.128.1[500]-197.143

.198.1[500

] with spi:d18758312c138e74:463cf

cd4bc16eb8

9

2012-01-14 09:30:24: [rv220w][IKE] ERROR: Phase 2 negotiation failed due to time up waiting for phase1. ESP 197.143.198.1->197.127.128

.1

2012-01-14 09:31:00: [rv220w][IKE] INFO: Using IPsec SA configuration: 10.0.0.0/24<->192.168.100.

0/24

2012-01-14 09:31:00: [rv220w][IKE] INFO: remote configuration for identifier "router1.vpn.com" found

2012-01-14 09:31:00: [rv220w][IKE] INFO: Initiating new phase 1 negotiation: 197.127.128.1[500]<=>197.1

43.198.1[5

00]

2012-01-14 09:31:00: [rv220w][IKE] INFO: Beginning Identity Protection mode.

2012-01-14 09:31:00: [rv220w][IKE] INFO: [ident_i1send:180]: XXX: NUMNATTVENDORIDS: 3

2012-01-14 09:31:00: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 4

2012-01-14 09:31:00: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 8

2012-01-14 09:31:00: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 9

2012-01-14 09:31:00: [rv220w][IKE] INFO: Received Vendor ID: RFC 3947

2012-01-14 09:31:00: [rv220w][IKE] INFO: Received Vendor ID: DPD

2012-01-14 09:31:00: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:31:00: [rv220w][IKE] INFO: For 197.143.198.1[500], Selected NAT-T version: RFC 3947

2012-01-14 09:31:00: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:31:00: [rv220w][IKE] INFO: NAT-D payload matches for 197.127.128.1[500]

2012-01-14 09:31:00: [rv220w][IKE] INFO: NAT-D payload matches for 197.143.198.1[500]

2012-01-14 09:31:00: [rv220w][IKE] INFO: NAT not detected

2012-01-14 09:31:01: [rv220w][IKE] INFO: ISAKMP-SA established for 197.127.128.1[500]-197.143

.198.1[500

] with spi:037f625ec85cd352:36ffa

9dd66151db

5

2012-01-14 09:31:01: [rv220w][IKE] INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]

2012-01-14 09:31:01: [rv220w][IKE] INFO: ISAKMP-SA expired 197.127.128.1[500]-197.143

.198.1[500

] spi:037f625ec85cd352:36ffa

9dd66151db

5

2012-01-14 09:31:01: [rv220w][IKE] INFO: Sending Informational Exchange: delete payload[]

2012-01-14 09:31:02: [rv220w][IKE] INFO: ISAKMP-SA deleted for 197.127.128.1[500]-197.143

.198.1[500

] with spi:037f625ec85cd352:36ffa

9dd66151db

5

2012-01-14 09:31:31: [rv220w][IKE] ERROR: Phase 2 negotiation failed due to time up waiting for phase1. ESP 197.143.198.1->197.127.128

.1

2012-01-14 09:31:51: [rv220w][IKE] INFO: remote configuration for identifier "router1.vpn.com" found

2012-01-14 09:31:51: [rv220w][IKE] INFO: Received request for new phase 1 negotiation: 197.127.128.1[500]<=>197.1

43.198.1[5

00]

2012-01-14 09:31:51: [rv220w][IKE] INFO: Beginning Identity Protection mode.

2012-01-14 09:31:51: [rv220w][IKE] INFO: Received Vendor ID: RFC XXXX

2012-01-14 09:31:51: [rv220w][IKE] INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike

-02


I

caveatsolicitors Sat, 01/14/2012 - 15:42
User Badges:

Router 2 Log



2012-01-14 09:23:04: [rv220w][IKE] INFO: ISAKMP-SA deleted for 197.143.198.1[500]-197.127

.128.1[500

] with spi:9dd3d5f20fabee3d:2bc2b

c5c6660437

f

2012-01-14 09:23:12: [rv220w][IKE] INFO: Using IPsec SA configuration: 192.168.100.0/24<->10.0.0.

0/24

2012-01-14 09:23:12: [rv220w][IKE] INFO: remote configuration for identifier "router2.vpn.com" found

2012-01-14 09:23:12: [rv220w][IKE] INFO: Initiating new phase 1 negotiation: 197.143.198.1[500]<=>197.1

27.128.1[5

00]

2012-01-14 09:23:12: [rv220w][IKE] INFO: Beginning Identity Protection mode.

