NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
genesearch
Feb 17, 2016Aspirant
VPN use Mode Config Record fails
The FVS336G is the gateway and the LAN uses 192.168.1.x IP range. I can create the IPSEC VPN, using VPN Policy as per the instruction manual, and it works great, and so easy to configure. All my ...
genesearch
Feb 17, 2016Aspirant
The complete log from the router.
Wed Feb 17 10:22:49 2016 (GMT +1000): [FVS336GV3] [IKE] INFO: 192.168.169.1 IP address has been released by remote peer. Wed Feb 17 10:22:49 2016 (GMT +1000): [FVS336GV3] [IKE] INFO: ISAKMP-SA deleted for 59.100.xx.xxx[500]-1.132.9.76[500] with spi:414c513b9c0a8545:f63016e5a78baa48 Wed Feb 17 10:22:48 2016 (GMT +1000): [FVS336GV3] [IKE] INFO: Purged ISAKMP-SA with proto_id=ISAKMP and spi=414c513b9c0a8545:f63016e5a78baa48. Wed Feb 17 10:22:41 2016 (GMT +1000): [FVS336GV3] [IKE] ERROR: Failed to get IPsec SA configuration for: 192.168.169.1/24<->192.168.43.178/32 from vpnclient.private Wed Feb 17 10:22:41 2016 (GMT +1000): [FVS336GV3] [IKE] INFO: Responding to new phase 2 negotiation: 59.100.xx.xxx[0]<=>1.132.9.76[0] Wed Feb 17 10:22:36 2016 (GMT +1000): [FVS336GV3] [IKE] ERROR: Failed to get IPsec SA configuration for: 192.168.169.1/24<->192.168.43.178/32 from vpnclient.private Wed Feb 17 10:22:36 2016 (GMT +1000): [FVS336GV3] [IKE] INFO: Responding to new phase 2 negotiation: 59.100.xx.xxx[0]<=>1.132.9.76[0] Wed Feb 17 10:22:31 2016 (GMT +1000): [FVS336GV3] [IKE] ERROR: Failed to get IPsec SA configuration for: 192.168.169.1/24<->192.168.43.178/32 from vpnclient.private Wed Feb 17 10:22:31 2016 (GMT +1000): [FVS336GV3] [IKE] INFO: Responding to new phase 2 negotiation: 59.100.xx.xxx[0]<=>1.132.9.76[0] Wed Feb 17 10:22:30 2016 (GMT +1000): [FVS336GV3] [IKE] INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT] Wed Feb 17 10:22:30 2016 (GMT +1000): [FVS336GV3] [IKE] INFO: ISAKMP-SA established for 59.100.xx.xxx[500]-1.132.9.76[500] with spi:414c513b9c0a8545:f63016e5a78baa48 Wed Feb 17 10:22:30 2016 (GMT +1000): [FVS336GV3] [IKE] INFO: 192.168.169.1 IP address is assigned to remote peer 1.132.9.76[500] Wed Feb 17 10:22:29 2016 (GMT +1000): [FVS336GV3] [IKE] INFO: Received Vendor ID: DPD Wed Feb 17 10:22:29 2016 (GMT +1000): [FVS336GV3] [IKE] INFO: Received unknown Vendor ID Wed Feb 17 10:22:29 2016 (GMT +1000): [FVS336GV3] [IKE] INFO: Beginning Aggressive mode. Wed Feb 17 10:22:29 2016 (GMT +1000): [FVS336GV3] [IKE] INFO: Received request for new phase 1 negotiation: 59.100.xx.xxx[500]<=>1.132.9.76[500] Wed Feb 17 10:22:29 2016 (GMT +1000): [FVS336GV3] [IKE] INFO: Remote configuration for identifier "vpnclient.private" found
adit
Feb 17, 2016Mentor
If I remember correctly Mode Config did not work with IPSecuritas.
LAN1 192.168.1.0 to LAN2 192.168.1.0 will never work.
If you are concerned about common LAN subnets having an issue with yours then you will need to change it.
These are the one you should not use if you have VPN Client users attaching to your network.
LAN Subnets NOT to Use
192.168.0.0
192.168.1.0
192.168.5.0
192.168.10.0
192.168.50.0
192.168.100.0
10.0.0.0
10.0.10.0
172.16.0.0
172.31.0.0
- genesearchFeb 17, 2016Aspirant
Thanks for responding, I will follow up with IPSecuritas support to check.
I know I can change my IP address range, but its probably 20 years already, and as you can imagine, its not easy. Otherwise I would have done so already.
As an alternative, Does setting up buily in OS X client work with FVS336G
Netgear support referred me to it, I cant get it to work, and neither can they (by remote controlling my computers and setting up themselves)
- aditFeb 17, 2016Mentor
I'm not an Apple guy so I'm not the best resource.
I think that tutorial was hit or miss back on the old forums. Searching the Archive in the new forum is useless.
That IPSecuritas issue goes back for maybe 10 years. I'm not aware of it ever getting resolved.
I think MC worked with Equinix VPN Tracker, but again just going off of memory.
Related Content
NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!