Lancom 1611 <-> Lancom 1621

FSchwemmer · Beitrag von **FSchwemmer** » 11 Nov 2007, 21:19

Hallo Zusammen,

ich bin mittlerweile am verzweifeln und suche euren Rat.

Ich habe in der Firma einen DSL/I-1611 und Zuhause einen 1621.

Nun versuche ich diese via VPN zu vernetzen.

Der DSL/I-1611 dient als Router in unserer Firma und baut bereits zu einem fremden Netz eine Verbindung auf. Zusätzlich haben wir eine Feste IP.

Der 1621, der bei mir Zuhause wohnt sitzt hinter einer dynamischen IP Adresse.

Mittlerweile habe ich hier die Foren durchsucht und verschiedenste Szenarien durchgetestet.

-----

Der Firmenrouter hat die IP 192.168.1.254

-----
Mein 1621er wohnt hinter einer Fritzbox. Die Verbindungsproblematik FRF und LCS ist behoben und alles an Ports weitergeleitet (4500,51,47)

Die Fritzbox hat die 192.168.178.1.
Der 1621 hat die 192.168.178.2 und hat als Gateway und DNS die 192.168.178.1 eingetragen.

Dieser baut aufgrund seiner Dynamischen Adresse via ICMP eine Verbindung zu der Firma mit der festen IP Adresse auf.

Die Einstellungen wurden auf beiden Seiten per WIZ gemacht.

---

SWG-ROUTER1 -> Firma
SWG-ROUTER3 -> Zuhause
---
Nun habe ich auf meiner Seite folgende Meldung im LanMonitor:

Dynamic VPN - Zeitüberschreitung während Signalisierung oder Authentifizierung(Initiator)(0x1105)

Auf der Gegenseite habe ich folgende Meldung:

Zeitüberchreitung während IKE- oder IPSec-Verhandlung(Responder)(0x1206)

-----

Folgendes VPN-Trace aus dem Firmen Router:

Code: Alles auswählen

root@SWG-ROUTER1:/
>
[VPN-Status] 2007/11/11 14:01:13,730 : VPN: received dynamic VPN V2 authentication packet from SWG-ROUTER3 (77.181.252.243)
DNS: 192.168.178.2, 0.0.0.0
NBNS: 0.0.0.0, 0.0.0.0
polling address: 192.168.178.2
[VPN-Status] 2007/11/11 14:01:14,720 : VPN: received dynamic VPN V2 authentication packet from SWG-ROUTER3 (77.181.252.243)
DNS: 192.168.178.2, 0.0.0.0
NBNS: 0.0.0.0, 0.0.0.0
polling address: 192.168.178.2
[VPN-Status] 2007/11/11 14:01:15,720 : VPN: received dynamic VPN V2 authentication packet from SWG-ROUTER3 (77.181.252.243)
DNS: 192.168.178.2, 0.0.0.0
NBNS: 0.0.0.0, 0.0.0.0
polling address: 192.168.178.2
[VPN-Status] 2007/11/11 14:01:16,730 : VPN: received dynamic VPN V2 authentication packet from SWG-ROUTER3 (77.181.252.243)
DNS: 192.168.178.2, 0.0.0.0
NBNS: 0.0.0.0, 0.0.0.0
polling address: 192.168.178.2
[VPN-Status] 2007/11/11 14:01:18,790 : VPN: received dynamic VPN V2 authentication packet from SWG-ROUTER3 (77.181.252.243)
DNS: 192.168.178.2, 0.0.0.0
NBNS: 0.0.0.0, 0.0.0.0
polling address: 192.168.178.2
[VPN-Status] 2007/11/11 14:01:19,790 : VPN: received dynamic VPN V2 authentication packet from SWG-ROUTER3 (77.181.252.243)
DNS: 192.168.178.2, 0.0.0.0
NBNS: 0.0.0.0, 0.0.0.0
polling address: 192.168.178.2
[VPN-Status] 2007/11/11 14:01:20,780 : VPN: received dynamic VPN V2 authentication packet from SWG-ROUTER3 (77.181.252.243)
DNS: 192.168.178.2, 0.0.0.0
NBNS: 0.0.0.0, 0.0.0.0
polling address: 192.168.178.2
[VPN-Status] 2007/11/11 14:01:21,790 : VPN: received dynamic VPN V2 authentication packet from SWG-ROUTER3 (77.181.252.243)
DNS: 192.168.178.2, 0.0.0.0
NBNS: 0.0.0.0, 0.0.0.0
polling address: 192.168.178.2
[VPN-Status] 2007/11/11 14:01:22,790 : VPN: received dynamic VPN V2 authentication packet from SWG-ROUTER3 (77.181.252.243)
DNS: 192.168.178.2, 0.0.0.0
NBNS: 0.0.0.0, 0.0.0.0
polling address: 192.168.178.2
[VPN-Status] 2007/11/11 14:01:23,780 : VPN: received dynamic VPN V2 authentication packet from SWG-ROUTER3 (77.181.252.243)
DNS: 192.168.178.2, 0.0.0.0
NBNS: 0.0.0.0, 0.0.0.0
polling address: 192.168.178.2
[VPN-Status] 2007/11/11 14:01:24,790 : VPN: received dynamic VPN V2 authentication packet from SWG-ROUTER3 (77.181.252.243)
DNS: 192.168.178.2, 0.0.0.0
NBNS: 0.0.0.0, 0.0.0.0
polling address: 192.168.178.2
[VPN-Status] 2007/11/11 14:01:25,800 : VPN: received dynamic VPN V2 authentication packet from SWG-ROUTER3 (77.181.252.243)
DNS: 192.168.178.2, 0.0.0.0
NBNS: 0.0.0.0, 0.0.0.0
polling address: 192.168.178.2
[VPN-Status] 2007/11/11 14:01:27,770 : VPN: connection for SWG-ROUTER3 (77.181.252.243) timed out: no response
[VPN-Status] 2007/11/11 14:01:27,770 : VPN: Error: IFC-R-Connection-timeout-IKE-IPSEC (0x1206) for SWG-ROUTER3 (77.181.252.243)
[VPN-Status] 2007/11/11 14:01:27,770 : VPN: disconnecting SWG-ROUTER3 (77.181.252.243)
[VPN-Status] 2007/11/11 14:01:27,770 : VPN: Error: (unknown) (0x0117) for SWG-ROUTER3 (77.181.252.243)
[VPN-Status] 2007/11/11 14:01:27,810 : VPN: received dynamic VPN V2 authentication packet from SWG-ROUTER3 (77.181.252.243)
DNS: 192.168.178.2, 0.0.0.0
NBNS: 0.0.0.0, 0.0.0.0
polling address: 192.168.178.2
[VPN-Status] 2007/11/11 14:01:27,810 : VPN: SWG-ROUTER3 (77.181.252.243) disconnected
[VPN-Status] 2007/11/11 14:01:27,840 : VPN: selecting next remote gateway using strategy eFirst for SWG-ROUTER3
=> no remote gateway selected
[VPN-Status] 2007/11/11 14:01:27,840 : VPN: selecting first remote gateway using strategy eFirst for SWG-ROUTER3
=> CurrIdx=0, IpStr=>XXX.dyndns.org<, IpAddr=77.181.252.243, IpTtl=60s
[VPN-Status] 2007/11/11 14:01:27,840 : VPN: installing ruleset for SWG-ROUTER3 (77.181.252.243)
[VPN-Status] 2007/11/11 14:01:27,860 : VPN: rulesets installedtrace -
------

Folgendes VPN-Trace aus meinem Router:

Code: Alles auswählen

[VPN-Status] 2007/11/11 14:09:07,030
VPN: create dynamic VPN V1 authentication packet for SWG-ROUTER1 (XXX.37.53.XXX)
DNS: 192.168.178.2, 0.0.0.0
NBNS: 0.0.0.0, 0.0.0.0

[VPN-Status] 2007/11/11 14:09:27,000
VPN: connection for SWG-ROUTER1 (XXX.37.53.XXX) timed out: no response

[VPN-Status] 2007/11/11 14:09:27,030
VPN: Error: IFC-I-Connection-timeout-dynamic (0x1105) for SWG-ROUTER1 (XXX.37.53.XXX)

[VPN-Status] 2007/11/11 14:09:27,070
VPN: selecting next remote gateway using strategy eFirst for SWG-ROUTER1
=> no remote gateway selected

[VPN-Status] 2007/11/11 14:09:27,070
VPN: selecting first remote gateway using strategy eFirst for SWG-ROUTER1
=> CurrIdx=0, IpStr=>XXX.37.53.XXX<, IpAddr=XXX.37.53.XXX, IpTtl=0s

[VPN-Status] 2007/11/11 14:09:27,070
VPN: installing ruleset for SWG-ROUTER1 (XXX.37.53.XXX)

[VPN-Status] 2007/11/11 14:09:27,070
VPN: SWG-ROUTER1 (XXX.37.53.XXX) disconnected

[VPN-Status] 2007/11/11 14:09:27,080
VPN: rulesets installed

[VPN-Status] 2007/11/11 14:09:28,070
VPN: connecting to SWG-ROUTER1 (XXX.37.53.XXX)

[VPN-Status] 2007/11/11 14:09:28,100
VPN: start dynamic VPN negotiation for SWG-ROUTER1 (XXX.37.53.XXX) via ICMP/UDP

[VPN-Status] 2007/11/11 14:09:28,100
VPN: create dynamic VPN V2 authentication packet for SWG-ROUTER1 (XXX.37.53.XXX)
DNS: 192.168.178.2, 0.0.0.0
NBNS: 0.0.0.0, 0.0.0.0
polling address: 192.168.178.2

[VPN-Status] 2007/11/11 14:09:38,100
VPN: fallback to dynamic VPN V1 for SWG-ROUTER1 (XXX.37.53.XXX)

[VPN-Status] 2007/11/11 14:09:38,100
VPN: create dynamic VPN V1 authentication packet for SWG-ROUTER1 (XXX.37.53.XXX)
DNS: 192.168.178.2, 0.0.0.0
NBNS: 0.0.0.0, 0.0.0.0

[VPN-Status] 2007/11/11 14:09:58,070
VPN: connection for SWG-ROUTER1 (XXX.37.53.XXX) timed out: no response

[VPN-Status] 2007/11/11 14:09:58,070
VPN: Error: IFC-I-Connection-timeout-dynamic (0x1105) for SWG-ROUTER1 (XXX.37.53.XXX)

[VPN-Status] 2007/11/11 14:09:58,100
VPN: selecting next remote gateway using strategy eFirst for SWG-ROUTER1
=> no remote gateway selected

[VPN-Status] 2007/11/11 14:09:58,100
VPN: selecting first remote gateway using strategy eFirst for SWG-ROUTER1
=> CurrIdx=0, IpStr=>XXX.37.53.XXX<, IpAddr=XXX.37.53.XXX, IpTtl=0s

[VPN-Status] 2007/11/11 14:09:58,100
VPN: installing ruleset for SWG-ROUTER1 (XXX.37.53.XXX)

[VPN-Status] 2007/11/11 14:09:58,110
VPN: SWG-ROUTER1 (XXX.37.53.XXX) disconnected

[VPN-Status] 2007/11/11 14:09:58,120
VPN: rulesets installed

[VPN-Status] 2007/11/11 14:09:59,100
VPN: connecting to SWG-ROUTER1 (XXX.37.53.XXX)

[VPN-Status] 2007/11/11 14:09:59,130
VPN: start dynamic VPN negotiation for SWG-ROUTER1 (XXX.37.53.XXX) via ICMP/UDP

[VPN-Status] 2007/11/11 14:09:59,130
VPN: create dynamic VPN V2 authentication packet for SWG-ROUTER1 (XXX.37.53.XXX)
DNS: 192.168.178.2, 0.0.0.0
NBNS: 0.0.0.0, 0.0.0.0
polling address: 192.168.178.2

[VPN-Status] 2007/11/11 14:10:09,130
VPN: fallback to dynamic VPN V1 for SWG-ROUTER1 (XXX.37.53.XXX)

[VPN-Status] 2007/11/11 14:10:09,130
VPN: create dynamic VPN V1 authentication packet for SWG-ROUTER1 (XXX.37.53.XXX)
DNS: 192.168.178.2, 0.0.0.0
NBNS: 0.0.0.0, 0.0.0.0

[VPN-Status] 2007/11/11 14:10:29,100
VPN: connection for SWG-ROUTER1 (XXX.37.53.XXX) timed out: no response

[VPN-Status] 2007/11/11 14:10:29,100
VPN: Error: IFC-I-Connection-timeout-dynamic (0x1105) for SWG-ROUTER1 (XXX.37.53.XXX)

[VPN-Status] 2007/11/11 14:10:29,130
VPN: selecting next remote gateway using strategy eFirst for SWG-ROUTER1
=> no remote gateway selected

[VPN-Status] 2007/11/11 14:10:29,130
VPN: selecting first remote gateway using strategy eFirst for SWG-ROUTER1
=> CurrIdx=0, IpStr=>XXX.37.53.XXX<, IpAddr=XXX.37.53.XXX, IpTtl=0s

[VPN-Status] 2007/11/11 14:10:29,130
VPN: installing ruleset for SWG-ROUTER1 (XXX.37.53.XXX)

[VPN-Status] 2007/11/11 14:10:29,140
VPN: SWG-ROUTER1 (XXX.37.53.XXX) disconnected

[VPN-Status] 2007/11/11 14:10:29,150
VPN: rulesets installed

[VPN-Status] 2007/11/11 14:10:30,130
VPN: connecting to SWG-ROUTER1 (XXX.37.53.XXX)

[VPN-Status] 2007/11/11 14:10:30,160
VPN: start dynamic VPN negotiation for SWG-ROUTER1 (XXX.37.53.XXX) via ICMP/UDP

[VPN-Status] 2007/11/11 14:10:30,160
VPN: create dynamic VPN V2 authentication packet for SWG-ROUTER1 (XXX.37.53.XXX)
DNS: 192.168.178.2, 0.0.0.0
NBNS: 0.0.0.0, 0.0.0.0
polling address: 192.168.178.2

[VPN-Status] 2007/11/11 14:10:40,160
VPN: fallback to dynamic VPN V1 for SWG-ROUTER1 (XXX.37.53.XXX)

[VPN-Status] 2007/11/11 14:10:40,160
VPN: create dynamic VPN V1 authentication packet for SWG-ROUTER1 (XXX.37.53.XXX)
DNS: 192.168.178.2, 0.0.0.0
NBNS: 0.0.0.0, 0.0.0.0

[VPN-Status] 2007/11/11 14:11:00,130
VPN: connection for SWG-ROUTER1 (XXX.37.53.XXX) timed out: no response

[VPN-Status] 2007/11/11 14:11:00,130
VPN: Error: IFC-I-Connection-timeout-dynamic (0x1105) for SWG-ROUTER1 (XXX.37.53.XXX)

[VPN-Status] 2007/11/11 14:11:00,160
VPN: selecting next remote gateway using strategy eFirst for SWG-ROUTER1
=> no remote gateway selected

[VPN-Status] 2007/11/11 14:11:00,160
VPN: selecting first remote gateway using strategy eFirst for SWG-ROUTER1
=> CurrIdx=0, IpStr=>XXX.37.53.XXX<, IpAddr=XXX.37.53.XXX, IpTtl=0s

[VPN-Status] 2007/11/11 14:11:00,160
VPN: installing ruleset for SWG-ROUTER1 (XXX.37.53.XXX)

[VPN-Status] 2007/11/11 14:11:00,170
VPN: SWG-ROUTER1 (XXX.37.53.XXX) disconnected

[VPN-Status] 2007/11/11 14:11:00,180
VPN: rulesets installed

[VPN-Status] 2007/11/11 14:11:01,160
VPN: connecting to SWG-ROUTER1 (XXX.37.53.XXX)

[VPN-Status] 2007/11/11 14:11:01,200
VPN: start dynamic VPN negotiation for SWG-ROUTER1 (XXX.37.53.XXX) via ICMP/UDP

[VPN-Status] 2007/11/11 14:11:01,200
VPN: create dynamic VPN V2 authentication packet for SWG-ROUTER1 (XXX.37.53.XXX)
DNS: 192.168.178.2, 0.0.0.0
NBNS: 0.0.0.0, 0.0.0.0
polling address: 192.168.178.2

