- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Re: SRX5308 Box to Box VPN Connecting but no data passes through.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have 2 SRX5308's in 2 office locations. Im trying to connect them together via a box to box vpn so the phone vendor can use that connection to pass remote IP phone line and office data to the remote location.
I followed the guide, and have gotten the two sites to connect using the VPN Wizard which was very easy, but i cant browse the network or see any devices on either of the remote lans.
SITE A IP SCHEME: 192.168.1.0
SITE B IP SCHEME: 192.168.0.0
Here is the log from the remote srx5308
Any assistance would be very grateful.
Mon Jan 16 19:55:00 2017 (GMT +0000): [SRX5308] [IKE] INFO: [IPSEC_VPN] IPsec-SA established: ESP/Tunnel 24.105.249.46->108.58.27.178 with spi=164766230(0x9d22216)
Mon Jan 16 19:55:00 2017 (GMT +0000): [SRX5308] [IKE] INFO: [IPSEC_VPN] IPsec-SA established: ESP/Tunnel 108.58.27.178->24.105.249.46 with spi=189853723(0xb50f01b)
Mon Jan 16 19:55:00 2017 (GMT +0000): [SRX5308] [IKE] INFO: Using IPsec SA configuration: 192.168.1.1/24<->192.168.0.0/24
Mon Jan 16 19:55:00 2017 (GMT +0000): [SRX5308] [IKE] INFO: Responding to new phase 2 negotiation: 24.105.249.46[0]<=>108.58.27.178[0]
Mon Jan 16 19:54:57 2017 (GMT +0000): [SRX5308] [IKE] INFO: [IPSEC_VPN] Purged IPsec-SA with proto_id=ESP and spi=99962591(0x5f54edf).
Mon Jan 16 19:54:57 2017 (GMT +0000): [SRX5308] [IKE] INFO: [IPSEC_VPN] Purged IPsec-SA with proto_id=ESP and spi=127074769(0x79301d1).
Mon Jan 16 19:54:57 2017 (GMT +0000): [SRX5308] [IKE] INFO: an undead schedule has been deleted: 'pk_recvupdate'.
Mon Jan 16 19:36:41 2017 (GMT +0000): [SRX5308] [IKE] INFO: [IPSEC_VPN] IPsec-SA established: ESP/Tunnel 24.105.249.46->108.58.27.178 with spi=127074769(0x79301d1)
Mon Jan 16 19:36:41 2017 (GMT +0000): [SRX5308] [IKE] INFO: [IPSEC_VPN] IPsec-SA established: ESP/Tunnel 108.58.27.178->24.105.249.46 with spi=99962591(0x5f54edf)
Mon Jan 16 19:36:41 2017 (GMT +0000): [SRX5308] [IKE] INFO: Using IPsec SA configuration: 192.168.1.1/24<->192.168.0.0/24
Mon Jan 16 19:36:41 2017 (GMT +0000): [SRX5308] [IKE] INFO: Responding to new phase 2 negotiation: 24.105.249.46[0]<=>108.58.27.178[0]
Mon Jan 16 19:36:40 2017 (GMT +0000): [SRX5308] [IKE] INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]
Mon Jan 16 19:36:40 2017 (GMT +0000): [SRX5308] [IKE] INFO: ISAKMP-SA established for 24.105.249.46[500]-108.58.27.178[500] with spi:453f02470f29a64c:f4a7ed0b8d0a597d
Mon Jan 16 19:36:40 2017 (GMT +0000): [SRX5308] [IKE] INFO: NAT not detected
Mon Jan 16 19:36:40 2017 (GMT +0000): [SRX5308] [IKE] INFO: NAT-D payload matches for 108.58.27.178[500]
Mon Jan 16 19:36:40 2017 (GMT +0000): [SRX5308] [IKE] INFO: NAT-D payload matches for 24.105.249.46[500]
Mon Jan 16 19:36:40 2017 (GMT +0000): [SRX5308] [IKE] INFO: Received Vendor ID: KAME/racoon
Mon Jan 16 19:36:40 2017 (GMT +0000): [SRX5308] [IKE] INFO: For 108.58.27.178[500], Selected NAT-T version: RFC 3947
Mon Jan 16 19:36:40 2017 (GMT +0000): [SRX5308] [IKE] INFO: Received Vendor ID: DPD
Mon Jan 16 19:36:40 2017 (GMT +0000): [SRX5308] [IKE] INFO: Received Vendor ID: RFC 3947
Mon Jan 16 19:36:40 2017 (GMT +0000): [SRX5308] [IKE] INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Mon Jan 16 19:36:40 2017 (GMT +0000): [SRX5308] [IKE] INFO: Received Vendor ID: RFC XXXX
Mon Jan 16 19:36:40 2017 (GMT +0000): [SRX5308] [IKE] INFO: Beginning Identity Protection mode.
Mon Jan 16 19:36:40 2017 (GMT +0000): [SRX5308] [IKE] INFO: Received request for new phase 1 negotiation: 24.105.249.46[500]<=>108.58.27.178[500]
Mon Jan 16 19:36:40 2017 (GMT +0000): [SRX5308] [IKE] INFO: Configuration found for 108.58.27.178[500].
Mon Jan 16 19:36:22 2017 (GMT +0000): [SRX5308] [IKE] NOTIFY: The packet is retransmitted by 108.58.27.178[500].
Mon Jan 16 19:36:13 2017 (GMT +0000): [SRX5308] [IKE] ERROR: Malformed cookie received or the spi expired.
Mon Jan 16 19:36:12 2017 (GMT +0000): [SRX5308] [IKE] NOTIFY: The packet is retransmitted by 108.58.27.178[500].
Mon Jan 16 19:36:07 2017 (GMT +0000): [SRX5308] [IKE] INFO: Adding IKE configuration with identifier "Rehab_Alt_VPN"
Mon Jan 16 19:36:07 2017 (GMT +0000): [SRX5308] [IKE] INFO: Adding IPSec configuration with identifier "Rehab_Alt_VPN"
Mon Jan 16 19:36:03 2017 (GMT +0000): [SRX5308] [IKE] ERROR: Malformed cookie received or the spi expired.
Mon Jan 16 19:36:02 2017 (GMT +0000): [SRX5308] [IKE] NOTIFY: The packet is retransmitted by 108.58.27.178[500].
Mon Jan 16 19:35:53 2017 (GMT +0000): [SRX5308] [IKE] ERROR: Malformed cookie received or the spi expired.
Mon Jan 16 19:35:52 2017 (GMT +0000): [SRX5308] [IKE] NOTIFY: The packet is retransmitted by 108.58.27.178[500].
Mon Jan 16 19:35:43 2017 (GMT +0000): [SRX5308] [IKE] ERROR: Malformed cookie received or the spi expired.
Mon Jan 16 19:35:42 2017 (GMT +0000): [SRX5308] [IKE] NOTIFY: The packet is retransmitted by 108.58.27.178[500].
Mon Jan 16 19:35:33 2017 (GMT +0000): [SRX5308] [IKE] ERROR: Malformed cookie received or the spi expired.
Mon Jan 16 19:35:32 2017 (GMT +0000): [SRX5308] [IKE] NOTIFY: The packet is retransmitted by 108.58.27.178[500].
Mon Jan 16 19:35:23 2017 (GMT +0000): [SRX5308] [IKE] ERROR: Malformed cookie received or the spi expired.
Mon Jan 16 19:35:23 2017 (GMT +0000): [SRX5308] [IKE] NOTIFY: The packet is retransmitted by 108.58.27.178[500].
Mon Jan 16 19:35:13 2017 (GMT +0000): [SRX5308] [IKE] ERROR: Malformed cookie received or the spi expired.
Mon Jan 16 19:35:12 2017 (GMT +0000): [SRX5308] [IKE] NOTIFY: The packet is retransmitted by 108.58.27.178[500].
