Problem VPN 1751 und Shrew Client

Forum zum Thema allgemeinen Fragen zu VPN

Moderator: Lancom-Systems Moderatoren

Antworten
X00m
Beiträge: 1
Registriert: 05 Dez 2011, 07:29

Problem VPN 1751 und Shrew Client

Beitrag von X00m »

Hallo,

ich bekomme meine VPN-Strecke von einem Client mit Shrew VPN zum Lancom 1751 nicht hin. Ich habe es nach der Anleitung hier im Forum gemacht. Erst ist die Verbindung "enabled" und ich bekomme auch meine IP-Adresse. Ich kann aber kein Gerät innerhalb des LAN pingen. Ca. 60 Sekunden später bricht die Verbindung ab. Der Lancom-Router steht hinter einem weiteren Router. Die Ports UDP 500 + 4500 werden an den Lancom durchgereicht.

Hier einmal der VPN-Trace:

Code: Alles auswählen

[VPN-Status] 2011/12/05 21:42:17,087  Devicetime: 1900/01/18 23:25:34,020
IKE info: Phase-2 [responder] done with 2 SAS for peer CLIENT-001 rule ipsec-0-DEATHVALLEY-pr0-l0-r0
IKE info: rule:' ipsec 0.0.0.0/0.0.0.0 <-> 192.168.2.200/255.255.255.255 '
IKE info: SA ESP [0xb4a49291]  alg AES keylength 256 +hmac HMAC_MD5 outgoing
IKE info: SA ESP [0x180932a1]  alg AES keylength 256 +hmac HMAC_MD5 incoming
IKE info: life soft( 3240 sec/0 kb) hard (3600 sec/0 kb)
IKE info: tunnel between src: 192.168.2.2 dst: 85.117.47.128  

[VPN-Status] 2011/12/05 21:42:17,087  Devicetime: 1900/01/18 23:25:34,020
VPN: WAN state changed to WanCalled for CLIENT-001 (85.117.47.128), called by: 001f9707

[VPN-Status] 2011/12/05 21:42:17,087  Devicetime: 1900/01/18 23:25:34,020
VPN: disconnect CLIENT-001 (physical channel already disconnected)

[VPN-Status] 2011/12/05 21:42:17,087  Devicetime: 1900/01/18 23:25:34,020
VPN: Disconnect info: invalid-physical-channel (0x4305) for CLIENT-001 (85.117.47.128)

[VPN-Status] 2011/12/05 21:42:17,087  Devicetime: 1900/01/18 23:25:34,020
vpn-maps[20], remote: DEATHVALLEY, idle, static-name

[VPN-Status] 2011/12/05 21:42:17,087  Devicetime: 1900/01/18 23:25:34,020
selecting next remote gateway using strategy eFirst for DEATHVALLEY
     => no remote gateway selected

[VPN-Status] 2011/12/05 21:42:17,087  Devicetime: 1900/01/18 23:25:34,020
selecting first remote gateway using strategy eFirst for DEATHVALLEY
     => no remote gateway selected

[VPN-Status] 2011/12/05 21:42:17,087  Devicetime: 1900/01/18 23:25:34,020
VPN: installing ruleset for CLIENT-001 (0.0.0.0)

[VPN-Status] 2011/12/05 21:42:17,087  Devicetime: 1900/01/18 23:25:34,020
VPN: WAN state changed to WanDisconnect for CLIENT-001 (0.0.0.0), called by: 001f9707

[VPN-Status] 2011/12/05 21:42:17,087  Devicetime: 1900/01/18 23:25:34,020
VPN: Error: IKE-R-General-failure (0x22ff) for CLIENT-001 (0.0.0.0)

[VPN-Status] 2011/12/05 21:42:17,087  Devicetime: 1900/01/18 23:25:34,020
IKE info: Phase-2 SA removed: peer CLIENT-001 rule ipsec-0-DEATHVALLEY-pr0-l0-r0 removed
IKE info: containing Protocol IPSEC_ESP, with spis [b4a49291  ] [180932a1  ]

[VPN-Status] 2011/12/05 21:42:17,087  Devicetime: 1900/01/18 23:25:34,020
IKE info: Phase-1 SA removed: peer CLIENT-001 rule CLIENT-001 removed

[VPN-Status] 2011/12/05 21:42:17,087  Devicetime: 1900/01/18 23:25:34,020
VPN: WAN state changed to WanIdle for CLIENT-001 (0.0.0.0), called by: 001f9707

[VPN-Status] 2011/12/05 21:42:17,087  Devicetime: 1900/01/18 23:25:34,020
VPN: CLIENT-001 (0.0.0.0)  disconnected

[VPN-Status] 2011/12/05 21:42:17,087  Devicetime: 1900/01/18 23:25:34,020
VPN: CLIENT-001 (0.0.0.0)  disconnected

[VPN-Status] 2011/12/05 21:42:17,087  Devicetime: 1900/01/18 23:25:34,030
VPN: rulesets installed

[VPN-Status] 2011/12/05 21:42:25,496  Devicetime: 1900/01/18 23:25:42,440
IKE log: 232542.000000 Default message_recv: invalid cookie(s) 74d7e7d98b1d7cde 72a1977f5d4d84c8

[VPN-Status] 2011/12/05 21:42:25,496  Devicetime: 1900/01/18 23:25:42,440
IKE log: 232542.000000 Default dropped message from 85.117.47.128 port 500 due to notification type INVALID_COOKIE

[VPN-Status] 2011/12/05 21:42:25,496  Devicetime: 1900/01/18 23:25:42,440
IKE info: dropped message from peer unknown 85.117.47.128 port 500 due to notification type INVALID_COOKIE

[VPN-Status] 2011/12/05 21:42:40,487  Devicetime: 1900/01/18 23:25:57,430
IKE log: 232557.000000 Default message_recv: invalid cookie(s) 74d7e7d98b1d7cde 72a1977f5d4d84c8


[VPN-Status] 2011/12/05 21:42:17,087  Devicetime: 1900/01/18 23:25:34,020
VPN: WAN state changed to WanIdle for CLIENT-001 (0.0.0.0), called by: 001f9707

[VPN-Status] 2011/12/05 21:42:17,087  Devicetime: 1900/01/18 23:25:34,020
VPN: CLIENT-001 (0.0.0.0)  disconnected

[VPN-Status] 2011/12/05 21:42:17,087  Devicetime: 1900/01/18 23:25:34,020
VPN: CLIENT-001 (0.0.0.0)  disconnected

[VPN-Status] 2011/12/05 21:42:17,087  Devicetime: 1900/01/18 23:25:34,030
VPN: rulesets installed

[VPN-Status] 2011/12/05 21:42:25,496  Devicetime: 1900/01/18 23:25:42,440
IKE log: 232542.000000 Default message_recv: invalid cookie(s) 74d7e7d98b1d7cde 72a1977f5d4d84c8

[VPN-Status] 2011/12/05 21:42:25,496  Devicetime: 1900/01/18 23:25:42,440
IKE log: 232542.000000 Default dropped message from 85.117.47.128 port 500 due to notification type INVALID_COOKIE

[VPN-Status] 2011/12/05 21:42:25,496  Devicetime: 1900/01/18 23:25:42,440
IKE info: dropped message from peer unknown 85.117.47.128 port 500 due to notification type INVALID_COOKIE

[VPN-Status] 2011/12/05 21:42:40,487  Devicetime: 1900/01/18 23:25:57,430
IKE log: 232557.000000 Default message_recv: invalid cookie(s) 74d7e7d98b1d7cde 72a1977f5d4d84c8

[VPN-Status] 2011/12/05 21:42:40,487  Devicetime: 1900/01/18 23:25:57,440
IKE log: 232557.000000 Default dropped message from 85.117.47.128 port 500 due to notification type INVALID_COOKIE

[VPN-Status] 2011/12/05 21:42:40,487  Devicetime: 1900/01/18 23:25:57,440
IKE info: dropped message from peer unknown 85.117.47.128 port 500 due to notification type INVALID_COOKIE

[VPN-Status] 2011/12/05 21:42:44,497  Devicetime: 1900/01/18 23:26:01,440
IKE log: 232601.000000 Default message_recv: invalid cookie(s) 74d7e7d98b1d7cde 72a1977f5d4d84c8

[VPN-Status] 2011/12/05 21:42:44,497  Devicetime: 1900/01/18 23:26:01,440
IKE log: 232601.000000 Default dropped message from 85.117.47.128 port 500 due to notification type INVALID_COOKIE

[VPN-Status] 2011/12/05 21:42:44,497  Devicetime: 1900/01/18 23:26:01,440
IKE info: dropped message from peer unknown 85.117.47.128 port 500 due to notification type INVALID_COOKIE

[VPN-Status] 2011/12/05 21:42:47,507  Devicetime: 1900/01/18 23:26:04,450
IKE log: 232604.000000 Default message_recv: invalid cookie(s) 74d7e7d98b1d7cde 72a1977f5d4d84c8

[VPN-Status] 2011/12/05 21:42:47,507  Devicetime: 1900/01/18 23:26:04,460
IKE log: 232604.000000 Default dropped message from 85.117.47.128 port 500 due to notification type INVALID_COOKIE

[VPN-Status] 2011/12/05 21:42:47,507  Devicetime: 1900/01/18 23:26:04,460
IKE info: dropped message from peer unknown 85.117.47.128 port 500 due to notification type INVALID_COOKIE

[VPN-Status] 2011/12/05 21:42:49,567  Devicetime: 1900/01/18 23:26:06,520
IKE log: 232606.000000 Default message_recv: invalid cookie(s) 74d7e7d98b1d7cde 72a1977f5d4d84c8

[VPN-Status] 2011/12/05 21:42:49,567  Devicetime: 1900/01/18 23:26:06,520
IKE log: 232606.000000 Default dropped message from 85.117.47.128 port 500 due to notification type INVALID_COOKIE

[VPN-Status] 2011/12/05 21:42:49,567  Devicetime: 1900/01/18 23:26:06,520
IKE info: dropped message from peer unknown 85.117.47.128 port 500 due to notification type INVALID_COOKIE

[VPN-Status] 2011/12/05 21:42:50,674  Devicetime: 1900/01/18 23:26:07,620
IKE log: 232607.000000 Default message_recv: invalid cookie(s) 74d7e7d98b1d7cde 72a1977f5d4d84c8

[VPN-Status] 2011/12/05 21:42:50,674  Devicetime: 1900/01/18 23:26:07,620
IKE log: 232607.000000 Default dropped message from 85.117.47.128 port 500 due to notification type INVALID_COOKIE

[VPN-Status] 2011/12/05 21:42:50,674  Devicetime: 1900/01/18 23:26:07,620
IKE info: dropped message from peer unknown 85.117.47.128 port 500 due to notification type INVALID_COOKIE

[VPN-Status] 2011/12/05 21:42:50,908  Devicetime: 1900/01/18 23:26:07,650
IKE log: 232607.000000 Default message_recv: invalid cookie(s) 74d7e7d98b1d7cde 72a1977f5d4d84c8

[VPN-Status] 2011/12/05 21:42:50,908  Devicetime: 1900/01/18 23:26:07,650
IKE log: 232607.000000 Default dropped message from 85.117.47.128 port 500 due to notification type INVALID_COOKIE

[VPN-Status] 2011/12/05 21:42:50,908  Devicetime: 1900/01/18 23:26:07,650
IKE info: dropped message from peer unknown 85.117.47.128 port 500 due to notification type INVALID_COOKIE
Hat jemand eine Idee?? Wäre super ... Danke
Nach oben
Nazmi
Beiträge: 1
Registriert: 12 Dez 2011, 17:32

Beitrag von Nazmi »

Hatte ich auch, versuche mal die DSN Weiterleitung unter TCP/IP Einstellungen. Sonst kommst Du nicht weiter. Eine andere Frage meinerseits. Ich habe das Problem dass wenn ich mit einem zwieten Rechner mich einwähle die erste Verbindung getrennt wird. Also kann ich nur eine Verbindung aufrechterhalten. Wie ist es bie Dir ?

Danke
Nach oben
floppy
Beiträge: 2
Registriert: 03 Jan 2012, 13:36

Beitrag von floppy »

Hallo X00m, schaue mal bitte unter unter VPN->IKE-Auth ob bei deinem Key die richtige lokale und entfernte Identität eingestellt sind. Sollte glaube ich auf "Keine Identität" für Lokale Identität und "Domänen-Name (FQDN)" für entfernete Identität sein.
Nach oben
AndreasL
Beiträge: 130
Registriert: 20 Dez 2009, 21:25
Wohnort: Berlin

Beitrag von AndreasL »

ist NAT-T an oder aus ?
Nach oben
Antworten

Zurück zu „Fragen zum Thema VPN“