Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
3306
Views
0
Helpful
2
Replies
RSV4000 VPN
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-21-2011 09:15 AM
I'm trying to set up VPN with RSV4000. I'm trying to connect from Snow Leopard through it's inbuilt Cisco IPSec. So when I try to connect from a machine within the network I get something like this:
Nov 21 17:03:06 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [RFC 3947] method set to=109
Nov 21 17:03:06 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set to=110
Nov 21 17:03:06 - [VPN Log]: packet from 192.168.10.52:500: ignoring unknown Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
Nov 21 17:03:06 - [VPN Log]: packet from 192.168.10.52:500: ignoring unknown Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
Nov 21 17:03:06 - [VPN Log]: packet from 192.168.10.52:500: ignoring unknown Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
Nov 21 17:03:06 - [VPN Log]: packet from 192.168.10.52:500: ignoring unknown Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
Nov 21 17:03:06 - [VPN Log]: packet from 192.168.10.52:500: ignoring unknown Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
Nov 21 17:03:06 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110
Nov 21 17:03:06 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110
Nov 21 17:03:06 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110
Nov 21 17:03:06 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [XAUTH]
Nov 21 17:03:06 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [Cisco-Unity]
Nov 21 17:03:06 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [Dead Peer Detection]
Nov 21 17:03:06 - [VPN Log]: packet from 192.168.10.52:500: initial Main Mode message received on xx.xxx.xx.xxx:500 but no connection has been authorized
Nov 21 17:03:09 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [RFC 3947] method set to=109
Nov 21 17:03:09 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set to=110
Nov 21 17:03:09 - [VPN Log]: packet from 192.168.10.52:500: ignoring unknown Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
Nov 21 17:03:09 - [VPN Log]: packet from 192.168.10.52:500: ignoring unknown Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
Nov 21 17:03:09 - [VPN Log]: packet from 192.168.10.52:500: ignoring unknown Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
Nov 21 17:03:09 - [VPN Log]: packet from 192.168.10.52:500: ignoring unknown Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
Nov 21 17:03:09 - [VPN Log]: packet from 192.168.10.52:500: ignoring unknown Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
Nov 21 17:03:09 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110
Nov 21 17:03:09 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110
Nov 21 17:03:09 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110
Nov 21 17:03:09 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [XAUTH]
Nov 21 17:03:09 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [Cisco-Unity]
Nov 21 17:03:09 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [Dead Peer Detection]
Nov 21 17:03:09 - [VPN Log]: packet from 192.168.10.52:500: initial Main Mode message received on xx.xxx.xx.xxx:500 but no connection has been authorized
Nov 21 17:03:12 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [RFC 3947] method set to=109
Nov 21 17:03:12 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set to=110
Nov 21 17:03:12 - [VPN Log]: packet from 192.168.10.52:500: ignoring unknown Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
Nov 21 17:03:12 - [VPN Log]: packet from 192.168.10.52:500: ignoring unknown Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
Nov 21 17:03:12 - [VPN Log]: packet from 192.168.10.52:500: ignoring unknown Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
Nov 21 17:03:12 - [VPN Log]: packet from 192.168.10.52:500: ignoring unknown Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
Nov 21 17:03:12 - [VPN Log]: packet from 192.168.10.52:500: ignoring unknown Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
Nov 21 17:03:12 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110
Nov 21 17:03:12 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110
Nov 21 17:03:12 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110
Nov 21 17:03:12 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [XAUTH]
Nov 21 17:03:12 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [Cisco-Unity]
Nov 21 17:03:12 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [Dead Peer Detection]
Nov 21 17:03:12 - [VPN Log]: packet from 192.168.10.52:500: initial Main Mode message received on xx.xxx.xx.xxx:500 but no connection has been authorized
Nov 21 17:03:15 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [RFC 3947] method set to=109
Nov 21 17:03:15 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set to=110
Nov 21 17:03:15 - [VPN Log]: packet from 192.168.10.52:500: ignoring unknown Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
Nov 21 17:03:15 - [VPN Log]: packet from 192.168.10.52:500: ignoring unknown Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
Nov 21 17:03:15 - [VPN Log]: packet from 192.168.10.52:500: ignoring unknown Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
Nov 21 17:03:15 - [VPN Log]: packet from 192.168.10.52:500: ignoring unknown Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
Nov 21 17:03:15 - [VPN Log]: packet from 192.168.10.52:500: ignoring unknown Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
Nov 21 17:03:15 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110
Nov 21 17:03:15 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110
Nov 21 17:03:15 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110
Nov 21 17:03:15 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [XAUTH]
Nov 21 17:03:15 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [Cisco-Unity]
Nov 21 17:03:15 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [Dead Peer Detection]
Nov 21 17:03:15 - [VPN Log]: packet from 192.168.10.52:500: initial Main Mode message received on xx.xxx.xx.xxx:500 but no connection has been authorized
Nov 21 17:03:15 - [VPN Log]: initiate on demand from 192.168.10.16:0 to 192.168.20.255:0 proto=0 state: fos_start because: acquire
Nov 21 17:03:29 - [VPN Log]: "LG" #1: max number of retransmissions (2) reached STATE_AGGR_I1
I'm no VPN expert but one has to assume that it should be possible to test VPN from the same newtork. RVS400 is actually connected to a modem that handles all the connecting to internet stuff.
Maybe I set it up wrong, I have couple of accounts and IPSec tunnel set up with following settings:
Local Group Setup
Local Security Gateway Type: IP Only
IP address: Routers' external ip (which is static)
Local Security Group Type: Subnet
IP Address: 192.168.10.1 (router internal ip)
Subnet Mask: 255.255.255.0
Remote Group Setup
Remote Security Gateway Type: IP Only
IP Address: 192.168.20.1
Remote Security Group Type: Subnet
IP Address: 192.168.20.10 (suppose that's the IP that should be assigned remotly)
Subnet Mask: 255.255.255.0
IPSec Setup
Keying Mode: IKE with Preshared key
Phase 1:
Encryption: 3DES
Authentication: MD5
Group: 1024bit
Key Lifetime: 28800
Phase 2:
Encryption: 3DES
Authentication: SHA1
Perfect Forward Secrecy: Enable
Preshared Key: somekey
Group: 1024bit
Key Lifetime: 3600
Advanced:
NetBios Broadcast (enabled)
Should tunnel's status change from Down when pressing Coonect button under Test Tunnel?
Thanks.
Labels:
- Labels:
-
Small Business Routers
2 Replies 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-21-2011 01:17 PM
Hello Alex,
I do wish I knew more about setting up the connection using a Mac, but I did find the following information you may want to check out.
https://supportforums.cisco.com/docs/DOC-10266
I hope this helps with your VPN
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-22-2011 02:20 AM
Thanks for responding, I think I got closer to the..truth (by using IPSecuritas) but not quite there yet. Getting the following in my VPN logs, I also edited my configuration in the router..attached a screenshot this time:
Nov 22 10:10:39 - [VPN Log]: packet from 192.168.10.52:500: received Vendor ID payload [Dead Peer Detection]
Nov 22 10:10:39 - [VPN Log]: "LG"[2] 192.168.10.52 #2: responding to Main Mode from unknown peer 192.168.10.52
Nov 22 10:10:39 - [VPN Log]: "LG"[2] 192.168.10.52 #2: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Nov 22 10:10:39 - [VPN Log]: "LG"[2] 192.168.10.52 #2: STATE_MAIN_R1: sent MR1, expecting MI2
Nov 22 10:10:39 - [VPN Log]: "LG"[2] 192.168.10.52 #2: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Nov 22 10:10:39 - [VPN Log]: "LG"[2] 192.168.10.52 #2: STATE_MAIN_R2: sent MR2, expecting MI3
Nov 22 10:10:39 - [VPN Log]: "LG"[2] 192.168.10.52 #2: Main mode peer ID is ID_IPV4_ADDR: '192.168.10.52'
Nov 22 10:10:39 - [VPN Log]: "LG"[2] 192.168.10.52 #2: I did not send a certificate because I do not have one.
Nov 22 10:10:39 - [VPN Log]: "LG"[2] 192.168.10.52 #2: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Nov 22 10:10:39 - [VPN Log]: "LG"[2] 192.168.10.52 #2: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
Nov 22 10:10:39 - [VPN Log]: "LG"[2] 192.168.10.52 #2: ignoring informational payload, type IPSEC_INITIAL_CONTACT
Nov 22 10:10:39 - [VPN Log]: "LG"[2] 192.168.10.52 #2: received and ignored informational message
Nov 22 10:10:39 - [VPN Log]: "LG"[2] 192.168.10.52 #2: cannot respond to IPsec SA request because no connection is known for 192.168.1.0/24===xx.xxx.xx.xxx[S?C]...192.168.10.52[S?C]===174.155.10.10/32
Nov 22 10:10:39 - [VPN Log]: "LG"[2] 192.168.10.52 #2: sending encrypted notification INVALID_ID_INFORMATION to 192.168.10.52:500
Nov 22 10:10:44 - [VPN Log]: "LG"[2] 192.168.10.52 #2: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x5af39783 (perhaps this is a duplicated packet)
Nov 22 10:10:44 - [VPN Log]: "LG"[2] 192.168.10.52 #2: sending encrypted notification INVALID_MESSAGE_ID to 192.168.10.52:500
Nov 22 10:10:49 - [VPN Log]: "LG"[2] 192.168.10.52 #2: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x5af39783 (perhaps this is a duplicated packet)
Nov 22 10:10:49 - [VPN Log]: "LG"[2] 192.168.10.52 #2: sending encrypted notification INVALID_MESSAGE_ID to 192.168.10.52:500
Nov 22 10:11:00 - [VPN Log]: "LG"[2] 192.168.10.52 #2: cannot respond to IPsec SA request because no connection is known for 192.168.1.0/24===xx.xxx.xx.xxx[S?C]...192.168.10.52[S?C]===174.155.10.10/32
Nov 22 10:11:00 - [VPN Log]: "LG"[2] 192.168.10.52 #2: sending encrypted notification INVALID_ID_INFORMATION to 192.168.10.52:500
Nov 22 10:11:04 - [VPN Log]: "LG"[2] 192.168.10.52 #2: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xb94c86ee (perhaps this is a duplicated packet)
Nov 22 10:11:04 - [VPN Log]: "LG"[2] 192.168.10.52 #2: sending encrypted notification INVALID_MESSAGE_ID to 192.168.10.52:500
Nov 22 10:11:09 - [VPN Log]: "LG"[2] 192.168.10.52 #2: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xb94c86ee (perhaps this is a duplicated packet)
Nov 22 10:11:09 - [VPN Log]: "LG"[2] 192.168.10.52 #2: sending encrypted notification INVALID_MESSAGE_ID to 192.168.10.52:500
Nov 22 10:11:12 - [VPN Log]: "LG"[2] 192.168.10.52 #2: received Delete SA payload: deleting ISAKMP State #2
Nov 22 10:11:12 - [VPN Log]: "LG"[2] 192.168.10.52: deleting connection "LG" instance with peer 192.168.10.52 {isakmp=#0/ipsec=#0}
Nov 22 10:11:12 - [VPN Log]: packet from 192.168.10.52:500: received and ignored informational message
Getting Started
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:
Customers Also Viewed These Support Documents