1. Home
  2. Virtual Private Networks
  3. VPN with Netgear FVS338 fails

VPN with Netgear FVS338 fails

I want to establish a VPN connection from a client (Windows XP SP2, Netgear ProSafe VPN Client Software) over the internet to a Netgear FVS338 ProSafe VPN Firewall. After two days of trying, I'm starting to get mad. The process fails after initiating IKE Phase 2.

This is the log from the Netgear ProSafe VPN Client (leading date/time information was deleted for better reading):

Attempting to resolve Hostname (xxx.dyndns.org) Initiating IKE Phase 1 (Hostname=xxx.dyndns.org) (IP ADDR=xxx.xxx.xxx.xxx) SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID 6x) RECEIVED>> ISAKMP OAK AG *(HASH, NAT-D 2x, NOTIFY:STATUS_REPLAY_STATUS, NOTIFY:STATUS_INITIAL_CONTACT) Established IKE SA MY COOKIE db 4a a4 73 dd af 3 2b HIS COOKIE cd 99 66 5c 35 94 21 28 Initiating IKE Phase 2 with Client IDs (message id: 80266275) Initiator = IP ADDR=192.168.110.32, prot = 0 port = 0 Responder = IP ADDR=192.168.111.10, prot = 0 port = 0 SENDING>>>> ISAKMP OAK QM *(HASH, SA, NON, KE, ID 2x) QM re-keying timed out. Retry count: 1

This is the log from the router :

phase-I negotiation received NOTIFY PAYLOAD of notify type REPLAY_STATUS received NOTIFY PAYLOAD of notify type INITIAL_CONTACT IKE phase-I started Initiator SPD selectors received: IPADDR, 192.168.110.xx, proto 0, port 0 Responder SPD selectors received: IPADDR, 192.168.111.xx, proto 0, port 0 No matching SPD policy for the selectors received in IKE phase-II message IKE phase-II with message ID 80266275 failed

There are three retries which I removed for a better reading experience ;)

Phase 1 completes successfully, Phase 2 times out. At first, it is rather obvious, the entry in the security policy database must be wrong and the router stops responding because of this. But the entries look very good to me (I usually know what I'm doing) and we already tried every senseful and senseless combination possible.

Has anyone else encountered similar problems with the Netgear FVS338 router? We set up dozens of smaller routers with VPN, like the Netgear FVS318 and never had any problems. Firmware and Drivers are up to date

- before you ask ;)

What else (than wrong entries in the security policy database) could cause this problem?

Reply to
Nicolas Keller
Loading thread data ...

Reply to
davidl

We finally figured it out: The problem was that we used the VPN Wizard which build a wrong SPD entry you can't fix afterwards. You have to create an entry in the SPD database *manually*. Netgear Support confirmed it's a problem with the wizard (unfortunately we had half of the support center on the phone before someone told us ;-) ).

Thanks for helping!

Reply to
Nicolas Keller

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.