Cisco RV180W <-> LANCOM Site to Site VPN

Forum zum Thema allgemeinen Fragen zu VPN

Moderator: Lancom-Systems Moderatoren

Antworten
Jazz
Beiträge: 36
Registriert: 19 Okt 2009, 12:28

Cisco RV180W <-> LANCOM Site to Site VPN

Beitrag von Jazz »

Hallo ich versuche nun schon mehrere Stunden ein VPN zwischen o.g. routern herzustellen. Keine Chance Vielleicht habt ihr eine Idee:

Der Cisco hängt hinter einem Router der Lancom direkt an Internet.

Die Einstellungen sind in Screenshots im Anhang.

Das Log des Ciscos sagt:

Code: Alles auswählen

Mon Oct 29 19:10:14 2012 (GMT +0100): [router7EB364] [IKE] INFO:  Adding IPSec configuration with identifier "LANCOM"
Mon Oct 29 19:10:14 2012 (GMT +0100): [router7EB364] [IKE] INFO:  Adding IKE configuration with identifier "LANCOM"
Mon Oct 29 19:11:48 2012 (GMT +0100): [router7EB364] [IKE] INFO:  accept a request to establish IKE-SA: 217.92.79.228
Mon Oct 29 19:11:48 2012 (GMT +0100): [router7EB364] [IKE] INFO:  Configuration found for 217.92.79.228.
Mon Oct 29 19:11:48 2012 (GMT +0100): [router7EB364] [IKE] INFO:  Configuration found for 217.92.79.228.
Mon Oct 29 19:11:48 2012 (GMT +0100): [router7EB364] [IKE] INFO:  Initiating new phase 1 negotiation: 10.1.10.116[500]<=>217.92.79.228[500]
Mon Oct 29 19:11:48 2012 (GMT +0100): [router7EB364] [IKE] INFO:  Beginning Aggressive mode.
Mon Oct 29 19:11:48 2012 (GMT +0100): [router7EB364] [IKE] INFO:  NAT-Traversal is Enabled
Mon Oct 29 19:11:48 2012 (GMT +0100): [router7EB364] [IKE] INFO:   [isakmp_agg.c:257]: XXX: NUMNATTVENDORIDS: 3
Mon Oct 29 19:11:48 2012 (GMT +0100): [router7EB364] [IKE] INFO:   [isakmp_agg.c:261]: XXX: setting vendorid: 4
Mon Oct 29 19:11:48 2012 (GMT +0100): [router7EB364] [IKE] INFO:   [isakmp_agg.c:261]: XXX: setting vendorid: 8
Mon Oct 29 19:11:48 2012 (GMT +0100): [router7EB364] [IKE] INFO:   [isakmp_agg.c:261]: XXX: setting vendorid: 9
Mon Oct 29 19:11:48 2012 (GMT +0100): [router7EB364] [IKE] INFO:  Received unknown Vendor ID
Mon Oct 29 19:11:48 2012 (GMT +0100): [router7EB364] [IKE] INFO:  Received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
Mon Oct 29 19:11:48 2012 (GMT +0100): [router7EB364] [IKE] INFO:  Received Vendor ID: DPD
Mon Oct 29 19:11:48 2012 (GMT +0100): [router7EB364] [IKE] INFO:  Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02

