NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
FVS336Gv2
Hi
I have a FVS336G
V2 DUAL WAN GIGABIT SSL VPN FIREWALL; Firmware Version: 3.1.1-08
It is on a static IP 204.116.141.37 with a local IP of 192.168.17.1.
Connection Type: Static IP
Connection State: Connected
IP Address: 204.116.141.37
Subnet Mask: 255.255.255.0
Gateway: 204.116.141.1
DNS Server: 8.8.8.8
For the VPM Client I am using Netgeat Prosafe
vpnconf.exe 5.51.001
tgbike.exe 4.4.1
comlib.dll 3.1.0.1
tgbstarter.exe 3.2.1.1
vpncfg.dll 2.2.1.1
tgblibeay32.dll 0.9.8j
tgb_configmode.dll 4.1.0.3
tgblogonui.exe 5.51
TgbCredProv.dll 5.51
TGBMPEnum.sys 1.00.02.0004 built by: WinDDK
TGBVPNVirtM.sys 1.01.04.0002 built by: WinDDK
Here is the issue;
I connect via the VPN but have no network access. I cannot ping the Firewall local IP of 192.168.17.1.
Under Networks a Network Connection is created; TGB Gateway-Tunnel that has Access Type “No Network access” with IP 10.10.10.10.
Read the manual several time do not know what to do next.
Here is the Client Log:
20140527 07:48:53:613 Default (SA Gateway-P1) SEND phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [VID] [VID] [VID] [VID] [VID]
20140527 07:48:54:193 Default (SA Gateway-P1) RECV phase 1 Aggressive Mode [HASH] [SA] [KEY_EXCH] [NONCE] [ID] [NAT_D] [NAT_D] [VID] [VID] [VID]
20140527 07:48:54:200 Default (SA Gateway-P1) SEND phase 1 Aggressive Mode [HASH] [NAT_D] [NAT_D]
20140527 07:48:54:200 Default phase 1 done: initiator id fvs_remote.com, responder id fvs_local.com
20140527 07:48:54:206 Default (SA Gateway-Tunnel-P2) SEND phase 2 Quick Mode [HASH] [SA] [KEY_EXCH] [NONCE] [ID] [ID]
20140527 07:48:54:343 Default (SA Gateway-P1) RECV Informational [HASH] [NOTIFY]
20140527 07:48:54:656 Default (SA Gateway-Tunnel-P2) RECV phase 2 Quick Mode [HASH] [SA] [KEY_EXCH] [NONCE] [ID] [ID]
20140527 07:48:54:657 Default (SA Gateway-Tunnel-P2) SEND phase 2 Quick Mode [HASH]
20140527 07:48:55:779 Default (SA Gateway-Tunnel-P2) [VirtualItf] Virtual Interface properly configured for instance 1 and ItfIndex 22.
Here is the Firewall log;
2014 May 27 11:48:57 [FVS336GV2] [IKE] IPsec-SA established[UDP encap 4500->4500]: ESP/Tunnel 192.168.17.1->108.90.148.15 with spi=1740604625(0x67bf84d1)_
2014 May 27 11:48:57 [FVS336GV2] [IKE] IPsec-SA established[UDP encap 4500->4500]: ESP/Tunnel 108.90.148.15->192.168.17.1 with spi=175523749(0xa7647a5)_
2014 May 27 11:48:56 [FVS336GV2] [IKE] Adjusting peer's encmode 61443(61443)->Tunnel(1)_
2014 May 27 11:48:56 [FVS336GV2] [IKE] No policy found, generating the policy : 192.168.0.139/32[0] 192.168.17.0/24[0] proto=any dir=in_
2014 May 27 11:48:56 [FVS336GV2] [IKE] Using IPsec SA configuration: 192.168.17.0/24<->0.0.0.0/0 from fvs_remote.com_
2014 May 27 11:48:56 [FVS336GV2] [IKE] Responding to new phase 2 negotiation: 192.168.17.1[0]<=>108.90.148.15[0]_
2014 May 27 11:48:56 [FVS336GV2] [IKE] Sending Informational Exchange: notify payload[INITIAL-CONTACT]_
2014 May 27 11:48:56 [FVS336GV2] [IKE] ISAKMP-SA established for 192.168.17.1[4500]-108.90.148.15[4500] with spi:9053e0da976da325:51973a55df55a5ea_
2014 May 27 11:48:56 [FVS336GV2] [IKE] NAT detected: Local is behind a NAT device. and alsoPeer is behind a NAT device_