Mon Jan 16 19:35:03 2017 (GMT +0000): [SRX5308] [IKE] ERROR: Malformed cookie received or the spi expired.
Mon Jan 16 19:35:02 2017 (GMT +0000): [SRX5308] [IKE] NOTIFY: The packet is retransmitted by 108.58.27.178[500].
Mon Jan 16 19:34:57 2017 (GMT +0000): [SRX5308] [IKE] INFO: IKE configuration with identifier "to-jericho" deleted sucessfully
Mon Jan 16 19:34:57 2017 (GMT +0000): [SRX5308] [IKE] INFO: an undead schedule has been deleted: 'isakmp_ph1resend'.
Mon Jan 16 19:34:57 2017 (GMT +0000): [SRX5308] [IKE] INFO: an undead schedule has been deleted: 'purge_remote'.
Mon Jan 16 19:34:57 2017 (GMT +0000): [SRX5308] [IKE] INFO: Purged ISAKMP-SA with spi=7a403ea10500d622:d069e0c1bbc214a0.
Mon Jan 16 19:34:57 2017 (GMT +0000): [SRX5308] [IKE] WARNING: no phase2 bounded.
Mon Jan 16 19:34:57 2017 (GMT +0000): [SRX5308] [IKE] INFO: an undead schedule has been deleted: 'isakmp_ph1resend'.
Mon Jan 16 19:34:57 2017 (GMT +0000): [SRX5308] [IKE] INFO: an undead schedule has been deleted: 'purge_remote'.
Mon Jan 16 19:34:57 2017 (GMT +0000): [SRX5308] [IKE] INFO: Purged ISAKMP-SA with spi=30a697333da6385d:57f453c5082933f8.
Mon Jan 16 19:34:57 2017 (GMT +0000): [SRX5308] [IKE] WARNING: no phase2 bounded.
Mon Jan 16 19:34:57 2017 (GMT +0000): [SRX5308] [IKE] INFO: IPSec configuration with identifier "to-jericho" deleted sucessfully
Mon Jan 16 19:34:57 2017 (GMT +0000): [SRX5308] [IKE] WARNING: no phase2 found for "to-jericho"
Mon Jan 16 19:34:53 2017 (GMT +0000): [SRX5308] [IKE] INFO: Received Malformed packet of payload length 64365 and total length 40.
Mon Jan 16 19:34:53 2017 (GMT +0000): [SRX5308] [IKE] INFO: Received Malformed packet of payload length 64365 and total length 40.
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Subdivisions
Can you try to change the start ip from 192.168.0.254 to 192.168.0.0?then have atry?
Regards
All Replies
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: SRX5308 Box to Box VPN Connecting but no data passes through.
Hi Subdivisions
Welcome to the community!
I see your log:
Mon Jan 16 19:55:00 2017 (GMT +0000): [SRX5308] [IKE] INFO: Using IPsec SA configuration: 192.168.1.1/24<->192.168.0.0/24
Can you show me your vpn config and lan subnet?
Or you can follow this:
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: SRX5308 Box to Box VPN Connecting but no data passes through.
I think this is what you need, i blocked out the key for security reasons..
http://mail.paston.com/subdivisions/ra1.jpg
http://mail.paston.com/subdivisions/ra2.jpg
http://mail.paston.com/subdivisions/ra3.jpg
http://mail.paston.com/subdivisions/ra4.jpg
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Subdivisions
Can you try to change the start ip from 192.168.0.254 to 192.168.0.0?then have atry?
Regards
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: SRX5308 Box to Box VPN Connecting but no data passes through.
Is this on the box thats at the source location im taking? Im making the change now and testing.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: SRX5308 Box to Box VPN Connecting but no data passes through.
This worked, I now can browse network shares from one office to the other. Thanks so much for the solution!
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: SRX5308 Box to Box VPN Connecting but no data passes through.
Hi Subdivisions
I am glad to hear it works and we encourage you to mark the appropriate reply as the “Accepted Solution” so others can be confident in benefiting from the solution. The Netgear community looks forward to hearing from you and being a helpful resource in the future!
Regards