Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

VPN Tunnel is not establishing on Site to Site VPN on Router RV220W

I have recently bought two CISCO routers RV220W for our main and brach office mainly for VPN tunneling. I didnt know they are routers only not modems. so I have set it up using BT 2wire Router as modem only.

I have successfuly setup the routers and manage to establish the VPN tunneling between two routers.

AS bt doesnt give static WAN IP address so I have used Dyndns which works fine. although I have 5 static ip address which cannot be used for WAN unless i cahnge to one IP address even then BT tech said it will not work.

when I created the tunnel i could ping both servers with their IP only not with the names. I can ping them fine locally. I could also see the network from branch office to main office but not from main office to branch office. today when I restarted the server I cannot ping both server i mean vice versa but VPN tunnel is established. now I cannot see the network from branch office to main office as well.

both sites running windows server 2008 standard. main office server has 6 NIC cards two wwith public and three with private ip addresses, its also runing Terminal server, exchange, file etc. the branch office has two NIC card one with private and one with public ip.

intially I could establish the VPN tunnel as the network range was same on both sites so I changed one in th e10.0.0.0 range other in 192.168.1.0 range and VPN tunnel was established straightaway.

As soon as the VPN tunnel was created I manage to creat an external trust without any problems and both servers are added in each other forward zones as name servers.

in the main office the fues went off and I had to re-start the router and now the VPN tunnel is not establishing, mainly the error is ISAKMP-SA Expired I will paste the log of both routers below 

Now I need your help.

1. How to Clear Old or Existing Security Associations (Tunnels) on RV220W

2. how to fix the problem where I can ping the server with their IP as well as domain names ?

3. how to set it up so that both sides can see the network resources as well as access it ?

4. how to set it up so if the staff in branch office wants to log on the domain in main office he can simply do it as he does it in his office.

I can remote desktop both servers without any problems.

I have rebooted both servers few times, I have changed the share key, I also deleted the old setup and created new on both server but still no luck

Any urgent help will be appricated

7 REPLIES
Community Member

Re: VPN Tunnel is not establishing on Site to Site VPN on Router


Router1 Ipsec Policies

IPsec Policies

Add / Edit IKE Policy Configuration

Policy Name:

Direction / Type:

Exchange Mode:

Local

Identifier Type:

Identifier:

Remote

Identifier Type:

Identifier:

IKE SA Parameters

Encryption Algorithm:

Authentication Algorithm:

Authentication Method:

Pre-Shared Key:

Diffie-Hellman (DH) Group:

SA-Lifetime:

Seconds

Dead Peer Detection:

Enable

Detection Period:

Reconnect after Failure Count:

Extended Authentication

XAUTH Type:

Authentication Type:

Username:

Password:

Community Member

Re: VPN Tunnel is not establishing on Site to Site VPN on Router

Router1 VPN Policies

IPsec Policies

Add / Edit VPN Policy Configuration

Policy Name:

Policy Type:

Remote Endpoint:

NETBIOS:

Enable

Local Traffic Selection

Local IP:

Start Address:

End Address:

Subnet Mask:

Remote Traffic Selection

Remote IP:

Start Address:

End Address:

Subnet Mask:

Manual Policy Parameters

SPI-Incoming:

SPI-Outgoing:

Encryption Algorithm:

Key-In:

Key-Out:

Integrity Algorithm:

Key-In:

Key-Out:

Auto Policy Parameters

SA-Lifetime:

Encryption Algorithm:

Integrity Algorithm:

PFS Key Group:

Enable

Select IKE Policy:

Community Member

Re: VPN Tunnel is not establishing on Site to Site VPN on Router

Router 2 IPsec

IPsec Policies

Add / Edit IKE Policy Configuration

Policy Name:

Direction / Type:

Exchange Mode:

Local

Identifier Type:

Identifier:

Remote

Identifier Type:

Identifier:

IKE SA Parameters

Encryption Algorithm:

Authentication Algorithm:

Authentication Method:

Pre-Shared Key:

Diffie-Hellman (DH) Group:

SA-Lifetime:

Seconds

Dead Peer Detection:

Enable

Detection Period:

Reconnect after Failure Count:

Extended Authentication

XAUTH Type:

Authentication Type:

Username:

Password:

Community Member

Re: VPN Tunnel is not establishing on Site to Site VPN on Router

Router 2 VPN

Add / Edit VPN Policy Configuration

Policy Name:

Policy Type:

Remote Endpoint:

FQDN

NETBIOS:

Enable

Local Traffic Selection

Local IP:

Start Address:

End Address:

Subnet Mask:

Remote Traffic Selection

Remote IP:

Start Address:

End Address:

Subnet Mask:

Manual Policy Parameters

SPI-Incoming:

SPI-Outgoing:

Encryption Algorithm:

Key-In:

Key-Out:

Integrity Algorithm:

Key-In:

Key-Out:

Auto Policy Parameters

SA-Lifetime:

Encryption Algorithm:

Integrity Algorithm:

PFS Key Group:

Enable

Select IKE Policy:

Community Member

VPN Tunnel is not establishing on Site to Site VPN on Router RV2

Router1 log

2012-01-14 09:23:03: [rv220w][IKE] INFO: Sending Informational Exchange: delete payload[]

2012-01-14 09:23:04: [rv220w][IKE] INFO: ISAKMP-SA deleted for 197.127.128.1[500]-197.143

.198.1[500

] with spi:9dd3d5f20fabee3d:2bc2b

c5c6660437

f

2012-01-14 09:23:12: [rv220w][IKE] INFO: remote configuration for identifier "router1.vpn.com" found

2012-01-14 09:23:12: [rv220w][IKE] INFO: Received request for new phase 1 negotiation: 197.127.128.1[500]<=>197.1

43.198.1[5

00]

2012-01-14 09:23:12: [rv220w][IKE] INFO: Beginning Identity Protection mode.

2012-01-14 09:23:12: [rv220w][IKE] INFO: Received Vendor ID: RFC XXXX

2012-01-14 09:23:12: [rv220w][IKE] INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike

-02

2012-01-14 09:23:12: [rv220w][IKE] INFO: Received Vendor ID: RFC 3947

2012-01-14 09:23:12: [rv220w][IKE] INFO: Received Vendor ID: DPD

2012-01-14 09:23:12: [rv220w][IKE] INFO: For 197.143.198.1[500], Selected NAT-T version: RFC 3947

2012-01-14 09:23:13: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:23:13: [rv220w][IKE] INFO: NAT-D payload matches for 197.127.128.1[500]

2012-01-14 09:23:13: [rv220w][IKE] INFO: NAT-D payload matches for 197.143.198.1[500]

2012-01-14 09:23:13: [rv220w][IKE] INFO: NAT not detected

2012-01-14 09:23:13: [rv220w][IKE] INFO: ISAKMP-SA established for 197.127.128.1[500]-197.143

.198.1[500

] with spi:43e947c9f4344673:8059b

360776508e

9

2012-01-14 09:23:13: [rv220w][IKE] INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]

2012-01-14 09:23:13: [rv220w][IKE] INFO: ISAKMP-SA expired 197.127.128.1[500]-197.143

.198.1[500

] spi:43e947c9f4344673:8059b

360776508e

9

2012-01-14 09:23:13: [rv220w][IKE] INFO: Sending Informational Exchange: delete payload[]

2012-01-14 09:23:14: [rv220w][IKE] INFO: ISAKMP-SA deleted for 197.127.128.1[500]-197.143

.198.1[500

] with spi:43e947c9f4344673:8059b

360776508e

9

2012-01-14 09:23:33: [rv220w][IKE] ERROR: Phase 2 negotiation failed due to time up waiting for phase1. ESP 197.143.198.1->197.127.128

.1

2012-01-14 09:24:02: [rv220w][IKE] INFO: Using IPsec SA configuration: 10.0.0.0/24<->192.168.100.