2012-01-14 09:23:12: [rv220w][IKE] INFO: [ident_i1send:180]: XXX: NUMNATTVENDORIDS: 3

2012-01-14 09:23:12: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 4

2012-01-14 09:23:12: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 8

2012-01-14 09:23:12: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 9

2012-01-14 09:23:13: [rv220w][IKE] INFO: Received Vendor ID: RFC 3947

2012-01-14 09:23:13: [rv220w][IKE] INFO: Received Vendor ID: DPD

2012-01-14 09:23:13: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:23:13: [rv220w][IKE] INFO: For 197.127.128.1[500], Selected NAT-T version: RFC 3947

2012-01-14 09:23:13: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:23:13: [rv220w][IKE] INFO: NAT-D payload matches for 197.143.198.1[500]

2012-01-14 09:23:13: [rv220w][IKE] INFO: NAT-D payload matches for 197.127.128.1[500]

2012-01-14 09:23:13: [rv220w][IKE] INFO: NAT not detected

2012-01-14 09:23:13: [rv220w][IKE] INFO: ISAKMP-SA established for 197.143.198.1[500]-197.127

.128.1[500

] with spi:43e947c9f4344673:8059b

360776508e

9

2012-01-14 09:23:13: [rv220w][IKE] INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]

2012-01-14 09:23:13: [rv220w][IKE] INFO: ISAKMP-SA expired 197.143.198.1[500]-197.127

.128.1[500

] spi:43e947c9f4344673:8059b

360776508e

9

2012-01-14 09:23:13: [rv220w][IKE] INFO: Sending Informational Exchange: delete payload[]

2012-01-14 09:23:14: [rv220w][IKE] INFO: ISAKMP-SA deleted for 197.143.198.1[500]-197.127

.128.1[500

] with spi:43e947c9f4344673:8059b

360776508e

9

2012-01-14 09:23:43: [rv220w][IKE] ERROR: Phase 2 negotiation failed due to time up waiting for phase1. ESP 197.127.128.1->197.143.198

.1

2012-01-14 09:24:02: [rv220w][IKE] INFO: remote configuration for identifier "router2.vpn.com" found

2012-01-14 09:24:02: [rv220w][IKE] INFO: Received request for new phase 1 negotiation: 197.143.198.1[500]<=>197.1

27.128.1[5

00]

2012-01-14 09:24:02: [rv220w][IKE] INFO: Beginning Identity Protection mode.

2012-01-14 09:24:02: [rv220w][IKE] INFO: Received Vendor ID: RFC XXXX

2012-01-14 09:24:02: [rv220w][IKE] INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike

-02


2012-01-14 09:24:02: [rv220w][IKE] INFO: Received Vendor ID: RFC 3947

2012-01-14 09:24:02: [rv220w][IKE] INFO: Received Vendor ID: DPD

2012-01-14 09:24:02: [rv220w][IKE] INFO: For 197.127.128.1[500], Selected NAT-T version: RFC 3947

2012-01-14 09:24:02: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:24:02: [rv220w][IKE] INFO: NAT-D payload matches for 197.143.198.1[500]

2012-01-14 09:24:02: [rv220w][IKE] INFO: NAT-D payload matches for 197.127.128.1[500]

2012-01-14 09:24:02: [rv220w][IKE] INFO: NAT not detected

2012-01-14 09:24:03: [rv220w][IKE] INFO: ISAKMP-SA established for 197.143.198.1[500]-197.127

.128.1[500

] with spi:3e55c80741ba280c:dd313

67ffdf353b

8

2012-01-14 09:24:03: [rv220w][IKE] INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]

2012-01-14 09:24:03: [rv220w][IKE] INFO: ISAKMP-SA expired 197.143.198.1[500]-197.127

.128.1[500

] spi:3e55c80741ba280c:dd313

67ffdf353b

8

2012-01-14 09:24:03: [rv220w][IKE] INFO: Sending Informational Exchange: delete payload[]

2012-01-14 09:24:04: [rv220w][IKE] INFO: ISAKMP-SA deleted for 197.143.198.1[500]-197.127

.128.1[500

] with spi:3e55c80741ba280c:dd313

67ffdf353b

8

2012-01-14 09:24:27: [rv220w][IKE] INFO: Using IPsec SA configuration: 192.168.100.0/24<->10.0.0.

0/24

2012-01-14 09:24:27: [rv220w][IKE] INFO: remote configuration for identifier "router2.vpn.com" found

2012-01-14 09:24:27: [rv220w][IKE] INFO: Initiating new phase 1 negotiation: 197.143.198.1[500]<=>197.1

27.128.1[5

00]

2012-01-14 09:24:27: [rv220w][IKE] INFO: Beginning Identity Protection mode.

2012-01-14 09:24:27: [rv220w][IKE] INFO: [ident_i1send:180]: XXX: NUMNATTVENDORIDS: 3

2012-01-14 09:24:27: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 4

2012-01-14 09:24:27: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 8

2012-01-14 09:24:27: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 9

2012-01-14 09:24:27: [rv220w][IKE] INFO: Received Vendor ID: RFC 3947

2012-01-14 09:24:27: [rv220w][IKE] INFO: Received Vendor ID: DPD

2012-01-14 09:24:27: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:24:27: [rv220w][IKE] INFO: For 197.127.128.1[500], Selected NAT-T version: RFC 3947

2012-01-14 09:24:27: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:24:27: [rv220w][IKE] INFO: NAT-D payload matches for 197.143.198.1[500]

2012-01-14 09:24:27: [rv220w][IKE] INFO: NAT-D payload matches for 197.127.128.1[500]

2012-01-14 09:24:27: [rv220w][IKE] INFO: NAT not detected

2012-01-14 09:24:27: [rv220w][IKE] INFO: ISAKMP-SA established for 197.143.198.1[500]-197.127

.128.1[500

] with spi:bf736f5e71444cab:30d24

12dc75cb60

2

2012-01-14 09:24:27: [rv220w][IKE] INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]

2012-01-14 09:24:27: [rv220w][IKE] INFO: ISAKMP-SA expired 197.143.198.1[500]-197.127

.128.1[500

] spi:bf736f5e71444cab:30d24

12dc75cb60

2

2012-01-14 09:24:27: [rv220w][IKE] INFO: Sending Informational Exchange: delete payload[]

2012-01-14 09:24:28: [rv220w][IKE] INFO: ISAKMP-SA deleted for 197.143.198.1[500]-197.127

.128.1[500

] with spi:bf736f5e71444cab:30d24

12dc75cb60

2

2012-01-14 09:24:43: [rv220w][IKE] INFO: remote configuration for identifier "router2.vpn.com" found

2012-01-14 09:24:43: [rv220w][IKE] INFO: Received request for new phase 1 negotiation: 197.143.198.1[500]<=>197.1

27.128.1[5

00]

2012-01-14 09:24:43: [rv220w][IKE] INFO: Beginning Identity Protection mode.

2012-01-14 09:24:43: [rv220w][IKE] INFO: Received Vendor ID: RFC XXXX

2012-01-14 09:24:43: [rv220w][IKE] INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike

-02


2012-01-14 09:24:43: [rv220w][IKE] INFO: Received Vendor ID: RFC 3947

2012-01-14 09:24:43: [rv220w][IKE] INFO: Received Vendor ID: DPD

2012-01-14 09:24:43: [rv220w][IKE] INFO: For 197.127.128.1[500], Selected NAT-T version: RFC 3947

2012-01-14 09:24:43: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:24:43: [rv220w][IKE] INFO: NAT-D payload matches for 197.143.198.1[500]

2012-01-14 09:24:43: [rv220w][IKE] INFO: NAT-D payload matches for 197.127.128.1[500]

2012-01-14 09:24:43: [rv220w][IKE] INFO: NAT not detected

2012-01-14 09:24:44: [rv220w][IKE] INFO: ISAKMP-SA established for 197.143.198.1[500]-197.127

.128.1[500

] with spi:01055a0e8b3c2d3c:ecbef

bd9ed57340

3

2012-01-14 09:24:44: [rv220w][IKE] INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]

2012-01-14 09:24:44: [rv220w][IKE] INFO: ISAKMP-SA expired 197.143.198.1[500]-197.127

.128.1[500

] spi:01055a0e8b3c2d3c:ecbef

bd9ed57340

3

2012-01-14 09:24:44: [rv220w][IKE] INFO: Sending Informational Exchange: delete payload[]

2012-01-14 09:24:45: [rv220w][IKE] INFO: ISAKMP-SA deleted for 197.143.198.1[500]-197.127

.128.1[500

] with spi:01055a0e8b3c2d3c:ecbef

bd9ed57340

3

2012-01-14 09:24:58: [rv220w][IKE] ERROR: Phase 2 negotiation failed due to time up waiting for phase1. ESP 197.127.128.1->197.143.198

.1

2012-01-14 09:26:02: [rv220w][IKE] INFO: remote configuration for identifier "router2.vpn.com" found

2012-01-14 09:26:02: [rv220w][IKE] INFO: Received request for new phase 1 negotiation: 197.143.198.1[500]<=>197.1

27.128.1[5

00]

2012-01-14 09:26:02: [rv220w][IKE] INFO: Beginning Identity Protection mode.