2014 May 27 11:48:56 [FVS336GV2] [IKE] NAT-D payload does not match for 108.90.148.15[4500]_
2014 May 27 11:48:56 [FVS336GV2] [IKE] NAT-D payload does not match for 192.168.17.1[4500]_
2014 May 27 11:48:56 [FVS336GV2] [IKE] Floating ports for NAT-T with peer 108.90.148.15[4500]_
2014 May 27 11:48:56 [FVS336GV2] [IKE] Setting DPD Vendor ID_
2014 May 27 11:48:56 [FVS336GV2] [IKE] For 108.90.148.15[500], Selected NAT-T version: draft-ietf-ipsec-nat-t-ike-02_
2014 May 27 11:48:56 [FVS336GV2] [IKE] DPD is Enabled_
2014 May 27 11:48:56 [FVS336GV2] [IKE] Received Vendor ID: DPD_
- Last output repeated twice -
2014 May 27 11:48:56 [FVS336GV2] [IKE] Received unknown Vendor ID_
2014 May 27 11:48:56 [FVS336GV2] [IKE] Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02__
2014 May 27 11:48:56 [FVS336GV2] [IKE] Received unknown Vendor ID_
2014 May 27 11:48:56 [FVS336GV2] [IKE] Beginning Aggressive mode._
2014 May 27 11:48:56 [FVS336GV2] [IKE] Received request for new phase 1 negotiation: 192.168.17.1[500]<=>108.90.148.15[500]_
2014 May 27 11:48:56 [FVS336GV2] [IKE] Remote configuration for identifier "fvs_remote.com" found_
I have a FVS336G
V2 DUAL WAN GIGABIT SSL VPN FIREWALL; Firmware Version: 3.1.1-08
It is on a static IP 204.116.141.37 with a local IP of 192.168.17.1.
Connection Type: Static IP
Connection State: Connected
IP Address: 204.116.141.37
Subnet Mask: 255.255.255.0
Gateway: 204.116.141.1
DNS Server: 8.8.8.8
For the VPM Client I am using Netgeat Prosafe
vpnconf.exe 5.51.001
tgbike.exe 4.4.1
comlib.dll 3.1.0.1
tgbstarter.exe 3.2.1.1
vpncfg.dll 2.2.1.1
tgblibeay32.dll 0.9.8j
tgb_configmode.dll 4.1.0.3
tgblogonui.exe 5.51
TgbCredProv.dll 5.51
TGBMPEnum.sys 1.00.02.0004 built by: WinDDK
TGBVPNVirtM.sys 1.01.04.0002 built by: WinDDK
Here is the issue;
I connect via the VPN but have no network access. I cannot ping the Firewall local IP of 192.168.17.1.
Under Networks a Network Connection is created; TGB Gateway-Tunnel that has Access Type “No Network access” with IP 10.10.10.10.
Read the manual several time do not know what to do next.
Here is the Client Log:
20140527 07:48:53:613 Default (SA Gateway-P1) SEND phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [VID] [VID] [VID] [VID] [VID]
20140527 07:48:54:193 Default (SA Gateway-P1) RECV phase 1 Aggressive Mode [HASH] [SA] [KEY_EXCH] [NONCE] [ID] [NAT_D] [NAT_D] [VID] [VID] [VID]
20140527 07:48:54:200 Default (SA Gateway-P1) SEND phase 1 Aggressive Mode [HASH] [NAT_D] [NAT_D]
20140527 07:48:54:200 Default phase 1 done: initiator id fvs_remote.com, responder id fvs_local.com
20140527 07:48:54:206 Default (SA Gateway-Tunnel-P2) SEND phase 2 Quick Mode [HASH] [SA] [KEY_EXCH] [NONCE] [ID] [ID]
20140527 07:48:54:343 Default (SA Gateway-P1) RECV Informational [HASH] [NOTIFY]
20140527 07:48:54:656 Default (SA Gateway-Tunnel-P2) RECV phase 2 Quick Mode [HASH] [SA] [KEY_EXCH] [NONCE] [ID] [ID]
20140527 07:48:54:657 Default (SA Gateway-Tunnel-P2) SEND phase 2 Quick Mode [HASH]
20140527 07:48:55:779 Default (SA Gateway-Tunnel-P2) [VirtualItf] Virtual Interface properly configured for instance 1 and ItfIndex 22.
