- VMware Technology Network
- :
- Cloud & SDDC
- :
- ESXi
- :
- ESXi Discussions
- :
- Problem with Netgear VPN (DG834)
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
nhiservices
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Problem with Netgear VPN (DG834)
We had a VPN set up from a server at our hosting company to our local office. It terminates locally on a Netgear DG834, running firmware V4.01.40. The client is a Netgear ProSafe VPN Client SafeNet SoftRemote 10.8.0 (Build20), running on Windows Server 2003 R2. We have migrated the server at our hosting company to a VMWare virtual machine (using the Standalone Converter tool), and are now having problems with the VPN connection on the virtual server. The virtual host is running ESXi 4.1.
The problem I am having is that the new VM is unable to send any traffic down the VPN pipe to our DG834. What is confusing is I am seeing no errors in the connection log on the server and no errors on the DG834. Everything seems to be connecting 100% but I still can’t get any traffic down the line. The physical server that this VM was cloned from is still running, has no errors and can ping all our local machines once the connection is made. If anybody has any experience with virtual servers running the Netgear VPN client I would appreciate any suggestions.
Summary : I am wanting to push all traffic on range 192.168.3.0 through the VPN tunnel which has been given an IP address of 192.168.9.1. I am NOT having a problem getting the connection established, I am having a problem getting data pushed through it afterwards
Log from the Netgear Client
11-23: 16:21:29.859 My Connections\VM7 - Initiating IKE Phase 1 (IP ADDR=82.XX.XXX.X)
11-23: 16:21:29.859 My Connections\VM7 - SENDING>>>> ISAKMP OAK MM (SA, VID 2x)
11-23: 16:21:30.281 My Connections\VM7 - RECEIVED<<< ISAKMP OAK MM (SA, VID)
11-23: 16:21:30.359 My Connections\VM7 - Peer supports Dead Peer Detection Version 1.0
11-23: 16:21:30.359 My Connections\VM7 - Dead Peer Detection enabled
11-23: 16:21:30.390 My Connections\VM7 - SENDING>>>> ISAKMP OAK MM (KE, NON, VID 4x)
11-23: 16:21:33.828 My Connections\VM7 - RECEIVED<<< ISAKMP OAK MM (KE, NON)
11-23: 16:21:33.906 My Connections\VM7 - SENDING>>>> ISAKMP OAK MM *(ID, HASH, NOTIFY:STATUS_REPLAY_STATUS, NOTIFY:STATUS_INITIAL_CONTACT)
11-23: 16:21:33.984 My Connections\VM7 - RECEIVED<<< ISAKMP OAK MM *(ID, HASH)
11-23: 16:21:33.984 My Connections\VM7 - Established IKE SA
11-23: 16:21:33.984 My Connections\VM7 - MY COOKIE bb 58 27 6c d0 7f 3c 2b
11-23: 16:21:33.984 My Connections\VM7 - HIS COOKIE a6 b8 ef bd 60 b 53 90
11-23: 16:21:34.046 Virtual Interface constructed for local interface 192.168.9.1
11-23: 16:21:34.062 Virtual Interface added: 192.168.9.1/255.255.255.255 on ISDN "SafeNet VA miniport".
11-23: 16:21:34.062 Clearing arp for adapter 5111814
11-23: 16:21:34.109 My Connections\VM7 - Initiating IKE Phase 2 with Client IDs (message id: 38032DD8)
11-23: 16:21:34.109 My Connections\VM7 - Initiator = IP ADDR=192.168.9.1, prot = 0 port = 0
11-23: 16:21:34.109 My Connections\VM7 - Responder = IP SUBNET/MASK=192.168.3.0/255.255.255.0, prot = 0 port = 0
11-23: 16:21:34.109 My Connections\VM7 - SENDING>>>> ISAKMP OAK QM *(HASH, SA, NON, ID 2x)
11-23: 16:21:34.203 My Connections\VM7 - RECEIVED<<< ISAKMP OAK QM *(HASH, SA, NON, ID 2x)
11-23: 16:21:34.203 My Connections\VM7 - Filter entry 4 updated: SECURE 192.168.009.001&255.255.255.255 192.168.003.000&255.255.255.000 082.XXX.XXX.XXX
11-23: 16:21:34.203 Route 192.168.3.0/255.255.255.0->192.168.9.1 added.
11-23: 16:21:34.203 My Connections\VM7 - SENDING>>>> ISAKMP OAK QM *(HASH)
11-23: 16:21:34.203 My Connections\VM7 - Loading IPSec SA (Message ID = 38032DD8 OUTBOUND SPI = 7E6FFC75 INBOUND SPI = 192ABDD0)
11-23: 16:22:02.375 My Connections\VM7 - RECEIVED<<< ISAKMP OAK QM *(Opaque)
11-23: 16:22:02.375 My Connections\VM7 - Received message for non-active SA
11-23: 16:22:13.078 My Connections\VM7 - RECEIVED<<< ISAKMP OAK INFO *(HASH, NOTIFY:R_U_THERE_REQUEST=00006B4E)
11-23: 16:22:13.078 My Connections\VM7 - SENDING>>>> ISAKMP OAK INFO *(HASH, NOTIFY:R_U_THERE_ACK=00006B4E)
11-23: 16:22:22.765 My Connections\VM7 - RECEIVED<<< ISAKMP OAK INFO *(HASH, NOTIFY:R_U_THERE_REQUEST=00006B4F)
11-23: 16:22:22.765 My Connections\VM7 - SENDING>>>> ISAKMP OAK INFO *(HASH, NOTIFY:R_U_THERE_ACK=00006B4F)
Log from the DG834
Tue, 2010-11-23 16:21:31 - STATE_QUICK_I1: retransmission; will wait 20s for response
Tue, 2010-11-23 16:21:35 - responding to Main Mode
Tue, 2010-11-23 16:21:39 - sent MR3, ISAKMP SA established
Tue, 2010-11-23 16:21:39 - responding to Quick Mode
Tue, 2010-11-23 16:22:07 - IPsec SA established
Tue, 2010-11-23 16:22:07 - STATE_QUICK_I1: retransmission; will wait 40s for response
Tue, 2010-11-23 16:22:47 - max number of retransmissions reached STATE_QUICK_I1
ROUTE PRINT from Server
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.3.0 255.255.255.0 192.168.9.1 192.168.9.1 1
192.168.9.1 255.255.255.255 127.0.0.1 127.0.0.1 50
192.168.9.255 255.255.255.255 192.168.9.1 192.168.9.1 50
192.168.16.0 255.255.240.0 192.168.26.29 192.168.26.29 10
192.168.26.29 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.26.255 255.255.255.255 192.168.26.29 192.168.26.29 10
224.0.0.0 240.0.0.0 10.52.0.17 10.52.0.17 10
224.0.0.0 240.0.0.0 192.168.9.1 192.168.9.1 50
224.0.0.0 240.0.0.0 192.168.26.29 192.168.26.29 10
255.255.255.255 255.255.255.255 10.52.0.17 10.52.0.17 1
255.255.255.255 255.255.255.255 192.168.9.1 192.168.9.1 1
255.255.255.255 255.255.255.255 192.168.26.29 192.168.26.29 1
Default Gateway: 10.52.0.255