2012-01-14 09:26:02: [rv220w][IKE] INFO: Received Vendor ID: RFC XXXX

2012-01-14 09:26:02: [rv220w][IKE] INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike

-02


2012-01-14 09:26:02: [rv220w][IKE] INFO: Received Vendor ID: RFC 3947

2012-01-14 09:26:02: [rv220w][IKE] INFO: Received Vendor ID: DPD

2012-01-14 09:26:02: [rv220w][IKE] INFO: For 197.127.128.1[500], Selected NAT-T version: RFC 3947

2012-01-14 09:26:02: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:26:02: [rv220w][IKE] INFO: NAT-D payload matches for 197.143.198.1[500]

2012-01-14 09:26:02: [rv220w][IKE] INFO: NAT-D payload matches for 197.127.128.1[500]

2012-01-14 09:26:02: [rv220w][IKE] INFO: NAT not detected

2012-01-14 09:26:03: [rv220w][IKE] INFO: ISAKMP-SA established for 197.143.198.1[500]-197.127

.128.1[500

] with spi:bee67d28e1abcb44:8154b

5e19a4d737

f

2012-01-14 09:26:03: [rv220w][IKE] INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]

2012-01-14 09:26:03: [rv220w][IKE] INFO: ISAKMP-SA expired 197.143.198.1[500]-197.127

.128.1[500

] spi:bee67d28e1abcb44:8154b

5e19a4d737

f

2012-01-14 09:26:03: [rv220w][IKE] INFO: Sending Informational Exchange: delete payload[]

2012-01-14 09:26:04: [rv220w][IKE] INFO: ISAKMP-SA deleted for 197.143.198.1[500]-197.127

.128.1[500

] with spi:bee67d28e1abcb44:8154b

5e19a4d737

f

2012-01-14 09:26:22: [rv220w][IKE] INFO: Using IPsec SA configuration: 192.168.100.0/24<->10.0.0.

0/24

2012-01-14 09:26:22: [rv220w][IKE] INFO: remote configuration for identifier "router2.vpn.com" found

2012-01-14 09:26:22: [rv220w][IKE] INFO: Initiating new phase 1 negotiation: 197.143.198.1[500]<=>197.1

27.128.1[5

00]

2012-01-14 09:26:22: [rv220w][IKE] INFO: Beginning Identity Protection mode.

2012-01-14 09:26:22: [rv220w][IKE] INFO: [ident_i1send:180]: XXX: NUMNATTVENDORIDS: 3

2012-01-14 09:26:22: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 4

2012-01-14 09:26:22: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 8

2012-01-14 09:26:22: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 9

2012-01-14 09:26:22: [rv220w][IKE] INFO: Received Vendor ID: RFC 3947

2012-01-14 09:26:22: [rv220w][IKE] INFO: Received Vendor ID: DPD

2012-01-14 09:26:22: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:26:22: [rv220w][IKE] INFO: For 197.127.128.1[500], Selected NAT-T version: RFC 3947

2012-01-14 09:26:22: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:26:22: [rv220w][IKE] INFO: NAT-D payload matches for 197.143.198.1[500]

2012-01-14 09:26:22: [rv220w][IKE] INFO: NAT-D payload matches for 197.127.128.1[500]

2012-01-14 09:26:22: [rv220w][IKE] INFO: NAT not detected

2012-01-14 09:26:22: [rv220w][IKE] INFO: ISAKMP-SA established for 197.143.198.1[500]-197.127

.128.1[500

] with spi:8608af37edbabe3c:7c9a4

0fe6f8c5a1

d

2012-01-14 09:26:22: [rv220w][IKE] INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]

2012-01-14 09:26:22: [rv220w][IKE] INFO: ISAKMP-SA expired 197.143.198.1[500]-197.127

.128.1[500

] spi:8608af37edbabe3c:7c9a4

0fe6f8c5a1

d

2012-01-14 09:26:22: [rv220w][IKE] INFO: Sending Informational Exchange: delete payload[]

