cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2182
Views
0
Helpful
3
Replies

Cisco DPC3925 vpn with Netscreen FW

Tony.Hawker
Level 1
Level 1

Hi All

I am trying to  get up an point to point VPN between  a Cisco DPC3925 and a netscreen 5GT Firewall

I have configured up everything as i think it should, i belive the phase one and phase two are both configured ok, if i change the phase one settings to something different then i will get a different error

on the cisco I am using Auto Ike, with a shared key and PFS - both phase one and phase two are set  the same at both ends cisco / netscreen

I'm pretty savy with the netscreen so I can pretty much pull out what ever data is needed, not so much with the cisco as the config options seem quite limited

When I try to connect, the VPN log on the CISCO shows the below, but on the netscreen it thinks that phase one Negotiations are complete (in logs etc)

The netscreen seems to be much more configurable than the CISCO, so i guess i need to change something on that but im not sure what

I know I haven't provdided much info on my config, but I was hoping someone may be able to give me abit more of an idea of what the cisco is expecting to receive ftom the netscreen that its not getting from the logs, I have chaged the external IP's in this log, the log goes from the bottom up as thats how the cisco dumps it

Anything obvios stand out to anyone?

1.1.1.1 is the Cisco,, 2.2.2.2 is the netscreen

Thu Sep 13 14:49:53 2012    IKE Phase 1 Negotiation FAILED 1.1.1.1==>2.2.2.2

Thu Sep 13 14:49:47 2012    phase2 negotiation failed due to time up waiting for phase1. 02.2.2.2 ==>1.1.1.1 

Thu Sep 13 14:49:43 2012    error -1 process rcvd packet 

Thu Sep 13 14:49:43 2012    Bad IKE packet received 2.2.2.2 ==>1.1.1.1

(origCookie=e3 4e 2c 81 b7 2a 40 e3 , respCookie=58 0a 56 24 e8 3d 78 f4 )

Thu Sep 13 14:49:32 2012    error -1 process rcvd packet 

Thu Sep 13 14:49:32 2012    Bad IKE packet received 2.2.2.2 ==>1.1.1.1 (origCookie=e3 4e 2c 81 b7 2a 40 e3 , respCookie=58 0a 56 24 e8 3d 78 f4 )

Thu Sep 13 14:49:26 2012    Bad IKE packet received 2.2.2.2 ==>1.1.1.1 (origCookie=16 60 41 e5 51 8e b9 43 , respCookie=39 0e 63 70 48 49 36 7b )

Thu Sep 13 14:49:26 2012    unknown Informational exchange received. 

Thu Sep 13 14:49:21 2012    error -1 process rcvd packet 

Thu Sep 13 14:49:21 2012    Bad IKE packet received 2.2.2.2 ==>1.1.1.1 (origCookie=e3 4e 2c 81 b7 2a 40 e3 , respCookie=58 0a 56 24 e8 3d 78 f4 )

Thu Sep 13 14:49:11 2012    error -1 process rcvd packet 

Thu Sep 13 14:49:11 2012    Bad IKE packet received 2.2.2.2 ==>1.1.1.1 (origCookie=e3 4e 2c 81 b7 2a 40 e3 , respCookie=58 0a 56 24 e8 3d 78 f4 )

Thu Sep 13 14:49:01 2012    error -1 process rcvd packet 

Thu Sep 13 14:49:01 2012    Bad IKE packet received 2.2.2.2 ==>1.1.1.1 (origCookie=e3 4e 2c 81 b7 2a 40 e3 , respCookie=58 0a 56 24 e8 3d 78 f4 )

Thu Sep 13 14:48:50 2012    error -1 process rcvd packet 

Thu Sep 13 14:48:50 2012    Bad IKE packet received 2.2.2.2 ==>1.1.1.1(origCookie=e3 4e 2c 81 b7 2a 40 e3 , respCookie=58 0a 56 24 e8 3d 78 f4 )

Thu Sep 13 14:48:50 2012    invalid ID payload. 

Thu Sep 13 14:48:49 2012    IKE Phase 1 Negotiation Started 1.1.1.1==>2.2.2.2

3 Replies 3

cindy toy
Level 7
Level 7

Hi Tony,

Thank you for your question. However this community is for Cisco Small Business Products and the DPC3925 is not a Cisco Small Business Product.

Your product is an internet service provider (ISP) supported product. In other words you need to contact your ISP or technology reseller that you purchased this from to help you with your question.

I did some research and found the following links on the DPC3925 that may be of help.

http://www.cisco.com/web/consumer/support/modem_DPC3925.html
http://www.cisco.com/web/consumer/support/prod_modems.html

http://www.cisco.com/web/consumer/support/modem_DPC3925.html#~drivers

Regards,
Cindy Toy
Cisco Small Business Community Manager
for Cisco Small Business Products
www.cisco.com/go/smallbizsupport
twitter: CiscoSBsupport

Regards, Cindy If my response answered your question, please mark the response as answered. Thank you!

Hi Cindy, thanks for your respopnse, perhaps i should have posted in the VPN section, i saw other questions for my router in here so thought it was approprate

are you able to move the thread or should i re-post?

Cheers

Hi Tony,

Per your request I have moved it to the VPN section.

Regards,
Cindy Toy
Cisco Small Business Community Manager
for Cisco Small Business Products
www.cisco.com/go/smallbizsupport
twitter: CiscoSBsupport

Regards, Cindy If my response answered your question, please mark the response as answered. Thank you!
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: