Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VPN 5610 Error Code 3997700:0 module IKECFG:654

Status
Not open for further replies.
TecTel

TecTel

Vendor
Feb 22, 2003
91
US
I am trying to get a VPN phone to work at my home. I get the phone to come up and work as a VPN phone in the office. I set up a Router with a different subnet and different Public IP address in the office. The phone works as a VPN and the system status shows the IP address of a VPN phone.

But at the home location the phone shows downloading configuration then after 90 seconds times out with an error showing missing IKE Configuration.
Pressing more shows Missing ike configuration error code 3997700:0 Module IKECFG:654

I am using a Netgear FVX538 at the office location. The system is an IP office Release 6.

Since it works in the office I am assuming I have the correct configuration on the FVX538 and the 5610 phone.
any help would be appreciated.
 
Sort by date Sort by votes
Can you give as much as info as you can give ?
Ofcourse not the usernames and passwords and the public ip but make up some.
Also do this for the netgear.


Homo sapiens non urinat in ventum

honey, i fried the IP Office !!!

 
Upvote 0 Downvote
I followed the Avaya IP office Tech Tip 196 about configuring Netgear 538 and remote VPN IP phone. See attachment.

Everything is exactly the same settings except that the Public IP address and internal IP address for IP office and Server are different.

Router software is newer:
System Name: FVX538
Firmware Version (Primary): 3.0.5-24
Firmware Version (Secondary): 3.0.3-17

IP office Software is newer
6.0 (8)

IP Phone Software is the VPN version with Release 6
 
 http://www.atelephonesystem.com/Tech%20Tips/Global_Tech_Tip_196.pdf
Upvote 0 Downvote
I did not ask that :)
does it gets stuck on phase 1 ?
If yes then you should consider a problem at your home router.
If phase 2 then you have not set it up right.

Homo sapiens non urinat in ventum

honey, i fried the IP Office !!!

 
Upvote 0 Downvote
The IP phone shows
Exchanging Keys
Then Downloading Configuration
Encapsulation Method stays at 0

After 90 seconds times out with an error showing missing IKE Configuration.
Pressing more shows Missing ike configuration error code 3997700:0 Module IKECFG:654
 
Upvote 0 Downvote
So there is no IKE in the phone or in the router ?
Did you use mode config, I think you did (documented)
Try it without mode config but use an IKE and a VPN policy.


Homo sapiens non urinat in ventum

honey, i fried the IP Office !!!

 
Upvote 0 Downvote
If you mean turn off mode configuration on the phone setting of VPN I already tried that without success.

The other thing to keep in mind that I got the phone to work in the office as a VPN phone. Using different Router, subnet and Public IP address for the phone and the Netgear Router. The phone was connected to a Cisco router independent of the Netgear.
 
Upvote 0 Downvote
??????

Did you setup the Cisco as vpn router ?

Try removing the mode config from the router and ofcourse from the phone.


Homo sapiens non urinat in ventum

honey, i fried the IP Office !!!

 
Upvote 0 Downvote
The cisco in my office was to plug in the 5610 Phone. It is not the VPN device. I was using this method to test the VPN in my office.

I tried disabling mode configuration. With that set up it doesn't even exchange the keys.
 
Upvote 0 Downvote
The following is info in the VPN log of the FXV538 Netgear router. The xxx replaces the IP address. Wondering if anyone can shed light on this particular interest is Payload not matched.

2010 May 17 17:07:06 [FVX538 Office] [IKE] Received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt_
2010 May 17 17:07:06 [FVX538 Office] [IKE] For 98.116.195.XXX[2070], Selected NAT-T version: draft-ietf-ipsec-nat-t-ike-02_
2010 May 17 17:07:07 [FVX538 Office] [IKE] The packet is retransmitted by 98.116.195.XXX[2070]._
2010 May 17 17:07:08 [FVX538 Office] [IKE] Floating ports for NAT-T with peer 98.116.195.XXX[4500]_
2010 May 17 17:07:08 [FVX538 Office] [IKE] NAT-D payload matches for 207.XXX.XX.XXX[4500]_
2010 May 17 17:07:08 [FVX538 Office] [IKE] NAT-D payload does not match for 98.116.195.XXX[4500]_
2010 May 17 17:07:08 [FVX538 Office] [IKE] NAT detected: Peer is behind a NAT device_
2010 May 17 17:07:08 [FVX538 Office] [IKE] Sending Xauth request to 98.116.195.XXX[4500]_
2010 May 17 17:07:08 [FVX538 Office] [IKE] ISAKMP-SA established for 207.XXX.XX.XXX[4500]-98.116.195.XXX[4500] with spi:68ba802905dc5d7a:228ad8574df2fc2a_
2010 May 17 17:07:08 [FVX538 Office] [IKE] Remote address mismatched. Local=98.116.195.XXX[4500], Peer=98.116.195.XXX[2070]_
- Last output repeated 4 times -
2010 May 17 17:07:08 [FVX538 Office] [IKE] Received attribute type "ISAKMP_CFG_REPLY" from 98.116.195.XXX[4500]_
2010 May 17 17:07:08 [FVX538 Office] [IKE] Login succeeded for user "YYYYYYYYYY"_
2010 May 17 17:07:08 [FVX538 Office] [IKE] Remote address mismatched. Local=98.116.195.XXX[4500], Peer=98.116.195.XXX[2070]_
2010 May 17 17:07:08 [FVX538 Office] [IKE] Short payload_
 
Upvote 0 Downvote
Remote address mismatch.
Do you have set a remote ipaddress in th vpn policy -> traffic selection -> remote ip

Set it to any.


Homo sapiens non urinat in ventum

honey, i fried the IP Office !!!

 
Upvote 0 Downvote
The VPN setup I followed does not use a VPN policy because it connects to the mode configuration
 
Upvote 0 Downvote
Did you listen to me ?
I tell you not to use the mode config because it does not work well :)

Try it the way i mentioned in the other tread.
I have spend 3 days using the mode config way without succes and 5 minutes on the other way with success.


Homo sapiens non urinat in ventum

honey, i fried the IP Office !!!

 
Upvote 0 Downvote
Your method caused my Internet connection to go down on all my computers in the offer. I appreciate your help but I am not sure you are using the same router as me.
 
Upvote 0 Downvote
Using config mode or not does not bring your internet connection down!!!


Homo sapiens non urinat in ventum

honey, i fried the IP Office !!!

 
Upvote 0 Downvote
I finally got this issue resolved. What it turned out to be was RCN (Internet service provider). When I changed my router to use just 1 Static IP address (I had been using other static address for other devices) from their service my IP phone worked at the remote location. I would advise everyone to stay clear of RCN Cable for internet service. They would not provide any technical support what so ever which delayed fixing the problem as well as a lot of time trouble shooting. RCN support said "what do you expect from a $50 (business class static IP) per month service we only provide basic support and it is up to you to trouble shoot any issues you have we will not even answer questions on how are network works."
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

sbankscharles
  • Locked
  • Question
Module 0 Port 0
Replies
2
Views
92
sbankscharles
sbankscharles
finest
  • Locked
  • Question
J189 w extension module
Replies
1
Views
233
sizbut
sizbut
AldoLT
VPN J179
Replies
1
Views
499
DrB0b
DrB0b
dessertman
  • Locked
  • Question
Dial delay count 0
Replies
6
Views
219
dessertman
dessertman
OldSchool70
  • Locked
  • Question
Callback Module - Ideas??? 1
Replies
3
Views
122
OldSchool70
OldSchool70

Part and Inventory Search

Sponsor

Back
Top