NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

dna894's avatar
dna894
Aspirant
Oct 28, 2015
Solved

FVS318G VPN failure

I have a FSV318G for years.  I'm using shrewsoft VPN client to to connect to it from multiple locations and its worked for months and months with no problems until  last thursday...  Now I can't connect to the VPN router from any client.

 

Shrewsoft client output:

 

 config loaded for site 'office.vpn'
 attached to key daemon ...
 peer configured
 iskamp proposal configured
 esp proposal configured
 client configured
 local id configured
 remote id configured
 pre-shared key configured
 bringing up tunnel ...
 network device configured
 tunnel enabled
 negotiation timout occurred
 tunnel disabled
 detached from key daemon

 

Which usually indicates that phase one completes. But the router VPN logs:

 

 

2015 Oct 28 12:24:41 [FVS318g] [IKE] Phase 1 negotiation failed due to time up for 17.58.98.236[500]. 7dbe94b6e00a6439:1152eb82ad35cc99_

2015 Oct 28 12:23:41 [FVS318g] [IKE] Setting DPD Vendor ID_

2015 Oct 28 12:23:40 [FVS318g] [IKE] For 17.58.98.236[500], Selected NAT-T version: draft-ietf-ipsec-nat-t-ike-02_

2015 Oct 28 12:23:40 [FVS318g] [IKE] Received Vendor ID: CISCO-UNITY_

                - Last output repeated 5 times -

2015 Oct 28 12:23:40 [FVS318g] [IKE] Received unknown Vendor ID_

2015 Oct 28 12:23:40 [FVS318g] [IKE] Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02__

                - Last output repeated twice -

2015 Oct 28 12:23:40 [FVS318g] [IKE] Received unknown Vendor ID_

2015 Oct 28 12:23:40 [FVS318g] [IKE] Beginning Aggressive mode._

2015 Oct 28 12:23:40 [FVS318g] [IKE] Received request for new phase 1 negotiation: 10.1.10.191[500]<=>17.58.98.236[500]_

2015 Oct 28 12:23:40 [FVS318g] [IKE] Remote configuration for identifier "pb.local" found_

 

There is a cable modem router in front of the FVS318G buts its been there all along.

 

Help

  • No, it goes back to the ISP router.  It was either "bridged" like I said, or they had the 318 in the ISP router DMZ and were forwarding the ports to the 318 (not the ideal setup).

     

     

     

8 Replies

  • Does the 318 have a public IP on it's WAN?  Check in the setup.

     

    Do you have a static IP?

     

    Are you using DynDNS?

     

    Who is the ISP?

    • dna894's avatar
      dna894
      Aspirant

      the 316 does NOT have a public IP.

      The facility does NOT have a static IP but the dynamic public IP has NOT changed in months

      yes we are using dyndns.

      the ISP is comcast.

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More