0/24

2012-01-14 09:24:02: [rv220w][IKE] INFO: remote configuration for identifier "router1.vpn.com" found

2012-01-14 09:24:02: [rv220w][IKE] INFO: Initiating new phase 1 negotiation: 197.127.128.1[500]<=>197.1

43.198.1[5

00]

2012-01-14 09:24:02: [rv220w][IKE] INFO: Beginning Identity Protection mode.

2012-01-14 09:24:02: [rv220w][IKE] INFO: [ident_i1send:180]: XXX: NUMNATTVENDORIDS: 3

2012-01-14 09:24:02: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 4

2012-01-14 09:24:02: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 8

2012-01-14 09:24:02: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 9

2012-01-14 09:24:02: [rv220w][IKE] INFO: Received Vendor ID: RFC 3947

2012-01-14 09:24:02: [rv220w][IKE] INFO: Received Vendor ID: DPD

2012-01-14 09:24:02: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:24:02: [rv220w][IKE] INFO: For 197.143.198.1[500], Selected NAT-T version: RFC 3947

2012-01-14 09:24:03: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:24:03: [rv220w][IKE] INFO: NAT-D payload matches for 197.127.128.1[500]

2012-01-14 09:24:03: [rv220w][IKE] INFO: NAT-D payload matches for 197.143.198.1[500]

2012-01-14 09:24:03: [rv220w][IKE] INFO: NAT not detected

2012-01-14 09:24:03: [rv220w][IKE] INFO: ISAKMP-SA established for 197.127.128.1[500]-197.143

.198.1[500

] with spi:3e55c80741ba280c:dd313

67ffdf353b

8

2012-01-14 09:24:03: [rv220w][IKE] INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]

2012-01-14 09:24:03: [rv220w][IKE] INFO: ISAKMP-SA expired 197.127.128.1[500]-197.143

.198.1[500

] spi:3e55c80741ba280c:dd313

67ffdf353b

8

2012-01-14 09:24:03: [rv220w][IKE] INFO: Sending Informational Exchange: delete payload[]

2012-01-14 09:24:04: [rv220w][IKE] INFO: ISAKMP-SA deleted for 197.127.128.1[500]-197.143

.198.1[500

] with spi:3e55c80741ba280c:dd313

67ffdf353b

8

2012-01-14 09:24:27: [rv220w][IKE] INFO: remote configuration for identifier "router1.vpn.com" found

2012-01-14 09:24:27: [rv220w][IKE] INFO: Received request for new phase 1 negotiation: 197.127.128.1[500]<=>197.1

43.198.1[5

00]

2012-01-14 09:24:27: [rv220w][IKE] INFO: Beginning Identity Protection mode.

2012-01-14 09:24:27: [rv220w][IKE] INFO: Received Vendor ID: RFC XXXX

2012-01-14 09:24:27: [rv220w][IKE] INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike

-02

2012-01-14 09:24:27: [rv220w][IKE] INFO: Received Vendor ID: RFC 3947

2012-01-14 09:24:27: [rv220w][IKE] INFO: Received Vendor ID: DPD

2012-01-14 09:24:27: [rv220w][IKE] INFO: For 197.143.198.1[500], Selected NAT-T version: RFC 3947

2012-01-14 09:24:27: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:24:27: [rv220w][IKE] INFO: NAT-D payload matches for 197.127.128.1[500]

2012-01-14 09:24:27: [rv220w][IKE] INFO: NAT-D payload matches for 197.143.198.1[500]

2012-01-14 09:24:27: [rv220w][IKE] INFO: NAT not detected

2012-01-14 09:24:27: [rv220w][IKE] INFO: ISAKMP-SA established for 197.127.128.1[500]-197.143

.198.1[500

] with spi:bf736f5e71444cab:30d24

12dc75cb60

2

2012-01-14 09:24:27: [rv220w][IKE] INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]

2012-01-14 09:24:27: [rv220w][IKE] INFO: ISAKMP-SA expired 197.127.128.1[500]-197.143

.198.1[500

] spi:bf736f5e71444cab:30d24

12dc75cb60

2

2012-01-14 09:24:27: [rv220w][IKE] INFO: Sending Informational Exchange: delete payload[]

2012-01-14 09:24:28: [rv220w][IKE] INFO: ISAKMP-SA deleted for 197.127.128.1[500]-197.143

.198.1[500

] with spi:bf736f5e71444cab:30d24

12dc75cb60

2

2012-01-14 09:24:33: [rv220w][IKE] ERROR: Phase 2 negotiation failed due to time up waiting for phase1. ESP 197.143.198.1->197.127.128

.1

2012-01-14 09:24:43: [rv220w][IKE] INFO: Using IPsec SA configuration: 10.0.0.0/24<->192.168.100.

0/24

2012-01-14 09:24:43: [rv220w][IKE] INFO: remote configuration for identifier "router1.vpn.com" found

2012-01-14 09:24:43: [rv220w][IKE] INFO: Initiating new phase 1 negotiation: 197.127.128.1[500]<=>197.1

43.198.1[5

00]

2012-01-14 09:24:43: [rv220w][IKE] INFO: Beginning Identity Protection mode.

2012-01-14 09:24:43: [rv220w][IKE] INFO: [ident_i1send:180]: XXX: NUMNATTVENDORIDS: 3

2012-01-14 09:24:43: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 4

2012-01-14 09:24:43: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 8

2012-01-14 09:24:43: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 9

2012-01-14 09:24:43: [rv220w][IKE] INFO: Received Vendor ID: RFC 3947

2012-01-14 09:24:43: [rv220w][IKE] INFO: Received Vendor ID: DPD

2012-01-14 09:24:43: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:24:43: [rv220w][IKE] INFO: For 197.143.198.1[500], Selected NAT-T version: RFC 3947

2012-01-14 09:24:43: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:24:43: [rv220w][IKE] INFO: NAT-D payload matches for 197.127.128.1[500]

2012-01-14 09:24:43: [rv220w][IKE] INFO: NAT-D payload matches for 197.143.198.1[500]

2012-01-14 09:24:43: [rv220w][IKE] INFO: NAT not detected

2012-01-14 09:24:44: [rv220w][IKE] INFO: ISAKMP-SA established for 197.127.128.1[500]-197.143

.198.1[500

] with spi:01055a0e8b3c2d3c:ecbef

bd9ed57340

3

2012-01-14 09:24:44: [rv220w][IKE] INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]

2012-01-14 09:24:44: [rv220w][IKE] INFO: ISAKMP-SA expired 197.127.128.1[500]-197.143

.198.1[500

] spi:01055a0e8b3c2d3c:ecbef

bd9ed57340

3

2012-01-14 09:24:44: [rv220w][IKE] INFO: Sending Informational Exchange: delete payload[]

2012-01-14 09:24:45: [rv220w][IKE] INFO: ISAKMP-SA deleted for 197.127.128.1[500]-197.143

.198.1[500

] with spi:01055a0e8b3c2d3c:ecbef

bd9ed57340

3

2012-01-14 09:25:14: [rv220w][IKE] ERROR: Phase 2 negotiation failed due to time up waiting for phase1. ESP 197.143.198.1->197.127.128

.1

2012-01-14 09:26:02: [rv220w][IKE] INFO: Using IPsec SA configuration: 10.0.0.0/24<->192.168.100.