[VPN-Status] 2007/11/11 14:11:11,200
VPN: fallback to dynamic VPN V1 for SWG-ROUTER1 (XXX.37.53.XXX)

[VPN-Status] 2007/11/11 14:11:11,200
VPN: create dynamic VPN V1 authentication packet for SWG-ROUTER1 (XXX.37.53.XXX)
DNS: 192.168.178.2, 0.0.0.0
NBNS: 0.0.0.0, 0.0.0.0

[VPN-Status] 2007/11/11 14:11:31,160
VPN: connection for SWG-ROUTER1 (XXX.37.53.XXX) timed out: no response

[VPN-Status] 2007/11/11 14:11:31,160
VPN: Error: IFC-I-Connection-timeout-dynamic (0x1105) for SWG-ROUTER1 (XXX.37.53.XXX)

[VPN-Status] 2007/11/11 14:11:31,200
VPN: selecting next remote gateway using strategy eFirst for SWG-ROUTER1
=> no remote gateway selected

[VPN-Status] 2007/11/11 14:11:31,200
VPN: selecting first remote gateway using strategy eFirst for SWG-ROUTER1
=> CurrIdx=0, IpStr=>XXX.37.53.XXX<, IpAddr=XXX.37.53.XXX, IpTtl=0s

[VPN-Status] 2007/11/11 14:11:31,200
VPN: installing ruleset for SWG-ROUTER1 (XXX.37.53.XXX)

[VPN-Status] 2007/11/11 14:11:31,200
VPN: SWG-ROUTER1 (XXX.37.53.XXX) disconnected

[VPN-Status] 2007/11/11 14:11:31,210
VPN: rulesets installed

[VPN-Status] 2007/11/11 14:11:32,200
VPN: connecting to SWG-ROUTER1 (XXX.37.53.XXX)

[VPN-Status] 2007/11/11 14:11:32,230
VPN: start dynamic VPN negotiation for SWG-ROUTER1 (XXX.37.53.XXX) via ICMP/UDP

[VPN-Status] 2007/11/11 14:11:32,230
VPN: create dynamic VPN V2 authentication packet for SWG-ROUTER1 (XXX.37.53.XXX)
DNS: 192.168.178.2, 0.0.0.0
NBNS: 0.0.0.0, 0.0.0.0
polling address: 192.168.178.2
trace - vpn-status
VPN-Status OFF

root@SWG-ROUTER3:/

Für eine schnelle Hilfe wäre ich super dankbar.

Gruß

F.Schwemmer

backslash · Beitrag von **backslash** » 12 Nov 2007, 12:30

Hi FSchwemmer,

damit dynamic VPN hinter einem NAT-Router funktioniert, mußt du es auf UDP umstellen (VPN -> Allgemein -> Verbinungs-Liste -> Gegenstelle -> dynamische VPN Vebindungen...)

Gruß
Backslash

FSchwemmer · Beitrag von **FSchwemmer** » 12 Nov 2007, 22:04

Alles klar, Danke Backslash.

Habs umgesetzt und schon gings.

Gruß
FSchwemmer

FSchwemmer · Beitrag von **FSchwemmer** » 14 Nov 2007, 19:43

Hallo Zusammen,

nun hat sich ein neues Problem ausgebreitet.

Jetzt versuche ich von meinem Lokalen Netz ins Firmennetz zu kommen.

Wenn ich von meinem Router aus einen Ping an jede X-Beliebige Stelle ins Firmennetz sende bsp.: 192.168.1.254 (Router) oder 192.168.1.251 (Rechner)

Bekomme ich antwort.

Sobald ich aber von meinem PC aus lospingen möchte (GW ist die Fritzbox)

Bekomme ich die Meldung

Code: Alles auswählen

Antwort von 192.168.178.2: Zielnetz nicht erreichbar.

In der Fritzbox habe ich eine Statische Route eingetragen.

Code: Alles auswählen

IP-Netz: 192.168.1.0
Subnetzmaske: 255.255.255.0
Gateway: 192.168.178.2 (LC)

Hat jemand einen Tip?

Gruß
FSchwemmer

LANCOM-Forum.de

Lancom 1611 <-> Lancom 1621

Lancom 1611 <-> Lancom 1621

Neues Problem