2012-01-14 09:26:23: [rv220w][IKE] INFO: ISAKMP-SA deleted for 197.143.198.1[500]-197.127

.128.1[500

] with spi:8608af37edbabe3c:7c9a4

0fe6f8c5a1

d

2012-01-14 09:26:53: [rv220w][IKE] ERROR: Phase 2 negotiation failed due to time up waiting for phase1. ESP 197.127.128.1->197.143.198

.1

2012-01-14 09:28:14: [rv220w][IKE] INFO: remote configuration for identifier "router2.vpn.com" found

2012-01-14 09:28:14: [rv220w][IKE] INFO: Received request for new phase 1 negotiation: 197.143.198.1[500]<=>197.1

27.128.1[5

00]

2012-01-14 09:28:14: [rv220w][IKE] INFO: Beginning Identity Protection mode.

2012-01-14 09:28:14: [rv220w][IKE] INFO: Received Vendor ID: RFC XXXX

2012-01-14 09:28:14: [rv220w][IKE] INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike

-02


2012-01-14 09:28:14: [rv220w][IKE] INFO: Received Vendor ID: RFC 3947

2012-01-14 09:28:14: [rv220w][IKE] INFO: Received Vendor ID: DPD

2012-01-14 09:28:14: [rv220w][IKE] INFO: For 197.127.128.1[500], Selected NAT-T version: RFC 3947

2012-01-14 09:28:14: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:28:14: [rv220w][IKE] INFO: NAT-D payload matches for 197.143.198.1[500]

2012-01-14 09:28:14: [rv220w][IKE] INFO: NAT-D payload matches for 197.127.128.1[500]

2012-01-14 09:28:14: [rv220w][IKE] INFO: NAT not detected

2012-01-14 09:28:14: [rv220w][IKE] INFO: ISAKMP-SA established for 197.143.198.1[500]-197.127

.128.1[500

] with spi:6e3e37112f726505:d538c

7b380d1bb7

b

2012-01-14 09:28:14: [rv220w][IKE] INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]

2012-01-14 09:28:14: [rv220w][IKE] INFO: ISAKMP-SA expired 197.143.198.1[500]-197.127

.128.1[500

] spi:6e3e37112f726505:d538c

7b380d1bb7

b

2012-01-14 09:28:14: [rv220w][IKE] INFO: Sending Informational Exchange: delete payload[]

2012-01-14 09:28:15: [rv220w][IKE] INFO: ISAKMP-SA deleted for 197.143.198.1[500]-197.127

.128.1[500

] with spi:6e3e37112f726505:d538c

7b380d1bb7

b

2012-01-14 09:29:01: [rv220w][IKE] INFO: remote configuration for identifier "router2.vpn.com" found

2012-01-14 09:29:01: [rv220w][IKE] INFO: Received request for new phase 1 negotiation: 197.143.198.1[500]<=>197.1

27.128.1[5

00]

2012-01-14 09:29:01: [rv220w][IKE] INFO: Beginning Identity Protection mode.

2012-01-14 09:29:01: [rv220w][IKE] INFO: Received Vendor ID: RFC XXXX

2012-01-14 09:29:01: [rv220w][IKE] INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike

-02


2012-01-14 09:29:01: [rv220w][IKE] INFO: Received Vendor ID: RFC 3947

2012-01-14 09:29:01: [rv220w][IKE] INFO: Received Vendor ID: DPD

2012-01-14 09:29:01: [rv220w][IKE] INFO: For 197.127.128.1[500], Selected NAT-T version: RFC 3947

2012-01-14 09:29:01: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:29:01: [rv220w][IKE] INFO: NAT-D payload matches for 197.143.198.1[500]

2012-01-14 09:29:01: [rv220w][IKE] INFO: NAT-D payload matches for 197.127.128.1[500]

2012-01-14 09:29:01: [rv220w][IKE] INFO: NAT not detected

2012-01-14 09:29:02: [rv220w][IKE] INFO: ISAKMP-SA established for 197.143.198.1[500]-197.127

.128.1[500

] with spi:ed4a08158ec9e2d6:728b8

2b6fd1f4ac

8

2012-01-14 09:29:02: [rv220w][IKE] INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]

2012-01-14 09:29:02: [rv220w][IKE] INFO: ISAKMP-SA expired 197.143.198.1[500]-197.127

