Your connection IP/name does not match   
      
   On 27 Apr 2005 09:23:30 -0700, nicolas.keller@slb.de (Nicolas Keller)   
   wrote:   
      
   >I want to establish a VPN connection from a client (Windows XP SP2,   
   >Netgear ProSafe VPN Client Software) over the internet to a Netgear   
   >FVS338 ProSafe VPN Firewall. After two days of trying, I'm starting to   
   >get mad. The process fails after initiating IKE Phase 2.   
   >   
   >This is the log from the Netgear ProSafe VPN Client (leading date/time   
   >information was deleted for better reading):   
   >   
   >Attempting to resolve Hostname (xxx.dyndns.org)   
   >Initiating IKE Phase 1 (Hostname=xxx.dyndns.org) (IP   
   >ADDR=xxx.xxx.xxx.xxx)   
   >SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID 6x)   
   >RECEIVED<<< ISAKMP OAK AG (SA, KE, NON, ID, HASH, VID, NAT-D 2x, VID   
   >2x)   
   >Peer is NAT-T draft-02 capable   
   >NAT is detected for Client   
   >Floating to IKE non-500 port   
   >Peer supports Dead Peer Detection Version 1.0   
   >Dead Peer Detection enabled   
   >SENDING>>>> ISAKMP OAK AG *(HASH, NAT-D 2x,   
   >NOTIFY:STATUS_REPLAY_STATUS, NOTIFY:STATUS_INITIAL_CONTACT)   
   >Established IKE SA   
   >MY COOKIE db 4a a4 73 dd af 3 2b   
   >HIS COOKIE cd 99 66 5c 35 94 21 28   
   >Initiating IKE Phase 2 with Client IDs (message id: 80266275)   
   >Initiator = IP ADDR=192.168.110.32, prot = 0 port = 0   
   >Responder = IP ADDR=192.168.111.10, prot = 0 port = 0   
   >SENDING>>>> ISAKMP OAK QM *(HASH, SA, NON, KE, ID 2x)   
   >QM re-keying timed out. Retry count: 1   
   >   
   >This is the log from the router :   
   >   
   >phase-I negotiation   
   >received NOTIFY PAYLOAD of notify type REPLAY_STATUS   
   >received NOTIFY PAYLOAD of notify type INITIAL_CONTACT   
   >IKE phase-I started   
   >Initiator SPD selectors received: IPADDR, 192.168.110.xx, proto 0,   
   >port 0   
   >Responder SPD selectors received: IPADDR, 192.168.111.xx, proto 0,   
   >port 0   
   >No matching SPD policy for the selectors received in IKE phase-II   
   >message IKE phase-II with message ID 80266275 failed   
   >   
   >There are three retries which I removed for a better reading   
   >experience ;)   
   >   
   >Phase 1 completes successfully, Phase 2 times out. At first, it is   
   >rather obvious, the entry in the security policy database must be   
   >wrong and the router stops responding because of this. But the entries   
   >look very good to me (I usually know what I'm doing) and we already   
   >tried every senseful and senseless combination possible.   
   >   
   >Has anyone else encountered similar problems with the Netgear FVS338   
   >router? We set up dozens of smaller routers with VPN, like the Netgear   
   >FVS318 and never had any problems. Firmware and Drivers are up to date   
   >- before you ask ;)   
   >   
   >What else (than wrong entries in the security policy database) could   
   >cause this problem?   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)