Hey all,
Had the VPN working fine. Changed from dial-up user to dial-up group and still worked fine. CHANGED ike identity on same client machine and it stopped working. Anyway I changed everything back to original settings with just one dial-up use on the VPN gateway and it still doesn't completely establish the tunnel:
20:59:58.562
20:59:58.562 My Connections\PDI VPN - Initiating IKE Phase 1 (IP ADDR=64.175.210.29)
20:59:58.593 My Connections\PDI VPN - SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID, VID, VID, VID)
20:59:58.734 My Connections\PDI VPN - RECEIVED<<< ISAKMP OAK AG (SA, VID, VID, KE, NON, ID, HASH)
20:59:58.750 My Connections\PDI VPN - SENDING>>>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT)
20:59:58.750 My Connections\PDI VPN - Established IKE SA
20:59:58.750 MY COOKIE 46 67 19 2b a2 fa 91 3d
20:59:58.750 HIS COOKIE 47 d7 60 73 37 b7 93 24
20:59:58.750 My Connections\PDI VPN - Initiating IKE Phase 2 with Client IDs (message id: 6D164244)
20:59:58.750 Initiator = IP ADDR=192.168.10.51, prot = 0 port = 0
20:59:58.750 Responder = IP SUBNET/MASK=192.168.2.0/255.255.255.0, prot = 0 port = 0
20:59:58.750 My Connections\PDI VPN - SENDING>>>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID)
20:59:58.828 My Connections\PDI VPN - RECEIVED<<< ISAKMP OAK QM *(HASH, SA, NON, ID, ID, NOTIFY:STATUS_RESP_LIFETIME)
20:59:58.828 My Connections\PDI VPN - SENDING>>>> ISAKMP OAK QM *(HASH)
20:59:58.828 My Connections\PDI VPN - Loading IPSec SA (Message ID = 6D164244 OUTBOUND SPI = 9502C65E INBOUND SPI = 2D425A1A)
20:59:58.828
20:59:58.890 My Connections\PDI VPN - RECEIVED<<< ISAKMP OAK INFO *(HASH, DEL)
This is where it HANGS. It will hang until it trys to retransmit and at times will error out with "Received from wrong IP".
Any help or information would be appreciated.
Info:
Netscreen 5xp
Using web client ui
Using Netscreen-Remote policy editor
Auto IKE with shared keys
Double checked all user accounts, shared keys, policies, AutoIKE configs, AutoIKE gateway configs and all encrypt schemes match.
THANKS!
Alan Wang
Had the VPN working fine. Changed from dial-up user to dial-up group and still worked fine. CHANGED ike identity on same client machine and it stopped working. Anyway I changed everything back to original settings with just one dial-up use on the VPN gateway and it still doesn't completely establish the tunnel:
20:59:58.562
20:59:58.562 My Connections\PDI VPN - Initiating IKE Phase 1 (IP ADDR=64.175.210.29)
20:59:58.593 My Connections\PDI VPN - SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID, VID, VID, VID)
20:59:58.734 My Connections\PDI VPN - RECEIVED<<< ISAKMP OAK AG (SA, VID, VID, KE, NON, ID, HASH)
20:59:58.750 My Connections\PDI VPN - SENDING>>>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT)
20:59:58.750 My Connections\PDI VPN - Established IKE SA
20:59:58.750 MY COOKIE 46 67 19 2b a2 fa 91 3d
20:59:58.750 HIS COOKIE 47 d7 60 73 37 b7 93 24
20:59:58.750 My Connections\PDI VPN - Initiating IKE Phase 2 with Client IDs (message id: 6D164244)
20:59:58.750 Initiator = IP ADDR=192.168.10.51, prot = 0 port = 0
20:59:58.750 Responder = IP SUBNET/MASK=192.168.2.0/255.255.255.0, prot = 0 port = 0
20:59:58.750 My Connections\PDI VPN - SENDING>>>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID)
20:59:58.828 My Connections\PDI VPN - RECEIVED<<< ISAKMP OAK QM *(HASH, SA, NON, ID, ID, NOTIFY:STATUS_RESP_LIFETIME)
20:59:58.828 My Connections\PDI VPN - SENDING>>>> ISAKMP OAK QM *(HASH)
20:59:58.828 My Connections\PDI VPN - Loading IPSec SA (Message ID = 6D164244 OUTBOUND SPI = 9502C65E INBOUND SPI = 2D425A1A)
20:59:58.828
20:59:58.890 My Connections\PDI VPN - RECEIVED<<< ISAKMP OAK INFO *(HASH, DEL)
This is where it HANGS. It will hang until it trys to retransmit and at times will error out with "Received from wrong IP".
Any help or information would be appreciated.
Info:
Netscreen 5xp
Using web client ui
Using Netscreen-Remote policy editor
Auto IKE with shared keys
Double checked all user accounts, shared keys, policies, AutoIKE configs, AutoIKE gateway configs and all encrypt schemes match.
THANKS!
Alan Wang