Orbi WiFi 7 RBE973
Reply

Re: SRX5308 Box to Box VPN Connecting but no data passes through.

Subdivisions
Aspirant

SRX5308 Box to Box VPN Connecting but no data passes through.

I have 2 SRX5308's in 2 office locations.  Im trying to connect them together via a box to box vpn so the phone vendor can use that connection to pass remote IP phone line and office data to the remote location.

 

I followed the guide, and have gotten the two sites to connect using the VPN Wizard which was very easy, but i cant browse the network or see any devices on either of the remote lans.

 

SITE A IP SCHEME: 192.168.1.0

SITE B IP SCHEME: 192.168.0.0

 

Here is the log from the remote srx5308

 

Any assistance would be very grateful.

 

Mon Jan 16 19:55:00 2017 (GMT +0000): [SRX5308] [IKE] INFO: [IPSEC_VPN] IPsec-SA established: ESP/Tunnel 24.105.249.46->108.58.27.178 with spi=164766230(0x9d22216)
Mon Jan 16 19:55:00 2017 (GMT +0000): [SRX5308] [IKE] INFO: [IPSEC_VPN] IPsec-SA established: ESP/Tunnel 108.58.27.178->24.105.249.46 with spi=189853723(0xb50f01b)
Mon Jan 16 19:55:00 2017 (GMT +0000): [SRX5308] [IKE] INFO: Using IPsec SA configuration: 192.168.1.1/24<->192.168.0.0/24
Mon Jan 16 19:55:00 2017 (GMT +0000): [SRX5308] [IKE] INFO: Responding to new phase 2 negotiation: 24.105.249.46[0]<=>108.58.27.178[0]
Mon Jan 16 19:54:57 2017 (GMT +0000): [SRX5308] [IKE] INFO: [IPSEC_VPN] Purged IPsec-SA with proto_id=ESP and spi=99962591(0x5f54edf).
Mon Jan 16 19:54:57 2017 (GMT +0000): [SRX5308] [IKE] INFO: [IPSEC_VPN] Purged IPsec-SA with proto_id=ESP and spi=127074769(0x79301d1).
Mon Jan 16 19:54:57 2017 (GMT +0000): [SRX5308] [IKE] INFO: an undead schedule has been deleted: 'pk_recvupdate'.
Mon Jan 16 19:36:41 2017 (GMT +0000): [SRX5308] [IKE] INFO: [IPSEC_VPN] IPsec-SA established: ESP/Tunnel 24.105.249.46->108.58.27.178 with spi=127074769(0x79301d1)
Mon Jan 16 19:36:41 2017 (GMT +0000): [SRX5308] [IKE] INFO: [IPSEC_VPN] IPsec-SA established: ESP/Tunnel 108.58.27.178->24.105.249.46 with spi=99962591(0x5f54edf)
Mon Jan 16 19:36:41 2017 (GMT +0000): [SRX5308] [IKE] INFO: Using IPsec SA configuration: 192.168.1.1/24<->192.168.0.0/24
Mon Jan 16 19:36:41 2017 (GMT +0000): [SRX5308] [IKE] INFO: Responding to new phase 2 negotiation: 24.105.249.46[0]<=>108.58.27.178[0]
Mon Jan 16 19:36:40 2017 (GMT +0000): [SRX5308] [IKE] INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]
Mon Jan 16 19:36:40 2017 (GMT +0000): [SRX5308] [IKE] INFO: ISAKMP-SA established for 24.105.249.46[500]-108.58.27.178[500] with spi:453f02470f29a64c:f4a7ed0b8d0a597d
Mon Jan 16 19:36:40 2017 (GMT +0000): [SRX5308] [IKE] INFO: NAT not detected
Mon Jan 16 19:36:40 2017 (GMT +0000): [SRX5308] [IKE] INFO: NAT-D payload matches for 108.58.27.178[500]
Mon Jan 16 19:36:40 2017 (GMT +0000): [SRX5308] [IKE] INFO: NAT-D payload matches for 24.105.249.46[500]
Mon Jan 16 19:36:40 2017 (GMT +0000): [SRX5308] [IKE] INFO: Received Vendor ID: KAME/racoon
Mon Jan 16 19:36:40 2017 (GMT +0000): [SRX5308] [IKE] INFO: For 108.58.27.178[500], Selected NAT-T version: RFC 3947
Mon Jan 16 19:36:40 2017 (GMT +0000): [SRX5308] [IKE] INFO: Received Vendor ID: DPD
Mon Jan 16 19:36:40 2017 (GMT +0000): [SRX5308] [IKE] INFO: Received Vendor ID: RFC 3947

