Site to Site VPN doesn't work

FXV538 · #1 April 11th, 2012, 01:45 AM

We have tree locations which are connected with a FXV538 VPN firewall

Location 1 is connected with location 2 and location 1 is also connected with location 3.

Only the connection from location 1 to location 3 isn't working while the other one is working fine.

The is a BT DSL modem in front of the netgear in location 3 which is set to the "DMZ plus" mode so the netgear does have a public ip adres itself.

The vpn log shows the following error:

VPN Log netgear Location 3:

Code:

2012 Apr 11 10:18:18 [FVX538] [IKE] accept a request to establish IKE-SA: 77.xxx.xxx.xxx_
2012 Apr 11 10:18:18 [FVX538] [IKE] Configuration found for 77.xxx.xxx.xxx._
2012 Apr 11 10:18:18 [FVX538] [IKE] Initiating new phase 1 negotiation: 81.xxx.xxx.xxx[500]<=>77.xxx.xxx.xxx[500]_
2012 Apr 11 10:18:18 [FVX538] [IKE] Beginning Identity Protection mode._
2012 Apr 11 10:18:49 [FVX538] [IKE] Invalid SA protocol type: 0_
2012 Apr 11 10:18:49 [FVX538] [IKE] Phase 2 negotiation failed due to time up waiting for phase1. _
2012 Apr 11 10:19:18 [FVX538] [IKE] Phase 1 negotiation failed due to time up for 77.xxx.xxx.xxx[500]. 3957fddc595436d2:0000000000000000_

VPN log location 1:

Code:

2012 Apr 11 11:41:10 [FVX538] [IKE] Configuration found for 81.xxx.xxx.xxx._
2012 Apr 11 11:41:10 [FVX538] [IKE] Initiating new phase 1 negotiation: 77.xxx.xxx.xxx[500]<=>81.xxx.xxx.xxx[500]_
2012 Apr 11 11:41:10 [FVX538] [IKE] Beginning Identity Protection mode._
2012 Apr 11 11:41:10 [FVX538] [IKE] Setting DPD Vendor ID_
2012 Apr 11 11:41:41 [FVX538] [IKE] Invalid SA protocol type: 0_
2012 Apr 11 11:41:41 [FVX538] [IKE] Phase 2 negotiation failed due to time up waiting for phase1. _
2012 Apr 11 11:42:10 [FVX538] [IKE] Phase 1 negotiation failed due to time up for 81.xxx.xxx.xxx[500]. ecea7f2695195062:0000000000000000_
2012 Apr 11 11:42:46 [FVX538] [IKE] Configuration found for 81.xxx.xxx.xxx._
2012 Apr 11 11:42:46 [FVX538] [IKE] Initiating new phase 1 negotiation: 77.xxx.xxx.xxx[500]<=>81.xxx.xxx.xxx[500]_
2012 Apr 11 11:42:46 [FVX538] [IKE] Beginning Identity Protection mode._
2012 Apr 11 11:42:46 [FVX538] [IKE] Setting DPD Vendor ID_

The configuration from the the netgear from location 2 and 3 are exactly the same except the ip adressen. Does someone know why loction 3 doesn't connect with location 1?

adit · #2 April 11th, 2012, 06:39 AM

Check the settings in the IKE screens.

FXV538 · #3 April 13th, 2012, 02:01 AM

The IKE settings are oke (the other location is working fine). I managed to get the vpn working, there was a problem with the internet connection. Only the vpn disconnects after several hours, I have to recreate the policies several times to make it work. I tried different firmware versions but that didn't work.

jmizoguchi · #4 April 13th, 2012, 06:08 AM

Are you using sa life of 86400?

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode