NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
SRX5308 IPsec Mode Config - [IKE] ERROR: No configuration found for...
I have a real simple configuration for a Client-to-Gateway VPN setup. Basic tunnels seem to be working fine, but when I try to setup
a Mode Config policy I'm getting an error upon connect and can't ping resources on the VPN Lan.
Notice the Local IP Address at the end of the Mode Config record is 192.168.1.0. The manual says to leave it blank and it will default to the address of the gateway, which is 192.168.1.1. If I leave it blank this erroneous address automatically gets entered and if I try to manually enter the right one I get an error saying it's an invaild address?
Then when I connect I get the following error:
I think this is the issue. How do I get around this or do it correctly? The manual isn't any help and I have googled my old brian about dead.
Thanks for any clue you can give me!
CC
Thanks for the reply okadis and thanks for the link to that site, it's very helpful!
I was able to find a solution. Turns out the firewall configuration works just fine. All I needed to do was use 192.168.1.0 in the CLIENT configuration as the Remote LAN Address, then everything worked.
Now to me this is 2 "bugs" in the SRX5308 for Mode Config Record:
1. 192.168.1.0 isn't the subnet address on the Local LAN, it's 192.168.1.1 ; The manual says if left blank it will default to the LAN subnet, which it doesn't, it defaults to 192.168.1.0
2. It will not let you enter ANY ip address here; It has to be left blank.
Maybe I'm missing something here, but it's working perfectly after just using what's there in the client end.
Should have been simple. Oh well...
CC
2 Replies
Hi,
I compared your screnshots to our local configuration. On http://www.vpncasestudy.com/ I read that you should use an pool IP-range that is not part of your network (in your case e.g. 192.168.2.1 to 192.168.2.100). You don't need to specify those Adresses elsewhere which gave me a hard time to accept, too. The device seems to automatically treat those IP adresses as part of your network even if not declared at network configuration page.
Based on your screenshots this are the only differences I can see. I don't know if it solves your problem, too.
Best regards
okadis
Thanks for the reply okadis and thanks for the link to that site, it's very helpful!
I was able to find a solution. Turns out the firewall configuration works just fine. All I needed to do was use 192.168.1.0 in the CLIENT configuration as the Remote LAN Address, then everything worked.
Now to me this is 2 "bugs" in the SRX5308 for Mode Config Record:
1. 192.168.1.0 isn't the subnet address on the Local LAN, it's 192.168.1.1 ; The manual says if left blank it will default to the LAN subnet, which it doesn't, it defaults to 192.168.1.0
2. It will not let you enter ANY ip address here; It has to be left blank.
Maybe I'm missing something here, but it's working perfectly after just using what's there in the client end.
Should have been simple. Oh well...
CC
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