0/24

2012-01-14 09:26:02: [rv220w][IKE] INFO: remote configuration for identifier "router1.vpn.com" found

2012-01-14 09:26:02: [rv220w][IKE] INFO: Initiating new phase 1 negotiation: 197.127.128.1[500]<=>197.1

43.198.1[5

00]

2012-01-14 09:26:02: [rv220w][IKE] INFO: Beginning Identity Protection mode.

2012-01-14 09:26:02: [rv220w][IKE] INFO: [ident_i1send:180]: XXX: NUMNATTVENDORIDS: 3

2012-01-14 09:26:02: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 4

2012-01-14 09:26:02: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 8

2012-01-14 09:26:02: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 9

2012-01-14 09:26:02: [rv220w][IKE] INFO: Received Vendor ID: RFC 3947

2012-01-14 09:26:02: [rv220w][IKE] INFO: Received Vendor ID: DPD

2012-01-14 09:26:02: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:26:02: [rv220w][IKE] INFO: For 197.143.198.1[500], Selected NAT-T version: RFC 3947

2012-01-14 09:26:03: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:26:03: [rv220w][IKE] INFO: NAT-D payload matches for 197.127.128.1[500]

2012-01-14 09:26:03: [rv220w][IKE] INFO: NAT-D payload matches for 197.143.198.1[500]

2012-01-14 09:26:03: [rv220w][IKE] INFO: NAT not detected

2012-01-14 09:26:03: [rv220w][IKE] INFO: ISAKMP-SA established for 197.127.128.1[500]-197.143

.198.1[500

] with spi:bee67d28e1abcb44:8154b

5e19a4d737

f

2012-01-14 09:26:03: [rv220w][IKE] INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]

2012-01-14 09:26:03: [rv220w][IKE] INFO: ISAKMP-SA expired 197.127.128.1[500]-197.143

.198.1[500

] spi:bee67d28e1abcb44:8154b

5e19a4d737

f

2012-01-14 09:26:03: [rv220w][IKE] INFO: Sending Informational Exchange: delete payload[]

2012-01-14 09:26:04: [rv220w][IKE] INFO: ISAKMP-SA deleted for 197.127.128.1[500]-197.143

.198.1[500

] with spi:bee67d28e1abcb44:8154b

5e19a4d737

f

2012-01-14 09:26:22: [rv220w][IKE] INFO: remote configuration for identifier "router1.vpn.com" found

2012-01-14 09:26:22: [rv220w][IKE] INFO: Received request for new phase 1 negotiation: 197.127.128.1[500]<=>197.1

43.198.1[5

00]

2012-01-14 09:26:22: [rv220w][IKE] INFO: Beginning Identity Protection mode.

2012-01-14 09:26:22: [rv220w][IKE] INFO: Received Vendor ID: RFC XXXX

2012-01-14 09:26:22: [rv220w][IKE] INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike

-02

2012-01-14 09:26:22: [rv220w][IKE] INFO: Received Vendor ID: RFC 3947

2012-01-14 09:26:22: [rv220w][IKE] INFO: Received Vendor ID: DPD

2012-01-14 09:26:22: [rv220w][IKE] INFO: For 197.143.198.1[500], Selected NAT-T version: RFC 3947

2012-01-14 09:26:22: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:26:22: [rv220w][IKE] INFO: NAT-D payload matches for 197.127.128.1[500]

2012-01-14 09:26:22: [rv220w][IKE] INFO: NAT-D payload matches for 197.143.198.1[500]

2012-01-14 09:26:22: [rv220w][IKE] INFO: NAT not detected

2012-01-14 09:26:22: [rv220w][IKE] INFO: ISAKMP-SA established for 197.127.128.1[500]-197.143

.198.1[500

] with spi:8608af37edbabe3c:7c9a4

0fe6f8c5a1

d

2012-01-14 09:26:22: [rv220w][IKE] INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]

2012-01-14 09:26:22: [rv220w][IKE] INFO: ISAKMP-SA expired 197.127.128.1[500]-197.143

.198.1[500

] spi:8608af37edbabe3c:7c9a4

0fe6f8c5a1

d

2012-01-14 09:26:22: [rv220w][IKE] INFO: Sending Informational Exchange: delete payload[]

2012-01-14 09:26:23: [rv220w][IKE] INFO: ISAKMP-SA deleted for 197.127.128.1[500]-197.143

.198.1[500

] with spi:8608af37edbabe3c:7c9a4

0fe6f8c5a1

d

2012-01-14 09:26:33: [rv220w][IKE] ERROR: Phase 2 negotiation failed due to time up waiting for phase1. ESP 197.143.198.1->197.127.128

.1

2012-01-14 09:28:13: [rv220w][IKE] INFO: Using IPsec SA configuration: 10.0.0.0/24<->192.168.100.

0/24

2012-01-14 09:28:13: [rv220w][IKE] INFO: remote configuration for identifier "router1.vpn.com" found

2012-01-14 09:28:13: [rv220w][IKE] INFO: Initiating new phase 1 negotiation: 197.127.128.1[500]<=>197.1

43.198.1[5

00]

2012-01-14 09:28:13: [rv220w][IKE] INFO: Beginning Identity Protection mode.

2012-01-14 09:28:13: [rv220w][IKE] INFO: [ident_i1send:180]: XXX: NUMNATTVENDORIDS: 3

2012-01-14 09:28:13: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 4

2012-01-14 09:28:13: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 8

2012-01-14 09:28:13: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 9

2012-01-14 09:28:14: [rv220w][IKE] INFO: Received Vendor ID: RFC 3947

2012-01-14 09:28:14: [rv220w][IKE] INFO: Received Vendor ID: DPD

2012-01-14 09:28:14: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:28:14: [rv220w][IKE] INFO: For 197.143.198.1[500], Selected NAT-T version: RFC 3947

2012-01-14 09:28:14: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:28:14: [rv220w][IKE] INFO: NAT-D payload matches for 197.127.128.1[500]

2012-01-14 09:28:14: [rv220w][IKE] INFO: NAT-D payload matches for 197.143.198.1[500]

2012-01-14 09:28:14: [rv220w][IKE] INFO: NAT not detected

2012-01-14 09:28:14: [rv220w][IKE] INFO: ISAKMP-SA established for 197.127.128.1[500]-197.143

.198.1[500

] with spi:6e3e37112f726505:d538c

7b380d1bb7

b

2012-01-14 09:28:14: [rv220w][IKE] INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]

2012-01-14 09:28:14: [rv220w][IKE] INFO: ISAKMP-SA expired 197.127.128.1[500]-197.143

.198.1[500

] spi:6e3e37112f726505:d538c

7b380d1bb7

b

2012-01-14 09:28:14: [rv220w][IKE] INFO: Sending Informational Exchange: delete payload[]

2012-01-14 09:28:15: [rv220w][IKE] INFO: ISAKMP-SA deleted for 197.127.128.1[500]-197.143

.198.1[500

] with spi:6e3e37112f726505:d538c

7b380d1bb7

b

2012-01-14 09:28:44: [rv220w][IKE] ERROR: Phase 2 negotiation failed due to time up waiting for phase1. ESP 197.143.198.1->197.127.128

.1

2012-01-14 09:29:01: [rv220w][IKE] INFO: Using IPsec SA configuration: 10.0.0.0/24<->192.168.100.

0/24

2012-01-14 09:29:01: [rv220w][IKE] INFO: remote configuration for identifier "router1.vpn.com" found

2012-01-14 09:29:01: [rv220w][IKE] INFO: Initiating new phase 1 negotiation: 197.127.128.1[500]<=>197.1

43.198.1[5

00]

2012-01-14 09:29:01: [rv220w][IKE] INFO: Beginning Identity Protection mode.

2012-01-14 09:29:01: [rv220w][IKE] INFO: [ident_i1send:180]: XXX: NUMNATTVENDORIDS: 3

2012-01-14 09:29:01: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 4

2012-01-14 09:29:01: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 8

2012-01-14 09:29:01: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 9

2012-01-14 09:29:01: [rv220w][IKE] INFO: Received Vendor ID: RFC 3947

2012-01-14 09:29:01: [rv220w][IKE] INFO: Received Vendor ID: DPD

2012-01-14 09:29:01: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:29:01: [rv220w][IKE] INFO: For 197.143.198.1[500], Selected NAT-T version: RFC 3947

2012-01-14 09:29:02: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:29:02: [rv220w][IKE] INFO: NAT-D payload matches for 197.127.128.1[500]

2012-01-14 09:29:02: [rv220w][IKE] INFO: NAT-D payload matches for 197.143.198.1[500]

2012-01-14 09:29:02: [rv220w][IKE] INFO: NAT not detected

2012-01-14 09:29:02: [rv220w][IKE] INFO: ISAKMP-SA established for 197.127.128.1[500]-197.143

.198.1[500

] with spi:ed4a08158ec9e2d6:728b8

2b6fd1f4ac

8

2012-01-14 09:29:02: [rv220w][IKE] INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]

2012-01-14 09:29:02: [rv220w][IKE] INFO: ISAKMP-SA expired 197.127.128.1[500]-197.143

.198.1[500

] spi:ed4a08158ec9e2d6:728b8

2b6fd1f4ac

8

2012-01-14 09:29:02: [rv220w][IKE] INFO: Sending Informational Exchange: delete payload[]

2012-01-14 09:29:03: [rv220w][IKE] INFO: ISAKMP-SA deleted for 197.127.128.1[500]-197.143

.198.1[500

] with spi:ed4a08158ec9e2d6:728b8

2b6fd1f4ac

8

2012-01-14 09:29:32: [rv220w][IKE] ERROR: Phase 2 negotiation failed due to time up waiting for phase1. ESP 197.143.198.1->197.127.128

.1

2012-01-14 09:29:53: [rv220w][IKE] INFO: Using IPsec SA configuration: 10.0.0.0/24<->192.168.100.

0/24

2012-01-14 09:29:53: [rv220w][IKE] INFO: remote configuration for identifier "router1.vpn.com" found

2012-01-14 09:29:53: [rv220w][IKE] INFO: Initiating new phase 1 negotiation: 197.127.128.1[500]<=>197.1

43.198.1[5

00]

2012-01-14 09:29:53: [rv220w][IKE] INFO: Beginning Identity Protection mode.

2012-01-14 09:29:53: [rv220w][IKE] INFO: [ident_i1send:180]: XXX: NUMNATTVENDORIDS: 3

2012-01-14 09:29:53: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 4

2012-01-14 09:29:53: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 8

2012-01-14 09:29:53: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 9

2012-01-14 09:29:53: [rv220w][IKE] INFO: Received Vendor ID: RFC 3947

2012-01-14 09:29:53: [rv220w][IKE] INFO: Received Vendor ID: DPD

2012-01-14 09:29:53: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:29:53: [rv220w][IKE] INFO: For 197.143.198.1[500], Selected NAT-T version: RFC 3947

2012-01-14 09:29:53: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:29:53: [rv220w][IKE] INFO: NAT-D payload matches for 197.127.128.1[500]

2012-01-14 09:29:53: [rv220w][IKE] INFO: NAT-D payload matches for 197.143.198.1[500]

2012-01-14 09:29:53: [rv220w][IKE] INFO: NAT not detected

2012-01-14 09:29:53: [rv220w][IKE] INFO: ISAKMP-SA established for 197.127.128.1[500]-197.143

.198.1[500

] with spi:d18758312c138e74:463cf

cd4bc16eb8

9

2012-01-14 09:29:53: [rv220w][IKE] INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]

2012-01-14 09:29:53: [rv220w][IKE] INFO: ISAKMP-SA expired 197.127.128.1[500]-197.143

.198.1[500

] spi:d18758312c138e74:463cf

cd4bc16eb8

9

2012-01-14 09:29:53: [rv220w][IKE] INFO: Sending Informational Exchange: delete payload[]

2012-01-14 09:29:54: [rv220w][IKE] INFO: ISAKMP-SA deleted for 197.127.128.1[500]-197.143

.198.1[500

] with spi:d18758312c138e74:463cf

cd4bc16eb8

9

2012-01-14 09:30:24: [rv220w][IKE] ERROR: Phase 2 negotiation failed due to time up waiting for phase1. ESP 197.143.198.1->197.127.128

.1

2012-01-14 09:31:00: [rv220w][IKE] INFO: Using IPsec SA configuration: 10.0.0.0/24<->192.168.100.

0/24

2012-01-14 09:31:00: [rv220w][IKE] INFO: remote configuration for identifier "router1.vpn.com" found

2012-01-14 09:31:00: [rv220w][IKE] INFO: Initiating new phase 1 negotiation: 197.127.128.1[500]<=>197.1

43.198.1[5

00]

2012-01-14 09:31:00: [rv220w][IKE] INFO: Beginning Identity Protection mode.

2012-01-14 09:31:00: [rv220w][IKE] INFO: [ident_i1send:180]: XXX: NUMNATTVENDORIDS: 3

2012-01-14 09:31:00: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 4

2012-01-14 09:31:00: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 8

2012-01-14 09:31:00: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 9

2012-01-14 09:31:00: [rv220w][IKE] INFO: Received Vendor ID: RFC 3947

2012-01-14 09:31:00: [rv220w][IKE] INFO: Received Vendor ID: DPD

2012-01-14 09:31:00: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:31:00: [rv220w][IKE] INFO: For 197.143.198.1[500], Selected NAT-T version: RFC 3947

2012-01-14 09:31:00: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:31:00: [rv220w][IKE] INFO: NAT-D payload matches for 197.127.128.1[500]

2012-01-14 09:31:00: [rv220w][IKE] INFO: NAT-D payload matches for 197.143.198.1[500]

2012-01-14 09:31:00: [rv220w][IKE] INFO: NAT not detected

2012-01-14 09:31:01: [rv220w][IKE] INFO: ISAKMP-SA established for 197.127.128.1[500]-197.143

.198.1[500

] with spi:037f625ec85cd352:36ffa

9dd66151db

5

2012-01-14 09:31:01: [rv220w][IKE] INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]

2012-01-14 09:31:01: [rv220w][IKE] INFO: ISAKMP-SA expired 197.127.128.1[500]-197.143

.198.1[500

] spi:037f625ec85cd352:36ffa

9dd66151db

5

2012-01-14 09:31:01: [rv220w][IKE] INFO: Sending Informational Exchange: delete payload[]

2012-01-14 09:31:02: [rv220w][IKE] INFO: ISAKMP-SA deleted for 197.127.128.1[500]-197.143

.198.1[500

] with spi:037f625ec85cd352:36ffa

9dd66151db

5

2012-01-14 09:31:31: [rv220w][IKE] ERROR: Phase 2 negotiation failed due to time up waiting for phase1. ESP 197.143.198.1->197.127.128

.1

2012-01-14 09:31:51: [rv220w][IKE] INFO: remote configuration for identifier "router1.vpn.com" found

2012-01-14 09:31:51: [rv220w][IKE] INFO: Received request for new phase 1 negotiation: 197.127.128.1[500]<=>197.1

43.198.1[5

00]

2012-01-14 09:31:51: [rv220w][IKE] INFO: Beginning Identity Protection mode.

2012-01-14 09:31:51: [rv220w][IKE] INFO: Received Vendor ID: RFC XXXX

2012-01-14 09:31:51: [rv220w][IKE] INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike

-02

I

Community Member

VPN Tunnel is not establishing on Site to Site VPN on Router RV2

Router 2 Log

2012-01-14 09:23:04: [rv220w][IKE] INFO: ISAKMP-SA deleted for 197.143.198.1[500]-197.127

.128.1[500

] with spi:9dd3d5f20fabee3d:2bc2b

c5c6660437

f

2012-01-14 09:23:12: [rv220w][IKE] INFO: Using IPsec SA configuration: 192.168.100.0/24<->10.0.0.

0/24

2012-01-14 09:23:12: [rv220w][IKE] INFO: remote configuration for identifier "router2.vpn.com" found

2012-01-14 09:23:12: [rv220w][IKE] INFO: Initiating new phase 1 negotiation: 197.143.198.1[500]<=>197.1

27.128.1[5

00]

2012-01-14 09:23:12: [rv220w][IKE] INFO: Beginning Identity Protection mode.

2012-01-14 09:23:12: [rv220w][IKE] INFO: [ident_i1send:180]: XXX: NUMNATTVENDORIDS: 3

2012-01-14 09:23:12: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 4

2012-01-14 09:23:12: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 8

2012-01-14 09:23:12: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 9

2012-01-14 09:23:13: [rv220w][IKE] INFO: Received Vendor ID: RFC 3947

2012-01-14 09:23:13: [rv220w][IKE] INFO: Received Vendor ID: DPD

2012-01-14 09:23:13: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:23:13: [rv220w][IKE] INFO: For 197.127.128.1[500], Selected NAT-T version: RFC 3947

2012-01-14 09:23:13: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:23:13: [rv220w][IKE] INFO: NAT-D payload matches for 197.143.198.1[500]

2012-01-14 09:23:13: [rv220w][IKE] INFO: NAT-D payload matches for 197.127.128.1[500]

2012-01-14 09:23:13: [rv220w][IKE] INFO: NAT not detected

2012-01-14 09:23:13: [rv220w][IKE] INFO: ISAKMP-SA established for 197.143.198.1[500]-197.127

.128.1[500

] with spi:43e947c9f4344673:8059b

360776508e

9

2012-01-14 09:23:13: [rv220w][IKE] INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]

2012-01-14 09:23:13: [rv220w][IKE] INFO: ISAKMP-SA expired 197.143.198.1[500]-197.127

.128.1[500

] spi:43e947c9f4344673:8059b

360776508e

9

2012-01-14 09:23:13: [rv220w][IKE] INFO: Sending Informational Exchange: delete payload[]

2012-01-14 09:23:14: [rv220w][IKE] INFO: ISAKMP-SA deleted for 197.143.198.1[500]-197.127

.128.1[500

] with spi:43e947c9f4344673:8059b

360776508e

9

2012-01-14 09:23:43: [rv220w][IKE] ERROR: Phase 2 negotiation failed due to time up waiting for phase1. ESP 197.127.128.1->197.143.198

.1

2012-01-14 09:24:02: [rv220w][IKE] INFO: remote configuration for identifier "router2.vpn.com" found

2012-01-14 09:24:02: [rv220w][IKE] INFO: Received request for new phase 1 negotiation: 197.143.198.1[500]<=>197.1

27.128.1[5

00]

2012-01-14 09:24:02: [rv220w][IKE] INFO: Beginning Identity Protection mode.

2012-01-14 09:24:02: [rv220w][IKE] INFO: Received Vendor ID: RFC XXXX

2012-01-14 09:24:02: [rv220w][IKE] INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike

-02

2012-01-14 09:24:02: [rv220w][IKE] INFO: Received Vendor ID: RFC 3947

2012-01-14 09:24:02: [rv220w][IKE] INFO: Received Vendor ID: DPD

2012-01-14 09:24:02: [rv220w][IKE] INFO: For 197.127.128.1[500], Selected NAT-T version: RFC 3947

2012-01-14 09:24:02: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:24:02: [rv220w][IKE] INFO: NAT-D payload matches for 197.143.198.1[500]

2012-01-14 09:24:02: [rv220w][IKE] INFO: NAT-D payload matches for 197.127.128.1[500]

2012-01-14 09:24:02: [rv220w][IKE] INFO: NAT not detected

2012-01-14 09:24:03: [rv220w][IKE] INFO: ISAKMP-SA established for 197.143.198.1[500]-197.127

.128.1[500

] with spi:3e55c80741ba280c:dd313

67ffdf353b

8

2012-01-14 09:24:03: [rv220w][IKE] INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]

2012-01-14 09:24:03: [rv220w][IKE] INFO: ISAKMP-SA expired 197.143.198.1[500]-197.127

.128.1[500

] spi:3e55c80741ba280c:dd313

67ffdf353b

8

2012-01-14 09:24:03: [rv220w][IKE] INFO: Sending Informational Exchange: delete payload[]

2012-01-14 09:24:04: [rv220w][IKE] INFO: ISAKMP-SA deleted for 197.143.198.1[500]-197.127

.128.1[500

] with spi:3e55c80741ba280c:dd313

67ffdf353b

8

2012-01-14 09:24:27: [rv220w][IKE] INFO: Using IPsec SA configuration: 192.168.100.0/24<->10.0.0.

0/24

2012-01-14 09:24:27: [rv220w][IKE] INFO: remote configuration for identifier "router2.vpn.com" found

2012-01-14 09:24:27: [rv220w][IKE] INFO: Initiating new phase 1 negotiation: 197.143.198.1[500]<=>197.1

27.128.1[5

00]

2012-01-14 09:24:27: [rv220w][IKE] INFO: Beginning Identity Protection mode.

2012-01-14 09:24:27: [rv220w][IKE] INFO: [ident_i1send:180]: XXX: NUMNATTVENDORIDS: 3

2012-01-14 09:24:27: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 4

2012-01-14 09:24:27: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 8

2012-01-14 09:24:27: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 9

2012-01-14 09:24:27: [rv220w][IKE] INFO: Received Vendor ID: RFC 3947

2012-01-14 09:24:27: [rv220w][IKE] INFO: Received Vendor ID: DPD

2012-01-14 09:24:27: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:24:27: [rv220w][IKE] INFO: For 197.127.128.1[500], Selected NAT-T version: RFC 3947

2012-01-14 09:24:27: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:24:27: [rv220w][IKE] INFO: NAT-D payload matches for 197.143.198.1[500]

2012-01-14 09:24:27: [rv220w][IKE] INFO: NAT-D payload matches for 197.127.128.1[500]

2012-01-14 09:24:27: [rv220w][IKE] INFO: NAT not detected

2012-01-14 09:24:27: [rv220w][IKE] INFO: ISAKMP-SA established for 197.143.198.1[500]-197.127

.128.1[500

] with spi:bf736f5e71444cab:30d24

12dc75cb60

2

2012-01-14 09:24:27: [rv220w][IKE] INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]

2012-01-14 09:24:27: [rv220w][IKE] INFO: ISAKMP-SA expired 197.143.198.1[500]-197.127

.128.1[500

] spi:bf736f5e71444cab:30d24

12dc75cb60

2

2012-01-14 09:24:27: [rv220w][IKE] INFO: Sending Informational Exchange: delete payload[]

2012-01-14 09:24:28: [rv220w][IKE] INFO: ISAKMP-SA deleted for 197.143.198.1[500]-197.127

.128.1[500

] with spi:bf736f5e71444cab:30d24

12dc75cb60

2

2012-01-14 09:24:43: [rv220w][IKE] INFO: remote configuration for identifier "router2.vpn.com" found

2012-01-14 09:24:43: [rv220w][IKE] INFO: Received request for new phase 1 negotiation: 197.143.198.1[500]<=>197.1

27.128.1[5

00]

2012-01-14 09:24:43: [rv220w][IKE] INFO: Beginning Identity Protection mode.

2012-01-14 09:24:43: [rv220w][IKE] INFO: Received Vendor ID: RFC XXXX

2012-01-14 09:24:43: [rv220w][IKE] INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike

-02

2012-01-14 09:24:43: [rv220w][IKE] INFO: Received Vendor ID: RFC 3947

2012-01-14 09:24:43: [rv220w][IKE] INFO: Received Vendor ID: DPD

2012-01-14 09:24:43: [rv220w][IKE] INFO: For 197.127.128.1[500], Selected NAT-T version: RFC 3947

2012-01-14 09:24:43: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:24:43: [rv220w][IKE] INFO: NAT-D payload matches for 197.143.198.1[500]

2012-01-14 09:24:43: [rv220w][IKE] INFO: NAT-D payload matches for 197.127.128.1[500]

2012-01-14 09:24:43: [rv220w][IKE] INFO: NAT not detected

2012-01-14 09:24:44: [rv220w][IKE] INFO: ISAKMP-SA established for 197.143.198.1[500]-197.127

.128.1[500

] with spi:01055a0e8b3c2d3c:ecbef

bd9ed57340

3

2012-01-14 09:24:44: [rv220w][IKE] INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]

2012-01-14 09:24:44: [rv220w][IKE] INFO: ISAKMP-SA expired 197.143.198.1[500]-197.127

.128.1[500

] spi:01055a0e8b3c2d3c:ecbef

bd9ed57340

3

2012-01-14 09:24:44: [rv220w][IKE] INFO: Sending Informational Exchange: delete payload[]

2012-01-14 09:24:45: [rv220w][IKE] INFO: ISAKMP-SA deleted for 197.143.198.1[500]-197.127

.128.1[500

] with spi:01055a0e8b3c2d3c:ecbef

bd9ed57340

3

2012-01-14 09:24:58: [rv220w][IKE] ERROR: Phase 2 negotiation failed due to time up waiting for phase1. ESP 197.127.128.1->197.143.198

.1

2012-01-14 09:26:02: [rv220w][IKE] INFO: remote configuration for identifier "router2.vpn.com" found

2012-01-14 09:26:02: [rv220w][IKE] INFO: Received request for new phase 1 negotiation: 197.143.198.1[500]<=>197.1

27.128.1[5

00]

2012-01-14 09:26:02: [rv220w][IKE] INFO: Beginning Identity Protection mode.

2012-01-14 09:26:02: [rv220w][IKE] INFO: Received Vendor ID: RFC XXXX

2012-01-14 09:26:02: [rv220w][IKE] INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike

-02

2012-01-14 09:26:02: [rv220w][IKE] INFO: Received Vendor ID: RFC 3947

2012-01-14 09:26:02: [rv220w][IKE] INFO: Received Vendor ID: DPD

2012-01-14 09:26:02: [rv220w][IKE] INFO: For 197.127.128.1[500], Selected NAT-T version: RFC 3947

2012-01-14 09:26:02: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:26:02: [rv220w][IKE] INFO: NAT-D payload matches for 197.143.198.1[500]

2012-01-14 09:26:02: [rv220w][IKE] INFO: NAT-D payload matches for 197.127.128.1[500]

2012-01-14 09:26:02: [rv220w][IKE] INFO: NAT not detected

2012-01-14 09:26:03: [rv220w][IKE] INFO: ISAKMP-SA established for 197.143.198.1[500]-197.127

.128.1[500

] with spi:bee67d28e1abcb44:8154b

5e19a4d737

f

2012-01-14 09:26:03: [rv220w][IKE] INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]

2012-01-14 09:26:03: [rv220w][IKE] INFO: ISAKMP-SA expired 197.143.198.1[500]-197.127

.128.1[500

] spi:bee67d28e1abcb44:8154b

5e19a4d737

f

2012-01-14 09:26:03: [rv220w][IKE] INFO: Sending Informational Exchange: delete payload[]

2012-01-14 09:26:04: [rv220w][IKE] INFO: ISAKMP-SA deleted for 197.143.198.1[500]-197.127

.128.1[500

] with spi:bee67d28e1abcb44:8154b

5e19a4d737

f

2012-01-14 09:26:22: [rv220w][IKE] INFO: Using IPsec SA configuration: 192.168.100.0/24<->10.0.0.

