- United States
- English
- Worldwide
|
#1
March 25th, 2008, 03:09 AM
|
|||
|
|||
FVS114 VPN cant see lan
I have the fvs114 at the office with version 1.1_14 firmware and use vpn client 10.8 at home. I can connect successfully but can't ping or see anything on the lan.
I am using different subnets and have noticed in the logs once it connects it gets 6 retransmission errors and the virtual adapter never receives more than than 224 bytes. I have called netgear support 4 or 5 times now and they have tried many different troubleshooting techniques and eventually sent me a new fvs114 but I am still getting the exact same problem. Please help! 
|
|
#2
March 25th, 2008, 05:26 AM
|
||||
|
||||
Re: FVS114 VPN cant see lan
http://vpncasestudy.com/download/pdf/no_ping.pdf
http://vpncasestudy.com/download/pdf...k_browsing.pdf disable firewall on PC behind FVS114
__________________
VPN Case Study (www.vpncasestudy.com) Our Second To None VPN Related Setup Case Study "One Stop Solution To Your Netgear VPN Connectivity" *Visit the site for Non-VPN related Doc & Links* [Windows & Mac user/support] Most Other Useful Docs -"General Technical Documentation", "Router Reset", "Router Setup", "Print Server Tips", "Remote Admin" "Wireless Tips" Forum Policy June Mizoguchi-i....@vpncasestudy.com
|
|
#3
March 25th, 2008, 05:42 AM
|
||||
|
||||
|
Re: FVS114 VPN cant see lan
Also can you please post screen shot of both the router and client VPN configuration screens? Make sure you scrub out any WAN IP's and Preshared Keys.
Thanks
__________________
Guy Adams Check out my blog 'Guy Adams on Technology' here (external link) Forum Rules - Post screenshots for free VPN Tutorials, Tips & Tricks - ProSafe Firmware Upgrade - Interface Demo's
|
|
#4
March 25th, 2008, 01:03 PM
|
|||
|
|||
|
Re: FVS114 VPN cant see lan
I have copied in the logs from the client and the router.
CLIENT LOGS: 3-25: 20:41:25.037 My Connections\CLIENT - Initiating IKE Phase 1 (IP ADDR=81.X.X.X) 3-25: 20:41:25.333 My Connections\CLIENT - SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID 6x) 3-25: 20:41:30.349 My Connections\CLIENT - RECEIVED<<< ISAKMP OAK AG (SA, KE, NON, ID, HASH) 3-25: 20:41:30.521 My Connections\CLIENT - SENDING>>>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_REPLAY_STATUS, NOTIFY:STATUS_INITIAL_CONTACT) 3-25: 20:41:30.521 My Connections\CLIENT - Established IKE SA 3-25: 20:41:30.521 My Connections\CLIENT - MY COOKIE 18 c3 da c1 88 45 94 9b 3-25: 20:41:30.521 My Connections\CLIENT - HIS COOKIE da f5 61 85 a4 41 5 9e 3-25: 20:41:31.412 Virtual Interface constructed for local interface 10.0.0.100 3-25: 20:41:36.927 Virtual Interface added: 10.0.0.X/255.255.255.255 on ISDN "SafeNet VA miniport". 3-25: 20:41:37.068 Clearing arp for adapter 917508 3-25: 20:41:37.271 Route 81.X.X.X->192.168.1.254 added. 