Dynamic VPN - Kein Verbindungsaufbau

Forum zu aktuellen Geräten der LANCOM Router/Gateway Serie

Moderator: Lancom-Systems Moderatoren

Antworten
behappy24
Beiträge: 4
Registriert: 01 Sep 2007, 10:08

Dynamic VPN - Kein Verbindungsaufbau

Beitrag von behappy24 »

Hallo,

zur Standortvernetzung werden 2 Lancom (1781AW, Gateway-EP + 1821+, Gateway-UH) eingesetzt. Auf beiden Standorten wird dem jeweiligen Routern eine dynamische IP-Adresse während der Einwahl zum Internetprovider zugewiesen. Die Übermittlung der IP-Adressen zur Gegenstelle erfolgt via ISDN (D-Kanal), die auch erfolgreich an der jeweiligen Gegenstelle übergeben wird.
Der anschließende VPN-Verbindungsaufbau scheitert mit der Meldung "Zeitüberschreitung während IKE oder IPsec Verhandlung Initiator 0x1106". Bisher kann ich dem Protokol der jeweiligen Gegenstellen nicht entnehmen, weshalb der Verbindungsaufbau scheitert.

Die Einrichtung erfolgte mit dem Assistenten, die Firmware der beiden LanCom-Geräte ist die Version 8.62. Zu verbindene Netze (Intranet der Standorte 192.168.173.0 <-> 192.168.30.0).

Die Netzbeziehung mittels dem Kommando "Show VPN" auf der Konsole entspricht den Netzbeziehungen der Konfiguration und der dynamisch zugewiesenen IP-Adressen.


Trace Gateway-EP:

Code: Alles auswählen


VPN-Status] 2013/01/27 18:21:32,437  Devicetime: 2013/01/27 18:21:32,436
VPN: WAN state changed to WanCall for GATEWAY-UH (0.0.0.0), called by: 00792538

[VPN-Status] 2013/01/27 18:21:32,437  Devicetime: 2013/01/27 18:21:32,436
VPN: connecting to GATEWAY-UH (0.0.0.0)

[VPN-Status] 2013/01/27 18:21:32,437  Devicetime: 2013/01/27 18:21:32,436
vpn-maps[20], remote: GATEWAY-UH, nego, static-name, connected-by-name

[VPN-Status] 2013/01/27 18:21:32,437  Devicetime: 2013/01/27 18:21:32,436
VPN: set local server addresses for GATEWAY-UH (0.0.0.0)
   DNS:  192.168.2.1, 0.0.0.0
   NBNS: 0.0.0.0, 0.0.0.0

[PPP] 2013/01/27 18:21:34,609  Devicetime: 2013/01/27 18:21:34,640
Change phase to ESTABLISH for GATEWAY-UH
Lower-Layer-Up event for LCP
Initializing LCP restart timer to 3000 milliseconds
Waiting up to 200ms for connection
Starting LCP restart timer with 200 milliseconds

[PPP] 2013/01/27 18:21:34,609  Devicetime: 2013/01/27 18:21:34,840
Positive Restart-Timeout event for LCP
Stop waiting for connection
Initializing LCP restart timer to 3000 milliseconds
Generating LCP configure-request for peer GATEWAY-UH
Inserting local MRU 1500
Inserting local authentication protocol CHAP with MD5 encryption
Inserting local magic number a778f539
Inserting local option protocol field compression
Inserting local option address- and controlfield compression
Inserting local callback via callback control protocol
Sending LCP configure-request with ID 00 and length 26 to peer GATEWAY-UH (channel 9)
Starting LCP restart timer with 3000 milliseconds

[PPP] 2013/01/27 18:21:34,609  Devicetime: 2013/01/27 18:21:34,862

Received LCP frame from peer GATEWAY-UH (channel 9)
Evaluate configure-request with ID 00 and size 43
Peer MRU 1500 accepted
Peer requests authentication protocol CHAP with DES encryption (MS-CHAPv2), NAK with CHAP with MD5 encryption
Peer magic number 23090737 accepted
Peer MRRU 1504 rejected
Peer endpoint discriminator = 03 00 a0 57 12 f5 01 rejected
Peer Link-Discriminator 0057 rejected
Peer requests protocol field compression, accepted
Peer requests address- and controlfield compression, accepted
Peer requests callback via callback control protocol, accepted
Negative Configure-Request-Received event for LCP
Sending LCP configure-reject with ID 00 and length 21 to peer GATEWAY-UH (channel 9)

[PPP] 2013/01/27 18:21:34,718  Devicetime: 2013/01/27 18:21:34,960

Received LCP frame from peer GATEWAY-UH (channel 9)
Evaluate configure-ack with ID 00 and size 26
Configure-Ack-Received event for LCP
Initializing LCP restart timer to 3000 milliseconds

[PPP] 2013/01/27 18:21:34,718  Devicetime: 2013/01/27 18:21:34,964

Received LCP frame from peer GATEWAY-UH (channel 9)
Evaluate configure-request with ID 02 and size 26
Peer MRU 1500 accepted
Peer requests authentication protocol CHAP with DES encryption (MS-CHAPv2), NAK with CHAP with MD5 encryption
Peer magic number 23090737 accepted
Peer requests protocol field compression, accepted
Peer requests address- and controlfield compression, accepted
Peer requests callback via callback control protocol, accepted
Negative Configure-Request-Received event for LCP
Sending LCP configure-nak with ID 02 and length 9 to peer GATEWAY-UH (channel 9)