Mon Jan 16 19:36:40 2017 (GMT +0000): [SRX5308] [IKE] INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Mon Jan 16 19:36:40 2017 (GMT +0000): [SRX5308] [IKE] INFO: Received Vendor ID: RFC XXXX
Mon Jan 16 19:36:40 2017 (GMT +0000): [SRX5308] [IKE] INFO: Beginning Identity Protection mode.
Mon Jan 16 19:36:40 2017 (GMT +0000): [SRX5308] [IKE] INFO: Received request for new phase 1 negotiation: 24.105.249.46[500]<=>108.58.27.178[500]
Mon Jan 16 19:36:40 2017 (GMT +0000): [SRX5308] [IKE] INFO: Configuration found for 108.58.27.178[500].
Mon Jan 16 19:36:22 2017 (GMT +0000): [SRX5308] [IKE] NOTIFY: The packet is retransmitted by 108.58.27.178[500].
Mon Jan 16 19:36:13 2017 (GMT +0000): [SRX5308] [IKE] ERROR: Malformed cookie received or the spi expired.
Mon Jan 16 19:36:12 2017 (GMT +0000): [SRX5308] [IKE] NOTIFY: The packet is retransmitted by 108.58.27.178[500].
Mon Jan 16 19:36:07 2017 (GMT +0000): [SRX5308] [IKE] INFO: Adding IKE configuration with identifier "Rehab_Alt_VPN"
Mon Jan 16 19:36:07 2017 (GMT +0000): [SRX5308] [IKE] INFO: Adding IPSec configuration with identifier "Rehab_Alt_VPN"
Mon Jan 16 19:36:03 2017 (GMT +0000): [SRX5308] [IKE] ERROR: Malformed cookie received or the spi expired.
Mon Jan 16 19:36:02 2017 (GMT +0000): [SRX5308] [IKE] NOTIFY: The packet is retransmitted by 108.58.27.178[500].
Mon Jan 16 19:35:53 2017 (GMT +0000): [SRX5308] [IKE] ERROR: Malformed cookie received or the spi expired.
Mon Jan 16 19:35:52 2017 (GMT +0000): [SRX5308] [IKE] NOTIFY: The packet is retransmitted by 108.58.27.178[500].
Mon Jan 16 19:35:43 2017 (GMT +0000): [SRX5308] [IKE] ERROR: Malformed cookie received or the spi expired.
Mon Jan 16 19:35:42 2017 (GMT +0000): [SRX5308] [IKE] NOTIFY: The packet is retransmitted by 108.58.27.178[500].
Mon Jan 16 19:35:33 2017 (GMT +0000): [SRX5308] [IKE] ERROR: Malformed cookie received or the spi expired.
Mon Jan 16 19:35:32 2017 (GMT +0000): [SRX5308] [IKE] NOTIFY: The packet is retransmitted by 108.58.27.178[500].
Mon Jan 16 19:35:23 2017 (GMT +0000): [SRX5308] [IKE] ERROR: Malformed cookie received or the spi expired.
Mon Jan 16 19:35:23 2017 (GMT +0000): [SRX5308] [IKE] NOTIFY: The packet is retransmitted by 108.58.27.178[500].
Mon Jan 16 19:35:13 2017 (GMT +0000): [SRX5308] [IKE] ERROR: Malformed cookie received or the spi expired.
Mon Jan 16 19:35:12 2017 (GMT +0000): [SRX5308] [IKE] NOTIFY: The packet is retransmitted by 108.58.27.178[500].
Mon Jan 16 19:35:03 2017 (GMT +0000): [SRX5308] [IKE] ERROR: Malformed cookie received or the spi expired.
Mon Jan 16 19:35:02 2017 (GMT +0000): [SRX5308] [IKE] NOTIFY: The packet is retransmitted by 108.58.27.178[500].
Mon Jan 16 19:34:57 2017 (GMT +0000): [SRX5308] [IKE] INFO: IKE configuration with identifier "to-jericho" deleted sucessfully
Mon Jan 16 19:34:57 2017 (GMT +0000): [SRX5308] [IKE] INFO: an undead schedule has been deleted: 'isakmp_ph1resend'.
Mon Jan 16 19:34:57 2017 (GMT +0000): [SRX5308] [IKE] INFO: an undead schedule has been deleted: 'purge_remote'.
Mon Jan 16 19:34:57 2017 (GMT +0000): [SRX5308] [IKE] INFO: Purged ISAKMP-SA with spi=7a403ea10500d622:d069e0c1bbc214a0.
Mon Jan 16 19:34:57 2017 (GMT +0000): [SRX5308] [IKE] WARNING: no phase2 bounded.
Mon Jan 16 19:34:57 2017 (GMT +0000): [SRX5308] [IKE] INFO: an undead schedule has been deleted: 'isakmp_ph1resend'.
Mon Jan 16 19:34:57 2017 (GMT +0000): [SRX5308] [IKE] INFO: an undead schedule has been deleted: 'purge_remote'.
Mon Jan 16 19:34:57 2017 (GMT +0000): [SRX5308] [IKE] INFO: Purged ISAKMP-SA with spi=30a697333da6385d:57f453c5082933f8.
Mon Jan 16 19:34:57 2017 (GMT +0000): [SRX5308] [IKE] WARNING: no phase2 bounded.
Mon Jan 16 19:34:57 2017 (GMT +0000): [SRX5308] [IKE] INFO: IPSec configuration with identifier "to-jericho" deleted sucessfully
Mon Jan 16 19:34:57 2017 (GMT +0000): [SRX5308] [IKE] WARNING: no phase2 found for "to-jericho"
Mon Jan 16 19:34:53 2017 (GMT +0000): [SRX5308] [IKE] INFO: Received Malformed packet of payload length 64365 and total length 40.
Mon Jan 16 19:34:53 2017 (GMT +0000): [SRX5308] [IKE] INFO: Received Malformed packet of payload length 64365 and total length 40.