3-25: 20:41:37.380 My Connections\CLIENT - Initiating IKE Phase 2 with Client IDs (message id: 868FCCB8) 3-25: 20:41:37.380 My Connections\CLIENT - Initiator = IP ADDR=10.0.0.X, prot = 0 port = 0 3-25: 20:41:37.380 My Connections\CLIENT - Responder = IP SUBNET/MASK=192.168.X.X/255.255.255.0, prot = 0 port = 0 3-25: 20:41:37.380 My Connections\CLIENT - SENDING>>>> ISAKMP OAK QM *(HASH, SA, NON, ID 2x) 3-25: 20:41:37.677 My Connections\CLIENT - RECEIVED<<< ISAKMP OAK QM *(HASH, SA, NON, ID 2x) 3-25: 20:41:37.755 My Connections\CLIENT - Filter entry 3 added: SECURE 010.000.000.X&255.255.255.255 192.168.000.X&255.255.255.000 081.138.013.185 3-25: 20:41:37.833 Route 192.168.X.X/255.255.255.0->10.0.0.100 added. 3-25: 20:41:37.849 My Connections\CLIENT - SENDING>>>> ISAKMP OAK QM *(HASH) 3-25: 20:41:37.849 My Connections\CLIENT - Loading IPSec SA (Message ID = 868FCCB8 OUTBOUND SPI = B3329333 INBOUND SPI = 7D3B363) 3-25: 20:41:37.849 3-25: 20:41:41.615 My Connections\CLIENT - RECEIVED<<< ISAKMP OAK QM *(Retransmission) 3-25: 20:41:41.615 My Connections\CLIENT - SENDING>>>> ISAKMP OAK QM *(Retransmission) 3-25: 20:41:46.615 My Connections\CLIENT - RECEIVED<<< ISAKMP OAK QM *(Retransmission) 3-25: 20:41:46.615 My Connections\CLIENT - SENDING>>>> ISAKMP OAK QM *(Retransmission) 3-25: 20:41:51.615 My Connections\CLIENT - RECEIVED<<< ISAKMP OAK QM *(Retransmission) 3-25: 20:41:51.615 My Connections\CLIENT - SENDING>>>> ISAKMP OAK QM *(Retransmission) ROUTER LOGS: [2008-03-25 12:40:44]**** AGGR MODE COMPLETED **** [2008-03-25 12:40:44][==== IKE PHASE 1 ESTABLISHED====] [2008-03-25 12:40:50][==== IKE PHASE 2(from 81.X.X.X) START (responder) ====] [2008-03-25 12:40:50]**** RECEIVED FIRST MESSAGE OF QUICK MODE **** [2008-03-25 12:40:50]**** FOUND IDs,EXTRACE ID INFO **** [2008-03-25 12:40:50]<Initiator IPADDR=10.0.0.X> [2008-03-25 12:40:50]<Responder IPADDR=192.168.0.X MASK=255.255.255.0> [2008-03-25 12:40:50]**** SENT OUT SECOND MESSAGE OF QUICK MODE **** [2008-03-25 12:40:51]**** RECEIVED THIRD MESSAGE OF QUICK MODE **** [2008-03-25 12:40:51]<POLICY: client> PAYLOADS: HASH [2008-03-25 12:40:51]**** QUICK MODE COMPLETED **** [2008-03-25 12:40:51][==== IKE PHASE 2 ESTABLISHED====] [2008-03-25 12:40:55]DISCARDING RETRANSMITTED PACKET... [2008-03-25 12:41:00]DISCARDING RETRANSMITTED PACKET... [2008-03-25 12:41:05]DISCARDING RETRANSMITTED PACKET
|
|
#5
March 25th, 2008, 01:11 PM
|
|||
|
|||
|
Re: FVS114 VPN cant see lan
I forgot to add that I have disabled the firewall on the PC connected to the fvs114 and temporarily disabled the firewall on the client PC.
|
|
#6
March 25th, 2008, 03:01 PM
|
||||
|
||||
|
Re: FVS114 VPN cant see lan
need to see the screenshot on both side
__________________
VPN Case Study (www.vpncasestudy.com) Our Second To None VPN Related Setup Case Study "One Stop Solution To Your Netgear VPN Connectivity" *Visit the site for Non-VPN related Doc & Links* [Windows & Mac user/support] Most Other Useful Docs -"General Technical Documentation", "Router Reset", "Router Setup", "Print Server Tips", "Remote Admin" "Wireless Tips" Forum Policy June Mizoguchi-i....@vpncasestudy.com
|
|
#7
March 25th, 2008, 04:34 PM
|
||||
|
||||
|
Re: FVS114 VPN cant see lan
Don't mask the internal IP's (10.x.x.x/192.168.x.x) in the logs. We cannot determine if you have set the tunnels up correctly.
You only need to mask the Public IP's and your PSK.
