NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

Subdivisions's avatar
Subdivisions
Aspirant
Jan 16, 2017
Solved

SRX5308 Box to Box VPN Connecting but no data passes through.

I have 2 SRX5308's in 2 office locations.  Im trying to connect them together via a box to box vpn so the phone vendor can use that connection to pass remote IP phone line and office data to the remote location.

 

I followed the guide, and have gotten the two sites to connect using the VPN Wizard which was very easy, but i cant browse the network or see any devices on either of the remote lans.

 

SITE A IP SCHEME: 192.168.1.0

SITE B IP SCHEME: 192.168.0.0

 

Here is the log from the remote srx5308

 

Any assistance would be very grateful.

 

Mon Jan 16 19:55:00 2017 (GMT +0000): [SRX5308] [IKE] INFO: [IPSEC_VPN] IPsec-SA established: ESP/Tunnel 24.105.249.46->108.58.27.178 with spi=164766230(0x9d22216)
Mon Jan 16 19:55:00 2017 (GMT +0000): [SRX5308] [IKE] INFO: [IPSEC_VPN] IPsec-SA established: ESP/Tunnel 108.58.27.178->24.105.249.46 with spi=189853723(0xb50f01b)
Mon Jan 16 19:55:00 2017 (GMT +0000): [SRX5308] [IKE] INFO: Using IPsec SA configuration: 192.168.1.1/24<->192.168.0.0/24
Mon Jan 16 19:55:00 2017 (GMT +0000): [SRX5308] [IKE] INFO: Responding to new phase 2 negotiation: 24.105.249.46[0]<=>108.58.27.178[0]
Mon Jan 16 19:54:57 2017 (GMT +0000): [SRX5308] [IKE] INFO: [IPSEC_VPN] Purged IPsec-SA with proto_id=ESP and spi=99962591(0x5f54edf).
Mon Jan 16 19:54:57 2017 (GMT +0000): [SRX5308] [IKE] INFO: [IPSEC_VPN] Purged IPsec-SA with proto_id=ESP and spi=127074769(0x79301d1).
Mon Jan 16 19:54:57 2017 (GMT +0000): [SRX5308] [IKE] INFO: an undead schedule has been deleted: 'pk_recvupdate'.
Mon Jan 16 19:36:41 2017 (GMT +0000): [SRX5308] [IKE] INFO: [IPSEC_VPN] IPsec-SA established: ESP/Tunnel 24.105.249.46->108.58.27.178 with spi=127074769(0x79301d1)
Mon Jan 16 19:36:41 2017 (GMT +0000): [SRX5308] [IKE] INFO: [IPSEC_VPN] IPsec-SA established: ESP/Tunnel 108.58.27.178->24.105.249.46 with spi=99962591(0x5f54edf)
Mon Jan 16 19:36:41 2017 (GMT +0000): [SRX5308] [IKE] INFO: Using IPsec SA configuration: 192.168.1.1/24<->192.168.0.0/24
Mon Jan 16 19:36:41 2017 (GMT +0000): [SRX5308] [IKE] INFO: Responding to new phase 2 negotiation: 24.105.249.46[0]<=>108.58.27.178[0]
Mon Jan 16 19:36:40 2017 (GMT +0000): [SRX5308] [IKE] INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]
Mon Jan 16 19:36:40 2017 (GMT +0000): [SRX5308] [IKE] INFO: ISAKMP-SA established for 24.105.249.46[500]-108.58.27.178[500] with spi:453f02470f29a64c:f4a7ed0b8d0a597d
Mon Jan 16 19:36:40 2017 (GMT +0000): [SRX5308] [IKE] INFO: NAT not detected
Mon Jan 16 19:36:40 2017 (GMT +0000): [SRX5308] [IKE] INFO: NAT-D payload matches for 108.58.27.178[500]
Mon Jan 16 19:36:40 2017 (GMT +0000): [SRX5308] [IKE] INFO: NAT-D payload matches for 24.105.249.46[500]
Mon Jan 16 19:36:40 2017 (GMT +0000): [SRX5308] [IKE] INFO: Received Vendor ID: KAME/racoon
Mon Jan 16 19:36:40 2017 (GMT +0000): [SRX5308] [IKE] INFO: For 108.58.27.178[500], Selected NAT-T version: RFC 3947
Mon Jan 16 19:36:40 2017 (GMT +0000): [SRX5308] [IKE] INFO: Received Vendor ID: DPD
Mon Jan 16 19:36:40 2017 (GMT +0000): [SRX5308] [IKE] INFO: Received Vendor ID: RFC 3947

