Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VPN Big problem

Status
Not open for further replies.
rolman

rolman

Vendor
Jul 2, 2002
57
SG
Hi all, I'm totally new and dumb to this NetScreen stuff,

Need urgent help SOS to my below problem :

My customer NetScreen Firewall and VPN is configured by ex-administrator. Now everything dumped to me, a total newbabie, to this Netscreen.

My customer is having problem using the VPN. Below is the log:

4-24: 15:52:32.407 SafeNet VPN Client Version 10.3.3 (Build 4).
4-24: 15:52:34.510 No Interfaces detected.
4-24: 15:52:34.540 Filter table loaded.
4-24: 15:52:45.025 Interface added: 192.168.1.103/255.255.255.0 on LAN "Intel(R) PRO/Wireless LAN 2100 3B Mini PCI Adapter".
4-24: 15:55:30.623 Filter table loaded.
4-24: 15:55:41.309
4-24: 15:55:43.892 My Connections\XX VPN Tunnel - Initiating IKE Phase 1 (IP ADDR=xxx.xxx.xxx.xx)
4-24: 15:55:45.104 My Connections\XX VPN Tunnel - SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID 6x)
4-24: 15:55:45.244 My Connections\XX VPN Tunnel - RECEIVED<<< ISAKMP OAK AG (SA, VID 3x, KE, NON, ID, HASH)
4-24: 15:55:45.414 My Connections\XX VPN Tunnel - SENDING>>>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_REPLAY_STATUS, NOTIFY:STATUS_INITIAL_CONTACT)
4-24: 15:55:45.424 My Connections\XX VPN Tunnel - Established IKE SA
4-24: 15:55:45.424 MY COOKIE f6 91 f3 96 82 69 ca 44
4-24: 15:55:45.424 HIS COOKIE d0 fe b0 3 3e ef b7 99
4-24: 15:55:45.475 My Connections\XX VPN Tunnel - RECEIVED<<< ISAKMP OAK TRANS *(HASH, ATTR)
4-24: 15:55:51.633 My Connections\XX VPN Tunnel - SENDING>>>> ISAKMP OAK TRANS *(HASH, ATTR)
4-24: 15:55:51.653 My Connections\XX VPN Tunnel - RECEIVED<<< ISAKMP OAK TRANS *(HASH, ATTR)
4-24: 15:55:51.653 My Connections\XX VPN Tunnel - IKE Extended Authentication successful.
4-24: 15:55:51.663 My Connections\XX VPN Tunnel - SENDING>>>> ISAKMP OAK TRANS *(HASH, ATTR)
4-24: 15:55:51.764 My Connections\XX VPN Tunnel - Initiating IKE Phase 2 with Client IDs (message id: 8C7A08BA)
4-24: 15:55:51.764 Initiator = IP ADDR=0.0.0.0, prot = 0 port = 0
4-24: 15:55:51.764 Responder = IP SUBNET/MASK=172.xx.xx.0/255.255.255.0, prot = 0 port = 0
4-24: 15:55:51.764 My Connections\XX VPN Tunnel - SENDING>>>> ISAKMP OAK QM *(HASH, SA, NON, ID 2x)
4-24: 15:55:51.804 My Connections\XX VPN Tunnel - RECEIVED<<< ISAKMP OAK QM *(HASH, SA, NON, ID 2x, NOTIFY:STATUS_RESP_LIFETIME)
4-24: 15:55:51.804 Cannot match Local Responder's Phase 2 ID IP SUBNET/MASK=172.xx.xx.0/255.255.255.0
4-24: 15:55:51.804 My Connections\XX VPN Tunnel - SENDING>>>> ISAKMP OAK INFO *(HASH, NOTIFY:INVALID_ID_INFO)
4-24: 15:55:51.814 My Connections\XX VPN Tunnel - Error validating Proxy IDs.
4-24: 15:55:55.889 My Connections\XX VPN Tunnel - RECEIVED<<< ISAKMP OAK QM *(HASH, 107)
4-24: 15:55:55.889 My Connections\XX VPN Tunnel - Received malformed message or negotiation no longer active (message id: 8C7A08BA)
4-24: 15:55:59.875 My Connections\XX VPN Tunnel - RECEIVED<<< ISAKMP OAK QM *(HASH, 107)
4-24: 15:55:59.875 My Connections\XX VPN Tunnel - Received malformed message or negotiation no longer active (message id: 8C7A08BA)
4-24: 15:56:03.871 My Connections\XX VPN Tunnel - RECEIVED<<< ISAKMP OAK QM *(HASH, 107)
4-24: 15:56:03.871 My Connections\XX VPN Tunnel - Received malformed message or negotiation no longer active (message id: 8C7A08BA)
4-24: 15:56:07.867 My Connections\XX VPN Tunnel - RECEIVED<<< ISAKMP OAK QM *(HASH, 107)
4-24: 15:56:07.867 My Connections\XX VPN Tunnel - Received malformed message or negotiation no longer active (message id: 8C7A08BA)
4-24: 15:56:11.872 My Connections\XX VPN Tunnel - RECEIVED<<< ISAKMP OAK QM *(HASH, 107)
4-24: 15:56:11.872 Connections\XX VPN Tunnel - Received malformed message or negotiation no longer active (message id: 8C7A08BA)
4-24: 15:56:15.858 Connections\XX VPN Tunnel - RECEIVED<<< ISAKMP OAK QM *(HASH, 107)
4-24: 15:56:15.858 Connections\XX VPN Tunnel - Received malformed message or negotiation no longer active (message id: 8C7A08BA)
4-24: 15:56:19.844 Connections\XX VPN Tunnel - RECEIVED<<< ISAKMP OAK QM *(HASH, 107)
4-24: 15:56:19.844 My Connections\XX VPN Tunnel - Received malformed message or negotiation no longer active (message id: 8C7A08BA)
4-24: 15:56:23.840 My Connections\XX VPN Tunnel - RECEIVED<<< ISAKMP OAK INFO *(HASH, DEL)
4-24: 15:57:16.886 My Connections\XX VPN Tunnel - RECEIVED<<< ISAKMP OAK INFO *(HASH, DEL)
4-24: 15:57:16.886 My Connections\XX VPN Tunnel - Deleting IKE SA (IP ADDR=xxx.xxx.xxx.xx)
4-24: 15:57:16.886 MY COOKIE f6 91 f3 96 82 69 ca 44
4-24: 15:57:16.886 HIS COOKIE d0 fe b0 3 3e ef b7 99
 
Sort by date Sort by votes
The answer is here:

4-24: 15:55:51.804 Cannot match Local Responder's Phase 2 ID IP SUBNET/MASK=172.xx.xx.0/255.255.255.0
4-24: 15:55:51.804 My Connections\XX VPN Tunnel - SENDING>>>> ISAKMP OAK INFO *(HASH, NOTIFY:INVALID_ID_INFO)
4-24: 15:55:51.814 My Connections\XX VPN Tunnel - Error validating Proxy IDs.

You have a proxy ID mismatch. Either your client has incorrect remote network setting or your FW on the corp side has incorrect proxy ID configured. This is part of Phase2 negotations.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
806
intel233
intel233
ISDPCMAN
  • Locked
  • Question
RDP fails over VPN
Replies
1
Views
324
gkittelson
gkittelson
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
954
Shmid
Shmid
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
256
WhosYourDiffie
WhosYourDiffie
ITSUPPORTIT
  • Locked
  • Question
VPN from ASA 5510 and RV215W problem
Replies
0
Views
207
ITSUPPORTIT
ITSUPPORTIT

Part and Inventory Search

Sponsor

Back
Top