0/24

2012-01-14 09:26:22: [rv220w][IKE] INFO: remote configuration for identifier "router2.vpn.com" found

2012-01-14 09:26:22: [rv220w][IKE] INFO: Initiating new phase 1 negotiation: 197.143.198.1[500]<=>197.1

27.128.1[5

00]

2012-01-14 09:26:22: [rv220w][IKE] INFO: Beginning Identity Protection mode.

2012-01-14 09:26:22: [rv220w][IKE] INFO: [ident_i1send:180]: XXX: NUMNATTVENDORIDS: 3

2012-01-14 09:26:22: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 4

2012-01-14 09:26:22: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 8

2012-01-14 09:26:22: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 9

2012-01-14 09:26:22: [rv220w][IKE] INFO: Received Vendor ID: RFC 3947

2012-01-14 09:26:22: [rv220w][IKE] INFO: Received Vendor ID: DPD

2012-01-14 09:26:22: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:26:22: [rv220w][IKE] INFO: For 197.127.128.1[500], Selected NAT-T version: RFC 3947

2012-01-14 09:26:22: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:26:22: [rv220w][IKE] INFO: NAT-D payload matches for 197.143.198.1[500]

2012-01-14 09:26:22: [rv220w][IKE] INFO: NAT-D payload matches for 197.127.128.1[500]

2012-01-14 09:26:22: [rv220w][IKE] INFO: NAT not detected

2012-01-14 09:26:22: [rv220w][IKE] INFO: ISAKMP-SA established for 197.143.198.1[500]-197.127

.128.1[500

] with spi:8608af37edbabe3c:7c9a4

0fe6f8c5a1

d

2012-01-14 09:26:22: [rv220w][IKE] INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]

2012-01-14 09:26:22: [rv220w][IKE] INFO: ISAKMP-SA expired 197.143.198.1[500]-197.127

.128.1[500

] spi:8608af37edbabe3c:7c9a4

0fe6f8c5a1

d

2012-01-14 09:26:22: [rv220w][IKE] INFO: Sending Informational Exchange: delete payload[]

2012-01-14 09:26:23: [rv220w][IKE] INFO: ISAKMP-SA deleted for 197.143.198.1[500]-197.127

.128.1[500

] with spi:8608af37edbabe3c:7c9a4

0fe6f8c5a1

d

2012-01-14 09:26:53: [rv220w][IKE] ERROR: Phase 2 negotiation failed due to time up waiting for phase1. ESP 197.127.128.1->197.143.198

.1

2012-01-14 09:28:14: [rv220w][IKE] INFO: remote configuration for identifier "router2.vpn.com" found

2012-01-14 09:28:14: [rv220w][IKE] INFO: Received request for new phase 1 negotiation: 197.143.198.1[500]<=>197.1

27.128.1[5

00]

2012-01-14 09:28:14: [rv220w][IKE] INFO: Beginning Identity Protection mode.

2012-01-14 09:28:14: [rv220w][IKE] INFO: Received Vendor ID: RFC XXXX

2012-01-14 09:28:14: [rv220w][IKE] INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike

-02

2012-01-14 09:28:14: [rv220w][IKE] INFO: Received Vendor ID: RFC 3947

2012-01-14 09:28:14: [rv220w][IKE] INFO: Received Vendor ID: DPD

2012-01-14 09:28:14: [rv220w][IKE] INFO: For 197.127.128.1[500], Selected NAT-T version: RFC 3947

2012-01-14 09:28:14: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:28:14: [rv220w][IKE] INFO: NAT-D payload matches for 197.143.198.1[500]

2012-01-14 09:28:14: [rv220w][IKE] INFO: NAT-D payload matches for 197.127.128.1[500]

2012-01-14 09:28:14: [rv220w][IKE] INFO: NAT not detected

2012-01-14 09:28:14: [rv220w][IKE] INFO: ISAKMP-SA established for 197.143.198.1[500]-197.127

.128.1[500

] with spi:6e3e37112f726505:d538c

7b380d1bb7

b

2012-01-14 09:28:14: [rv220w][IKE] INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]

2012-01-14 09:28:14: [rv220w][IKE] INFO: ISAKMP-SA expired 197.143.198.1[500]-197.127

.128.1[500

] spi:6e3e37112f726505:d538c

7b380d1bb7

b

2012-01-14 09:28:14: [rv220w][IKE] INFO: Sending Informational Exchange: delete payload[]

2012-01-14 09:28:15: [rv220w][IKE] INFO: ISAKMP-SA deleted for 197.143.198.1[500]-197.127

.128.1[500

] with spi:6e3e37112f726505:d538c

7b380d1bb7

b

2012-01-14 09:29:01: [rv220w][IKE] INFO: remote configuration for identifier "router2.vpn.com" found

2012-01-14 09:29:01: [rv220w][IKE] INFO: Received request for new phase 1 negotiation: 197.143.198.1[500]<=>197.1

27.128.1[5

00]

2012-01-14 09:29:01: [rv220w][IKE] INFO: Beginning Identity Protection mode.

2012-01-14 09:29:01: [rv220w][IKE] INFO: Received Vendor ID: RFC XXXX

2012-01-14 09:29:01: [rv220w][IKE] INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike

-02

2012-01-14 09:29:01: [rv220w][IKE] INFO: Received Vendor ID: RFC 3947

2012-01-14 09:29:01: [rv220w][IKE] INFO: Received Vendor ID: DPD

2012-01-14 09:29:01: [rv220w][IKE] INFO: For 197.127.128.1[500], Selected NAT-T version: RFC 3947

2012-01-14 09:29:01: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:29:01: [rv220w][IKE] INFO: NAT-D payload matches for 197.143.198.1[500]

2012-01-14 09:29:01: [rv220w][IKE] INFO: NAT-D payload matches for 197.127.128.1[500]

2012-01-14 09:29:01: [rv220w][IKE] INFO: NAT not detected

2012-01-14 09:29:02: [rv220w][IKE] INFO: ISAKMP-SA established for 197.143.198.1[500]-197.127

.128.1[500

] with spi:ed4a08158ec9e2d6:728b8

2b6fd1f4ac

8

2012-01-14 09:29:02: [rv220w][IKE] INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]

2012-01-14 09:29:02: [rv220w][IKE] INFO: ISAKMP-SA expired 197.143.198.1[500]-197.127

.128.1[500

] spi:ed4a08158ec9e2d6:728b8

2b6fd1f4ac

8

2012-01-14 09:29:02: [rv220w][IKE] INFO: Sending Informational Exchange: delete payload[]

2012-01-14 09:29:03: [rv220w][IKE] INFO: ISAKMP-SA deleted for 197.143.198.1[500]-197.127

.128.1[500

] with spi:ed4a08158ec9e2d6:728b8

2b6fd1f4ac

8

2012-01-14 09:29:53: [rv220w][IKE] INFO: remote configuration for identifier "router2.vpn.com" found

2012-01-14 09:29:53: [rv220w][IKE] INFO: Received request for new phase 1 negotiation: 197.143.198.1[500]<=>197.1

27.128.1[5

00]

2012-01-14 09:29:53: [rv220w][IKE] INFO: Beginning Identity Protection mode.

