VPN trouble with Netgear FVS336Gv1

**Emiliana** · 23-09-2011

This VPN has worked before, but in recent months has given me problem and now does not work at all. Both FVS336Gs the report of the VPN, but the network resources that should be available through the VPN are not accessible (at each end, we have tried both ways). Not sure if there is a problem with our network or VPN settings, or if we are experiencing a device failure.

Here are the records of the most recent attempt to VPN

Code:

2011 Sep 22 16:00:06 [FVS336G] [IKE] ISAKMP-SA established for 65.13.x.x[500]-68.71.x.x[500] with spi:a95b3be27017316d:2763b6453cb3f978_
2011 Sep 22 17:00:06 [FVS336G] [IKE] NAT not detected _
2011 Sep 22 17:00:06 [FVS336G] [IKE] NAT-D payload matches for 68.71.x.x[500]_
2011 Sep 22 17:00:06 [FVS336G] [IKE] NAT-D payload matches for 65.13.x.x[500]_
2011 Sep 22 17:00:06 [FVS336G] [IKE] Received Vendor ID: KAME/racoon_
2011 Sep 22 17:00:05 [FVS336G] [IKE] For 68.71.x.x[500], Selected NAT-T version: RFC XXXX_
2011 Sep 22 17:00:05 [FVS336G] [IKE] Received Vendor ID: KAME/racoon_
2011 Sep 22 17:00:05 [FVS336G] [IKE] DPD is Enabled_
2011 Sep 22 17:00:05 [FVS336G] [IKE] Received Vendor ID: DPD_
2011 Sep 22 17:00:05 [FVS336G] [IKE] Received Vendor ID: RFC XXXX_
2011 Sep 22 17:00:05 [FVS336G] [IKE] Setting DPD Vendor ID_
2011 Sep 22 17:00:05 [FVS336G] [IKE] Beginning Identity Protection mode._
2011 Sep 22 17:00:05 [FVS336G] [IKE] Initiating new phase 1 negotiation: 65.13.x.x[500]<=>68.71.x.x[500]_
2011 Sep 22 17:00:05 [FVS336G] [IKE] Configuration found for 68.71.x.x._
2011 Sep 22 17:00:05 [FVS336G] [IKE] accept a request to establish IKE-SA: 68.71.x.x_

**HiSpeed** · 23-09-2011

I observe only public ip on both ends. can you tell me your lan subnet ip

**Emiliana** · 23-09-2011

LAN settings on the local device from 192.168.1.0/24 DHCP 192.168.1.10 - 192.168.1.99.LAN settings on the remote device is 192.168.2.0/24 No-DHCP.

Another thing I noticed is that if I initiate a VPN hand, the VPN is established and I have no VPN log entries similar (or exactly) the same as what I posted, but if I initiate the VPN from the other side, the tunnel VPN never connected correctly and I get this in the register of the device:

Code:

2011 Sep 22 17:07:19 [FVS336G] [IKE] Phase 1 negotiation failed due to time up for 65.13.247.238[500]. b155e42afaa5cfe6:0000000000000000_
2011 Sep 22 18:06:50 [FVS336G] [IKE] Phase 2 negotiation failed due to time up waiting for phase1. _
2011 Sep 22 18:06:50 [FVS336G] [IKE] Invalid SA protocol type: 0_
2011 Sep 22 18:06:18 [FVS336G] [IKE] Setting DPD Vendor ID_
2011 Sep 22 18:06:18 [FVS336G] [IKE] Beginning Identity Protection mode._
2011 Sep 22 18:06:18 [FVS336G] [IKE] Initiating new phase 1 negotiation: 68.71.97.212[500]<=>65.13.247.238[500]_
2011 Sep 22 18:06:18 [FVS336G] [IKE] Configuration found for 65.13.247.238._
2011 Sep 22 18:06:18 [FVS336G] [IKE] accept a request to establish IKE-SA: 65.13.247.238_

**BiGMaCHiNe** · 23-09-2011

Both are static WAN, yes that means the VPN policy.Yes, VPN policies accurately reflect each other. I had also heard that the zones can cause problems in IPSec configurations, so that both have the same time zone / time as well.

**Potawatomi** · 23-09-2011

I even do a factory reset on one of the devices and reconfigure all VPN parameters, with the same results.

The power of the other device was a loop a few times. I wanted to reiterate that seem to behave differently if starting the VPN tunnel from our remote device (as detailed above).

I deleted the VPN and IKE policies for both routers and re-created (either through the wizard or manually) several times .Now I've done it twice now and continually in the hope of user error is the culprit.

**Ottawa** · 23-09-2011

So they are able to work completely redone after the policy or do not work.

**Emiliana** · 23-09-2011

VPN tunnel does not work, ever. If you start the VPN tunnel on the local router, both routers "Say" the VPN tunnel is up but traffic not exchanged. If you start the VPN tunnel on the remote router, VPN tunnel never goes up; the VPN log contains the following:

Code:

2011 Sep 22 18:07:19 [FVS336G] [IKE] Phase 1 negotiation failed due to time up for 65.13.247.238[500]. b155e42afaa5cfe6:0000000000000000_
2011 Sep 22 18:06:50 [FVS336G] [IKE] Phase 2 negotiation failed due to time up waiting for phase1. _
2011 Sep 22 18:06:50 [FVS336G] [IKE] Invalid SA protocol type: 0_
2011 Sep 22 18:06:19 [FVS336G] [IKE] Setting DPD Vendor ID_
2011 Sep 22 18:06:19 [FVS336G] [IKE] Beginning Identity Protection mode._
2011 Sep 22 18:06:19 [FVS336G] [IKE] Initiating new phase 1 negotiation: 68.71.97.212[500]<=>65.13.247.238[500]_
2011 Sep 22 18:06:19 [FVS336G] [IKE] Configuration found for 65.13.247.238._
2011 Sep 22 18:06:19 [FVS336G] [IKE] accept a request to establish IKE-SA: 65.13.247.238_

**Wguy2008** · 23-09-2011

Try contacting Netgear support. Tell them All your problem. I am sure they will help you to resolve your Problem. If you require more help than please reply with your problem.