Hello, Wondering if you can shed some light on this one.... I set up the RV320 to do Group VPN....using Greenbow I can make the connection and traffic will flow across the tunnel.
Now when I go to connect using Shrew (2.2.2) It appears to complete the Phase1 negotiation and brings up the tunnel. But phase2 fails (No policy found), it seems like it is hanging trying to receive the IP address assignment information.... I have Policy Generation Level set to auto, but I have tried the others as well. I have checkmarks in the boxes for "Maintain Persistent..." and "Obtain topology automaticall....." 16/04/11 13:59:27 <A : peer config add message 16/04/11 13:59:27 <A : proposal config message 16/04/11 13:59:27 <A : proposal config message 16/04/11 13:59:27 <A : client config message 16/04/11 13:59:27 <A : local id 'webd2ms2.com' message 16/04/11 13:59:27 <A : preshared key message 16/04/11 13:59:27 <A : peer tunnel enable message 16/04/11 13:59:27 DB : peer added ( obj count = 1 ) 16/04/11 13:59:27 ii : local address 10.10.0.47 selected for peer 16/04/11 13:59:27 DB : tunnel added ( obj count = 1 ) 16/04/11 13:59:27 DB : new phase1 ( ISAKMP initiator ) 16/04/11 13:59:27 DB : exchange type is aggressive 16/04/11 13:59:27 DB : 10.10.0.47:500 <-> 10.10.0.71:500 16/04/11 13:59:27 DB : d0ac999371b5a847:0000000000000000 16/04/11 13:59:27 DB : phase1 added ( obj count = 1 ) 16/04/11 13:59:27 >> : security association payload 16/04/11 13:59:27 >> : - proposal #1 payload 16/04/11 13:59:27 >> : -- transform #1 payload 16/04/11 13:59:27 >> : key exchange payload 16/04/11 13:59:27 >> : nonce payload 16/04/11 13:59:27 >> : identification payload 16/04/11 13:59:27 >> : vendor id payload 16/04/11 13:59:27 ii : local is SHREW SOFT compatible 16/04/11 13:59:27 >> : vendor id payload 16/04/11 13:59:27 ii : local is NETSCREEN compatible 16/04/11 13:59:27 >> : vendor id payload 16/04/11 13:59:27 ii : local is SIDEWINDER compatible 16/04/11 13:59:27 >> : vendor id payload 16/04/11 13:59:27 ii : local is CISCO UNITY compatible 16/04/11 13:59:27 >= : cookies d0ac999371b5a847:0000000000000000 16/04/11 13:59:27 >= : message 00000000 16/04/11 13:59:27 -> : send IKE packet 10.10.0.47:500 -> 10.10.0.71:500 ( 376 bytes ) 16/04/11 13:59:27 DB : phase1 resend event scheduled ( ref count = 2 ) 16/04/11 13:59:27 <- : recv IKE packet 10.10.0.71:500 -> 10.10.0.47:500 ( 316 bytes ) 16/04/11 13:59:27 DB : phase1 found 16/04/11 13:59:27 ii : processing phase1 packet ( 316 bytes ) 16/04/11 13:59:27 =< : cookies d0ac999371b5a847:a23c3f962a3f4795 16/04/11 13:59:27 =< : message 00000000 16/04/11 13:59:27 << : security association payload 16/04/11 13:59:27 << : - propsal #1 payload 16/04/11 13:59:27 << : -- transform #1 payload 16/04/11 13:59:27 ii : matched isakmp proposal #1 transform #1 16/04/11 13:59:27 ii : - transform = ike 16/04/11 13:59:27 ii : - cipher type = aes 16/04/11 13:59:27 ii : - key length = 256 bits 16/04/11 13:59:27 ii : - hash type = sha1 16/04/11 13:59:27 ii : - dh group = group2 ( modp-1024 ) 16/04/11 13:59:27 ii : - auth type = psk 16/04/11 13:59:27 ii : - life seconds = 3600 16/04/11 13:59:27 ii : - life kbytes = 0 16/04/11 13:59:27 << : key exchange payload 16/04/11 13:59:27 << : nonce payload 16/04/11 13:59:27 << : identification payload 16/04/11 13:59:27 ii : phase1 id match 16/04/11 13:59:27 ii : received = ipv4-host 10.10.0.71 16/04/11 13:59:27 << : hash payload 16/04/11 13:59:27 << : vendor id payload 16/04/11 13:59:27 ii : peer is CISCO UNITY compatible 16/04/11 13:59:27 << : vendor id payload 16/04/11 13:59:27 ii : peer supports DPDv1 16/04/11 13:59:27 ii : nat-t is disabled locally 16/04/11 13:59:27 == : DH shared secret ( 128 bytes ) 16/04/11 13:59:27 == : SETKEYID ( 20 bytes ) 16/04/11 13:59:27 == : SETKEYID_d ( 20 bytes ) 16/04/11 13:59:27 == : SETKEYID_a ( 20 bytes ) 16/04/11 13:59:27 == : SETKEYID_e ( 20 bytes ) 16/04/11 13:59:27 == : cipher key ( 32 bytes ) 16/04/11 13:59:27 == : cipher iv ( 16 bytes ) 16/04/11 13:59:27 == : phase1 hash_i ( computed ) ( 20 bytes ) 16/04/11 13:59:27 >> : hash payload 16/04/11 13:59:27 >= : cookies d0ac999371b5a847:a23c3f962a3f4795 16/04/11 13:59:27 >= : message 00000000 16/04/11 13:59:27 >= : encrypt iv ( 16 bytes ) 16/04/11 13:59:27 == : encrypt packet ( 52 bytes ) 16/04/11 13:59:27 == : stored iv ( 16 bytes ) 16/04/11 13:59:27 DB : phase1 resend event canceled ( ref count = 1 ) 16/04/11 13:59:27 -> : send IKE packet 10.10.0.47:500 -> 10.10.0.71:500 ( 88 bytes ) 16/04/11 13:59:27 == : phase1 hash_r ( computed ) ( 20 bytes ) 16/04/11 13:59:27 == : phase1 hash_r ( received ) ( 20 bytes ) 16/04/11 13:59:27 ii : phase1 sa established 16/04/11 13:59:27 ii : 10.10.0.71:500 <-> 10.10.0.47:500 16/04/11 13:59:27 ii : d0ac999371b5a847:a23c3f962a3f4795 16/04/11 13:59:27 ii : sending peer INITIAL-CONTACT notification 16/04/11 13:59:27 ii : - 10.10.0.47:500 -> 10.10.0.71:500 16/04/11 13:59:27 ii : - isakmp spi = d0ac999371b5a847:a23c3f962a3f4795 16/04/11 13:59:27 ii : - data size 0 16/04/11 13:59:27 >> : hash payload 16/04/11 13:59:27 >> : notification payload 16/04/11 13:59:27 == : new informational hash ( 20 bytes ) 16/04/11 13:59:27 == : new informational iv ( 16 bytes ) 16/04/11 13:59:27 >= : cookies d0ac999371b5a847:a23c3f962a3f4795 16/04/11 13:59:27 >= : message 56c09db3 16/04/11 13:59:27 >= : encrypt iv ( 16 bytes ) 16/04/11 13:59:27 == : encrypt packet ( 80 bytes ) 16/04/11 13:59:27 == : stored iv ( 16 bytes ) 16/04/11 13:59:27 -> : send IKE packet 10.10.0.47:500 -> 10.10.0.71:500 ( 120 bytes ) 16/04/11 13:59:27 DB : config added ( obj count = 1 ) 16/04/11 13:59:27 ii : building config attribute list 16/04/11 13:59:27 ii : - IP4 Address 16/04/11 13:59:27 ii : - Address Expiry 16/04/11 13:59:27 ii : - IP4 Netmask 16/04/11 13:59:27 ii : - IP4 DNS Server 16/04/11 13:59:27 ii : - IP4 WINS Server 16/04/11 13:59:27 ii : - DNS Suffix 16/04/11 13:59:27 ii : - IP4 Split Network Include 16/04/11 13:59:27 ii : - IP4 Split Network Exclude 16/04/11 13:59:27 ii : - Login Banner 16/04/11 13:59:27 ii : - Application Version = Cisco Systems VPN Client 4.8.01.0300:WinNT 16/04/11 13:59:27 ii : - Firewall Type = CISCO-UNKNOWN 16/04/11 13:59:27 == : new config iv ( 16 bytes ) 16/04/11 13:59:27 ii : sending config pull request 16/04/11 13:59:27 >> : hash payload 16/04/11 13:59:27 >> : attribute payload 16/04/11 13:59:27 == : new configure hash ( 20 bytes ) 16/04/11 13:59:27 >= : cookies d0ac999371b5a847:a23c3f962a3f4795 16/04/11 13:59:27 >= : message 6460bfc1 16/04/11 13:59:27 >= : encrypt