VPN logon fails

Question

I have setup a VPN connection to be used from iOS devices (iOS Version 10), but I always receive a "login failed" error on my mobile device, even if user and password are correct (for sure). Connection Tested also from Android device, same issue&nbsp;This are the settings (Internal LAN IP is 172.31.1.0 / 24):&nbsp;Firewall side:Mode Config:Record Name: modeConfigIOSFirst Pool: Start IP: 192.168.224.1End IP: 192.168.224.100Second &amp; Thirs pools: blankWINS Server: Primary: 172.31.1.1 &lt;My Internal LAN Wind Server IP&gt;Secondary: blankDNS Server: Primary: 172.31.1.1 &lt;My Internal LAN DNS Server IP&gt;Secondary: blankPFS Key Group:&lt;Checked&gt; DH Group 2 (1024 bit)SA Lifetime: 300 SecondsEncryption Algorithm: AES-128Integrity Algorithm: SHA-1Local IP Address: 172.31.1.0Local Subnet Mask: 255.255.255.0&nbsp;IKE Policy:Do you want to use Mode Config Record? YESSelect Mode Config Record: modeConfigIOSPolicy Name: for_iOSType: ResponderExchange Mode: MainLocalSelect Local Gateway: WAN1Indetifier Type: FQDNIdentifier: fvs1_local.comRemoteIdentifier Type: FQDNIdentifier: 0.0.0.0Encryption Algorithm: AES-128Authentication Algorithm: SHA-1Authentication Method: pre-shared keypre-shared key: 12345678 &lt;Tested with different one&gt;Diffie-Hellman (DH) Group: Group 2 (1024 bit)SA-Lifetime (sec): 300Enable Dead Peer Detection: noXAUTH Configuration: Edge DeviceAuthentication Type: User Database&nbsp;User Settings:Name: &lt;TheUSername&gt;User Type: IPSEC VPN User&nbsp;&nbsp;On iOS Device:Type: IPSecDescription: &lt;VPN Name&gt;Server: My Public IPAccount: &lt;TheUsername&gt;Password: &lt;Blank, I enter it at every connection&gt;Use Certificate: OFFGroup Name: blankSecret: 12345678proxy: No&nbsp;When i try to connect, the mobile device ask for user and password and then shows a User Authentication Error.&nbsp;On VPN LOG I have these entries (for security reason, my public IP has been removed):&nbsp;Mon Jul 10 09:53:14 2017 (GMT +0200): [SRX5308] [IKE] ERROR:  Received mode config from 31.159.216.207[500], but we do not have ISAKMP-SA.
Mon Jul 10 09:53:14 2017 (GMT +0200): [SRX5308] [IKE] INFO:  an undead schedule has been deleted: 'ph1_main'.
Mon Jul 10 09:53:14 2017 (GMT +0200): [SRX5308] [IKE] ERROR:  Failed to find proper address pool with id -1
Mon Jul 10 09:53:14 2017 (GMT +0200): [SRX5308] [IKE] INFO:  Sending Informational Exchange: delete payload[]
Mon Jul 10 09:53:14 2017 (GMT +0200): [SRX5308] [IKE] INFO:  Login failed for user "supportios"
Mon Jul 10 09:53:14 2017 (GMT +0200): [SRX5308] [IKE] INFO:  0.0.0.0 IP address has been released by remote peer.
Mon Jul 10 09:53:14 2017 (GMT +0200): [SRX5308] [IKE] INFO:  Received attribute type "ISAKMP_CFG_REPLY" from 31.159.216.207[500]
Mon Jul 10 09:53:09 2017 (GMT +0200): [SRX5308] [IKE] INFO:  ISAKMP-SA established for &lt;MyPublicIP&gt;[500]-31.159.216.207[500] with spi:bff7714a21b1656e:099b3f12ea7eb137
Mon Jul 10 09:53:09 2017 (GMT +0200): [SRX5308] [IKE] INFO:  Sending Xauth request to 31.159.216.207[500]
Mon Jul 10 09:53:09 2017 (GMT +0200): [SRX5308] [IKE] WARNING:  Ignore INITIAL-CONTACT notification from 31.159.216.207[500] because it is only accepted after phase1.
Mon Jul 10 09:53:09 2017 (GMT +0200): [SRX5308] [IKE] INFO:  NAT not detected 
Mon Jul 10 09:53:09 2017 (GMT +0200): [SRX5308] [IKE] INFO:  NAT-D payload matches for 31.159.216.207[500]
Mon Jul 10 09:53:09 2017 (GMT +0200): [SRX5308] [IKE] INFO:  NAT-D payload matches for &lt;MyPublicIP&gt;[500]
Mon Jul 10 09:53:09 2017 (GMT +0200): [SRX5308] [IKE] INFO:  For 31.159.216.207[500], Selected NAT-T version: RFC 3947
Mon Jul 10 09:53:09 2017 (GMT +0200): [SRX5308] [IKE] INFO:  Received Vendor ID: DPD
Mon Jul 10 09:53:09 2017 (GMT +0200): [SRX5308] [IKE] INFO:  Received unknown Vendor ID
Mon Jul 10 09:53:09 2017 (GMT +0200): [SRX5308] [IKE] INFO:  Received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt

Mon Jul 10 09:53:09 2017 (GMT +0200): [SRX5308] [IKE] INFO:  Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Mon Jul 10 09:53:09 2017 (GMT +0200): [SRX5308] [IKE] INFO:  Received unknown Vendor ID
Mon Jul 10 09:53:09 2017 (GMT +0200): [SRX5308] [IKE] INFO:  Received unknown Vendor ID
Mon Jul 10 09:53:09 2017 (GMT +0200): [SRX5308] [IKE] INFO:  Received unknown Vendor ID
Mon Jul 10 09:53:09 2017 (GMT +0200): [SRX5308] [IKE] INFO:  Received unknown Vendor ID
Mon Jul 10 09:53:09 2017 (GMT +0200): [SRX5308] [IKE] INFO:  Received unknown Vendor ID
Mon Jul 10 09:53:09 2017 (GMT +0200): [SRX5308] [IKE] INFO:  Received unknown Vendor ID
Mon Jul 10 09:53:09 2017 (GMT +0200): [SRX5308] [IKE] INFO:  Received unknown Vendor ID
Mon Jul 10 09:53:09 2017 (GMT +0200): [SRX5308] [IKE] INFO:  Received unknown Vendor ID
Mon Jul 10 09:53:09 2017 (GMT +0200): [SRX5308] [IKE] INFO:  Received Vendor ID: RFC 3947
Mon Jul 10 09:53:09 2017 (GMT +0200): [SRX5308] [IKE] INFO:  Beginning Identity Protection mode.
Mon Jul 10 09:53:09 2017 (GMT +0200): [SRX5308] [IKE] INFO:  Received request for new phase 1 negotiation: &lt;MyPublicIP&gt;[500]&lt;=&gt;31.159.216.207[500]
Mon Jul 10 09:53:09 2017 (GMT +0200): [SRX5308] [IKE] INFO:  Anonymous configuration selected for 31.159.216.207[500].

&nbsp;

DaneA · Answer

Hi&nbsp;vfandrea,&nbsp;Welcome to the community! :)&nbsp;Let me share the articles below. &nbsp;Kindly use it as your reference guide in setting up a VPN connection between an&nbsp;iOS device and SRX5308:&nbsp;&nbsp;Application Notes for IPsec Policy supporting Apple iPhone VPN connectivity&nbsp;How to Setup VPN with NETGEAR Firewall and iPhone / iPad&nbsp;- this is related to the FVS336Gv1 which is already EOL (End-of-Life). &nbsp;However, try to perform the steps indicated as a guide and it might work. &nbsp;&nbsp;Here is another article I found online about setting up ExpressVPN on iOS devices (L2TP):&nbsp;How to manually set up ExpressVPN on iOS devices (L2TP)&nbsp;&nbsp;Let me&nbsp;share the articles&nbsp;below that I found online about setting up VPN connection between an&nbsp;Android device and SRX5308. &nbsp;Kindly use it as reference guide. &nbsp;&nbsp;How to Configure PPP VPN between Android and ProSAFE Firewall&nbsp;How to Set Up and Use ExpressVPN on Android 4.0 and Above&nbsp;Some Android Phone users&nbsp;use&nbsp;the NCP Secure Android Client app. &nbsp;Kindly access the link below and you may want to try it as well:&nbsp;NCP Secure Android Client&nbsp;&nbsp;Regards,&nbsp;DaneANETGEAR Community Team

DaneA · Answer

vfandrea,&nbsp;I just want to follow-up on this. &nbsp;Were you able to access the articles and links I've shared and used them as your guide?&nbsp;&nbsp;&nbsp;Regards,&nbsp;DaneANETGEAR Community Team

vfandrea · Answer

I already did what described inte the link you reported, I also used them to configure the firewall for VPN. But I had no success. To be honest after a reboot of the firewall i was able to connect, but after that still the same problem.

Finally I decided to use a different device as VPN Server.

Forum Discussion

VPN logon fails

3 Replies

Related Content

FVS336G v2 Logon GUI

GS105Ev2 Logon issues

LOGON TIMED OUT. PLEASE TRY AGAIN.

Router logon

Insight subscription ended-how do I logon to my router?

NETGEAR Academy

ProSupport for Business