__________________
. Forum Rules - Post Screenshots on ImageShack for Free - Firmware Upgrade Procedure . Online Subnet Calculator - LAN Subnets NOT to Use - SA Lifetime Guidelines - Hex/IP Converter . Free Netgear Support Online Trouble Ticket Submissions 1-888-NETGEAR 4,3 Netgear Knowledge Base . VPN Router Support, Interface Demos,and Marketing Pages: . SRX5308 S M - FVS336G S I I M - FVS318G S M - FVS318N S M - FVS338 S I I M - SRXN3205 S M - VPNG01/5L S M - FVS318 S I I M - DGFV338B S I M - FVG318 S I I M - SSL312 S I M - FVX538 S I I . FVS114 - FVS124G - FVS328 - FVL328 - FWG114P - GPL Firmware Code - MyOpenRouter - VPNC Docs . Click Here for my VPN Client and Mode Config VPN Client Tutorials . ProSecure STM/UTM Appliance User Forum - Prosecure Marketing Website . . Good Luck...ADIT FYI - I am a Reseller and not employed by Netgear
|
|
#8
March 26th, 2008, 01:04 AM
|
|||
|
|||
|
Re: FVS114 VPN cant see lan
Here it is...
3-25: 20:41:25.037 My Connections\CLIENT - Initiating IKE Phase 1 (IP ADDR=81.X.X.X) 3-25: 20:41:25.333 My Connections\CLIENT - SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID 6x) 3-25: 20:41:30.349 My Connections\CLIENT - RECEIVED<<< ISAKMP OAK AG (SA, KE, NON, ID, HASH) 3-25: 20:41:30.521 My Connections\CLIENT - SENDING>>>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_REPLAY_STATUS, NOTIFY:STATUS_INITIAL_CONTACT) 3-25: 20:41:30.521 My Connections\CLIENT - Established IKE SA 3-25: 20:41:30.521 My Connections\CLIENT - MY COOKIE 18 c3 da c1 88 45 94 9b 3-25: 20:41:30.521 My Connections\CLIENT - HIS COOKIE da f5 61 85 a4 41 5 9e 3-25: 20:41:31.412 Virtual Interface constructed for local interface 10.0.0.100 3-25: 20:41:36.927 Virtual Interface added: 10.0.0.100/255.255.255.255 on ISDN "SafeNet VA miniport". 3-25: 20:41:37.068 Clearing arp for adapter 917508 3-25: 20:41:37.271 Route 81.X.X.X->192.168.1.254 added. 3-25: 20:41:37.380 My Connections\CLIENT - Initiating IKE Phase 2 with Client IDs (message id: 868FCCB8) 3-25: 20:41:37.380 My Connections\CLIENT - Initiator = IP ADDR=10.0.0.100, prot = 0 port = 0 3-25: 20:41:37.380 My Connections\CLIENT - Responder = IP SUBNET/MASK=192.168.0.0/255.255.255.0, prot = 0 port = 0 3-25: 20:41:37.380 My Connections\CLIENT - SENDING>>>> ISAKMP OAK QM *(HASH, SA, NON, ID 2x) 3-25: 20:41:37.677 My Connections\CLIENT - RECEIVED<<< ISAKMP OAK QM *(HASH, SA, NON, ID 2x) 3-25: 20:41:37.755 My Connections\CLIENT - Filter entry 3 added: SECURE 010.000.000.100&255.255.255.255 192.168.000.000&255.255.255.000 081.138.013.185 3-25: 20:41:37.833 Route 192.168.0.0/255.255.255.0->10.0.0.100 added. 