Mon Jan 16 19:36:40 2017 (GMT +0000): [SRX5308] [IKE] INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Mon Jan 16 19:36:40 2017 (GMT +0000): [SRX5308] [IKE] INFO: Received Vendor ID: RFC XXXX
Mon Jan 16 19:36:40 2017 (GMT +0000): [SRX5308] [IKE] INFO: Beginning Identity Protection mode.
Mon Jan 16 19:36:40 2017 (GMT +0000): [SRX5308] [IKE] INFO: Received request for new phase 1 negotiation: 24.105.249.46[500]<=>108.58.27.178[500]
Mon Jan 16 19:36:40 2017 (GMT +0000): [SRX5308] [IKE] INFO: Configuration found for 108.58.27.178[500].
Mon Jan 16 19:36:22 2017 (GMT +0000): [SRX5308] [IKE] NOTIFY: The packet is retransmitted by 108.58.27.178[500].
Mon Jan 16 19:36:13 2017 (GMT +0000): [SRX5308] [IKE] ERROR: Malformed cookie received or the spi expired.
Mon Jan 16 19:36:12 2017 (GMT +0000): [SRX5308] [IKE] NOTIFY: The packet is retransmitted by 108.58.27.178[500].
Mon Jan 16 19:36:07 2017 (GMT +0000): [SRX5308] [IKE] INFO: Adding IKE configuration with identifier "Rehab_Alt_VPN"
Mon Jan 16 19:36:07 2017 (GMT +0000): [SRX5308] [IKE] INFO: Adding IPSec configuration with identifier "Rehab_Alt_VPN"
Mon Jan 16 19:36:03 2017 (GMT +0000): [SRX5308] [IKE] ERROR: Malformed cookie received or the spi expired.
Mon Jan 16 19:36:02 2017 (GMT +0000): [SRX5308] [IKE] NOTIFY: The packet is retransmitted by 108.58.27.178[500].
Mon Jan 16 19:35:53 2017 (GMT +0000): [SRX5308] [IKE] ERROR: Malformed cookie received or the spi expired.
Mon Jan 16 19:35:52 2017 (GMT +0000): [SRX5308] [IKE] NOTIFY: The packet is retransmitted by 108.58.27.178[500].
Mon Jan 16 19:35:43 2017 (GMT +0000): [SRX5308] [IKE] ERROR: Malformed cookie received or the spi expired.
Mon Jan 16 19:35:42 2017 (GMT +0000): [SRX5308] [IKE] NOTIFY: The packet is retransmitted by 108.58.27.178[500].
Mon Jan 16 19:35:33 2017 (GMT +0000): [SRX5308] [IKE] ERROR: Malformed cookie received or the spi expired.
Mon Jan 16 19:35:32 2017 (GMT +0000): [SRX5308] [IKE] NOTIFY: The packet is retransmitted by 108.58.27.178[500].
Mon Jan 16 19:35:23 2017 (GMT +0000): [SRX5308] [IKE] ERROR: Malformed cookie received or the spi expired.
Mon Jan 16 19:35:23 2017 (GMT +0000): [SRX5308] [IKE] NOTIFY: The packet is retransmitted by 108.58.27.178[500].
Mon Jan 16 19:35:13 2017 (GMT +0000): [SRX5308] [IKE] ERROR: Malformed cookie received or the spi expired.
Mon Jan 16 19:35:12 2017 (GMT +0000): [SRX5308] [IKE] NOTIFY: The packet is retransmitted by 108.58.27.178[500].
Mon Jan 16 19:35:03 2017 (GMT +0000): [SRX5308] [IKE] ERROR: Malformed cookie received or the spi expired.
Mon Jan 16 19:35:02 2017 (GMT +0000): [SRX5308] [IKE] NOTIFY: The packet is retransmitted by 108.58.27.178[500].
Mon Jan 16 19:34:57 2017 (GMT +0000): [SRX5308] [IKE] INFO: IKE configuration with identifier "to-jericho" deleted sucessfully
Mon Jan 16 19:34:57 2017 (GMT +0000): [SRX5308] [IKE] INFO: an undead schedule has been deleted: 'isakmp_ph1resend'.
Mon Jan 16 19:34:57 2017 (GMT +0000): [SRX5308] [IKE] INFO: an undead schedule has been deleted: 'purge_remote'.
Mon Jan 16 19:34:57 2017 (GMT +0000): [SRX5308] [IKE] INFO: Purged ISAKMP-SA with spi=7a403ea10500d622:d069e0c1bbc214a0.
Mon Jan 16 19:34:57 2017 (GMT +0000): [SRX5308] [IKE] WARNING: no phase2 bounded.
Mon Jan 16 19:34:57 2017 (GMT +0000): [SRX5308] [IKE] INFO: an undead schedule has been deleted: 'isakmp_ph1resend'.
Mon Jan 16 19:34:57 2017 (GMT +0000): [SRX5308] [IKE] INFO: an undead schedule has been deleted: 'purge_remote'.
Mon Jan 16 19:34:57 2017 (GMT +0000): [SRX5308] [IKE] INFO: Purged ISAKMP-SA with spi=30a697333da6385d:57f453c5082933f8.
Mon Jan 16 19:34:57 2017 (GMT +0000): [SRX5308] [IKE] WARNING: no phase2 bounded.
Mon Jan 16 19:34:57 2017 (GMT +0000): [SRX5308] [IKE] INFO: IPSec configuration with identifier "to-jericho" deleted sucessfully
Mon Jan 16 19:34:57 2017 (GMT +0000): [SRX5308] [IKE] WARNING: no phase2 found for "to-jericho"
Mon Jan 16 19:34:53 2017 (GMT +0000): [SRX5308] [IKE] INFO: Received Malformed packet of payload length 64365 and total length 40.
Mon Jan 16 19:34:53 2017 (GMT +0000): [SRX5308] [IKE] INFO: Received Malformed packet of payload length 64365 and total length 40.

Installation
Troubleshooting
  • ChenX's avatar
    ChenX
    Jan 18, 2017

    Hi Subdivisions

    policy.png

    Can you try to change the start ip from 192.168.0.254 to 192.168.0.0?then have atry?

     

    Regards

6 Replies

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More