NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

PeterBroersen's avatar
PeterBroersen
Aspirant
Feb 08, 2017

SRX5308 VPN to FVS318v3

Does anybody know if it is possible to set up a VPN connection between a SRX5308 and a FVS318v3? I have succesfully connected 2 FVS318v3's with VPN, but now 1 of them needs to be replaced because th...
Solutions
Troubleshooting
  • PeterBroersen's avatar
    PeterBroersen
    Aspirant
    Feb 09, 2017

    Hello Dan,

     

    Thanks for your answer. But unfortunately: I already tried to use the wizard.

    On the SRX5308 I see 'IPsec SA Not Established' on the Connection Status-tab.

    And on the Monitoring-page on the tab 'VPN Logs':

     

    Thu Feb 09 10:47:06 2017 (GMT +0100): [SRX5308] [IKE] ERROR:  Phase 1 negotiation failed due to time up for 83.***.***.69[500]. 6cf7de814b79cabb:cdc28d9e092f42f8
    Thu Feb 09 10:46:58 2017 (GMT +0100): [SRX5308] [IKE] ERROR:  Ignore information because the message has no hash payload.
    Thu Feb 09 10:46:52 2017 (GMT +0100): [SRX5308] [IKE] INFO:  Received Malformed packet of payload length 12644 and total length 40.
    Thu Feb 09 10:46:47 2017 (GMT +0100): [SRX5308] [IKE] INFO:  Received Malformed packet of payload length 12644 and total length 40.
    Thu Feb 09 10:46:42 2017 (GMT +0100): [SRX5308] [IKE] INFO:  Received Malformed packet of payload length 12644 and total length 40.
    Thu Feb 09 10:46:37 2017 (GMT +0100): [SRX5308] [IKE] ERROR:  invalid ID payload.
    Thu Feb 09 10:46:37 2017 (GMT +0100): [SRX5308] [IKE] WARNING:  ID value mismatched.
    Thu Feb 09 10:46:34 2017 (GMT +0100): [SRX5308] [IKE] INFO:  Beginning Identity Protection mode.
    Thu Feb 09 10:46:34 2017 (GMT +0100): [SRX5308] [IKE] INFO:  Received request for new phase 1 negotiation: 192.168.178.51[500]<=>83.***.***.69[500]
    Thu Feb 09 10:46:34 2017 (GMT +0100): [SRX5308] [IKE] INFO:  Configuration found for 83.***.***.69[500].
    Thu Feb 09 10:46:26 2017 (GMT +0100): [SRX5308] [IKE] ERROR:  Phase 1 negotiation failed due to time up for 83.***.***.69[500]. 6d54b0ccf4b96a46:5db092d37e9b5e44
    Thu Feb 09 10:46:18 2017 (GMT +0100): [SRX5308] [IKE] ERROR:  Ignore information because the message has no hash payload.
    Thu Feb 09 10:46:13 2017 (GMT +0100): [SRX5308] [IKE] INFO:  Received Malformed packet of payload length 807 and total length 40.
    Thu Feb 09 10:46:08 2017 (GMT +0100): [SRX5308] [IKE] INFO:  Received Malformed packet of payload length 807 and total length 40.

     

    On the FVS318v3 VPN Status/Log:

    [2017-02-09 11:43:26]<POLICY: VPN-GEIT> PAYLOADS: SA,PROP,TRANS,VID,VID
    [2017-02-09 11:43:27]**** SENT OUT  THIRD MESSAGE OF MAIN MODE ****
    [2017-02-09 11:43:27]<POLICY: VPN-GEIT> PAYLOADS: KE,NONCE
    [2017-02-09 11:43:27]**** RECEIVED FOURTH MESSAGE OF MAIN MODE ****
    [2017-02-09 11:43:27]<POLICY: VPN-GEIT> PAYLOADS: KE,NONCE,VID
    [2017-02-09 11:43:29]<ID PAYLOAD> Type = ID_IPV4_ADDR,ID Data=192.168.1.40
    [2017-02-09 11:43:29]**** SENT OUT  FIFTH MESSAGE OF MAIN MODE ****
    [2017-02-09 11:43:37]**** RECEIVED  SIXTH MESSAGE OF MAIN MODE ****
    [2017-02-09 11:43:40]**** RECEIVED  SIXTH MESSAGE OF MAIN MODE ****
    [2017-02-09 11:43:44]**** RECEIVED  SIXTH MESSAGE OF MAIN MODE ****
    [2017-02-09 11:43:49]**** SENT OUT INFORMATIONAL EXCHANGE MESSAGE ****
    [2017-02-09 11:43:49]<POLICY: VPN-GEIT> PAYLOADS: DEL
    [2017-02-09 11:43:49][==== IKE PHASE 1(to 217.***.***.31) START (initiator) ====]
    [2017-02-09 11:43:49]**** SENT OUT  FIRST MESSAGE OF MAIN MODE ****
    [2017-02-09 11:43:49]<POLICY: VPN-GEIT> PAYLOADS: SA,PROP,TRANS
    [2017-02-09 11:43:49]**** RECEIVED SECOND MESSAGE OF MAIN MODE ****
    [2017-02-09 11:43:49]<POLICY: VPN-GEIT> PAYLOADS: SA,PROP,TRANS,VID,VID
    [2017-02-09 11:43:50]**** SENT OUT  THIRD MESSAGE OF MAIN MODE ****
    [2017-02-09 11:43:50]<POLICY: VPN-GEIT> PAYLOADS: KE,NONCE
    [2017-02-09 11:43:50]**** RECEIVED FOURTH MESSAGE OF MAIN MODE ****
    [2017-02-09 11:43:50]<POLICY: VPN-GEIT> PAYLOADS: KE,NONCE,VID
    [2017-02-09 11:43:52]<ID PAYLOAD> Type = ID_IPV4_ADDR,ID Data=192.168.1.40
    [2017-02-09 11:43:52]**** SENT OUT  FIFTH MESSAGE OF MAIN MODE ****
    [2017-02-09 11:43:57]**** RECEIVED  SIXTH MESSAGE OF MAIN MODE ****
    [2017-02-09 11:44:07]**** RECEIVED  SIXTH MESSAGE OF MAIN MODE ****
    [2017-02-09 11:44:12]**** SENT OUT INFORMATIONAL EXCHANGE MESSAGE ****
    [2017-02-09 11:44:12]<POLICY: VPN-GEIT> PAYLOADS: DEL

     

     

    I hope this helps to solve the problem.

     

    Additional information: On the same side as the SRX5308, there is still an old FVS318v3. If I configure the VPN on this firewall, the VPN is up in no time...

    • Dan_Z's avatar
      Dan_Z
      NETGEAR Expert
      Feb 09, 2017

      Hi PeterBroersen,
      I'm sorry, I clicked "Accept as Solution" accidentally.
      Could you compare the parameters of IKE policy and VPN policy on two box? Make sure the all parameters is same except the ip address.

      Thanks,

      Dan

      • PeterBroersen's avatar
        PeterBroersen
        Aspirant
        Feb 09, 2017

        Hello Dan,

         

        I checked and double-checked all the settings, four times. Everything is exactly the same.

        Do you want to see any screenprints of something?

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More