Model: SRX5308|PROSAFE Gigabit Quad WAN SSL & IPSEC VPN Firewall
Message 1 of 7

Accepted Solutions
ChenX
NETGEAR Expert

Re: SRX5308 Box to Box VPN Connecting but no data passes through.

Hi Subdivisions

policy.png

Can you try to change the start ip from 192.168.0.254 to 192.168.0.0?then have atry?

 

Regards

View solution in original post

Message 4 of 7

All Replies
ChenX
NETGEAR Expert

Re: SRX5308 Box to Box VPN Connecting but no data passes through.

Hi Subdivisions

Welcome to the community! 

I see your log:

Mon Jan 16 19:55:00 2017 (GMT +0000): [SRX5308] [IKE] INFO: Using IPsec SA configuration: 192.168.1.1/24<->192.168.0.0/24

Can you show me your vpn config and lan subnet?

 

Or you can follow this:

 

v1.png

 

v2.png

Message 2 of 7
Subdivisions
Aspirant

Re: SRX5308 Box to Box VPN Connecting but no data passes through.

Message 3 of 7
ChenX
NETGEAR Expert

Re: SRX5308 Box to Box VPN Connecting but no data passes through.

Hi Subdivisions

policy.png

Can you try to change the start ip from 192.168.0.254 to 192.168.0.0?then have atry?

 

Regards

Message 4 of 7
Subdivisions
Aspirant

Re: SRX5308 Box to Box VPN Connecting but no data passes through.

Is this on the box thats at the source location im taking?  Im making the change now and testing.

Message 5 of 7
Subdivisions
Aspirant

Re: SRX5308 Box to Box VPN Connecting but no data passes through.

This worked, I now can browse network shares from one office to the other.  Thanks so much for the solution!

Message 6 of 7
ChenX
NETGEAR Expert

Re: SRX5308 Box to Box VPN Connecting but no data passes through.

Hi Subdivisions

 I am glad to hear it works and we encourage you to mark the appropriate reply as the “Accepted Solution” so others can be confident in benefiting from the solution. The Netgear community looks forward to hearing from you and being a helpful resource in the future!

 

Regards

Message 7 of 7
Discussion stats
  • 6 replies
  • 5001 views
  • 1 kudo
  • 2 in conversation
Announcements