I have Linksys BEFSX41 VPN endpoint running Linksys firmware 1.52.9 (which is the latest/greatest and supposedly very reliable, and has worked well for me) that is a VPN client to a Watchguard Firebox X1000 running Fireware Pro and OS 8.2.1 (latest/greatest)
I am trying to establish an IPSEC VPN using the following setup: BEFSX41 client: Has a dyndns.org domain name X1000 server: static IP
The X1000 is set up to use a "Domain Name" for the Remote Gatway type and specifies the dyndns.org domain name for the BEFSX41.
If I use the remote gateway id type as IP address, and specify the IP address, the VPN is established right away. However, when I use the domain name as the remote gateway, IT NEVER WORKS.
I have been working with the Watchguard LiveSecurity folks for 3 days with no progress. They have given up and told me that there is something wrong on the Linksys but cannot identify anything. Based on talking to the Watchguard pre-sales tech people as well as looking through manuals, as well as letting watchguard livesecurity connect to and verify my settings, all indicate that all settings are right.
I will greatly appreciate any tips on how this can be achieved and a VPN can be established with the BEFSX41 not requiring a static IP and working with the domain name.
I have included some additional details below.
Some logs: BEFSX41 client2006-03-16 17:23:49 IKE Tx >> AG_I1 : SA, KE, Nonce, ID 2006-03-16 17:23:50 IKE Rx > AG_R1 : SA, KE, Nonce, ID, HASH 2006-03-16 17:23:56 IKE Rx > AG_R1 : SA, KE, Nonce, ID, HASH
X1000 server iked WARNING: Rejected phase 1 aggressive mode from (no matching policy) cookies i= r=0000000000 000000000 (multiple times)
Some settings for the VPN connection: Encryption DES Authentication MD5
----------- Auto. (IKE) PFS Disabled Key Lifetime: 3600 secs Advanced settings
--------------------- Phase 1 Op mode: Aggressive mode Proposal 1 Encryption: DES Authentication: MD5 Group: 768-bit
Phase 2 Proposal: Encrpytion: DES, Auth: MD5, PFS OFF Group 768-bit Key Lifetime: 3600 secs
NetBIOS broadcast: OFF Anti-replay: OFF Keep-Alive: ON
I have tested Main Mode, and also switching between User domain name and domain name, but none of that helps.