[PPP] 2013/01/27 18:21:34,718  Devicetime: 2013/01/27 18:21:34,982

Received LCP frame from peer GATEWAY-UH (channel 9)
Evaluate configure-request with ID 03 and size 26
Peer MRU 1500 accepted
Peer requests authentication protocol CHAP with MD5 encryption, accepted
Peer magic number 23090737 accepted
Peer requests protocol field compression, accepted
Peer requests address- and controlfield compression, accepted
Peer requests callback via callback control protocol, accepted
Positive Configure-Request-Received event for LCP
Sending LCP configure-ack with ID 03 and length 26 to peer GATEWAY-UH (channel 9)
Stopping LCP restart timer
This-Layer-Up action for LCP
Change phase to AUTHENTICATE for GATEWAY-UH

[PPP] 2013/01/27 18:21:34,812  Devicetime: 2013/01/27 18:21:35,003

Received CHAP frame from peer GATEWAY-UH (channel 9)
Got CHAP-Challenge from peer GATEWAY-UH
Challenge = 96 1b e9 61 29 20 83 36 7a 64 a5 8d 36 a1 73 4d
Found peer-id GATEWAY-UH in PPP table
Sending CHAP-response to peer GATEWAY-UH (channel 9), length = 16

[PPP] 2013/01/27 18:21:34,812  Devicetime: 2013/01/27 18:21:35,022

Received CHAP frame from peer GATEWAY-UH (channel 9)
Got CHAP-Success from peer GATEWAY-UH
restart own authentication

Sending CHAP-Challenge to peer GATEWAY-UH (channel 9)
Challenge = d4 1d d1 37 45 b6 e5 4c 45 54 00 9a 5a fa fd ee

[PPP] 2013/01/27 18:21:34,812  Devicetime: 2013/01/27 18:21:35,043

Received CHAP frame from peer GATEWAY-UH (channel 9)
Got CHAP-Response from peer GATEWAY-UH, length = 16
Searching peer GATEWAY-UH in PPP table...peer found
Checking response...response valid
Sending CHAP-Success for peer GATEWAY-UH
This-Layer-Up action for LCP
Change phase to CALLBACK for GATEWAY-UH

[PPP] 2013/01/27 18:21:34,812  Devicetime: 2013/01/27 18:21:35,059

Received CBCP frame from peer GATEWAY-UH (channel 9)
Evaluate CBCP-request with ID 40 and size 6
Peer offers callback via no callback
Sending CBCP-response to peer GATEWAY-UH (channel 9): ok, don't call me back

[PPP] 2013/01/27 18:21:34,812  Devicetime: 2013/01/27 18:21:35,074

Received CBCP frame from peer GATEWAY-UH (channel 9)
Evaluate CBCP-ack with ID 40 and size 6

This-Layer-Up action for LCP
Change phase to NETWORK for GATEWAY-UH
Lower-Layer-Up event for IPCP
Initializing IPCP restart timer to 3000 milliseconds
Generating IPCP configure-request for peer GATEWAY-UH
Inserting IP address 80.140.195.79
Sending IPCP configure-request with ID 00 and length 10 to peer GATEWAY-UH (channel 9)
Starting IPCP restart timer with 3000 milliseconds
This-Layer-Up action for LCP

[PPP] 2013/01/27 18:21:34,812  Devicetime: 2013/01/27 18:21:35,076

Received IPCP frame from peer GATEWAY-UH (channel 9)
Evaluate configure-request with ID 00 and size 10
Peer requests IP address 80.140.61.226, accepted
Positive Configure-Request-Received event for IPCP
Sending IPCP configure-ack with ID 00 and length 10 to peer GATEWAY-UH (channel 9)

[PPP] 2013/01/27 18:21:34,859  Devicetime: 2013/01/27 18:21:35,089

Received IPCP frame from peer GATEWAY-UH (channel 9)
Evaluate configure-ack with ID 00 and size 10
Configure-Ack-Received event for IPCP
Initializing IPCP restart timer to 3000 milliseconds
This-Layer-Up action for IPCP
Stopping IPCP restart timer

[PPP] 2013/01/27 18:21:34,859  Devicetime: 2013/01/27 18:21:35,096
Administrative-Close event for LCP
This-Layer-Down action for LCP
Lower-Layer-Down event for BACP
Stopping BACP restart timer
Lower-Layer-Down event for CCP
Stopping CCP restart timer
Lower-Layer-Down event for IPCP
This-Layer-Down action for IPCP
Stopping IPCP restart timer
Lower-Layer-Down event for IPXCP
Stopping IPXCP restart timer
Initializing LCP restart timer to 3000 milliseconds
Change phase to TERMINATE for GATEWAY-UH
Sending LCP terminate-request with ID 04 and length 4 to peer GATEWAY-UH (channel 9)
Starting LCP restart timer with 3000 milliseconds

[PPP] 2013/01/27 18:21:34,859  Devicetime: 2013/01/27 18:21:35,125

Received LCP frame from peer GATEWAY-UH (channel 9)
Terminate-Request-Received event for LCP
Sending LCP terminate-ack with ID 04 and length 4 to peer GATEWAY-UH (channel 9)

[PPP] 2013/01/27 18:21:34,859  Devicetime: 2013/01/27 18:21:35,126

Received LCP frame from peer GATEWAY-UH (channel 9)
Terminate-Ack-Received event for LCP
Stopping LCP restart timer
This-Layer-Finish action for LCP
Disconnecting because LCP was finished

[PPP] 2013/01/27 18:21:34,859  Devicetime: 2013/01/27 18:21:35,127
Change phase to DEAD for GATEWAY-UH
Stopping LCP restart timer
Stopping IPCP restart timer
Stopping CCP restart timer
Stopping BACP restart timer

[VPN-Status] 2013/01/27 18:21:34,937  Devicetime: 2013/01/27 18:21:35,182
VPN: dynamic VPN V2 packet received from GATEWAY-UH (80.140.61.226)
dynamic VPN V2 header:
    Version: 2
    HdrLen: 28
    InfoLen: 40
    MsgType: address info (1)
    Flags: 0x0001
      Responser: yes
    Challenge: 4231790779

[VPN-Status] 2013/01/27 18:21:34,937  Devicetime: 2013/01/27 18:21:35,183
VPN: received dynamic VPN V2 authentication packet from GATEWAY-UH (80.140.61.226)
   DNS:  192.168.30.1, 0.0.0.0
   NBNS: 0.0.0.0, 0.0.0.0
   polling address: 192.168.30.1

[VPN-Status] 2013/01/27 18:21:34,937  Devicetime: 2013/01/27 18:21:35,183
VPN: new remote gateway detected GATEWAY-UH (0.0.0.0)

[VPN-Status] 2013/01/27 18:21:34,937  Devicetime: 2013/01/27 18:21:35,183
VPN: set local server addresses for GATEWAY-UH (80.140.61.226)
   DNS:  192.168.2.1, 0.0.0.0
   NBNS: 0.0.0.0, 0.0.0.0

[VPN-Status] 2013/01/27 18:21:34,937  Devicetime: 2013/01/27 18:21:35,183
vpn-maps[20], remote: GATEWAY-UH, nego, static-name, connected-by-name

[VPN-Status] 2013/01/27 18:21:34,937  Devicetime: 2013/01/27 18:21:35,183
VPN: installing ruleset for GATEWAY-UH (80.140.61.226)

[VPN-Status] 2013/01/27 18:21:34,937  Devicetime: 2013/01/27 18:21:35,196
VPN: ruleset installed for GATEWAY-UH (80.140.61.226)

[VPN-Status] 2013/01/27 18:21:34,937  Devicetime: 2013/01/27 18:21:35,196
VPN: start dynamic VPN negotiation for GATEWAY-UH (80.140.61.226) via ICMP/UDP

[VPN-Status] 2013/01/27 18:21:34,937  Devicetime: 2013/01/27 18:21:35,196
VPN: create dynamic VPN V2 authentication packet for GATEWAY-UH (80.140.61.226)
   DNS:  192.168.2.1, 0.0.0.0
   NBNS: 0.0.0.0, 0.0.0.0
   polling address: 192.168.2.1

[VPN-Status] 2013/01/27 18:21:34,937  Devicetime: 2013/01/27 18:21:35,196
VPN: dynamic VPN V2 packet send to GATEWAY-UH (80.140.61.226)
dynamic VPN V2 header:
    Version: 2
    HdrLen: 28
    InfoLen: 40
    MsgType: address info (1)
    Flags: 0x0000
      Responser: no
    Challenge: 4202175511

[VPN-Status] 2013/01/27 18:21:34,937  Devicetime: 2013/01/27 18:21:35,196
VPN: start IKE negotiation for GATEWAY-UH (80.140.61.226)

[VPN-Status] 2013/01/27 18:21:34,937  Devicetime: 2013/01/27 18:21:35,197
VPN: WAN state changed to WanProtocol for GATEWAY-UH (80.140.61.226), called by: 00792538

[VPN-Status] 2013/01/27 18:21:34,937  Devicetime: 2013/01/27 18:21:35,204
VPN: rulesets installed

[VPN-Status] 2013/01/27 18:21:35,171  Devicetime: 2013/01/27 18:21:35,319
icmp/upd reply for GATEWAY-UH (80.140.61.226)

[VPN-Status] 2013/01/27 18:21:35,171  Devicetime: 2013/01/27 18:21:35,319
PING_ECHO, AuthFlags: 3, LastConf: 128, DynVpnMode: 2, StTunnel: 1

[VPN-Status] 2013/01/27 18:21:35,171  Devicetime: 2013/01/27 18:21:35,319
VPN: stop ping for GATEWAY-UH (80.140.61.226)

[VPN-Status] 2013/01/27 18:21:35,171  Devicetime: 2013/01/27 18:21:35,345
VPN: dynamic VPN V2 packet received from GATEWAY-UH (80.140.61.226)
dynamic VPN V2 header:
    Version: 2
    HdrLen: 28
    InfoLen: 40
    MsgType: address info (1)
    Flags: 0x0001
      Responser: yes
    Challenge: 1379262799

[VPN-Status] 2013/01/27 18:21:35,171  Devicetime: 2013/01/27 18:21:35,346
VPN: received dynamic VPN V2 authentication packet from GATEWAY-UH (80.140.61.226)
   DNS:  192.168.30.1, 0.0.0.0
   NBNS: 0.0.0.0, 0.0.0.0
   polling address: 192.168.30.1


