|
|
Question : Problem: Got VPN to connect but can't ping PCs or map drives
|
|
Here is my log on client:
10-04: 15:56:12.248 My Connections\New Connection - Initiating IKE Phase 1 (IP ADDR=XX.XX.178.153) 10-04: 15:56:12.689 My Connections\New Connection - SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID 5x) 10-04: 15:56:15.753 My Connections\New Connection - RECEIVED<<< ISAKMP OAK AG (SA, KE, NON, ID, HASH, VID, NAT-D 3x) 10-04: 15:56:15.753 My Connections\New Connection - Peer is NAT-T draft-01 capable 10-04: 15:56:15.753 My Connections\New Connection - NAT is detected for Client 10-04: 15:56:17.245 My Connections\New Connection - SENDING>>>> ISAKMP OAK AG *(HASH, NAT-D 2x, NOTIFY:STATUS_INITIAL_CONTACT) 10-04: 15:56:17.245 My Connections\New Connection - Established IKE SA 10-04: 15:56:17.245 MY COOKIE d8 30 b8 43 1c c1 64 e 10-04: 15:56:17.245 HIS COOKIE ad 2 4f 84 9b 5f 9 9e 10-04: 15:56:18.867 My Connections\New Connection - Initiating IKE Phase 2 with Client IDs (message id: 321933D9) 10-04: 15:56:18.867 Initiator = IP ADDR=192.168.2.1, prot = 0 port = 0 10-04: 15:56:18.867 Responder = IP SUBNET/MASK=192.168.3.45/255.255.255.0, prot = 0 port = 0 10-04: 15:56:18.867 My Connections\New Connection - SENDING>>>> ISAKMP OAK QM *(HASH, SA, NON, KE, ID 2x) 10-04: 15:56:20.410 My Connections\New Connection - RECEIVED<<< ISAKMP OAK QM *(HASH, SA, NON, KE, ID 2x) 10-04: 15:56:20.420 My Connections\New Connection - Filter entry 3: SECURE 192.168.001.122&255.255.255.255 192.168.003.045&255.255.255.000 XX.XX.178.153 added. 10-04: 15:56:20.420 My Connections\New Connection - SENDING>>>> ISAKMP OAK QM *(HASH) 10-04: 15:56:20.510 My Connections\New Connection - Loading IPSec SA (Message ID = 321933D9 OUTBOUND SPI = E45CAC57 INBOUND SPI = 866EBC47) 10-04: 15:56:20.510 10-04: 15:56:22.933 My Connections\New Connection - RECEIVED<<< ISAKMP OAK INFO *(HASH, DEL) 10-04: 15:56:22.933 My Connections\New Connection - Deleting IKE SA (IP ADDR=XX.XX.178.153) 10-04: 15:56:22.933 MY COOKIE d8 30 b8 43 1c c1 64 e 10-04: 15:56:22.933 HIS COOKIE ad 2 4f 84 9b 5f 9 9e
My set up is as follows.
Winxp < Netgear pro safe VPN client < linksys befsr41 < Cable = internet = DSL > Netgear FVS318 v3 > server
Home local ip 192.168.1.122 ISP is dynamic I'm using a domain name VPNclient The internal network ip is 192.168.2.1 Office local ip is 192.168.3.1 (router) 192.168.3.5 (server) with a static ISP IP.
I can't find a firewall on either pc. I've opened ports 50, 51 and 500 on the linksys. Not sure if I need to on the netgear. (I'd like to point out that Linksys offers free techsupport for VPN where NETGEAR does NOT so DON'T BUY NETGEAR!!!)
I check the router VPN status and it does not show the VPN connection, it does show the log in on the status of the router( login of the internal IP). The client indicates there is a connection by showing the KEY on the icon. I can't ping from the client or router to any computers. I can't map drives either.
The connection monitor shows the connection but shows it expiring 5 min. after connection.
I know it got to be something simple. Please help. I've been working on this for a month.
Thanks Ray
|
Answer : Problem: Got VPN to connect but can't ping PCs or map drives
|
|
I had a look and few things to confirm:
On the router you chose remote VPN client not gateway Double checked shared Key Choose defaults, dynamic client, 3DES & SHA1 encryption ------------------------------------------------------------------------- When installing the client software : You choose install IPSec rather than Virtual adapter Check your computer to see if the IPSec service is running in the management console
On the first 'page' of the client configuration page should have Policy identity 192.168.3.0, 255.255.255.0 (I noticed the example says 192.168.3.1 no!) connect using secure gateway tunnel ID type IP address and the WAN IP of the office location. (Can you confirm this IP is correct)
My Identity page Id Type -IP address, leave address blank Virtual adapter disabled Internal Interface any Make sure you enter the pre shared key
Security page They suggest Main Mode but I would shoose Agressive. Go with their suggestion but if no luck try switching
Proposal pages defaults making sure encryption matches router 3DES and SHA-1 ---------------------------------------------------------------------- See if there are any discrepancies above. Then try and connect. Right clicking on the connection icon on the desktop will allow you to open the connection monitor and log file. The log file will tell all if you can read it. a large part of it still doesn't mean much to me.
I noticed another discussion on this site regarding this client you might want to look at for similar problems. http://www.experts-exchange.com/Networking/Broadband/VPN/Q_21056801.html
|
|
|
|