Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations biv343 on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

win2000 IPSec to Netgear FVS318 VPN issue

Status
Not open for further replies.
msworld

msworld

MIS
Jun 28, 2005
534
US
I am testing and trying to setup a VPN between Netgear FVS318 and Windows 2000 using Microsoft IPSec. From FVS318 VPN status and log, it seems that I can establish the connection (this is the print screen of the VPN status ), but the ping remote IP receive “Negotiating IP security” and ipsecmon displays “sent” only and no “Received” (see the print screen of the ipsecmon, ). The below are the VPN log. Any suggestion why I can’t ping the remote IP and no access to the remote computers?

Tues, 06/28/2005 16:42:17 - FVS318 IKE:[BobOffice_tmp36] RX << QM_I2 : 64.xxx.xxx.xxx
Tues, 06/28/2005 16:42:17 - FVS318 IPsec: ESP(DES-CBC MD5)
Tues, 06/28/2005 16:42:17 - FVS318 IKE:[BobOffice_tmp36] established with 64.xxx.xxx.xxx successfully
Tues, 06/28/2005 16:42:17 - FVS318 IPsec:inserting event EVENT_SA_EXPIRE, timeout in 3780 seconds for #3
Tues, 06/28/2005 16:42:17 - FVS318 IPsec:STATE_QUICK_R2: IPsec SA established

Bob Lin, MS-MVP, MCSE & CNE
How to Setup Windows, Network, VPN & Remote Access on
 
Sort by date Sort by votes
Problem solved. here is the details,

Case Study - Setup a VPN between Netgear FVS318 and Windows 2000

Situation: when testing and trying to setup a VPN between Netgear FVS318 and Windows 2000 using Microsoft IPSec, we can establish the connection (Figure ), but the ping remote IP receive “Negotiating IP security” and ipsecmon displays “sent” only and no “Received” (Figure). The below are the VPN log.

Tues, 06/28/2005 16:42:17 - FVS318 IKE:[BobOffice_tmp36] RX << QM_I2 : 64.xxx.xxx.xxx
Tues, 06/28/2005 16:42:17 - FVS318 IPsec: ESP(DES-CBC MD5)
Tues, 06/28/2005 16:42:17 - FVS318 IKE:[BobOffice_tmp36] established with 64.xxx.xxx.xxx successfully
Tues, 06/28/2005 16:42:17 - FVS318 IPsec:inserting event EVENT_SA_EXPIRE, timeout in 3780 seconds for #3
Tues, 06/28/2005 16:42:17 - FVS318 IPsec:STATE_QUICK_R2: IPsec SA established

Troubleshooting: 1. Make sure the UDP port 500 is open.
2. Phase 1 and 2 are establshied.

3. The PreShared Keys match each other.

4. The VPN client can reach the VPN server but not return back.

Resolution: Based on the following pages, we open IP Protocol 50 and 51 on the Firewall. It works.

ipsec
The ports need to open for IPSec Time out when using ping command Troubleshooting
IPSec. IPSec for Windows. Internet Protocol Security (IPSec) is supported ...

ports
Resolution: Run netstat -a command that will shows all active ports. ... VPN:
uses TCP Port 1723, IP Protocol 47 (GRE); L2TP: UDP Port 1701; IPSec: UDP 500, ...




Bob Lin, MS-MVP, MCSE & CNE
How to Setup Windows, Network, VPN & Remote Access on
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

teknance
  • Locked
  • Question
Discovering Portugal: Uncover Hidden Destinations and VPN Solutions
Replies
5
Views
686
GlobeTrekkerGal
GlobeTrekkerGal
MP2023
  • Locked
  • Question
How to Create an site to site VPN
Replies
1
Views
474
sircles
sircles
sarahz2
  • Locked
  • Question
Best vpn safe and fast
Replies
4
Views
514
GlobeTrekkerGal
GlobeTrekkerGal
ramblingrebel
  • Locked
  • Question
Built-in Windows 10 VPN
Replies
1
Views
422
Joon Smith
Joon Smith
F
  • Locked
  • Solved
some IP Phone not working over site-to-site OpenVPN, packets modified on other side of tunnel
Replies
1
Views
2K
FrankSider12
F

Part and Inventory Search

Sponsor

Back
Top