NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
FVS318Gv1 connected to a FVS318Gv2
Hello. I have a question about the two models in the subject. My network was so composed: Net A) One FVS318G directly connected to Internet with static IP. Local lan IP 192.127.0.0/24 It was u...
What are you using for the ike and vpn profiles in terms of md5/des, etc? Set each one to the lower possible setting on both routers and see what happens. Disable all dpd on both sides for now. Let's see if we can get the tunnel up and then increase security until it breaks again.
Thanks SamirD, I have applied your suggestion and now the logs (taken from the v2) shows this:
Wed Apr 13 16:26:34 2016 (GMT +0200): [FVS318Gv2] [IKE] ERROR: invalid ID payload.
Wed Apr 13 16:26:34 2016 (GMT +0200): [FVS318Gv2] [IKE] WARNING: ID value mismatched.
Wed Apr 13 16:26:34 2016 (GMT +0200): [FVS318Gv2] [IKE] INFO: Received Vendor ID: DPD
Wed Apr 13 16:26:34 2016 (GMT +0200): [FVS318Gv2] [IKE] INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Wed Apr 13 16:26:34 2016 (GMT +0200): [FVS318Gv2] [IKE] INFO: Received Vendor ID: KAME/racoon
Wed Apr 13 16:26:32 2016 (GMT +0200): [FVS318Gv2] [IKE] ERROR: invalid ID payload.
Wed Apr 13 16:26:32 2016 (GMT +0200): [FVS318Gv2] [IKE] WARNING: ID value mismatched.
Wed Apr 13 16:26:32 2016 (GMT +0200): [FVS318Gv2] [IKE] INFO: Received Vendor ID: DPD
Wed Apr 13 16:26:32 2016 (GMT +0200): [FVS318Gv2] [IKE] INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Wed Apr 13 16:26:32 2016 (GMT +0200): [FVS318Gv2] [IKE] INFO: Received Vendor ID: KAME/racoon
Wed Apr 13 16:26:25 2016 (GMT +0200): [FVS318Gv2] [IKE] ERROR: invalid ID payload.
Wed Apr 13 16:26:25 2016 (GMT +0200): [FVS318Gv2] [IKE] WARNING: ID value mismatched.
Wed Apr 13 16:26:24 2016 (GMT +0200): [FVS318Gv2] [IKE] INFO: Received Vendor ID: DPD
Wed Apr 13 16:26:24 2016 (GMT +0200): [FVS318Gv2] [IKE] INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Wed Apr 13 16:26:24 2016 (GMT +0200): [FVS318Gv2] [IKE] INFO: Received Vendor ID: KAME/racoon
Wed Apr 13 16:26:22 2016 (GMT +0200): [FVS318Gv2] [IKE] ERROR: invalid ID payload.
Wed Apr 13 16:26:22 2016 (GMT +0200): [FVS318Gv2] [IKE] WARNING: ID value mismatched.
Wed Apr 13 16:26:22 2016 (GMT +0200): [FVS318Gv2] [IKE] INFO: Received Vendor ID: DPD
Wed Apr 13 16:26:22 2016 (GMT +0200): [FVS318Gv2] [IKE] INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Wed Apr 13 16:26:22 2016 (GMT +0200): [FVS318Gv2] [IKE] INFO: Received Vendor ID: KAME/racoon
Wed Apr 13 16:26:21 2016 (GMT +0200): [FVS318Gv2] [IKE] INFO: Configuration found for 88.14x.xxx.xxx.
Wed Apr 13 16:26:21 2016 (GMT +0200): [FVS318Gv2] [IKE] INFO: Configuration found for 88.14x.xxx.xxx.
Wed Apr 13 16:26:21 2016 (GMT +0200): [FVS318Gv2] [IKE] INFO: Using IPsec SA configuration: 192.127.0.0/24<->192.127.1.0/24
Play with the Dead Peer Detection on both devices. Try it in all combinations--both on, both off, local on remote off, local off remote on.
No effect :(
What are you using for the ike and vpn profiles in terms of md5/des, etc? Set each one to the lower possible setting on both routers and see what happens. Disable all dpd on both sides for now. Let's see if we can get the tunnel up and then increase security until it breaks again.
I have decreased the security to basic MD5 and DES encryption. The tunnel has gone up and now I am able to ping the PCs on both sides. So far this trick seems to work fine :)
I only don't figure out how is it possible. When the old router on Net A broke down I tested the new one in my lab connecting the two with success. Only when I deployed the new router in his rack I started to have problems. Maybe there are some provider's network devices which block or corrupt VPN traffic. Who knows :-/So far thank you very much!!
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
