Results 1 to 3 of 3

Thread: VPN with IPSec

  1. #1

    Default



    I'm trying to do a VPN connection between 2 Quadros which both of them are behind a ADSL device. The remote Quadro is set as a Roadwarrior.


    When I use the Local subnet <> Remote Subnet option, the connection is successful and any device in the local subnet can reach any other in the remote subnet except for the Quadros.


    When I select in addition the Quadro<>Remote Subnet for the local Quadro, and Local subnet<>Remote Gateway for the remote Quadro, I get an error and the connection is not possible.


    Do you have any suggestions? Thanks

  2. #2

    Default



    These are the message I receive from the local Quadro:


    "top_4-BOTH_SUBNET"[1] 189.141.159.233 #22: responding to Main Mode from unknown peer 189.141.159.233
    "top_4-BOTH_SUBNET"[1] 189.141.159.233 #22: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-00: both are NATed
    "top_4-BOTH_SUBNET"[1] 189.141.159.233 #22: Warning: peer is NATed but source port is still udp/500. Ipsec-passthrough NAT device suspected -- NAT-T may not work.
    "top_4-BOTH_SUBNET"[1] 189.141.159.233 #22: WARNING: compute_dh_shared(): for OAKLEY_GROUP_MODP1024 took 449376 usec
    "top_4-DESTINATION_SUBNET"[1] 189.141.159.233 #22: deleting connection "top_4-BOTH_SUBNET" instance with peer 189.141.159.233
    "top_4-DESTINATION_SUBNET"[1] 189.141.159.233 #22: sent MR3, ISAKMP SA established
    "top_4-DESTINATION_SUBNET"[1] 189.141.159.233 #22: cannot respond to IPsec SA request because no connection is known for 172.30.0.0/16===172.16.0.5...189.141.159.233[192.168.1.28]===172.31.0.0/16
    "top_4-DESTINATION_SUBNET"[1] 189.141.159.233 #22: sending encrypted notification INVALID_ID_INFORMATION to 189.141.159.233:500
    "top_4-DESTINATION_SUBNET"[1] 189.141.159.233 #22: cannot respond to IPsec SA request because no connection is known for 189.144.52.238/32===172.16.0.5...189.141.159.233[192.168.1.28]===172.31.0.0/16
    "top_4-DESTINATION_SUBNET"[1] 189.141.159.233 #22: sending encrypted notification INVALID_ID_INFORMATION to 189.141.159.233:500
    "top_4-DESTINATION_SUBNET"[1] 189.141.159.233 #22: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x1ba26fa2 (perhaps this is a duplicated packet)
    "top_4-DESTINATION_SUBNET"[1] 189.141.159.233 #22: sending encrypted notification INVALID_MESSAGE_ID to 189.141.159.233:500
    "top_4-DESTINATION_SUBNET"[1] 189.141.159.233 #22: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xb62b2260 (perhaps this is a duplicated packet)
    "top_4-DESTINATION_SUBNET"[1] 189.141.159.233 #22: sending encrypted notification INVALID_MESSAGE_ID to 189.141.159.233:500
    "top_4-DESTINATION_SUBNET"[1] 189.141.159.233 #22: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x1ba26fa2 (perhaps this is a duplicated packet)
    "top_4-DESTINATION_SUBNET"[1] 189.141.159.233 #22: sending encrypted notification INVALID_MESSAGE_ID to 189.141.159.233:500
    "top_4-DESTINATION_SUBNET"[1] 189.141.159.233 #22: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xb62b2260 (perhaps this is a duplicated packet)
    "top_4-DESTINATION_SUBNET"[1] 189.141.159.233 #22: sending encrypted notification INVALID_MESSAGE_ID to 189.141.159.233:500
    "top_4-BOTH_SUBNET": terminating SAs using this connection



    ThanksEdited by: mpeniche

  3. #3

    Default



    If both your devices are NAT-ed, then you normally cannot have a VPN connection where any of the VPN gateways is involved. So, the subnet to subnet connection you successfully created is probably the maximum you can get.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. IPSec LAN routing when not gateway
    By tritek in forum 'How Do I' Questions
    Replies: 2
    Last Post: 10-04-2007, 11:59 AM
  2. Ipsec VPN
    By cpv123 in forum Troubleshooting and Problems
    Replies: 2
    Last Post: 03-16-2007, 08:22 AM
  3. IPSec VPN though Quadro
    By mwitmer in forum Troubleshooting and Problems
    Replies: 0
    Last Post: 11-19-2006, 06:48 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •