Trying to get a site to site VPN working with ASG7 at the "home office" and FVG318 at the "branch office".
Using AES-128 PFS...tried to match up all the settings on the FVG318...keep getting the following log which ends in "No phase 2 handle"
here's the netgear log
2009-02-20 : INFO: accept a request to establish IKE-SA: astaro.domain.com
2009-02-20 : INFO: remote configuration for identifier "astaro.domain.com" found
2009-02-20 : INFO: Initiating new phase 1 negotiation: branch_ip[500]homeoffice_ip[500]
2009-02-20 : INFO: Beginning Identity Protection mode.
2009-02-20 : INFO: Received unknown Vendor ID
2009-02-20 : INFO: Received unknown Vendor ID
2009-02-20 : INFO: Received unknown Vendor ID
2009-02-20 : INFO: Received unknown Vendor ID
2009-02-20 : INFO: ISAKMP-SA established for branch_ip[500]-homeoffice_ip[500] with spi:a775074169fe97d1:01b0e6014a326da2
2009-02-20 : INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]
2009-02-20 : INFO: Initiating new phase 2 negotiation: branch_ip[500]homeoffice_ip[0]
2009-02-20 : ERROR: Unknown notify message from homeoffice_ip[500].No phase2 handle found.
asg7 key line seems to be
pluto[14149]: "S_myfirst ipsec_0"[8] xx.xx.xx.xx #12: cannot respond to IPsec SA request because no connection is known for xx.xx.xx.0/24===xx.xx.xx.xx...xx.xx.xx.xx
Do I have the source and dest IP's reversed or something? Any help would be great...thanks...hopefully it's something simple I didn't enter in ASG7 config...
This thread was automatically locked due to age.