[PPP] 2013/01/27 18:22:01,093  Devicetime: 2013/01/27 18:22:01,070

LCP polling timeout for peer T-ONLINE - data received during last interval

[PPP] 2013/01/27 18:22:04,968  Devicetime: 2013/01/27 18:22:05,120

LCP polling timeout for peer GATEWAY-UH - 

[VPN-Status] 2013/01/27 18:22:04,968  Devicetime: 2013/01/27 18:22:05,205
VPN: connection for GATEWAY-UH (80.140.61.226) timed out: no response

[VPN-Status] 2013/01/27 18:22:04,968  Devicetime: 2013/01/27 18:22:05,205
VPN: Error: IFC-I-Connection-timeout-IKE-IPSEC (0x1106) for GATEWAY-UH (80.140.61.226)

[VPN-Status] 2013/01/27 18:22:04,968  Devicetime: 2013/01/27 18:22:05,205
VPN: disconnecting GATEWAY-UH (80.140.61.226)

[VPN-Status] 2013/01/27 18:22:04,968  Devicetime: 2013/01/27 18:22:05,205
VPN: Error: IFC-I-Connection-timeout-IKE-IPSEC (0x1106) for GATEWAY-UH (80.140.61.226)

[VPN-Status] 2013/01/27 18:22:04,968  Devicetime: 2013/01/27 18:22:05,214
VPN: GATEWAY-UH (80.140.61.226)  disconnected

[VPN-Status] 2013/01/27 18:22:04,968  Devicetime: 2013/01/27 18:22:05,214
vpn-maps[20], remote: GATEWAY-UH, idle, static-name

[VPN-Status] 2013/01/27 18:22:04,968  Devicetime: 2013/01/27 18:22:05,222
selecting next remote gateway using strategy eFirst for GATEWAY-UH
     => no remote gateway selected

[VPN-Status] 2013/01/27 18:22:04,968  Devicetime: 2013/01/27 18:22:05,222
selecting first remote gateway using strategy eFirst for GATEWAY-UH
     => no remote gateway selected

[VPN-Status] 2013/01/27 18:22:04,968  Devicetime: 2013/01/27 18:22:05,222
VPN: installing ruleset for GATEWAY-UH (0.0.0.0)

[VPN-Status] 2013/01/27 18:22:04,968  Devicetime: 2013/01/27 18:22:05,222
VPN: WAN state changed to WanDisconnect for GATEWAY-UH (0.0.0.0), called by: 00792538

[VPN-Status] 2013/01/27 18:22:04,968  Devicetime: 2013/01/27 18:22:05,223
VPN: WAN state changed to WanIdle for GATEWAY-UH (0.0.0.0), called by: 00792538

[VPN-Status] 2013/01/27 18:22:04,968  Devicetime: 2013/01/27 18:22:05,234
VPN: rulesets installed

[PPP] 2013/01/27 18:22:07,875  Devicetime: 2013/01/27 18:22:07,882

Received LCP frame from peer T-ONLINE (channel 1)

Sending LCP echo-response with ID 7a and length 10 to peer T-ONLINE (channel 1)


[PPP] 2013/01/27 18:22:51,078  Devicetime: 2013/01/27 18:22:51,070

LCP polling timeout for peer T-ONLINE - data received during last interval


[PPP] 2013/01/27 18:23:41,062  Devicetime: 2013/01/27 18:23:41,070

LCP polling timeout for peer T-ONLINE - data received during last interval


[PPP] 2013/01/27 18:24:30,937  Devicetime: 2013/01/27 18:24:31,070

LCP polling timeout for peer T-ONLINE - data received during last interval



Trace Gateway-UH:

Code: Alles auswählen


[PPP] 2013/01/27 18:21:30,358  Devicetime: 2013/01/27 18:21:32,470

Received LCP frame from peer T-ONLINE (channel 11)

Sending LCP echo-response with ID 91 and length 10 to peer T-ONLINE (channel 11)


[PPP] 2013/01/27 18:21:34,428  Devicetime: 2013/01/27 18:21:36,537
Change phase to ESTABLISH for DEFAULT
Lower-Layer-Up event for LCP
Initializing LCP restart timer to 3000 milliseconds
Waiting up to 3000ms for connection
Starting LCP restart timer with 3000 milliseconds

[PPP] 2013/01/27 18:21:35,215  Devicetime: 2013/01/27 18:21:37,320

Received LCP frame from peer DEFAULT (channel 9)
Stop waiting for connection
Stopping LCP restart timer
Initializing LCP restart timer to 3000 milliseconds
Generating LCP configure-request for peer DEFAULT
Inserting local MRU 1500
Inserting local authentication protocol CHAP with DES encryption (MS-CHAPv2)
Inserting local magic number 23090737
Inserting local MRRU 1504
Inserting local endpoint discriminator = 03 00 a0 57 12 f5 01 
Inserting local Link-Discriminator 0057
Inserting local option protocol field compression
Inserting local option address- and controlfield compression
Inserting local callback via callback control protocol
Sending LCP configure-request with ID 00 and length 43 to peer DEFAULT (channel 9)
Starting LCP restart timer with 3000 milliseconds
Evaluate configure-request with ID 00 and size 26
Peer MRU 1500 accepted
Peer requests authentication protocol CHAP with MD5 encryption, accepted
Peer magic number a778f539 accepted
Peer requests protocol field compression, accepted
Peer requests address- and controlfield compression, accepted
Peer requests callback via callback control protocol, accepted
Positive Configure-Request-Received event for LCP
Sending LCP configure-ack with ID 00 and length 26 to peer DEFAULT (channel 9)