Here is the Firewall log;
2014 May 27 11:48:57 [FVS336GV2] [IKE] IPsec-SA established[UDP encap 4500->4500]: ESP/Tunnel 192.168.17.1->108.90.148.15 with spi=1740604625(0x67bf84d1)_
2014 May 27 11:48:57 [FVS336GV2] [IKE] IPsec-SA established[UDP encap 4500->4500]: ESP/Tunnel 108.90.148.15->192.168.17.1 with spi=175523749(0xa7647a5)_
2014 May 27 11:48:56 [FVS336GV2] [IKE] Adjusting peer's encmode 61443(61443)->Tunnel(1)_
2014 May 27 11:48:56 [FVS336GV2] [IKE] No policy found, generating the policy : 192.168.0.139/32[0] 192.168.17.0/24[0] proto=any dir=in_
2014 May 27 11:48:56 [FVS336GV2] [IKE] Using IPsec SA configuration: 192.168.17.0/24<->0.0.0.0/0 from fvs_remote.com_
2014 May 27 11:48:56 [FVS336GV2] [IKE] Responding to new phase 2 negotiation: 192.168.17.1[0]<=>108.90.148.15[0]_
2014 May 27 11:48:56 [FVS336GV2] [IKE] Sending Informational Exchange: notify payload[INITIAL-CONTACT]_
2014 May 27 11:48:56 [FVS336GV2] [IKE] ISAKMP-SA established for 192.168.17.1[4500]-108.90.148.15[4500] with spi:9053e0da976da325:51973a55df55a5ea_
2014 May 27 11:48:56 [FVS336GV2] [IKE] NAT detected: Local is behind a NAT device. and alsoPeer is behind a NAT device_
2014 May 27 11:48:56 [FVS336GV2] [IKE] NAT-D payload does not match for 108.90.148.15[4500]_
2014 May 27 11:48:56 [FVS336GV2] [IKE] NAT-D payload does not match for 192.168.17.1[4500]_
2014 May 27 11:48:56 [FVS336GV2] [IKE] Floating ports for NAT-T with peer 108.90.148.15[4500]_
2014 May 27 11:48:56 [FVS336GV2] [IKE] Setting DPD Vendor ID_
2014 May 27 11:48:56 [FVS336GV2] [IKE] For 108.90.148.15[500], Selected NAT-T version: draft-ietf-ipsec-nat-t-ike-02_
2014 May 27 11:48:56 [FVS336GV2] [IKE] DPD is Enabled_
2014 May 27 11:48:56 [FVS336GV2] [IKE] Received Vendor ID: DPD_
- Last output repeated twice -
2014 May 27 11:48:56 [FVS336GV2] [IKE] Received unknown Vendor ID_
2014 May 27 11:48:56 [FVS336GV2] [IKE] Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02__
2014 May 27 11:48:56 [FVS336GV2] [IKE] Received unknown Vendor ID_
2014 May 27 11:48:56 [FVS336GV2] [IKE] Beginning Aggressive mode._
2014 May 27 11:48:56 [FVS336GV2] [IKE] Received request for new phase 1 negotiation: 192.168.17.1[500]<=>108.90.148.15[500]_
2014 May 27 11:48:56 [FVS336GV2] [IKE] Remote configuration for identifier "fvs_remote.com" found_
2 Replies
108.90.148.15
Where this originated?- Its been a while since I've messed with Netgear VPN, but it also looks like the endpoints are setup incorrectly. If memory serves, the remote end should be trying to connect to your public IP on the WAN port and not the LAN IP.
This section - > 192.168.17.1->108.90.148.15.
Seeing the setup config would help a lot.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
