Sirsmilealot
Technical User
Dear All,
I am using two VPN capable devices: the Zyxel Prestige 334 and the Symantec Gateway Security 360R, across Spain and England. Problem is, I cannot establish a VPN connection.
Having tinkered on for several months now, I'm writing here in the hope that someone may be able to help me! In brief, one site has a static IP address and the other uses Dynamic DNS.
Each of the VPN devices are aware of their public WAN IP address and a normal HTTP connection can be made beyond these units at both sites - this proves that there is no issue with connectivity to the Internet.
For some reason, when pinging across from either side, although the ping times out (showing no connection), it is interesting to note that only the Zyxel unit attempts to establish a connection. The Symantec unit makes no effort to initiate a connection.
Nonetheless, I have cross checked on numerous occasions the configuration of each unit as to make sure they correspond with one another. One problem is that I cannot retrieve the Phase 1 parameters from the Symantec unit - you cannot configure these. You can, however, on the Zyxel unit, therefore it really is a guessing game!
When I check the log on the Symantec unit - this is what I get:
08/07/2007 18:56:59.99 Wan Client - Terminating connection
08/07/2007 18:56:59.99 Wan Client - Terminating connection
08/07/2007 18:56:59.99 Wan Client - Sending ISAKMP OAK INFO (Notification IKE SA)
08/07/2007 18:56:59.99 Wan Client - state transition function for STATE_AGGR_R0 failed: INVALID_ID_INFORMATION
08/07/2007 18:56:59.99 Wan Client - STATE_AGGR_R1: INVALID_ID_INFORMATION
08/07/2007 18:56:59.99 Wan Client - ERR: no suitable connection for peer '81.37.88.113'
08/07/2007 18:56:59.99 Wan Client - Responding to Aggressive Mode from Remote Peer 81.37.88.113
This log would suggest the problem lies with the ID info, though as I mentioned earlier, I have already checked all of these details.
If you would like me to post my configuration details for each end, please let me know.
I will appreciate any support you may be able to offer me.
Kindest Regards,
Paul.
I am using two VPN capable devices: the Zyxel Prestige 334 and the Symantec Gateway Security 360R, across Spain and England. Problem is, I cannot establish a VPN connection.
Having tinkered on for several months now, I'm writing here in the hope that someone may be able to help me! In brief, one site has a static IP address and the other uses Dynamic DNS.
Each of the VPN devices are aware of their public WAN IP address and a normal HTTP connection can be made beyond these units at both sites - this proves that there is no issue with connectivity to the Internet.
For some reason, when pinging across from either side, although the ping times out (showing no connection), it is interesting to note that only the Zyxel unit attempts to establish a connection. The Symantec unit makes no effort to initiate a connection.
Nonetheless, I have cross checked on numerous occasions the configuration of each unit as to make sure they correspond with one another. One problem is that I cannot retrieve the Phase 1 parameters from the Symantec unit - you cannot configure these. You can, however, on the Zyxel unit, therefore it really is a guessing game!
When I check the log on the Symantec unit - this is what I get:
08/07/2007 18:56:59.99 Wan Client - Terminating connection
08/07/2007 18:56:59.99 Wan Client - Terminating connection
08/07/2007 18:56:59.99 Wan Client - Sending ISAKMP OAK INFO (Notification IKE SA)
08/07/2007 18:56:59.99 Wan Client - state transition function for STATE_AGGR_R0 failed: INVALID_ID_INFORMATION
08/07/2007 18:56:59.99 Wan Client - STATE_AGGR_R1: INVALID_ID_INFORMATION
08/07/2007 18:56:59.99 Wan Client - ERR: no suitable connection for peer '81.37.88.113'
08/07/2007 18:56:59.99 Wan Client - Responding to Aggressive Mode from Remote Peer 81.37.88.113
This log would suggest the problem lies with the ID info, though as I mentioned earlier, I have already checked all of these details.
If you would like me to post my configuration details for each end, please let me know.
I will appreciate any support you may be able to offer me.
Kindest Regards,
Paul.
