Hi,
I have a NetVanta 3120 and I am attempting to set up a VPN and using the NetVanta Secure VPN Client. I can't seem to get this working. It seems like I am close though. I have attached the error message I am receiving. The error is in red. Any help would be appreciated. Thanks.
2/11/2013 3:07:36 PM IPSec: Start building connection
2/11/2013 3:07:36 PM Ike: Outgoing connect request AGGRESSIVE mode - gateway=70.171.192.30 : ATSolutionsVPN
2/11/2013 3:07:36 PM Ike: XMIT_MSG1_AGGRESSIVE - ATSolutionsVPN
2/11/2013 3:07:38 PM Ike: RECV_MSG2_AGGRESSIVE - ATSolutionsVPN
2/11/2013 3:07:38 PM Ike: IKE phase I: Setting LifeTime to 28800 seconds
2/11/2013 3:07:38 PM Ike: Turning on XAUTH mode - ATSolutionsVPN
2/11/2013 3:07:38 PM Ike: IkeSa negotiated with the following properties -
2/11/2013 3:07:38 PM IPSec: Final Tunnel EndPoint is:070.171.192.030
2/11/2013 3:07:38 PM Authentication=XAUTH_INIT_PSK,Encryption=AES,Hash=MD5,DHGroup=2,KeyLen=256
2/11/2013 3:07:38 PM Ike: ATSolutionsVPN ->Support for NAT-T version - 2
2/11/2013 3:07:38 PM Ike: Turning on NATD mode - ATSolutionsVPN - 1
2/11/2013 3:07:38 PM Ike: Turning on ADTRAN mode
2/11/2013 3:07:38 PM Ike: XMIT_MSG3_AGGRESSIVE - ATSolutionsVPN
2/11/2013 3:07:38 PM Ike: IkeSa negotiated with the following properties -
2/11/2013 3:07:38 PM Authentication=XAUTH_INIT_PSK,Encryption=AES,Hash=MD5,DHGroup=2,KeyLen=256
2/11/2013 3:07:38 PM Ike: Turning on DPD mode - ATSolutionsVPN
2/11/2013 3:07:38 PM Ike: phase1:name(ATSolutionsVPN) - connected
2/11/2013 3:07:38 PM SUCCESS: IKE phase 1 ready
2/11/2013 3:07:38 PM IPSec: Phase1 is Ready,AdapterIndex=203,IkeIndex=36,LocTepIpAdr=192.168.46.70,AltRekey=1
2/11/2013 3:07:38 PM IkeXauth: RECV_XAUTH_REQUEST
2/11/2013 3:07:38 PM IkeXauth: XMIT_XAUTH_REPLY
2/11/2013 3:07:39 PM IkeXauth: RECV_XAUTH_SET
2/11/2013 3:07:39 PM IkeXauth: XMIT_XAUTH_ACK
2/11/2013 3:07:39 PM IkeCfg: name <ATSoluti> - IkeXauth: enter state open
2/11/2013 3:07:39 PM SUCCESS: Ike Extended Authentication is ready
2/11/2013 3:07:39 PM IPSec: Quick Mode is Ready: IkeIndex = 00000024 , VpnSrcPort = 10954
2/11/2013 3:07:40 PM IkeQuick: XMIT_MSG1_QUICK - ATSolutionsVPN
2/11/2013 3:07:59 PM Ike: NOTIFY : ATSolutionsVPN : SENT : NOTIFY_MSG_R_U_HERE : 36136
2/11/2013 3:07:59 PM Ike: NOTIFY : ATSolutionsVPN : RECEIVED : NOTIFY_MSG_R_U_HERE_ACK : 36137
2/11/2013 3:07:59 PM IkeQuick: phase2:name(ATSolutionsVPN) - error - cleared by phase1
2/11/2013 3:07:59 PM ERROR - 4037: IKE(phase2):Waiting for message2, cleared by phase1 - ATSolutionsVPN.
2/11/2013 3:07:59 PM IpsDial: From Ikemgr - Remote is denied request for an IPSec SA, AdapterIndex=203
2/11/2013 3:07:59 PM IPS
Thank you for asking this question in the support community. When you get a chance, will you please reply and attach a current copy of the NetVanta 3120 configuration (please, remember to remove any information that might be sensitive to the organization)? In addition to the configuration, will you also attach the output of the debug crypto ike command from the NV3120, so I can see where the debug is failing on the router?
I hope that makes sense, but please do not hesitate to reply to this post with any questions or additional information.
Levi
From your log it seems that the Phase 1 IKE negotiation is successful, but Phase 2 IPSec fails. First thing to check would be that the IPSec parameters on the router match exactly the IPSec parameters you set up on the client.
--
Regards,
Mick
I went ahead and flagged this post as "Assumed Answered". If any of the responses on this thread assisted you, please mark them as Correct or Helpful as the case may be with the applicable buttons. This will make them visible and help other members of the community find solutions more easily. If you have any additional information on this that others may benefit from, please come back to this post to provide an update. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.
Thanks,
Noor