iv ( 16 bytes ) 16/04/11 13:59:27 == : encrypt packet ( 158 bytes ) 16/04/11 13:59:27 == : stored iv ( 16 bytes ) 16/04/11 13:59:27 -> : send IKE packet 10.10.0.47:500 -> 10.10.0.71:500 ( 200 bytes ) 16/04/11 13:59:27 DB : config resend event scheduled ( ref count = 2 ) 16/04/11 13:59:27 DB : phase2 not found 16/04/11 13:59:32 -> : resend 1 config packet(s) [0/2] 10.10.0.47:500 -> 10.10.0.71:500 16/04/11 13:59:37 -> : resend 1 config packet(s) [1/2] 10.10.0.47:500 -> 10.10.0.71:500 16/04/11 13:59:42 -> : resend 1 config packet(s) [2/2] 10.10.0.47:500 -> 10.10.0.71:500 16/04/11 13:59:47 ii : resend limit exceeded for config exchange 16/04/11 13:59:47 DB : config deleted ( obj count = 0 ) 16/04/11 14:00:14 <A : peer tunnel disable message 16/04/11 14:00:14 DB : policy not found 16/04/11 14:00:14 DB : policy not found 16/04/11 14:00:14 DB : removing tunnel config references 16/04/11 14:00:14 DB : removing tunnel phase2 references 16/04/11 14:00:14 DB : removing tunnel phase1 references 16/04/11 14:00:14 DB : phase1 soft event canceled ( ref count = 3 ) 16/04/11 14:00:14 DB : phase1 hard event canceled ( ref count = 2 ) 16/04/11 14:00:14 DB : phase1 dead event canceled ( ref count = 1 ) 16/04/11 14:00:14 ii : sending peer DELETE message 16/04/11 14:00:14 ii : - 10.10.0.47:500 -> 10.10.0.71:500 16/04/11 14:00:14 ii : - isakmp spi = d0ac999371b5a847:a23c3f962a3f4795 16/04/11 14:00:14 ii : - data size 0 16/04/11 14:00:14 >> : hash payload 16/04/11 14:00:14 >> : delete payload 16/04/11 14:00:14 == : new informational hash ( 20 bytes ) 16/04/11 14:00:14 == : new informational iv ( 16 bytes ) 16/04/11 14:00:14 >= : cookies d0ac999371b5a847:a23c3f962a3f4795 16/04/11 14:00:14 >= : message 0a12125a 16/04/11 14:00:14 >= : encrypt iv ( 16 bytes ) 16/04/11 14:00:14 == : encrypt packet ( 80 bytes ) 16/04/11 14:00:14 == : stored iv ( 16 bytes ) 16/04/11 14:00:14 -> : send IKE packet 10.10.0.47:500 -> 10.10.0.71:500 ( 120 bytes ) 16/04/11 14:00:14 ii : phase1 removal before expire time 16/04/11 14:00:14 DB : phase1 deleted ( obj count = 0 ) 16/04/11 14:00:14 DB : tunnel deleted ( obj count = 0 ) 16/04/11 14:00:14 DB : removing all peer tunnel references 16/04/11 14:00:14 DB : peer deleted ( obj count = 0 ) 16/04/11 14:00:14 ii : ipc client process thread exit ... Thank you for any help you can provide. ------------------------------------------------------------------------ ------------ Seth Dunn Network Administrator EFT Corporation | Donation-Net, Inc. Divisions of Dynamic Management Systems, Inc. 1210 Progressive Drive, Suite 101 Chesapeake, VA 23320 P: 800.397.4755 Ext. 460 F: 703.997.2254 E: [email protected] <BLOCKED::mailto:[email protected]> This email transmission and any attachments are for the sole use of the intended recipient(s) and may contain confidential and privileged information that is the sole property of Dynamic Management Systems, Inc. and its holdings (EFT Corporation and Donation-Net, Inc.). Any unauthorized review, use, disclosure or distribution is prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and destroy all copies including any attachments.
_______________________________________________ vpn-help mailing list [email protected] https://lists.shrew.net/mailman/listinfo/vpn-help
