VPN Koppelung Lancom to Netgear .. strange Error

heiniheini · Beitrag von **heiniheini** » 23 Apr 2006, 17:51

hallo leute..

ich weiß das ihr viel zu tun habts und sicher nich lust habt meterlange logfiles durchzugucken..

..aber *g*
mein problem..

ich kann zwischen den beiden endpunkten einen tunnel herstellen...

phase 1 + 2 laufen korrekt durch..

nur..

ich bekomm 0 traffic drüber

ich bekomm nur PAYLOAD_TYPE_INVALID oder PAYLOAD_MALFORMED errors..

bin am verzweifeln

bitte um eure hilfe

hier wären die beiden logfiles

punktB.blabla.at = 195.110.128.113 (offizielle IP)
punktA.blabla.at = 194.133.121.176 (dynamische Ip, dns -> dyndns)

#
| LANCOM 1711 VPN
| Ver. 6.06.0012 / 27.03.2006
| SN. 049340600032
| Copyright (c) LANCOM Systems

Lancom1711_1, Connection No.: 002 (LAN)

Password:

root@Lancom1711_1:/
> trace + vpn
VPN :
VPN-Status ON
VPN-Packet ON

root@Lancom1711_1:/
>
[VPN-Status] 2006/04/18 21:57:18,650
IKE info: phase-1 proposal failed: remote No 1 encryption algorithm = 3DES_CBC <
-> local No 1 encryption algorithm = AES_CBC
IKE info: phase-1 proposal failed: remote No 1 encryption algorithm = 3DES_CBC <
-> local No 2 encryption algorithm = AES_CBC
IKE info: phase-1 proposal failed: remote No 1 encryption algorithm = 3DES_CBC <
-> local No 3 encryption algorithm = BLOWFISH_CBC
IKE info: phase-1 proposal failed: remote No 1 encryption algorithm = 3DES_CBC <
-> local No 4 encryption algorithm = BLOWFISH_CBC
IKE info: phase-1 proposal failed: remote No 1 hash algorithm = SHA <-> local No
5 hash algorithm = MD5
IKE info: Phase-1 remote proposal 1 for peer PUNKTA matched with local proposa
l 6

[VPN-Status] 2006/04/18 21:57:20,440
IKE info: Phase-1 [responder] for peer PUNKTA between initiator id PUNKTA.blabla.at, responder id punktB.blabla.at done
IKE info: SA ISAKMP for peer PUNKTA encryption 3des-cbc authentication sha1
IKE info: life time ( 28800 sec/ 0 kb)

[VPN-Status] 2006/04/18 21:57:20,450
IKE info: Phase-2 proposal failed: remote No 1, esp algorithm 3DES <-> local No
1, esp algorithm AES
IKE info: Phase-2 proposal failed: remote No 1, esp algorithm keylen 0 <-> local
No 1, esp algorithm keylen 128,128:256
IKE info: Phase-2 proposal failed: remote No 1, esp hmac HMAC_SHA <-> local No 1
, esp hmac HMAC_MD5
IKE info: Phase-2 proposal failed: remote No 1, esp algorithm 3DES <-> local No
2, esp algorithm BLOWFISH
IKE info: Phase-2 proposal failed: remote No 1, esp algorithm keylen 0 <-> local
No 2, esp algorithm keylen 128,128:448
IKE info: Phase-2 proposal failed: remote No 1, number of protos 1 <-> local No
3, number of protos 2
IKE info: Phase-2 proposal failed: remote No 1, esp hmac HMAC_SHA <-> local No 4
, esp hmac HMAC_MD5
IKE info: Phase-2 remote proposal 1 for peer PUNKTA matched with local proposa
l 5

[VPN-Status] 2006/04/18 21:57:20,490
IKE info: Phase-2 [responder] done with 2 SAS for peer PUNKTA rule ipsec-0-MOE
DLING-pr0-l0-r0
IKE info: rule:' ipsec 192.168.11.0/255.255.255.0 <-> 192.168.0.0/255.255.255.0
'
IKE info: SA ESP [0xa6cabd58] alg 3DES keylength 192 +hmac HMAC_SHA outgoing
IKE info: SA ESP [0x74919247] alg 3DES keylength 192 +hmac HMAC_SHA incoming
IKE info: life soft( 77760 sec/0 kb) hard (86400 sec/0 kb)
IKE info: tunnel between src: 195.110.128.113 dst: 194.133.121.176

[VPN-Status] 2006/04/18 21:57:20,490
VPN: wait for IKE negotiation from PUNKTA (194.133.121.176)

[VPN-Status] 2006/04/18 21:57:21,520
VPN: PUNKTA (194.133.121.176) connected

[VPN-Status] 2006/04/18 21:57:22,420
VPN: starting external DNS resolution for PUNKTA
IpStr=>punktA.blabla.at<, IpAddr(old)=194.133.121.176, IpTtl(old)=60s

[VPN-Status] 2006/04/18 21:57:22,470
VPN: external DNS resolution for PUNKTA
IpStr=>punktA.blabla.at<, IpAddr(old)=194.133.121.176, IpTtl(old)=60s
IpStr=>punktA.blabla.at<, IpAddr(new)=194.133.121.176, IpTtl(new)=60s

[VPN-Status] 2006/04/18 21:57:25,230
IKE log: 215725 Default message_parse_payloads: reserved field non-zero: 73

[VPN-Status] 2006/04/18 21:57:25,230
IKE log: 215725 Default dropped message from 194.133.121.176 port 500 due to not
ification type PAYLOAD_MALFORMED

[VPN-Status] 2006/04/18 21:57:25,230
IKE info: dropped message from peer PUNKTA 194.133.121.176 port 500 due to not
ification type PAYLOAD_MALFORMED

[VPN-Status] 2006/04/18 21:57:30,230
IKE log: 215730 Default message_parse_payloads: reserved field non-zero: 73

[VPN-Status] 2006/04/18 21:57:30,240
IKE log: 215730 Default dropped message from 194.133.121.176 port 500 due to not
ification type PAYLOAD_MALFORMED

[VPN-Status] 2006/04/18 21:57:30,240
IKE info: dropped message from peer PUNKTA 194.133.121.176 port 500 due to not
ification type PAYLOAD_MALFORMED

[VPN-Status] 2006/04/18 21:57:35,230
IKE log: 215735 Default message_parse_payloads: reserved field non-zero: 73

[VPN-Status] 2006/04/18 21:57:35,230
IKE log: 215735 Default dropped message from 194.133.121.176 port 500 due to not
ification type PAYLOAD_MALFORMED

[VPN-Status] 2006/04/18 21:57:35,230
IKE info: dropped message from peer PUNKTA 194.133.121.176 port 500 due to not
ification type PAYLOAD_MALFORMED

[VPN-Status] 2006/04/18 21:58:23,470
VPN: starting external DNS resolution for PUNKTA
IpStr=>punktA.blabla.at<, IpAddr(old)=194.133.121.176, IpTtl(old)=60s

[VPN-Status] 2006/04/18 21:58:23,520
VPN: external DNS resolution for PUNKTA
IpStr=>punktA.blabla.at<, IpAddr(old)=194.133.121.176, IpTtl(old)=60s
IpStr=>punktA.blabla.at<, IpAddr(new)=194.133.121.176, IpTtl(new)=60s

[VPN-Status] 2006/04/18 21:59:24,520
VPN: starting external DNS resolution for PUNKTA
IpStr=>punktA.blabla.at<, IpAddr(old)=194.133.121.176, IpTtl(old)=60s

[VPN-Status] 2006/04/18 21:59:24,640
VPN: external DNS resolution for PUNKTA
IpStr=>punktA.blabla.at<, IpAddr(old)=194.133.121.176, IpTtl(old)=60s
IpStr=>punktA.blabla.at<, IpAddr(new)=194.133.121.176, IpTtl(new)=60s

[VPN-Status] 2006/04/18 22:00:25,640
VPN: starting external DNS resolution for PUNKTA
IpStr=>punktA.blabla.at<, IpAddr(old)=194.133.121.176, IpTtl(old)=60s

[VPN-Status] 2006/04/18 22:00:25,760
VPN: external DNS resolution for PUNKTA
IpStr=>punktA.blabla.at<, IpAddr(old)=194.133.121.176, IpTtl(old)=60s
IpStr=>punktA.blabla.at<, IpAddr(new)=194.133.121.176, IpTtl(new)=60s

A new configuration is being uploaded ...

Configuration has been uploaded successfully
[VPN-Status] 2006/04/18 22:00:46,680
VPN: installing ruleset generally

[VPN-Status] 2006/04/18 22:00:46,740
VPN: rulesets installed

Verbindung zu Host verloren.

C:\Dokumente und Einstellungen\Heini>

NETGEAR FVS114

[2006-04-18 11:57:08][==== IKE PHASE 1(to 195.110.128.113) START (initiator) ====]
[2006-04-18 11:57:08]**** SENT OUT FIRST MESSAGE OF AGGR MODE ****
[2006-04-18 11:57:08]<POLICY: PUNKTB> PAYLOADS: SA,PROP,TRANS,KE,NONCE,ID
[2006-04-18 11:57:08]**** RECEIVED SECOND MESSAGE OF AGGR MODE ****
[2006-04-18 11:57:08]<POLICY: PUNKTB> PAYLOADS: SA,PROP,TRANS,KE,NONCE,ID,HASH,VID
[2006-04-18 11:57:08]<LocalRID> Type=ID_FQDN,ID Data=punktB.blabla.at
[2006-04-18 11:57:08]<RemoteLID> Type=ID_FQDN,ID Data=punktB.blabla.at
[2006-04-18 11:57:08]**** AGGRESSIVE MODE COMPLETED ****
[2006-04-18 11:57:08][==== IKE PHASE 1 ESTABLISHED====]
[2006-04-18 11:57:08][==== IKE PHASE 2(to 195.110.128.113) START (initiator) ====]
[2006-04-18 11:57:08]**** SENT OUT FIRST MESSAGE OF QUICK MODE ****
[2006-04-18 11:57:08]<Initiator IPADDR=192.168.0.0,PORT=0>
[2006-04-18 11:57:08]<Responder IPADDR=192.168.11.0,PORT=0>
[2006-04-18 11:57:08]**** RECEIVED SECOND MESSAGE OF QUICK MODE ****
[2006-04-18 11:57:08]<POLICY: PUNKTB> PAYLOADS: HASH,SA,PROP,TRANS,NONCE,ID,ID
[2006-04-18 11:57:08]**** SENT OUT THIRD MESSAGE OF QUICK MODE ****
[2006-04-18 11:57:08]**** QUICK MODE COMPLETED ****
[2006-04-18 11:57:08][==== IKE PHASE 2 ESTABLISHED====]
[2006-04-18 11:57:13]**** RECEIVED IKE NOTIFY PAYLOAD(PAYLOAD_MALFORMED) ****
[2006-04-18 11:57:18]**** RECEIVED IKE NOTIFY PAYLOAD(PAYLOAD_MALFORMED) ****
[2006-04-18 11:57:23]**** RECEIVED IKE NOTIFY PAYLOAD(PAYLOAD_MALFORMED) ****