NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
UTM25 SHA2-512 Integrity not working with VPN Client Pro
UTM25 FW version 3.6.2-4 VPN Client Pro version 6.12.001 I've had some strange issues getting the VPN Client Pro to work with the UTM25 with different encryption settings. It seems that I can't...
Hi npl102,
Welcome to the community! :)
Kindly answer the questions below:
a. What is the Operating System of the PC that you used? Have you tried other PC/s or laptop/s as well?
b. Does same results occur if you will have a VPN Client-to-Box setup using the UTM5?
c. Was the VPN Client-to-Box setup (using SHA2-512, etc) working before the UTM25 was upgraded to v3.6.2-4?
I look forward to your response.
Regards,
DaneA
NETGEAR Community Team
Hello DaneA,
A. I tried 3 different machines: Windows 7 Professional 32, Windows 7 Ultimate 32 and Windows 7 Ultimate 64. All with identical results.
B. Have not tried Client-to-UTM5. UTM 5 is configured at a remote office. The Gateway-to-Gateway connection between the UTM5 and UTM25 is working fine with: AES256, SHA-256, DH16 for both the IKE and VPN policies.
C. This is a new configuration that I’m trying to get up and have only tried the latest version (v3.6.2-4) on both boxes.
As I mentioned, I’m using Mode Config on the UTM25 for the Client-to-box configuration. Any combination of settings works as long as the Integrity Algorithm is SHA-1 for the Mode Config TSL. If I change the Integrity Algorithm to SHA-256 or SHA-512, it will open the tunnel, but I can’t ping anything from the remote PC.
Below is a table showing the various combinations I’ve tried. Most of them work (I can access the network when the tunnel is opened) except for the 2 in red. In all cases the VPN Client Professional software shows the tunnel is open, I get an IP address from the pool and the DPD_R_U_THERE and DPD_R_U_THERE_ACK messages are being passed back-and-forth (shown in the console as I have dead peer detection enabled)
| IKE | |||||||
| Encryption | 3DES | AES256 | AES256 | AES256 | AES256 | AES256 | AES256 |
| Authentication | SHA-1 | SHA-1 | SHA-512 | SHA-512 | SHA-512 | SHA-512 | SHA-512 |
| Key Group | DH2 | DH2 | DH2 | DH2 | DH2 | DH16 | DH16 |
| Mode Config TSL | |||||||
| Encryption | 3DES | AES256 | AES256 | AES256 | AES256 | AES256 | AES256 |
| Authentication | SHA-1 | SHA-1 | SHA-1 | SHA-256 | SHA-512 | SHA-1 | SHA-1 |
| PFS | DH2 | DH2 | DH2 | DH2 | DH2 | DH2 | DH16 |
| Open Tunnel | YES | YES | YES | YES | YES | YES | YES |
| Communicate | YES | YES | YES | NO | NO | YES | YES |
Hi npl102,
With regard to the isolation of the problem you did, I encourage you to open an online case with NETGEAR Support then report about your concern. It is possible that VPN logs will be needed to be analyzed as well.
Regards,
DaneA
NETGEAR Community Team
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
