NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

jgreenwell's avatar
jgreenwell
Follower
Sep 24, 2015

Netgear ProSafe VPN Firewall SRXN3205 not connecting.

Have one client that is not connecting to the VPN.  The client is Windows 7 SP3 I've verified that the windows firewall is configured to allow the client access through the firewall.  I've also checked that the router is set to allow IPSec through its firewall.  This is a copy of the console results.  Any thoughts would be appreciated.

 

[VPNCONF] TGBIKE_STARTED received
20150923 07:21:40:938 Default (SA ipiWIN7-P1) SEND phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [VID] [VID] [VID] [VID] [VID]
20150923 07:21:41:434 Default (SA ipiWIN7-P1) RECV phase 1 Aggressive Mode [HASH] [SA] [KEY_EXCH] [NONCE] [ID] [NAT_D] [NAT_D] [VID] [VID] [VID]
20150923 07:21:41:442 Default (SA ipiWIN7-P1) SEND phase 1 Aggressive Mode [HASH] [NAT_D] [NAT_D]
20150923 07:21:41:442 Default phase 1 done: initiator id srxn_remote.com, responder id srxn_local.com
20150923 07:21:41:449 Default (SA ipiWIN7-ipiWIN7-P2) SEND phase 2 Quick Mode [HASH] [SA] [KEY_EXCH] [NONCE] [ID] [ID]
20150923 07:21:46:454 Default (SA ipiWIN7-ipiWIN7-P2) SEND phase 2 Quick Mode [HASH] [SA] [KEY_EXCH] [NONCE] [ID] [ID]
20150923 07:21:51:455 Default (SA ipiWIN7-ipiWIN7-P2) SEND phase 2 Quick Mode [HASH] [SA] [KEY_EXCH] [NONCE] [ID] [ID]
20150923 07:21:51:518 Default (SA ipiWIN7-P1) SEND phase 1 Aggressive Mode [HASH] [NAT_D] [NAT_D]
20150923 07:21:56:519 Default (SA ipiWIN7-ipiWIN7-P2) SEND phase 2 Quick Mode [HASH] [SA] [KEY_EXCH] [NONCE] [ID] [ID]
20150923 07:22:01:520 Default (SA ipiWIN7-ipiWIN7-P2) SEND phase 2 Quick Mode [HASH] [SA] [KEY_EXCH] [NONCE] [ID] [ID]
20150923 07:22:01:586 Default (SA ipiWIN7-P1) SEND phase 1 Aggressive Mode [HASH] [NAT_D] [NAT_D]
20150923 07:22:06:586 Default (SA ipiWIN7-ipiWIN7-P2) SEND phase 2 Quick Mode [HASH] [SA] [KEY_EXCH] [NONCE] [ID] [ID]
20150923 07:22:06:586 Default transport_send_messages: giving up on message 01A8DE18
20150923 07:22:07:593 Default (SA ipiWIN7-P1) SEND Informational [HASH] [DELETE]
20150923 07:22:07:593 Default ipsec_del_contact: no contact: WSA(0)
20150923 07:22:07:594 Default <ipiWIN7-P1> deleted
20150923 07:22:11:664 Default message_recv: invalid cookie(s) e0b4355d2aae0b46 cc28654982166ed5
20150923 07:22:11:664 Default dropped message from 173.11.241.209 due to notification type INVALID_COOKIE
20150923 07:22:11:664 Default (SA <unknown>) SEND Informational [NOTIFY] with INVALID_COOKIE error
20150923 07:22:21:730 Default message_recv: invalid cookie(s) e0b4355d2aae0b46 cc28654982166ed5
20150923 07:22:21:730 Default dropped message from 173.11.241.209 due to notification type INVALID_COOKIE
20150923 07:22:21:730 Default (SA <unknown>) SEND Informational [NOTIFY] with INVALID_COOKIE error
20150923 07:22:31:796 Default message_recv: invalid cookie(s) e0b4355d2aae0b46 cc28654982166ed5
20150923 07:22:31:796 Default dropped message from 173.11.241.209 due to notification type INVALID_COOKIE
20150923 07:22:31:798 Default (SA <unknown>) SEND Informational [NOTIFY] with INVALID_COOKIE error

 

Verified that the preshared key is correct.

Ports 47,1723, 500, 4500 are open in the firewall

Have reset IKE no affect

Troubleshooting

1 Reply

  • DaneA's avatar
    DaneA
    NETGEAR Employee Retired
    Sep 27, 2015

    Hi jgreenwell,

     

    jgreenwell wrote:

    Have one client that is not connecting to the VPN.  

    Does this mean that you have other client that is/are able to connect to the VPN?

    jgreenwell wrote:

    The client is Windows 7 SP3 I've verified that the windows firewall is configured to allow the client access through the firewall.  

    Have you tried to disable the windows firewall or any anti-virus or software firewall (such as Norton, Kaspersky, etc.) then check if you will be able to establish the tunnel?

     

    A few more questions:

     

    a. What is the current firmware version of your SRXN3205?

    b. Are you using the NETGEAR Professional VPN Client software? If yes, what is the current version of it?

    c. Have you tried to delete then re-create the VPN & IKE policies using the NETGEAR VPN Wizard on the SRXN3205?

     

    Also, when I checked you profile, it seems that you will be getting an FVS318N in replacement of your SRXN3205 that got faulty.   Are you referring on another SRXN3205 regarding your concern that you have posted?

     

    I look forward to your response. Welcome to the community! :smileyhappy:

     

     

    Regards,

     

    DaneA

    NETGEAR Community Team

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More