NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
VPN IPSEC
1 Topic
VPN no longer working between two FVS318Gv2
I have two FVS318Gv2 at two offices with a VPN tunnel between them that have worked fine until yesterday when the Internet provider was changed at one location. Broadband ISP settings were changed and, under VPN settings, the new WAN IP for location that changed were also changed. Everything works fine (Internet service, port forwarding) except the VPN. Under, VPN / Connection Status, both sides show that "IPsec SA Established" but no traffic flows over this link now; even a ping from "Monitoring / Diagnostic" (via "Ping through VPN tunnel" to LAN IP of other device) does not work. Here is the the VPN log from one of the devices: Wed Oct 19 14:58:26 2016 (GMT -0400): [FVS318Gv2] [IKE] INFO: [IPSEC_VPN] IPsec-SA established: ESP/Tunnel 166.102.171.xxx->107.221.112.xxx with spi=48796823(0x2e89497) Wed Oct 19 14:58:26 2016 (GMT -0400): [FVS318Gv2] [IKE] INFO: [IPSEC_VPN] IPsec-SA established: ESP/Tunnel 107.221.112.xxx->166.102.171.xxx with spi=13496147(0xcdef53) Wed Oct 19 14:58:26 2016 (GMT -0400): [FVS318Gv2] [IKE] INFO: Using IPsec SA configuration: 192.168.0.1/24<->172.16.0.1/16 Wed Oct 19 14:58:26 2016 (GMT -0400): [FVS318Gv2] [IKE] INFO: Responding to new phase 2 negotiation: 166.102.171.xxx0]<=>107.221.112.xxx0] Wed Oct 19 14:58:25 2016 (GMT -0400): [FVS318Gv2] [IKE] INFO: [IPSEC_VPN] IPsec-SA expired: ESP/Tunnel 107.221.112.xxx->166.102.171.xxx with spi=10825899(0xa530ab) Wed Oct 19 14:58:25 2016 (GMT -0400): [FVS318Gv2] [IKE] INFO: [IPSEC_VPN] IPsec-SA expired: ESP/Tunnel 166.102.171.xxx->107.221.112.xxx with spi=95706496(0x5b45d80) Wed Oct 19 14:58:19 2016 (GMT -0400): [FVS318Gv2] [IKE] INFO: [IPSEC_VPN] IPsec-SA expired: ESP/Tunnel 107.221.112.xxx->166.102.171.xxx with spi=235429450(0xe085e4a) Wed Oct 19 14:44:23 2016 (GMT -0400): [FVS318Gv2] [IKE] INFO: [IPSEC_VPN] IPsec-SA expired: ESP/Tunnel 107.221.112.xxx->166.102.171.xxx with spi=96003188(0x5b8e474) Wed Oct 19 14:44:19 2016 (GMT -0400): [FVS318Gv2] [IKE] INFO: [IPSEC_VPN] IPsec-SA expired: ESP/Tunnel 107.221.112.xxx->166.102.171.xxx with spi=54349087(0x33d4d1f) Wed Oct 19 14:39:46 2016 (GMT -0400): [FVS318Gv2] [IKE] INFO: [IPSEC_VPN] IPsec-SA expired: ESP/Tunnel 107.221.112.xxx->166.102.171.xxx with spi=264155747(0xfbeb263) Wed Oct 19 14:10:25 2016 (GMT -0400): [FVS318Gv2] [IKE] INFO: an undead schedule has been deleted: 'pk_recvupdate'. Wed Oct 19 14:10:25 2016 (GMT -0400): [FVS318Gv2] [IKE] INFO: Sending Informational Exchange: delete payload[] Wed Oct 19 14:10:25 2016 (GMT -0400): [FVS318Gv2] [IKE] INFO: [IPSEC_VPN] IPsec-SA established: ESP/Tunnel 166.102.171.xxx->107.221.112.xxx with spi=95706496(0x5b45d80) Wed Oct 19 14:10:24 2016 (GMT -0400): [FVS318Gv2] [IKE] INFO: [IPSEC_VPN] IPsec-SA established: ESP/Tunnel 107.221.112.xxx->166.102.171.xxx with spi=10825899(0xa530ab) Wed Oct 19 14:10:24 2016 (GMT -0400): [FVS318Gv2] [IKE] INFO: Using IPsec SA configuration: 192.168.0.1/24<->172.16.0.1/16 Wed Oct 19 14:10:24 2016 (GMT -0400): [FVS318Gv2] [IKE] INFO: Responding to new phase 2 negotiation: 166.102.171.xxx[0]<=>107.221.112.xxx[0] Wed Oct 19 14:10:19 2016 (GMT -0400): [FVS318Gv2] [IKE] INFO: an undead schedule has been deleted: 'pk_recvupdate'. Wed Oct 19 14:10:19 2016 (GMT -0400): [FVS318Gv2] [IKE] INFO: Sending Informational Exchange: delete payload[] Wed Oct 19 14:10:18 2016 (GMT -0400): [FVS318Gv2] [IKE] INFO: [IPSEC_VPN] IPsec-SA established: ESP/Tunnel 166.102.171.xxx->107.221.112.xxx with spi=105406563(0x6486063) Wed Oct 19 14:10:18 2016 (GMT -0400): [FVS318Gv2] [IKE] INFO: [IPSEC_VPN] IPsec-SA established: ESP/Tunnel 107.221.112.xxx->166.102.171.xxx with spi=235429450(0xe085e4a) Wed Oct 19 14:10:18 2016 (GMT -0400): [FVS318Gv2] [IKE] INFO: Using IPsec SA configuration: 192.168.0.1/24<->172.16.0.1/16 Wed Oct 19 14:10:18 2016 (GMT -0400): [FVS318Gv2] [IKE] INFO: Responding to new phase 2 negotiation: 166.102.171.xxx[0]<=>107.221.112.xxx[0] Wed Oct 19 14:10:16 2016 (GMT -0400): [FVS318Gv2] [IKE] INFO: [IPSEC_VPN] IPsec-SA established: ESP/Tunnel 166.102.171.xxx->107.221.112.xxx with spi=102875942(0x621c326) Wed Oct 19 14:10:16 2016 (GMT -0400): [FVS318Gv2] [IKE] INFO: [IPSEC_VPN] IPsec-SA established: ESP/Tunnel 107.221.112.xxx->166.102.171.xxx with spi=17450749(0x10a46fd) Wed Oct 19 14:10:15 2016 (GMT -0400): [FVS318Gv2] [IKE] INFO: Initiating new phase 2 negotiation: 166.102.171.xxx[500]<=>107.221.112.xxx[0] Wed Oct 19 14:10:14 2016 (GMT -0400): [FVS318Gv2] [IKE] INFO: Sending Informational Exchange: notify payload[608] Wed Oct 19 14:10:14 2016 (GMT -0400): [FVS318Gv2] [IKE] INFO: ISAKMP-SA established for 166.102.171.xxx[500]-107.221.112.xxx[500] with spi:a85a6f598f0b9e1d:3d21e27b77064209 Wed Oct 19 14:10:14 2016 (GMT -0400): [FVS318Gv2] [IKE] INFO: NAT not detected Wed Oct 19 14:10:14 2016 (GMT -0400): [FVS318Gv2] [IKE] INFO: NAT-D payload matches for 107.221.112.xxx[500] Wed Oct 19 14:10:14 2016 (GMT -0400): [FVS318Gv2] [IKE] INFO: NAT-D payload matches for 166.102.171.xxx[500] Wed Oct 19 14:10:14 2016 (GMT -0400): [FVS318Gv2] [IKE] INFO: Received Vendor ID: KAME/racoon Wed Oct 19 14:10:13 2016 (GMT -0400): [FVS318Gv2] [IKE] INFO: For 107.221.112.xxx[500], Selected NAT-T version: RFC 3947 Wed Oct 19 14:10:13 2016 (GMT -0400): [FVS318Gv2] [IKE] INFO: Received Vendor ID: KAME/racoon Wed Oct 19 14:10:13 2016 (GMT -0400): [FVS318Gv2] [IKE] INFO: Received Vendor ID: DPD Wed Oct 19 14:10:13 2016 (GMT -0400): [FVS318Gv2] [IKE] INFO: Received Vendor ID: RFC 3947 Wed Oct 19 14:10:13 2016 (GMT -0400): [FVS318Gv2] [IKE] INFO: Deleting PH1, Disable the sacreate lock Wed Oct 19 14:10:13 2016 (GMT -0400): [FVS318Gv2] [IKE] INFO: ISAKMP-SA deleted for 166.102.171.xxx[500]-107.221.112.xxx[500] with spi:1d6fcad31f1aee28:4e88030e7378cbf3 Wed Oct 19 14:10:13 2016 (GMT -0400): [FVS318Gv2] [IKE] INFO: [isakmp_ident.c:190]: XXX: setting vendorid: 9 Wed Oct 19 14:10:13 2016 (GMT -0400): [FVS318Gv2] [IKE] INFO: [isakmp_ident.c:190]: XXX: setting vendorid: 8 Wed Oct 19 14:10:13 2016 (GMT -0400): [FVS318Gv2] [IKE] INFO: [isakmp_ident.c:190]: XXX: setting vendorid: 4 Wed Oct 19 14:10:13 2016 (GMT -0400): [FVS318Gv2] [IKE] INFO: [isakmp_ident.c:186]: XXX: NUMNATTVENDORIDS: 3 Wed Oct 19 14:10:13 2016 (GMT -0400): [FVS318Gv2] [IKE] INFO: Beginning Identity Protection mode.Solved9.6KViews0likes14Comments