 |
|
|
|
| Autor |
Nachricht |
X00m
Anmeldungsdatum: 05.12.2011
Beiträge: 1
|
 Verfasst am:
Mo 05 Dez, 2011 22:53 |
  |
|
Hallo,
ich bekomme meine VPN-Strecke von einem Client mit Shrew VPN zum Lancom 1751 nicht hin. Ich habe es nach der Anleitung hier im Forum gemacht. Erst ist die Verbindung "enabled" und ich bekomme auch meine IP-Adresse. Ich kann aber kein Gerät innerhalb des LAN pingen. Ca. 60 Sekunden später bricht die Verbindung ab. Der Lancom-Router steht hinter einem weiteren Router. Die Ports UDP 500 + 4500 werden an den Lancom durchgereicht.
Hier einmal der VPN-Trace:
| Code:
|
[VPN-Status] 2011/12/05 21:42:17,087 Devicetime: 1900/01/18 23:25:34,020
IKE info: Phase-2 [responder] done with 2 SAS for peer CLIENT-001 rule ipsec-0-DEATHVALLEY-pr0-l0-r0
IKE info: rule:' ipsec 0.0.0.0/0.0.0.0 <-> 192.168.2.200/255.255.255.255 '
IKE info: SA ESP [0xb4a49291] alg AES keylength 256 +hmac HMAC_MD5 outgoing
IKE info: SA ESP [0x180932a1] alg AES keylength 256 +hmac HMAC_MD5 incoming
IKE info: life soft( 3240 sec/0 kb) hard (3600 sec/0 kb)
IKE info: tunnel between src: 192.168.2.2 dst: 85.117.47.128
[VPN-Status] 2011/12/05 21:42:17,087 Devicetime: 1900/01/18 23:25:34,020
VPN: WAN state changed to WanCalled for CLIENT-001 (85.117.47.128), called by: 001f9707
[VPN-Status] 2011/12/05 21:42:17,087 Devicetime: 1900/01/18 23:25:34,020
VPN: disconnect CLIENT-001 (physical channel already disconnected)
[VPN-Status] 2011/12/05 21:42:17,087 Devicetime: 1900/01/18 23:25:34,020
VPN: Disconnect info: invalid-physical-channel (0x4305) for CLIENT-001 (85.117.47.128)
[VPN-Status] 2011/12/05 21:42:17,087 Devicetime: 1900/01/18 23:25:34,020
vpn-maps[20], remote: DEATHVALLEY, idle, static-name
[VPN-Status] 2011/12/05 21:42:17,087 Devicetime: 1900/01/18 23:25:34,020
selecting next remote gateway using strategy eFirst for DEATHVALLEY
=> no remote gateway selected
[VPN-Status] 2011/12/05 21:42:17,087 Devicetime: 1900/01/18 23:25:34,020
selecting first remote gateway using strategy eFirst for DEATHVALLEY
=> no remote gateway selected
[VPN-Status] 2011/12/05 21:42:17,087 Devicetime: 1900/01/18 23:25:34,020
VPN: installing ruleset for CLIENT-001 (0.0.0.0)
[VPN-Status] 2011/12/05 21:42:17,087 Devicetime: 1900/01/18 23:25:34,020
VPN: WAN state changed to WanDisconnect for CLIENT-001 (0.0.0.0), called by: 001f9707
[VPN-Status] 2011/12/05 21:42:17,087 Devicetime: 1900/01/18 23:25:34,020
VPN: Error: IKE-R-General-failure (0x22ff) for CLIENT-001 (0.0.0.0)
[VPN-Status] 2011/12/05 21:42:17,087 Devicetime: 1900/01/18 23:25:34,020
IKE info: Phase-2 SA removed: peer CLIENT-001 rule ipsec-0-DEATHVALLEY-pr0-l0-r0 removed
IKE info: containing Protocol IPSEC_ESP, with spis [b4a49291 ] [180932a1 ]
[VPN-Status] 2011/12/05 21:42:17,087 Devicetime: 1900/01/18 23:25:34,020
IKE info: Phase-1 SA removed: peer CLIENT-001 rule CLIENT-001 removed
[VPN-Status] 2011/12/05 21:42:17,087 Devicetime: 1900/01/18 23:25:34,020
VPN: WAN state changed to WanIdle for CLIENT-001 (0.0.0.0), called by: 001f9707
[VPN-Status] 2011/12/05 21:42:17,087 Devicetime: 1900/01/18 23:25:34,020
VPN: CLIENT-001 (0.0.0.0) disconnected
[VPN-Status] 2011/12/05 21:42:17,087 Devicetime: 1900/01/18 23:25:34,020
VPN: CLIENT-001 (0.0.0.0) disconnected
[VPN-Status] 2011/12/05 21:42:17,087 Devicetime: 1900/01/18 23:25:34,030
VPN: rulesets installed
[VPN-Status] 2011/12/05 21:42:25,496 Devicetime: 1900/01/18 23:25:42,440
IKE log: 232542.000000 Default message_recv: invalid cookie(s) 74d7e7d98b1d7cde 72a1977f5d4d84c8
[VPN-Status] 2011/12/05 21:42:25,496 Devicetime: 1900/01/18 23:25:42,440
IKE log: 232542.000000 Default dropped message from 85.117.47.128 port 500 due to notification type INVALID_COOKIE
[VPN-Status] 2011/12/05 21:42:25,496 Devicetime: 1900/01/18 23:25:42,440
IKE info: dropped message from peer unknown 85.117.47.128 port 500 due to notification type INVALID_COOKIE
[VPN-Status] 2011/12/05 21:42:40,487 Devicetime: 1900/01/18 23:25:57,430
IKE log: 232557.000000 Default message_recv: invalid cookie(s) 74d7e7d98b1d7cde 72a1977f5d4d84c8
[VPN-Status] 2011/12/05 21:42:17,087 Devicetime: 1900/01/18 23:25:34,020
VPN: WAN state changed to WanIdle for CLIENT-001 (0.0.0.0), called by: 001f9707
[VPN-Status] 2011/12/05 21:42:17,087 Devicetime: 1900/01/18 23:25:34,020
VPN: CLIENT-001 (0.0.0.0) disconnected
[VPN-Status] 2011/12/05 21:42:17,087 Devicetime: 1900/01/18 23:25:34,020
VPN: CLIENT-001 (0.0.0.0) disconnected
[VPN-Status] 2011/12/05 21:42:17,087 Devicetime: 1900/01/18 23:25:34,030
VPN: rulesets installed
[VPN-Status] 2011/12/05 21:42:25,496 Devicetime: 1900/01/18 23:25:42,440
IKE log: 232542.000000 Default message_recv: invalid cookie(s) 74d7e7d98b1d7cde 72a1977f5d4d84c8
[VPN-Status] 2011/12/05 21:42:25,496 Devicetime: 1900/01/18 23:25:42,440
IKE log: 232542.000000 Default dropped message from 85.117.47.128 port 500 due to notification type INVALID_COOKIE
[VPN-Status] 2011/12/05 21:42:25,496 Devicetime: 1900/01/18 23:25:42,440
IKE info: dropped message from peer unknown 85.117.47.128 port 500 due to notification type INVALID_COOKIE
[VPN-Status] 2011/12/05 21:42:40,487 Devicetime: 1900/01/18 23:25:57,430
IKE log: 232557.000000 Default message_recv: invalid cookie(s) 74d7e7d98b1d7cde 72a1977f5d4d84c8
[VPN-Status] 2011/12/05 21:42:40,487 Devicetime: 1900/01/18 23:25:57,440
IKE log: 232557.000000 Default dropped message from 85.117.47.128 port 500 due to notification type INVALID_COOKIE
[VPN-Status] 2011/12/05 21:42:40,487 Devicetime: 1900/01/18 23:25:57,440
IKE info: dropped message from peer unknown 85.117.47.128 port 500 due to notification type INVALID_COOKIE
[VPN-Status] 2011/12/05 21:42:44,497 Devicetime: 1900/01/18 23:26:01,440
IKE log: 232601.000000 Default message_recv: invalid cookie(s) 74d7e7d98b1d7cde 72a1977f5d4d84c8
[VPN-Status] 2011/12/05 21:42:44,497 Devicetime: 1900/01/18 23:26:01,440
IKE log: 232601.000000 Default dropped message from 85.117.47.128 port 500 due to notification type INVALID_COOKIE
[VPN-Status] 2011/12/05 21:42:44,497 Devicetime: 1900/01/18 23:26:01,440
IKE info: dropped message from peer unknown 85.117.47.128 port 500 due to notification type INVALID_COOKIE
[VPN-Status] 2011/12/05 21:42:47,507 Devicetime: 1900/01/18 23:26:04,450
IKE log: 232604.000000 Default message_recv: invalid cookie(s) 74d7e7d98b1d7cde 72a1977f5d4d84c8
[VPN-Status] 2011/12/05 21:42:47,507 Devicetime: 1900/01/18 23:26:04,460
IKE log: 232604.000000 Default dropped message from 85.117.47.128 port 500 due to notification type INVALID_COOKIE
[VPN-Status] 2011/12/05 21:42:47,507 Devicetime: 1900/01/18 23:26:04,460
IKE info: dropped message from peer unknown 85.117.47.128 port 500 due to notification type INVALID_COOKIE
[VPN-Status] 2011/12/05 21:42:49,567 Devicetime: 1900/01/18 23:26:06,520
IKE log: 232606.000000 Default message_recv: invalid cookie(s) 74d7e7d98b1d7cde 72a1977f5d4d84c8
[VPN-Status] 2011/12/05 21:42:49,567 Devicetime: 1900/01/18 23:26:06,520
IKE log: 232606.000000 Default dropped message from 85.117.47.128 port 500 due to notification type INVALID_COOKIE
[VPN-Status] 2011/12/05 21:42:49,567 Devicetime: 1900/01/18 23:26:06,520
IKE info: dropped message from peer unknown 85.117.47.128 port 500 due to notification type INVALID_COOKIE
[VPN-Status] 2011/12/05 21:42:50,674 Devicetime: 1900/01/18 23:26:07,620
IKE log: 232607.000000 Default message_recv: invalid cookie(s) 74d7e7d98b1d7cde 72a1977f5d4d84c8
[VPN-Status] 2011/12/05 21:42:50,674 Devicetime: 1900/01/18 23:26:07,620
IKE log: 232607.000000 Default dropped message from 85.117.47.128 port 500 due to notification type INVALID_COOKIE
[VPN-Status] 2011/12/05 21:42:50,674 Devicetime: 1900/01/18 23:26:07,620
IKE info: dropped message from peer unknown 85.117.47.128 port 500 due to notification type INVALID_COOKIE
[VPN-Status] 2011/12/05 21:42:50,908 Devicetime: 1900/01/18 23:26:07,650
IKE log: 232607.000000 Default message_recv: invalid cookie(s) 74d7e7d98b1d7cde 72a1977f5d4d84c8
[VPN-Status] 2011/12/05 21:42:50,908 Devicetime: 1900/01/18 23:26:07,650
IKE log: 232607.000000 Default dropped message from 85.117.47.128 port 500 due to notification type INVALID_COOKIE
[VPN-Status] 2011/12/05 21:42:50,908 Devicetime: 1900/01/18 23:26:07,650
IKE info: dropped message from peer unknown 85.117.47.128 port 500 due to notification type INVALID_COOKIE
|
Hat jemand eine Idee?? Wäre super ... Danke |
|
|
   |
|
Guest
|
| Verfasst am:
|
|
|
|
|
|
Nazmi
Anmeldungsdatum: 12.12.2011
Beiträge: 1
|
| Verfasst am:
Di 13 Dez, 2011 11:47 |
|
|
Hatte ich auch, versuche mal die DSN Weiterleitung unter TCP/IP Einstellungen. Sonst kommst Du nicht weiter. Eine andere Frage meinerseits. Ich habe das Problem dass wenn ich mit einem zwieten Rechner mich einwähle die erste Verbindung getrennt wird. Also kann ich nur eine Verbindung aufrechterhalten. Wie ist es bie Dir ?
Danke |
|
|
|
|
floppy
Anmeldungsdatum: 03.01.2012
Beiträge: 2
|
| Verfasst am:
Mi 04 Jan, 2012 11:20 |
|
|
Hallo X00m, schaue mal bitte unter unter VPN->IKE-Auth ob bei deinem Key die richtige lokale und entfernte Identität eingestellt sind. Sollte glaube ich auf "Keine Identität" für Lokale Identität und "Domänen-Name (FQDN)" für entfernete Identität sein. |
|
|
|
|
AndreasL
Anmeldungsdatum: 20.12.2009
Beiträge: 26
|
| Verfasst am:
Do 09 Feb, 2012 14:40 |
|
|
|
 |
|
|
|
|
|
| |
|
|