.128.1[500

] spi:ed4a08158ec9e2d6:728b8

2b6fd1f4ac

8

2012-01-14 09:29:02: [rv220w][IKE] INFO: Sending Informational Exchange: delete payload[]

2012-01-14 09:29:03: [rv220w][IKE] INFO: ISAKMP-SA deleted for 197.143.198.1[500]-197.127

.128.1[500

] with spi:ed4a08158ec9e2d6:728b8

2b6fd1f4ac

8

2012-01-14 09:29:53: [rv220w][IKE] INFO: remote configuration for identifier "router2.vpn.com" found

2012-01-14 09:29:53: [rv220w][IKE] INFO: Received request for new phase 1 negotiation: 197.143.198.1[500]<=>197.1

27.128.1[5

00]

2012-01-14 09:29:53: [rv220w][IKE] INFO: Beginning Identity Protection mode.

2012-01-14 09:29:53: [rv220w][IKE] INFO: Received Vendor ID: RFC XXXX

2012-01-14 09:29:53: [rv220w][IKE] INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike

-02


2012-01-14 09:29:53: [rv220w][IKE] INFO: Received Vendor ID: RFC 3947

2012-01-14 09:29:53: [rv220w][IKE] INFO: Received Vendor ID: DPD

2012-01-14 09:29:53: [rv220w][IKE] INFO: For 197.127.128.1[500], Selected NAT-T version: RFC 3947

2012-01-14 09:29:53: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:29:53: [rv220w][IKE] INFO: NAT-D payload matches for 197.143.198.1[500]

2012-01-14 09:29:53: [rv220w][IKE] INFO: NAT-D payload matches for 197.127.128.1[500]

2012-01-14 09:29:53: [rv220w][IKE] INFO: NAT not detected

2012-01-14 09:29:53: [rv220w][IKE] INFO: ISAKMP-SA established for 197.143.198.1[500]-197.127

.128.1[500

] with spi:d18758312c138e74:463cf

cd4bc16eb8

9

2012-01-14 09:29:53: [rv220w][IKE] INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]

2012-01-14 09:29:53: [rv220w][IKE] INFO: ISAKMP-SA expired 197.143.198.1[500]-197.127

.128.1[500

] spi:d18758312c138e74:463cf

cd4bc16eb8

9

2012-01-14 09:29:53: [rv220w][IKE] INFO: Sending Informational Exchange: delete payload[]

2012-01-14 09:29:54: [rv220w][IKE] INFO: ISAKMP-SA deleted for 197.143.198.1[500]-197.127

.128.1[500

] with spi:d18758312c138e74:463cf

cd4bc16eb8

9

2012-01-14 09:31:00: [rv220w][IKE] INFO: remote configuration for identifier "router2.vpn.com" found

2012-01-14 09:31:00: [rv220w][IKE] INFO: Received request for new phase 1 negotiation: 197.143.198.1[500]<=>197.1

27.128.1[5

00]

2012-01-14 09:31:00: [rv220w][IKE] INFO: Beginning Identity Protection mode.

2012-01-14 09:31:00: [rv220w][IKE] INFO: Received Vendor ID: RFC XXXX

2012-01-14 09:31:00: [rv220w][IKE] INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike

-02


2012-01-14 09:31:00: [rv220w][IKE] INFO: Received Vendor ID: RFC 3947

2012-01-14 09:31:00: [rv220w][IKE] INFO: Received Vendor ID: DPD

2012-01-14 09:31:00: [rv220w][IKE] INFO: For 197.127.128.1[500], Selected NAT-T version: RFC 3947

2012-01-14 09:31:00: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:31:00: [rv220w][IKE] INFO: NAT-D payload matches for 197.143.198.1[500]

2012-01-14 09:31:00: [rv220w][IKE] INFO: NAT-D payload matches for 197.127.128.1[500]

2012-01-14 09:31:00: [rv220w][IKE] INFO: NAT not detected

2012-01-14 09:31:00: [rv220w][IKE] INFO: ISAKMP-SA established for 197.143.198.1[500]-197.127

.128.1[500

] with spi:037f625ec85cd352:36ffa

9dd66151db

5

2012-01-14 09:31:00: [rv220w][IKE] INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]

2012-01-14 09:31:01: [rv220w][IKE] INFO: ISAKMP-SA expired 197.143.198.1[500]-197.127

.128.1[500

] spi:037f625ec85cd352:36ffa

9dd66151db

5

2012-01-14 09:31:01: [rv220w][IKE] INFO: Sending Informational Exchange: delete payload[]

2012-01-14 09:31:02: [rv220w][IKE] INFO: ISAKMP-SA deleted for 197.143.198.1[500]-197.127

.128.1[500

] with spi:037f625ec85cd352:36ffa

9dd66151db

5

2012-01-14 09:31:51: [rv220w][IKE] INFO: Using IPsec SA configuration: 192.168.100.0/24<->10.0.0.

0/24

2012-01-14 09:31:51: [rv220w][IKE] INFO: remote configuration for identifier "router2.vpn.com" found

2012-01-14 09:31:51: [rv220w][IKE] INFO: Initiating new phase 1 negotiation: 197.143.198.1[500]<=>197.1

27.128.1[5

00]

2012-01-14 09:31:51: [rv220w][IKE] INFO: Beginning Identity Protection mode.

2012-01-14 09:31:51: [rv220w][IKE] INFO: [ident_i1send:180]: XXX: NUMNATTVENDORIDS: 3

2012-01-14 09:31:51: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 4

2012-01-14 09:31:51: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 8

2012-01-14 09:31:51: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 9

2012-01-14 09:31:51: [rv220w][IKE] INFO: Received Vendor ID: RFC 3947

2012-01-14 09:31:51: [rv220w][IKE] INFO: Received Vendor ID: DPD

2012-01-14 09:31:51: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:31:51: [rv220w][IKE] INFO: For 197.127.128.1[500], Selected NAT-T version: RFC 3947

2012-01-14 09:31:51: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:31:51: [rv220w][IKE] INFO: NAT-D payload matches for 197.143.198.1[500]

2012-01-14 09:31:51: [rv220w][IKE] INFO: NAT-D payload matches for 197.127.128.1[500]

2012-01-14 09:31:51: [rv220w][IKE] INFO: NAT not detected

2012-01-14 09:31:51: [rv220w][IKE] INFO: ISAKMP-SA established for 197.143.198.1[500]-197.127

.128.1[500

] with spi:b53bcc4e7c091dea:8c46f

c704d34634

6

2012-01-14 09:31:51: [rv220w][IKE] INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]

2012-01-14 09:31:51: [rv220w][IKE] INFO: ISAKMP-SA expired 197.143.198.1[500]-197.127

.128.1[500

] spi:b53bcc4e7c091dea:8c46f

c704d34634

6

2012-01-14 09:31:51: [rv220w][IKE] INFO: Sending Informational Exchange: delete payload[]

2012-01-14 09:31:52: [rv220w][IKE] INFO: ISAKMP-SA deleted for 197.143.198.1[500]-197.127

.128.1[500

] with spi:b53bcc4e7c091dea:8c46f

c704d34634

6

2012-01-14 09:32:01: [rv220w][IKE] INFO: remote configuration for identifier "router2.vpn.com" found

2012-01-14 09:32:01: [rv220w][IKE] INFO: Received request for new phase 1 negotiation: 197.143.198.1[500]<=>197.1

27.128.1[5

00]

2012-01-14 09:32:01: [rv220w][IKE] INFO: Beginning Identity Protection mode.

2012-01-14 09:32:01: [rv220w][IKE] INFO: Received Vendor ID: RFC XXXX

2012-01-14 09:32:01: [rv220w][IKE] INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike

-02

caveatsolicitors Sat, 01/14/2012 - 15:47
User Badges:

I have also attached the word format of both policies as copy and paste didnt paste the whole info I hope someone can help.

caveatsolicitors Sat, 01/14/2012 - 15:30
User Badges:


Router1 Ipsec Policies


IPsec Policies

Add / Edit IKE Policy Configuration

Policy Name:

Direction / Type:

InitiatorResponderBoth

Exchange Mode:

MainAggressive

Local

Identifier Type:

Local WAN IPFQDNUser-FQDNDER ASN1 DN

Identifier:

Remote

Identifier Type:

Remote WAN IPFQDNUser-FQDNDER ASN1 DN

Identifier:

IKE SA Parameters

Encryption Algorithm:

DES3DESAES-128AES-192AES-256

Authentication Algorithm:

MD5SHA-1SHA2-256SHA2-384SHA2-512

Authentication Method:

Pre-Shared KeyRSA-Signature

Pre-Shared Key:

Diffie-Hellman (DH) Group:

Group1 (768 bit)Group2 (1024 bit)Group5 (1536 bit)

SA-Lifetime:

Seconds

Dead Peer Detection:

Enable

Detection Period:

Reconnect after Failure Count:

Extended Authentication

XAUTH Type:

NoneEdge DeviceIPsec Host

Authentication Type:

User DatabaseRadius - PAPRadius - CHAP

Username:

Password:

caveatsolicitors Sat, 01/14/2012 - 15:32
User Badges:

Router1 VPN Policies


IPsec Policies

Add / Edit VPN Policy Configuration

Policy Name:

Policy Type:

Auto PolicyManual Policy

Remote Endpoint:

IP AddressFQDN

NETBIOS:

Enable

Local Traffic Selection

Local IP:

AnySingleRangeSubnet

Start Address:

End Address:

Subnet Mask:

Remote Traffic Selection

Remote IP:

AnySingleRangeSubnet

Start Address:

End Address:

Subnet Mask:

Manual Policy Parameters

SPI-Incoming:

SPI-Outgoing:

Encryption Algorithm:

3DESNoneDESAES-128AES-192AES-256AES-CCMAES-GCM

Key-In:

Key-Out:

Integrity Algorithm:

SHA-1SHA2-256SHA2-384SHA2-512MD5

Key-In:

Key-Out:

Auto Policy Parameters

SA-Lifetime:

SecondsKBytes

Encryption Algorithm:

3DESNoneDESAES-128AES-192AES-256AES-CCMAES-GCM

Integrity Algorithm:

SHA-1SHA2-256SHA2-384SHA2-512MD5

PFS Key Group:

Enable

DH-Group 1 (768 bit)DH-Group 2 (1024 bit)DH-Group 5 (1536 bit)

Select IKE Policy:

CAVEAT-VPN

caveatsolicitors Sat, 01/14/2012 - 15:35
User Badges:

Router 2 IPsec


IPsec Policies

Add / Edit IKE Policy Configuration

Policy Name:

Direction / Type:

InitiatorResponderBoth

Exchange Mode:

MainAggressive

Local

Identifier Type:

Local WAN IPFQDNUser-FQDNDER ASN1 DN

Identifier:

Remote

Identifier Type:

Remote WAN IPFQDNUser-FQDNDER ASN1 DN

Identifier:

IKE SA Parameters

Encryption Algorithm:

DES3DESAES-128AES-192AES-256

Authentication Algorithm:

MD5SHA-1SHA2-256SHA2-384SHA2-512

Authentication Method:

Pre-Shared KeyRSA-Signature

Pre-Shared Key:

Diffie-Hellman (DH) Group:

Group1 (768 bit)Group2 (1024 bit)Group5 (1536 bit)

SA-Lifetime:

Seconds

Dead Peer Detection:

Enable

Detection Period:

Reconnect after Failure Count:

Extended Authentication

XAUTH Type:

NoneEdge DeviceIPsec Host

Authentication Type:

User DatabaseRadius - PAPRadius - CHAP

Username:

Password:

caveatsolicitors Sat, 01/14/2012 - 15:37
User Badges:

Router 2 VPN


Add / Edit VPN Policy Configuration

Policy Name:

Policy Type:

Auto PolicyManual Policy

Remote Endpoint:

FQDN

NETBIOS:

Enable

Local Traffic Selection

Local IP:

AnySingleRangeSubnet

Start Address:

End Address:

Subnet Mask:

Remote Traffic Selection

Remote IP:

AnySingleRangeSubnet

Start Address:

End Address:

Subnet Mask:

Manual Policy Parameters

SPI-Incoming:

SPI-Outgoing:

Encryption Algorithm:

3DESNoneDESAES-128AES-192AES-256AES-CCMAES-GCM

Key-In:

Key-Out:

Integrity Algorithm:

SHA-1SHA2-256SHA2-384SHA2-512MD5

Key-In:

Key-Out:

Auto Policy Parameters

SA-Lifetime:

SecondsKBytes

Encryption Algorithm:

3DESNoneDESAES-128AES-192AES-256AES-CCMAES-GCM

Integrity Algorithm:

SHA-1SHA2-256SHA2-384SHA2-512MD5

PFS Key Group:

Enable

DH-Group 1 (768 bit)DH-Group 2 (1024 bit)DH-Group 5 (1536 bit)

Select IKE Policy:

CAVEAT-VPN

Actions

This Discussion