I have one computer using an 802.11b NIC. The ip address of the 802.11b nic and the Access Point (AP) is on the same subnet as the Internal Network. The NIC works fine from the AP to the ASL. I tried the evaluation version of ASC (8.20 build 69), but have not had much success. Here is what I have tried so far.
ASL 6.002
Gateway 192.168.0.254
DNS Proxy enabled on 192 network
VPN Connection
Type Roadwarrior
IPSec Policy AES-PFS
Auto Packet Filter Off
Local Endpoint Internal
Remote Endpoint Any
Subnet Definition None
L2TP Encapsulation Off
Keys X509: test
Packet Filter test (ipsec key) any any allow
No masqerading of test (ipsec key)
No virtual IP on the remote IPSec key.
XP SP2 ASC:
Communication Medium IP/WLAN
Line Management Manual
Inactivity 100
Gateway 192.168.0.254
IKE policy automatic mode
IPSec policy automatic mode
Exch. mode Main Mode
PFS group DH-Group 5 (1536 Bit)
Identities-type ASN1 Distinguished Name
ID 9100.attic.local
IP Address Asignment Use local IP address
DNS Server 192.168.0.254
Remote Networks 0.0.0.0 (all)
Certificate Check n/a
Link Firewall Off
From ASL Log:
2005:08:22-05:12:03 (none) pluto[4425]: packet from 192.168.0.179:500: ignoring unknown Vendor ID payload [da8e937880010000]
2005:08:22-05:12:03 (none) pluto[4425]: packet from 192.168.0.179:500: received Vendor ID payload [XAUTH]
2005:08:22-05:12:03 (none) pluto[4425]: packet from 192.168.0.179:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] method set to=108
2005:08:22-05:12:03 (none) pluto[4425]: packet from 192.168.0.179:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 108
2005:08:22-05:12:03 (none) pluto[4425]: packet from 192.168.0.179:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
2005:08:22-05:12:03 (none) pluto[4425]: packet from 192.168.0.179:500: received Vendor ID payload [RFC 3947] method set to=109
2005:08:22-05:12:03 (none) pluto[4425]: packet from 192.168.0.179:500: received Vendor ID payload [Dead Peer Detection]
2005:08:22-05:12:03 (none) pluto[4425]: packet from 192.168.0.179:500: ignoring unknown Vendor ID payload [101fb0b35c5a4f4c08b919f1cf53c96a]
2005:08:22-05:12:03 (none) pluto[4425]: packet from 192.168.0.179:500: received Vendor ID payload [Cisco-Unity]
2005:08:22-05:12:03 (none) pluto[4425]: "D_vpn-9100_0"[4] 192.168.0.179 #44: responding to Main Mode from unknown peer 192.168.0.179
2005:08:22-05:12:03 (none) pluto[4425]: "D_vpn-9100_0"[4] 192.168.0.179 #44: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
2005:08:22-05:12:03 (none) pluto[4425]: "D_vpn-9100_0"[4] 192.168.0.179 #44: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
2005:08:22-05:12:03 (none) pluto[4425]: "D_vpn-9100_0"[4] 192.168.0.179 #44: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
2005:08:22-05:12:03 (none) pluto[4425]: "D_vpn-9100_0"[4] 192.168.0.179 #44: ignoring informational payload, type IPSEC_INITIAL_CONTACT
2005:08:22-05:12:03 (none) pluto[4425]: "D_vpn-9100_0"[4] 192.168.0.179 #44: Main mode peer ID is ID_DER_ASN1_DN: 'C=us, ST=CA..., L=CA, O=None, OU=None, CN=9100.attic.local, E=9100@attic.local'
2005:08:22-05:12:03 (none) pluto[4425]: "D_vpn-9100_0"[4] 192.168.0.179 #44: no crl from issuer "C=us, ST=CA, L=CA, O=None, OU=None, CN=attic, E=test@aol.com" found (strict=no)
2005:08:22-05:12:03 (none) pluto[4425]: "D_vpn-9100_0"[4] 192.168.0.179 #44: I am sending my cert
2005:08:22-05:12:03 (none) pluto[4425]: "D_vpn-9100_0"[4] 192.168.0.179 #44: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
2005:08:22-05:12:03 (none) pluto[4425]: "D_vpn-9100_0"[4] 192.168.0.179 #44: sent MR3, ISAKMP SA established
2005:08:22-05:12:03 (none) pluto[4425]: "D_vpn-9100_0"[4] 192.168.0.179 #44: Dead Peer Detection (RFC 3706): enabled
2005:08:22-05:12:03 (none) pluto[4425]: "D_vpn-9100_0"[4] 192.168.0.179 #44: cannot respond to IPsec SA request because no connection is known for 0.0.0.0/0===192.168.0.254...192.168.0.179[C=us, ST=CA, L=CA, O=None, OU=None, CN=9100.attic.local, E=9100@attic.local]
2005:08:22-05:12:03 (none) pluto[4425]: "D_vpn-9100_0"[4] 192.168.0.179 #44: sending encrypted notification INVALID_ID_INFORMATION to 192.168.0.179:500
2005:08:22-05:12:03 (none) pluto[4425]: "D_vpn-9100_0"[4] 192.168.0.179 #44: failed to build notification for spisize=0
2005:08:22-05:12:14 (none) pluto[4425]: "D_vpn-9100_0"[4] 192.168.0.179 #44: received Delete SA payload: deleting ISAKMP State #44
2005:08:22-05:12:14 (none) pluto[4425]: "D_vpn-9100_0"[4] 192.168.0.179: deleting connection "D_vpn-9100_0" instance with peer 192.168.0.179 {isakmp=#0/ipsec=#0}
2005:08:22-05:12:14 (none) pluto[4425]: packet from 192.168.0.179:500: received and ignored informational message
From ASC Log:
8/22/2005 5:12:03 AM IPSDIALCHAN::start building connection
8/22/2005 5:12:03 AM NCPIKE-phase1:name(test) - outgoing connect request - main mode.
8/22/2005 5:12:03 AM XMIT_MSG1_MAIN - test
8/22/2005 5:12:03 AM RECV_MSG2_MAIN - test
8/22/2005 5:12:03 AM IPSDIAL->FINAL_TUNNEL_ENDPOINT:192.168.000.254
8/22/2005 5:12:03 AM IKE phase I: Setting LifeTime to 28800 seconds
8/22/2005 5:12:03 AM test ->Support for NAT-T version - 9
8/22/2005 5:12:03 AM XMIT_MSG3_MAIN - test
8/22/2005 5:12:03 AM RECV_MSG4_MAIN - test
8/22/2005 5:12:03 AM XMIT_MSG5_MAIN - test
8/22/2005 5:12:03 AM XMIT_MSG5_MAIN_RESUME - test
8/22/2005 5:12:03 AM RECV_MSG6_MAIN - test
8/22/2005 5:12:03 AM RECV_MSG6_MAIN_RESUME - test
8/22/2005 5:12:03 AM Turning on DPD mode - test
8/22/2005 5:12:03 AM NCPIKE-phase1:name(test) - connected
8/22/2005 5:12:03 AM XMIT_MSG1_QUICK - test
8/22/2005 5:12:14 AM NCPIKE-phase2:name(test) - error - retry timeout - max retries
8/22/2005 5:12:15 AM IPSDIAL - disconnected from test on channel 1.
Has anyone been successful setting up a WLAN VPN on the same subnet of the internal LAN?
Tony
This thread was automatically locked due to age.