[PPP] 2013/01/27 18:21:35,218  Devicetime: 2013/01/27 18:21:37,421

Received LCP frame from peer DEFAULT (channel 9)
Evaluate configure-reject with ID 00 and size 21
MRRU was rejected - giving up bundling
Endpoint discriminator was rejected
Link-Discriminator was rejected - giving up BACP
Configure-Nak/Rej-Received event for LCP
Initializing LCP restart timer to 3000 milliseconds
Generating LCP configure-request for peer DEFAULT
Inserting local MRU 1500
Inserting local authentication protocol CHAP with DES encryption (MS-CHAPv2)
Inserting local magic number 23090737
Inserting local option protocol field compression
Inserting local option address- and controlfield compression
Inserting local callback via callback control protocol
Sending LCP configure-request with ID 02 and length 26 to peer DEFAULT (channel 9)
Starting LCP restart timer with 3000 milliseconds

[PPP] 2013/01/27 18:21:35,218  Devicetime: 2013/01/27 18:21:37,443

Received LCP frame from peer DEFAULT (channel 9)
Evaluate configure-nak with ID 02 and size 9
Peer NAKs for authentication protocol CHAP with MD5 encryption, accepted
Configure-Nak/Rej-Received event for LCP
Initializing LCP restart timer to 3000 milliseconds
Generating LCP configure-request for peer DEFAULT
Inserting local MRU 1500
Inserting local authentication protocol CHAP with MD5 encryption
Inserting local magic number 23090737
Inserting local option protocol field compression
Inserting local option address- and controlfield compression
Inserting local callback via callback control protocol
Sending LCP configure-request with ID 03 and length 26 to peer DEFAULT (channel 9)
Starting LCP restart timer with 3000 milliseconds

[PPP] 2013/01/27 18:21:35,218  Devicetime: 2013/01/27 18:21:37,462

Received LCP frame from peer DEFAULT (channel 9)
Evaluate configure-ack with ID 03 and size 26
Configure-Ack-Received event for LCP
Initializing LCP restart timer to 3000 milliseconds
This-Layer-Up action for LCP
Change phase to AUTHENTICATE for DEFAULT

Sending CHAP-Challenge to peer DEFAULT (channel 9)
Challenge = 96 1b e9 61 29 20 83 36 7a 64 a5 8d 36 a1 73 4d
Stopping LCP restart timer

[PPP] 2013/01/27 18:21:35,218  Devicetime: 2013/01/27 18:21:37,484

Received CHAP frame from peer DEFAULT (channel 9)
Got CHAP-Response from peer GATEWAY-EP, length = 16
Searching peer GATEWAY-EP in PPP table...peer found
Checking response...response valid
Sending CHAP-Success for peer GATEWAY-EP

[PPP] 2013/01/27 18:21:35,218  Devicetime: 2013/01/27 18:21:37,503

Received CHAP frame from peer GATEWAY-EP (channel 9)
Got CHAP-Challenge from peer GATEWAY-EP
Challenge = d4 1d d1 37 45 b6 e5 4c 45 54 00 9a 5a fa fd ee
Found peer-id GATEWAY-EP in PPP table
Sending CHAP-response to peer GATEWAY-EP (channel 9), length = 16

[VPN-Status] 2013/01/27 18:21:35,218  Devicetime: 2013/01/27 18:21:37,522
vpn-maps[20], remote: GATEWAY-EP, nego, static-name, connected-by-name

[PPP] 2013/01/27 18:21:35,218  Devicetime: 2013/01/27 18:21:37,522

Received CHAP frame from peer GATEWAY-EP (channel 9)
Got CHAP-Success from peer GATEWAY-EP
This-Layer-Up action for LCP
Change phase to CALLBACK for GATEWAY-EP

Sending CBCP-request to peer GATEWAY-EP (channel 9): offering no callback

[PPP] 2013/01/27 18:21:35,280  Devicetime: 2013/01/27 18:21:37,537

Received CBCP frame from peer GATEWAY-EP (channel 9)
Evaluate CBCP-response with ID 40 and size 6
Peer requests no callback
Sending CBCP-ack to peer GATEWAY-EP (channel 9): won't call back
This-Layer-Up action for LCP
Change phase to NETWORK for GATEWAY-EP
Lower-Layer-Up event for IPCP
Initializing IPCP restart timer to 3000 milliseconds
Generating IPCP configure-request for peer GATEWAY-EP
Inserting IP address 80.140.61.226
Sending IPCP configure-request with ID 00 and length 10 to peer GATEWAY-EP (channel 9)
Starting IPCP restart timer with 3000 milliseconds
This-Layer-Up action for LCP

[PPP] 2013/01/27 18:21:35,280  Devicetime: 2013/01/27 18:21:37,552

Received IPCP frame from peer GATEWAY-EP (channel 9)
Evaluate configure-request with ID 00 and size 10
Peer requests IP address 80.140.195.79, accepted
Positive Configure-Request-Received event for IPCP
Sending IPCP configure-ack with ID 00 and length 10 to peer GATEWAY-EP (channel 9)

[PPP] 2013/01/27 18:21:35,280  Devicetime: 2013/01/27 18:21:37,554

Received IPCP frame from peer GATEWAY-EP (channel 9)
Evaluate configure-ack with ID 00 and size 10
Configure-Ack-Received event for IPCP
Initializing IPCP restart timer to 3000 milliseconds
This-Layer-Up action for IPCP
Stopping IPCP restart timer

[VPN-Status] 2013/01/27 18:21:35,280  Devicetime: 2013/01/27 18:21:37,558
vpn-maps[20], remote: GATEWAY-EP, idle, static-name

[VPN-Status] 2013/01/27 18:21:35,280  Devicetime: 2013/01/27 18:21:37,559
VPN: incoming negotiator call for GATEWAY-EP (B-channel)
VPN: remote gateway address for GATEWAY-EP is 80.140.195.79
VPN: route to remote gateway is T-ONLINE

[VPN-Status] 2013/01/27 18:21:35,298  Devicetime: 2013/01/27 18:21:37,559
VPN: WAN state changed to WanCalled for GATEWAY-EP (0.0.0.0), called by: 0027f04f

[VPN-Status] 2013/01/27 18:21:35,298  Devicetime: 2013/01/27 18:21:37,559
VPN: set local server addresses for GATEWAY-EP (80.140.195.79)
   DNS:  192.168.30.1, 0.0.0.0
   NBNS: 0.0.0.0, 0.0.0.0

[VPN-Status] 2013/01/27 18:21:35,298  Devicetime: 2013/01/27 18:21:37,559
VPN: installing ruleset for GATEWAY-EP (80.140.195.79)

[VPN-Status] 2013/01/27 18:21:35,298  Devicetime: 2013/01/27 18:21:37,559
vpn-maps[20], remote: GATEWAY-EP, nego, static-name, connected-by-name

[VPN-Status] 2013/01/27 18:21:35,298  Devicetime: 2013/01/27 18:21:37,578
VPN: ruleset installed for GATEWAY-EP (80.140.195.79)

[VPN-Status] 2013/01/27 18:21:35,298  Devicetime: 2013/01/27 18:21:37,578
VPN: start dynamic VPN negotiation for GATEWAY-EP (80.140.195.79) via ICMP/UDP

[VPN-Status] 2013/01/27 18:21:35,298  Devicetime: 2013/01/27 18:21:37,578
VPN: create dynamic VPN V2 authentication packet for GATEWAY-EP (80.140.195.79)
   DNS:  192.168.30.1, 0.0.0.0
   NBNS: 0.0.0.0, 0.0.0.0
   polling address: 192.168.30.1

[VPN-Status] 2013/01/27 18:21:35,298  Devicetime: 2013/01/27 18:21:37,578
VPN: dynamic VPN V2 packet send to GATEWAY-EP (80.140.195.79)
dynamic VPN V2 header:
    Version: 2
    HdrLen: 28
    InfoLen: 40
    MsgType: address info (1)
    Flags: 0x0001
      Responser: yes
    Challenge: 4231790779

[VPN-Status] 2013/01/27 18:21:35,298  Devicetime: 2013/01/27 18:21:37,579
VPN: rulesets installed

[PPP] 2013/01/27 18:21:35,298  Devicetime: 2013/01/27 18:21:37,588
Administrative-Close event for LCP
This-Layer-Down action for LCP
Lower-Layer-Down event for BACP
Stopping BACP restart timer
Lower-Layer-Down event for CCP
Stopping CCP restart timer
Lower-Layer-Down event for IPCP
This-Layer-Down action for IPCP
Stopping IPCP restart timer
Lower-Layer-Down event for IPXCP
Stopping IPXCP restart timer
Initializing LCP restart timer to 3000 milliseconds
Change phase to TERMINATE for GATEWAY-EP
Sending LCP terminate-request with ID 04 and length 4 to peer GATEWAY-EP (channel 9)
Starting LCP restart timer with 3000 milliseconds

[PPP] 2013/01/27 18:21:35,298  Devicetime: 2013/01/27 18:21:37,590

Received LCP frame from peer GATEWAY-EP (channel 9)
Terminate-Request-Received event for LCP
Sending LCP terminate-ack with ID 04 and length 4 to peer GATEWAY-EP (channel 9)

[PPP] 2013/01/27 18:21:35,298  Devicetime: 2013/01/27 18:21:37,602

Received LCP frame from peer GATEWAY-EP (channel 9)
Terminate-Ack-Received event for LCP
Stopping LCP restart timer
This-Layer-Finish action for LCP
Disconnecting because LCP was finished

[PPP] 2013/01/27 18:21:35,298  Devicetime: 2013/01/27 18:21:37,604
Change phase to DEAD for GATEWAY-EP
Stopping LCP restart timer
Stopping IPXCP restart timer
Stopping IPCP restart timer
Stopping CCP restart timer
Stopping BACP restart timer

[VPN-Status] 2013/01/27 18:21:35,445  Devicetime: 2013/01/27 18:21:37,702
icmp/upd reply for GATEWAY-EP (80.140.195.79)

[VPN-Status] 2013/01/27 18:21:35,445  Devicetime: 2013/01/27 18:21:37,702
PING_ECHO, AuthFlags: 1, LastConf: 0, DynVpnMode: 2, StTunnel: 0

[VPN-Status] 2013/01/27 18:21:35,446  Devicetime: 2013/01/27 18:21:37,723
VPN: dynamic VPN V2 packet received from GATEWAY-EP (80.140.195.79)
dynamic VPN V2 header:
    Version: 2
    HdrLen: 28
    InfoLen: 40
    MsgType: address info (1)
    Flags: 0x0000
      Responser: no
    Challenge: 4202175511

[VPN-Status] 2013/01/27 18:21:35,446  Devicetime: 2013/01/27 18:21:37,723
VPN: received dynamic VPN V2 authentication packet from GATEWAY-EP (80.140.195.79)
   DNS:  192.168.2.1, 0.0.0.0
   NBNS: 0.0.0.0, 0.0.0.0

[VPN-Status] 2013/01/27 18:21:35,447  Devicetime: 2013/01/27 18:21:37,724
VPN: installing ruleset for GATEWAY-EP (80.140.195.79)

[VPN-Status] 2013/01/27 18:21:35,447  Devicetime: 2013/01/27 18:21:37,724
vpn-maps[20], remote: GATEWAY-EP, nego, static-name, connected-by-name

[VPN-Status] 2013/01/27 18:21:35,447  Devicetime: 2013/01/27 18:21:37,736
VPN: ruleset installed for GATEWAY-EP (80.140.195.79)

[VPN-Status] 2013/01/27 18:21:35,447  Devicetime: 2013/01/27 18:21:37,736
VPN: create dynamic VPN V2 authentication packet for GATEWAY-EP (80.140.195.79)
   DNS:  192.168.30.1, 0.0.0.0
   NBNS: 0.0.0.0, 0.0.0.0
   polling address: 192.168.30.1

[VPN-Status] 2013/01/27 18:21:35,449  Devicetime: 2013/01/27 18:21:37,737
VPN: dynamic VPN V2 packet send to GATEWAY-EP (80.140.195.79)
dynamic VPN V2 header:
    Version: 2
    HdrLen: 28
    InfoLen: 40
    MsgType: address info (1)
    Flags: 0x0001
      Responser: yes
    Challenge: 1379262799

[VPN-Status] 2013/01/27 18:21:35,449  Devicetime: 2013/01/27 18:21:37,737
VPN: wait for IKE negotiation from GATEWAY-EP (80.140.195.79)

[VPN-Status] 2013/01/27 18:21:35,450  Devicetime: 2013/01/27 18:21:37,737
VPN: WAN state changed to WanProtocol for GATEWAY-EP (80.140.195.79), called by: 0027f04f

[VPN-Status] 2013/01/27 18:21:35,450  Devicetime: 2013/01/27 18:21:37,751
VPN: rulesets installed

[VPN-Status] 2013/01/27 18:21:35,647  Devicetime: 2013/01/27 18:21:37,863
icmp/upd reply for GATEWAY-EP (80.140.195.79)

[VPN-Status] 2013/01/27 18:21:35,647  Devicetime: 2013/01/27 18:21:37,863
PING_ECHO, AuthFlags: 3, LastConf: 0, DynVpnMode: 2, StTunnel: 2

[VPN-Status] 2013/01/27 18:21:35,648  Devicetime: 2013/01/27 18:21:37,863
VPN: stop ping for GATEWAY-EP (80.140.195.79)


[PPP] 2013/01/27 18:21:49,158  Devicetime: 2013/01/27 18:21:51,270

LCP polling timeout for peer T-ONLINE - data received during last interval


[PPP] 2013/01/27 18:22:05,483  Devicetime: 2013/01/27 18:22:07,600

LCP polling timeout for peer GATEWAY-EP - 

[VPN-Status] 2013/01/27 18:22:05,483  Devicetime: 2013/01/27 18:22:07,751
VPN: connection for GATEWAY-EP (80.140.195.79) timed out: no response

[VPN-Status] 2013/01/27 18:22:05,483  Devicetime: 2013/01/27 18:22:07,751
VPN: Error: IFC-R-Connection-timeout-IKE-IPSEC (0x1206) for GATEWAY-EP (80.140.195.79)

[VPN-Status] 2013/01/27 18:22:05,484  Devicetime: 2013/01/27 18:22:07,751
VPN: disconnecting GATEWAY-EP (80.140.195.79)

[VPN-Status] 2013/01/27 18:22:05,487  Devicetime: 2013/01/27 18:22:07,751
VPN: Error: IFC-R-Connection-timeout-IKE-IPSEC (0x1206) for GATEWAY-EP (80.140.195.79)

[VPN-Status] 2013/01/27 18:22:05,487  Devicetime: 2013/01/27 18:22:07,767
VPN: GATEWAY-EP (80.140.195.79)  disconnected

[VPN-Status] 2013/01/27 18:22:05,487  Devicetime: 2013/01/27 18:22:07,767
vpn-maps[20], remote: GATEWAY-EP, idle, static-name

[VPN-Status] 2013/01/27 18:22:05,489  Devicetime: 2013/01/27 18:22:07,780
selecting next remote gateway using strategy eFirst for GATEWAY-EP
     => no remote gateway selected

[VPN-Status] 2013/01/27 18:22:05,489  Devicetime: 2013/01/27 18:22:07,780
selecting first remote gateway using strategy eFirst for GATEWAY-EP
     => no remote gateway selected

[VPN-Status] 2013/01/27 18:22:05,490  Devicetime: 2013/01/27 18:22:07,780
VPN: installing ruleset for GATEWAY-EP (0.0.0.0)

[VPN-Status] 2013/01/27 18:22:05,491  Devicetime: 2013/01/27 18:22:07,781
VPN: WAN state changed to WanDisconnect for GATEWAY-EP (0.0.0.0), called by: 0027f04f

[VPN-Status] 2013/01/27 18:22:05,491  Devicetime: 2013/01/27 18:22:07,782
VPN: WAN state changed to WanIdle for GATEWAY-EP (0.0.0.0), called by: 0027f04f

[VPN-Status] 2013/01/27 18:22:05,493  Devicetime: 2013/01/27 18:22:07,794
VPN: rulesets installed


[PPP] 2013/01/27 18:22:30,502  Devicetime: 2013/01/27 18:22:32,614

Received LCP frame from peer T-ONLINE (channel 11)

Sending LCP echo-response with ID 92 and length 10 to peer T-ONLINE (channel 11)


[PPP] 2013/01/27 18:22:39,157  Devicetime: 2013/01/27 18:22:41,270

LCP polling timeout for peer T-ONLINE - 
Sending LCP echo-request with ID c9 and length 8 to peer T-ONLINE (channel 11)

[PPP] 2013/01/27 18:22:39,157  Devicetime: 2013/01/27 18:22:41,330

Received LCP frame from peer T-ONLINE (channel 11)

LCP echo-response with ID c9 and length 10 to peer T-ONLINE


[PPP] 2013/01/27 18:22:44,157  Devicetime: 2013/01/27 18:22:46,270

LCP polling timeout for peer T-ONLINE - echo-response received during last interval
Sending LCP echo-request with ID ca and length 8 to peer T-ONLINE (channel 11)

[PPP] 2013/01/27 18:22:44,157  Devicetime: 2013/01/27 18:22:46,328

Received LCP frame from peer T-ONLINE (channel 11)

LCP echo-response with ID ca and length 10 to peer T-ONLINE


[PPP] 2013/01/27 18:23:30,809  Devicetime: 2013/01/27 18:23:32,925

Received LCP frame from peer T-ONLINE (channel 11)

Sending LCP echo-response with ID 93 and length 10 to peer T-ONLINE (channel 11)


[PPP] 2013/01/27 18:23:34,153  Devicetime: 2013/01/27 18:23:36,270

LCP polling timeout for peer T-ONLINE - echo-response received during last interval


[PPP] 2013/01/27 18:24:24,151  Devicetime: 2013/01/27 18:24:26,270

LCP polling timeout for peer T-ONLINE - data received during last interval


[PPP] 2013/01/27 18:25:00,973  Devicetime: 2013/01/27 18:25:03,093

Received LCP frame from peer T-ONLINE (channel 11)

Sending LCP echo-response with ID 94 and length 10 to peer T-ONLINE (channel 11)

Weshalb scheitert der Verbindungsaufbau? Für Eure Unterstützung vorab schon mal vielen Dank.

MfG
behappy24
Nach oben
backslash
Moderator
Moderator
Beiträge: 7132
Registriert: 08 Nov 2004, 21:26
Wohnort: Aachen

Beitrag von backslash »

Hi behappy24

wie wurde die Verbindung aufgebaut? Mittels "do /other/manual-dialing/connect" Aufruf oder durch Keep-Alive oder durch ein Datenpaket, daß übertragen werden sollte?

In den ersten beiden Fällen wird kein IPSec-Tunnel aufgebaut, es sei denn, du hast im Gateway EP (das ist die seite, die gerade aufbauen wollte) VPN -> Allgemein -> Aufbau Netzbeziehungen" auf "Immer alle gemeinsam" stehen.

Wenn der Aufbau durch ein Datenpaket erfolgen sollte, dann solltest du einen VPN-Paket-Trace machen und schauen, ob für das Paket überhaupt eine Regel verfügbar ist - im trace steht dann "no policy found". Wenn es eine Regel gibt, aber noch keine SA, dann taucht im Trace "no sa available, should be retransmitted" auf, was bedeutet, daß die IKE-Verhandlung startet. Hier mußt du dann schauen, ob die IKE-Pakete überhaupt raus gehen. Dazu ist der erste Ansatzpunkt der IP-Router-Trace - dort müssen Pakete an den UDP-Port 500 autfauchen... Ab da mußt du den Weg des Pakets bis zu seinem Ziel verfolgen

Gruß
Backslash
Nach oben
behappy24
Beiträge: 4
Registriert: 01 Sep 2007, 10:08

Beitrag von behappy24 »

Hallo Backslash,

Danke für Deine schnelle Antwort, die mir sehr geholfen hat. Ich hatte in meiner Anfrage vergessen mitzutieilen, das auf der Gegenstelle Gateway-EP sich noch ein weiteres Netz hinter einem weiteren LanCom-Router befindet. Dieses Netz aus dem der Verbindugsaufbau mittels Datenpaket initiiert wurde, wies keine SA zur Gegenstelle des Gateway-UH.
Nach dem die SA angelegt wurde, wurde die VPN-Verbindung hergestellt.

Nochmals vielen Dank.

MfG
behappy24
Nach oben
Antworten

Zurück zu „Fragen zur LANCOM Systems Routern und Gateways“