3-25: 20:41:37.849 My Connections\CLIENT - SENDING>>>> ISAKMP OAK QM *(HASH) 3-25: 20:41:37.849 My Connections\CLIENT - Loading IPSec SA (Message ID = 868FCCB8 OUTBOUND SPI = B3329333 INBOUND SPI = 7D3B363) 3-25: 20:41:37.849 3-25: 20:41:41.615 My Connections\CLIENT - RECEIVED<<< ISAKMP OAK QM *(Retransmission) 3-25: 20:41:41.615 My Connections\CLIENT - SENDING>>>> ISAKMP OAK QM *(Retransmission) 3-25: 20:41:46.615 My Connections\CLIENT - RECEIVED<<< ISAKMP OAK QM *(Retransmission) 3-25: 20:41:46.615 My Connections\CLIENT - SENDING>>>> ISAKMP OAK QM *(Retransmission) 3-25: 20:41:51.615 My Connections\CLIENT - RECEIVED<<< ISAKMP OAK QM *(Retransmission) 3-25: 20:41:51.615 My Connections\CLIENT - SENDING>>>> ISAKMP OAK QM *(Retransmission) ROUTER LOGS: [2008-03-25 12:40:44]**** AGGR MODE COMPLETED **** [2008-03-25 12:40:44][==== IKE PHASE 1 ESTABLISHED====] [2008-03-25 12:40:50][==== IKE PHASE 2(from 81.X.X.X) START (responder) ====] [2008-03-25 12:40:50]**** RECEIVED FIRST MESSAGE OF QUICK MODE **** [2008-03-25 12:40:50]**** FOUND IDs,EXTRACE ID INFO **** [2008-03-25 12:40:50]<Initiator IPADDR=10.0.0.100> [2008-03-25 12:40:50]<Responder IPADDR=192.168.0.0 MASK=255.255.255.0> [2008-03-25 12:40:50]**** SENT OUT SECOND MESSAGE OF QUICK MODE **** [2008-03-25 12:40:51]**** RECEIVED THIRD MESSAGE OF QUICK MODE **** [2008-03-25 12:40:51]<POLICY: client> PAYLOADS: HASH [2008-03-25 12:40:51]**** QUICK MODE COMPLETED **** [2008-03-25 12:40:51][==== IKE PHASE 2 ESTABLISHED====] [2008-03-25 12:40:55]DISCARDING RETRANSMITTED PACKET... [2008-03-25 12:41:00]DISCARDING RETRANSMITTED PACKET... [2008-03-25 12:41:05]DISCARDING RETRANSMITTED PACKET Reply With Quote
|
|
#9
March 26th, 2008, 01:43 AM
|
||||
|
||||
|
Re: FVS114 VPN cant see lan
The tunnel connects successfully but does not necessarily mean that it is configured correctly.
Can you ping the 114 LAN IP? Can you ping the 114 WAN IP? How is the VPN Client PC connected to the Internet? Who are the ISPs? What is on 192.168.1.254? Screenshots of your configs would help. www.imageshack.us
__________________
. Forum Rules - Post Screenshots on ImageShack for Free - Firmware Upgrade Procedure . Online Subnet Calculator - LAN Subnets NOT to Use - SA Lifetime Guidelines - Hex/IP Converter . Free Netgear Support Online Trouble Ticket Submissions 1-888-NETGEAR 4,3 Netgear Knowledge Base . VPN Router Support, Interface Demos,and Marketing Pages: . SRX5308 S M - FVS336G S I I M - FVS318G S M - FVS318N S M - FVS338 S I I M - SRXN3205 S M - VPNG01/5L S M - FVS318 S I I M - DGFV338B S I M - FVG318 S I I M - SSL312 S I M - FVX538 S I I . FVS114 - FVS124G - FVS328 - FVL328 - FWG114P - GPL Firmware Code - MyOpenRouter - VPNC Docs . Click Here for my VPN Client and Mode Config VPN Client Tutorials . ProSecure STM/UTM Appliance User Forum - Prosecure Marketing Website . . Good Luck...ADIT FYI - I am a Reseller and not employed by Netgear
|
|
#10
March 26th, 2008, 02:02 AM
|
|||
|
|||
|
Re: FVS114 VPN cant see lan
HI,
When the VPN connects, I can still ping the WAN IP but never the LAN IP, never mind a server. Both connections are using BT broadband. Netgear support in America was provided access directly to the FVS114 and setup an IKE and VPN policy but they got the exact same problem in that they connected up a VPN tunnel but the FVS114 dropped packets and had the same retransmission errors. 192.168.1.254 is my client side router.
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT -8. The time now is 02:31 PM.