Hi folks,
I am currently trying to configure some Windows Mobile 5 Smartphones to connect to ASG 7.405 using NCP's VPN client (IPSec).
I chose not to use the built-in L2TP/IPSec client because I don't want the users to be able to "alter" (i.e. break) the configuration.
NCP's VPN client offers the oppurtunity to import the ini configuration-file that can be downloaded from ASG through the enduser portal.
At some point the connection-progress hangs. IKE-Phase 1 seems to work alright, but after that nothing happens until both sides time out.
The logfiles read:
IPSec-Log on our Astaro:
2009:08:13-17:15:59 dieplage pluto[8508]: packet from 92.116.19.182:500: ignoring Vendor ID payload [da8e937880010000]
2009:08:13-17:15:59 dieplage pluto[8508]: packet from 92.116.19.182:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
2009:08:13-17:15:59 dieplage pluto[8508]: packet from 92.116.19.182:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2009:08:13-17:15:59 dieplage pluto[8508]: packet from 92.116.19.182:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
2009:08:13-17:15:59 dieplage pluto[8508]: packet from 92.116.19.182:500: received Vendor ID payload [RFC 3947]
2009:08:13-17:15:59 dieplage pluto[8508]: packet from 92.116.19.182:500: received Vendor ID payload [Dead Peer Detection]
2009:08:13-17:15:59 dieplage pluto[8508]: packet from 92.116.19.182:500: ignoring Vendor ID payload [NCP Client]
2009:08:13-17:15:59 dieplage pluto[8508]: packet from 92.116.19.182:500: ignoring Vendor ID payload [c61baca1f1a60cc10800000000000000]
2009:08:13-17:15:59 dieplage pluto[8508]: packet from 92.116.19.182:500: ignoring Vendor ID payload [FRAGMENTATION c0000000]
2009:08:13-17:15:59 dieplage pluto[8508]: "S_Unknown Object"[5] 92.116.19.182 #8: responding to Main Mode from unknown peer 92.116.19.182
2009:08:13-17:16:00 dieplage pluto[8508]: "S_Unknown Object"[5] 92.116.19.182 #8: NAT-Traversal: Result using RFC 3947: peer is NATed
2009:08:13-17:16:01 dieplage pluto[8508]: "S_Unknown Object"[5] 92.116.19.182 #8: ignoring informational payload, type IPSEC_INITIAL_CONTACT
2009:08:13-17:16:01 dieplage pluto[8508]: "S_Unknown Object"[5] 92.116.19.182 #8: Peer ID is ID_IPV4_ADDR: '10.129.19.182'
2009:08:13-17:16:01 dieplage pluto[8508]: "S_Unknown Object"[6] 92.116.19.182 #8: deleting connection "S_Unknown Object" instance with peer 92.116.19.182 {isakmp=#0/ipsec=#0}
2009:08:13-17:16:01 dieplage pluto[8508]: | NAT-T: new mapping 92.116.19.182:500/4500)
2009:08:13-17:16:01 dieplage pluto[8508]: "S_Unknown Object"[6] 92.116.19.182:4500 #8: sent MR3, ISAKMP SA established
2009:08:13-17:16:03 dieplage pluto[8508]: "S_Unknown Object"[6] 92.116.19.182:4500 #8: cannot respond to IPsec SA request because no connection is known for 0.0.0.0/0===217.232.4.34:4500...92.116.19.182:4500[10.129.19.182]==={10.129.19.182/32}
2009:08:13-17:16:03 dieplage pluto[8508]: "S_Unknown Object"[6] 92.116.19.182:4500 #8: sending encrypted notification INVALID_ID_INFORMATION to 92.116.19.182:4500
Last 4 messages on smartphone:
Ike: phase1:name(REF_rWggjdxcgd) - connected
SUCCESS: IKE phase 1 ready
IpSec: Phase1 is Ready: IkeIndex = 00000014
IpSec: Disconnected from REF_rWggjdxcgd on channel 1.
Can anyone help here? Maybe someone already uses the NCP-VPN Client on a Windows Mobile device?
Thanks a lot for any help!
Cheers!
This thread was automatically locked due to age.