Mon Oct 29 19:11:48 2012 (GMT +0100): [router7EB364] [IKE] INFO:  Received unknown Vendor ID
Mon Oct 29 19:11:48 2012 (GMT +0100): [router7EB364] [IKE] INFO:  Received Vendor ID: RFC 3947
Mon Oct 29 19:11:48 2012 (GMT +0100): [router7EB364] [IKE] INFO:  NAT-D payload does not match for 10.1.10.116[500]
Mon Oct 29 19:11:48 2012 (GMT +0100): [router7EB364] [IKE] INFO:  NAT-D payload matches for 217.92.79.228[500]
Mon Oct 29 19:11:48 2012 (GMT +0100): [router7EB364] [IKE] INFO:  For 217.92.79.228[500], Selected NAT-T version: RFC 3947
Mon Oct 29 19:11:48 2012 (GMT +0100): [router7EB364] [IKE] INFO:  NAT detected: ME 
Mon Oct 29 19:11:48 2012 (GMT +0100): [router7EB364] [IKE] INFO:  for debugging :: changing portsMon Oct 29 19:11:48 2012 (GMT +0100): [router7EB364] [IKE] INFO:  port changed !!
Mon Oct 29 19:11:49 2012 (GMT +0100): [router7EB364] [IKE] INFO:  ISAKMP-SA established for 10.1.10.116[4500]-217.92.79.228[4500] with spi:63e0f9c97a41dddf:c87f3d568696d190
Mon Oct 29 19:11:49 2012 (GMT +0100): [router7EB364] [IKE] INFO:  Sending Informational Exchange: notify payload[608]
Mon Oct 29 19:11:49 2012 (GMT +0100): [router7EB364] [IKE] INFO:  Initiating new phase 2 negotiation: 10.1.10.116[500]<=>217.92.79.228[0]
Mon Oct 29 19:11:49 2012 (GMT +0100): [router7EB364] [IKE] INFO:  Adjusting encryption mode to use UDP encapsulation
Mon Oct 29 19:11:49 2012 (GMT +0100): [router7EB364] [IKE] ERROR:  Unknown notify message from 217.92.79.228[4500].No phase2 handle found.
Mon Oct 29 19:11:49 2012 (GMT +0100): [router7EB364] [IKE] INFO:  Purged ISAKMP-SA with proto_id=ISAKMP and spi=63e0f9c97a41dddf:c87f3d568696d190.
Mon Oct 29 19:13:39 2012 (GMT +0100): [router7EB364] [IKE] ERROR:  Phase 2 negotiation failed due to time up. 63e0f9c97a41dddf:c87f3d568696d190:0000d16b
Mon Oct 29 19:13:39 2012 (GMT +0100): [router7EB364] [IKE] INFO:  an undead schedule has been deleted: 'quick_i1prep'.
Mon Oct 29 19:13:39 2012 (GMT +0100): [router7EB364] [IKE] INFO:  ISAKMP-SA deleted for 10.1.10.116[4500]-217.92.79.228[4500] with spi:63e0f9c97a41dddf:c87f3d568696d190
Mon Oct 29 19:15:38 2012 (GMT +0100): [router7EB364] [IKE] WARNING:  no phase2 found for "LANCOM"
Mon Oct 29 19:15:38 2012 (GMT +0100): [router7EB364] [IKE] INFO:  IPSec configuration with identifier "LANCOM" deleted sucessfully
Mon Oct 29 19:15:38 2012 (GMT +0100): [router7EB364] [IKE] WARNING:  no phase1 found for "LANCOM"
Mon Oct 29 19:15:38 2012 (GMT +0100): [router7EB364] [IKE] INFO:  IKE configuration with identifier "LANCOM" deleted sucessfully
Du hast keine ausreichende Berechtigung, um die Dateianhänge dieses Beitrags anzusehen.
Nach oben
Jazz
Beiträge: 36
Registriert: 19 Okt 2009, 12:28

Beitrag von Jazz »

Vielen Dank fürs Helfen.
Nach oben
Dr.Einstein
Beiträge: 3237
Registriert: 12 Jan 2010, 14:10

Beitrag von Dr.Einstein »

Phase 2 haut scheinbar nicht hin. Der Grund sollte im Lancom die Extranet
Adresse sein. Mach die mal auf 0.0.0.0 und dafür einen Routing Eintrag
auf genau das Subnetz mit Ziel Gegenstelle Cisco.

Gruß Dr.Einstein
Nach oben
Antworten

Zurück zu „Fragen zum Thema VPN“