2012-01-14 09:29:53: [rv220w][IKE] INFO: Received Vendor ID: RFC XXXX

2012-01-14 09:29:53: [rv220w][IKE] INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike

-02

2012-01-14 09:29:53: [rv220w][IKE] INFO: Received Vendor ID: RFC 3947

2012-01-14 09:29:53: [rv220w][IKE] INFO: Received Vendor ID: DPD

2012-01-14 09:29:53: [rv220w][IKE] INFO: For 197.127.128.1[500], Selected NAT-T version: RFC 3947

2012-01-14 09:29:53: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:29:53: [rv220w][IKE] INFO: NAT-D payload matches for 197.143.198.1[500]

2012-01-14 09:29:53: [rv220w][IKE] INFO: NAT-D payload matches for 197.127.128.1[500]

2012-01-14 09:29:53: [rv220w][IKE] INFO: NAT not detected

2012-01-14 09:29:53: [rv220w][IKE] INFO: ISAKMP-SA established for 197.143.198.1[500]-197.127

.128.1[500

] with spi:d18758312c138e74:463cf

cd4bc16eb8

9

2012-01-14 09:29:53: [rv220w][IKE] INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]

2012-01-14 09:29:53: [rv220w][IKE] INFO: ISAKMP-SA expired 197.143.198.1[500]-197.127

.128.1[500

] spi:d18758312c138e74:463cf

cd4bc16eb8

9

2012-01-14 09:29:53: [rv220w][IKE] INFO: Sending Informational Exchange: delete payload[]

2012-01-14 09:29:54: [rv220w][IKE] INFO: ISAKMP-SA deleted for 197.143.198.1[500]-197.127

.128.1[500

] with spi:d18758312c138e74:463cf

cd4bc16eb8

9

2012-01-14 09:31:00: [rv220w][IKE] INFO: remote configuration for identifier "router2.vpn.com" found

2012-01-14 09:31:00: [rv220w][IKE] INFO: Received request for new phase 1 negotiation: 197.143.198.1[500]<=>197.1

27.128.1[5

00]

2012-01-14 09:31:00: [rv220w][IKE] INFO: Beginning Identity Protection mode.

2012-01-14 09:31:00: [rv220w][IKE] INFO: Received Vendor ID: RFC XXXX

2012-01-14 09:31:00: [rv220w][IKE] INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike

-02

2012-01-14 09:31:00: [rv220w][IKE] INFO: Received Vendor ID: RFC 3947

2012-01-14 09:31:00: [rv220w][IKE] INFO: Received Vendor ID: DPD

2012-01-14 09:31:00: [rv220w][IKE] INFO: For 197.127.128.1[500], Selected NAT-T version: RFC 3947

2012-01-14 09:31:00: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:31:00: [rv220w][IKE] INFO: NAT-D payload matches for 197.143.198.1[500]

2012-01-14 09:31:00: [rv220w][IKE] INFO: NAT-D payload matches for 197.127.128.1[500]

2012-01-14 09:31:00: [rv220w][IKE] INFO: NAT not detected

2012-01-14 09:31:00: [rv220w][IKE] INFO: ISAKMP-SA established for 197.143.198.1[500]-197.127

.128.1[500

] with spi:037f625ec85cd352:36ffa

9dd66151db

5

2012-01-14 09:31:00: [rv220w][IKE] INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]

2012-01-14 09:31:01: [rv220w][IKE] INFO: ISAKMP-SA expired 197.143.198.1[500]-197.127

.128.1[500

] spi:037f625ec85cd352:36ffa

9dd66151db

5

2012-01-14 09:31:01: [rv220w][IKE] INFO: Sending Informational Exchange: delete payload[]

2012-01-14 09:31:02: [rv220w][IKE] INFO: ISAKMP-SA deleted for 197.143.198.1[500]-197.127

.128.1[500

] with spi:037f625ec85cd352:36ffa

9dd66151db

5

2012-01-14 09:31:51: [rv220w][IKE] INFO: Using IPsec SA configuration: 192.168.100.0/24<->10.0.0.

0/24

2012-01-14 09:31:51: [rv220w][IKE] INFO: remote configuration for identifier "router2.vpn.com" found

2012-01-14 09:31:51: [rv220w][IKE] INFO: Initiating new phase 1 negotiation: 197.143.198.1[500]<=>197.1

27.128.1[5

00]

2012-01-14 09:31:51: [rv220w][IKE] INFO: Beginning Identity Protection mode.

2012-01-14 09:31:51: [rv220w][IKE] INFO: [ident_i1send:180]: XXX: NUMNATTVENDORIDS: 3

2012-01-14 09:31:51: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 4

2012-01-14 09:31:51: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 8

2012-01-14 09:31:51: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 9

2012-01-14 09:31:51: [rv220w][IKE] INFO: Received Vendor ID: RFC 3947

2012-01-14 09:31:51: [rv220w][IKE] INFO: Received Vendor ID: DPD

2012-01-14 09:31:51: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:31:51: [rv220w][IKE] INFO: For 197.127.128.1[500], Selected NAT-T version: RFC 3947

2012-01-14 09:31:51: [rv220w][IKE] INFO: Received Vendor ID: KAME/racoon

2012-01-14 09:31:51: [rv220w][IKE] INFO: NAT-D payload matches for 197.143.198.1[500]

2012-01-14 09:31:51: [rv220w][IKE] INFO: NAT-D payload matches for 197.127.128.1[500]

2012-01-14 09:31:51: [rv220w][IKE] INFO: NAT not detected

2012-01-14 09:31:51: [rv220w][IKE] INFO: ISAKMP-SA established for 197.143.198.1[500]-197.127

.128.1[500

] with spi:b53bcc4e7c091dea:8c46f

c704d34634

6

2012-01-14 09:31:51: [rv220w][IKE] INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]

2012-01-14 09:31:51: [rv220w][IKE] INFO: ISAKMP-SA expired 197.143.198.1[500]-197.127

.128.1[500

] spi:b53bcc4e7c091dea:8c46f

c704d34634

6

2012-01-14 09:31:51: [rv220w][IKE] INFO: Sending Informational Exchange: delete payload[]

2012-01-14 09:31:52: [rv220w][IKE] INFO: ISAKMP-SA deleted for 197.143.198.1[500]-197.127

.128.1[500

] with spi:b53bcc4e7c091dea:8c46f

c704d34634

6

2012-01-14 09:32:01: [rv220w][IKE] INFO: remote configuration for identifier "router2.vpn.com" found

2012-01-14 09:32:01: [rv220w][IKE] INFO: Received request for new phase 1 negotiation: 197.143.198.1[500]<=>197.1

27.128.1[5

00]

2012-01-14 09:32:01: [rv220w][IKE] INFO: Beginning Identity Protection mode.

2012-01-14 09:32:01: [rv220w][IKE] INFO: Received Vendor ID: RFC XXXX

2012-01-14 09:32:01: [rv220w][IKE] INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike

-02

Community Member

Re: VPN Tunnel is not establishing on Site to Site VPN on Router

I have also attached the word format of both policies as copy and paste didnt paste the whole info I hope someone can help.

2887
Views
0
Helpful
7
Replies
CreatePlease to create content