NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Ipsec vpn between srxn3205 doesn't connect.
Hello,
I'he a problem, our company has three sites connected by ipsec vpn. We are using a fvs318n and two srxn3205.
Suddenly, after many months of use, the ipsec vpn doesn't connect between the two srxn3205.
I would ask your support to solve this problem.
This is a vpn log for one of the srxn3205, I replaced firewalls ip address with ipA and ipB.
2016 Aug 23 12:21:15 [SRXN3205] [IKE] Configuration found for ipB._
2016 Aug 23 12:21:15 [SRXN3205] [IKE] accept a request to establish IKE-SA: ipB _
2016 Aug 23 12:21:05 [SRXN3205] [IKE] Setting DPD Vendor ID_
2016 Aug 23 12:21:05 [SRXN3205] [IKE] Beginning Identity Protection mode._
2016 Aug 23 12:21:05 [SRXN3205] [IKE] Initiating new phase 1 negotiation: ipA [500]<=>ipB [500]_
2016 Aug 23 12:21:05 [SRXN3205] [IKE] Configuration found for ipB ._
2016 Aug 23 12:21:05 [SRXN3205] [IKE] accept a request to establish IKE-SA: ipB _
2016 Aug 23 12:21:01 [SRXN3205] [IKE] Phase 1 negotiation failed due to time up for ipB [500]. 1fd466d1ef7c98d3:0000000000000000_
2016 Aug 23 12:20:57 [SRXN3205] [IKE] Phase 2 negotiation failed due to time up waiting for phase1. _
2016 Aug 23 12:20:57 [SRXN3205] [IKE] Invalid SA protocol type: 0_
Already done:
- firewall restarted, one at a time and simultaneously;
- ipsec vpn configurazione deleted and reconfigured on both;
- pre-shared key changed;
- netbios flag checked and unchecked.
Thanks in advance to all and kind regards.
Roberto
Hi netutente,
I'm glad to know that all of the VPN tunnels are now established between the FVS318N and the 2 SRXN3205. Its possible that the port you have configured on the firewall rules for the surveillance system have triggered the problem. It would be best that you state what happened to the surveillance system engineers and seek their advise as well.
I've noticed that the current firmware versions on both SRXN3205 and FVS318N are old already. I suggest you to upgrade the firmware of both SRXN3205 and FVS318N in a ladderized manner. For example, you will upgrade the firmware of the FVS318N from v4.2.1-2 to 4.3.0-19 then from v4.3.0-19 to v4.3.1-22 and so on until you reach the latest firmware v4.3.4-1. You may download the firmware versions for the FVS318N on this link. For the SRXN3205 firmware versions, click on this link.
Be reminded that it is recommended to perform a factory reset after doing a firmware upgrade then reconfigure it from scratch. You may want to get a screenshot of all the settings configured on the VPN firewalls as reference before you proceed with the firmware upgrade.
Regards,
DaneA
NETGEAR Community Team
8 Replies
Hi netutente,
Welcome to the community! :)
Kindly answer the questions below:
a. Are there any changes made within the configuration of the 2 SRXN3205 that might triggered the problem?
b. Is the ISP or Internet Service Provider the same on the sites where the 2 SRXN3205 are deployed?
c. What is the current firmware version of the 2 SRXN3205?
I look forward to your response.
Regards,
DaneA
NETGEAR Community Team
Hi DaneA,
thank you very much! :smileyhappy:
a. We added ad ip address under Security, Firewall, Lan Wan Rules to enable remote access for the surveillance system; this task hab been done on both firewalls.
b. No, the ISP are different. I can ping firewall wan address from one to other and vice versa;
b. Firmware version 3.0.7_24 on both.
Thanks again for your support.
netutente
Hi netutente,
Let us isolate the problem. Have you tried to disable the firewall rule you have newly created on both SRXN3205 then check if the VPN tunnel will establish between the 2 SRXN3205? I ask this because this is the only change you've made before the problem occurred.
Regards,
DaneA
NETGEAR Community Team
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
