This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPsec not work

Hello All!
I want to understand, VPN IPSec:
If your client machine is behind a Nat device....IPsec will not work
this is true?
If so, then nothing can be done?

This thread was automatically locked due to age.

Parents

0 creativity over 13 years ago

but still I need help)
when a client connects, the log file has error
22.09.2011 21:39:00IPSec: Start building connection
22.09.2011 21:39:00Ike: Outgoing connect request MAIN mode - gateway=84.108.31.110 : peit
22.09.2011 21:39:00Ike: XMIT_MSG1_MAIN - peit
22.09.2011 21:39:01Ike: RECV_MSG2_MAIN - peit
22.09.2011 21:39:01IPSec: Final Tunnel EndPoint is:084.108.031.110
22.09.2011 21:39:01Ike: IKE phase I: Setting LifeTime to 7800 seconds
22.09.2011 21:39:01Ike: IkeSa negotiated with the following properties -
22.09.2011 21:39:01  Authentication=RSA_SIGNATURES,Encryption=AES,Hash=MD5,DHGroup=5,KeyLen=256
22.09.2011 21:39:01Ike: peit ->Support for NAT-T version - 9
22.09.2011 21:39:01Ike: XMIT_MSG3_MAIN - peit
22.09.2011 21:39:01Ike: RECV_MSG4_MAIN - peit
22.09.2011 21:39:01Ike: Turning on NATD mode - peit - 3
22.09.2011 21:39:01Ike: XMIT_MSG5_MAIN - peit
22.09.2011 21:39:02Ike: XMIT_MSG5_MAIN_RESUME - peit
22.09.2011 21:39:02Ike: RECV_MSG6_MAIN - peit
22.09.2011 21:39:02Ike: RECV_MSG6_MAIN_RESUME - peit
22.09.2011 21:39:02Ike: IkeSa negotiated with the following properties -
22.09.2011 21:39:02  Authentication=RSA_SIGNATURES,Encryption=AES,Hash=MD5,DHGroup=5,KeyLen=256
22.09.2011 21:39:02Ike: Turning on DPD mode - peit
22.09.2011 21:39:02Ike: phase1:name(peit) - connected
22.09.2011 21:39:02SUCCESS: IKE phase 1 ready
22.09.2011 21:39:02IPSec: Phase1 is Ready - IkeIndex=41,AltRekey=1
22.09.2011 21:39:02IkeCfg: XMIT_IKECFG_REQUEST - peit
22.09.2011 21:39:02IkeCfg: RECV_IKECFG_REPLY - peit
22.09.2011 21:39:02IkeCfg: name  - enter state open
22.09.2011 21:39:02SUCCESS: IkeCfg ready
22.09.2011 21:39:02IPSec: Quick Mode is Ready: IkeIndex = 00000029 , VpnSrcPort = 4500
22.09.2011 21:39:02IPSec: Assigned IP Address: 10.242.4.1
22.09.2011 21:39:02IPSec: DNS Server: 192.168.10.100
22.09.2011 21:39:02IPSec: Domain is: compworld.co.il
22.09.2011 21:39:02IkeQuick: XMIT_MSG1_QUICK - peit
22.09.2011 21:39:02IkeQuick: RECV_MSG2_QUICK - peit
22.09.2011 21:39:02IkeQuick: XMIT_MSG3_QUICK - peit
22.09.2011 21:39:02IkeQuick: phase2:name(peit) - connected
22.09.2011 21:39:02SUCCESS: Ike phase 2 (quick mode) ready
22.09.2011 21:39:02IPSec: Created an IPSEC SA with the following characteristics -
22.09.2011 21:39:02  IpSrcRange=[10.242.4.1-10.242.4.1],IpDstRange=[0.0.0.0-255.255.255.255],IpProt=0,SrcPort=0,DstPort=0
22.09.2011 21:39:02IPSec: connected: LifeDuration in Seconds = 2520 and in KiloBytes = 0
22.09.2011 21:39:02IPSec: Connected to peit on channel 1.
22.09.2011 21:39:02PPP(Ipcp): connected to peit with IP Address: 10.242.4.1
22.09.2011 21:39:02SUCCESS: IpSec connection ready
22.09.2011 21:39:17SUCCESS: Link ->  IP address assigned to IP stack - link is operational.
22.09.2011 21:39:21Ike: NOTIFY : peit : SENT : NOTIFY_MSG_R_U_HERE : 36136
22.09.2011 21:39:21Ike: NOTIFY : peit : RECEIVED : NOTIFY_MSG_R_U_HERE_ACK : 36137
22.09.2011 21:39:41Ike: NOTIFY : peit : SENT : NOTIFY_MSG_R_U_HERE : 36136
22.09.2011 21:39:41Ike: NOTIFY : peit : RECEIVED : NOTIFY_MSG_R_U_HERE_ACK : 36137
22.09.2011 21:39:51IkeQuick: phase2:name(peit) - error - deltimer expired
22.09.2011 21:40:01Ike: NOTIFY : peit : SENT : NOTIFY_MSG_R_U_HERE : 36136
22.09.2011 21:40:01Ike: NOTIFY : peit : RECEIVED : NOTIFY_MSG_R_U_HERE_ACK : 36137
22.09.2011 21:40:21Ike: NOTIFY : peit : SENT : NOTIFY_MSG_R_U_HERE : 36136
22.09.2011 21:40:21Ike: NOTIFY : peit : RECEIVED : NOTIFY_MSG_R_U_HERE_ACK : 36137
22.09.2011 21:40:41Ike: NOTIFY : peit : SENT : NOTIFY_MSG_R_U_HERE : 36136
22.09.2011 21:40:41Ike: NOTIFY : peit : RECEIVED : NOTIFY_MSG_R_U_HERE_ACK : 36137
22.09.2011 21:41:01Ike: NOTIFY : peit : SENT : NOTIFY_MSG_R_U_HERE : 36136
22.09.2011 21:41:01Ike: NOTIFY : peit : RECEIVED : NOTIFY_MSG_R_U_HERE_ACK : 36137
and not always connected client displays
- 11.JPG
- View
- Hide
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 creativity over 13 years ago

but still I need help)
when a client connects, the log file has error
22.09.2011 21:39:00IPSec: Start building connection
22.09.2011 21:39:00Ike: Outgoing connect request MAIN mode - gateway=84.108.31.110 : peit
22.09.2011 21:39:00Ike: XMIT_MSG1_MAIN - peit
22.09.2011 21:39:01Ike: RECV_MSG2_MAIN - peit
22.09.2011 21:39:01IPSec: Final Tunnel EndPoint is:084.108.031.110
22.09.2011 21:39:01Ike: IKE phase I: Setting LifeTime to 7800 seconds
22.09.2011 21:39:01Ike: IkeSa negotiated with the following properties -
22.09.2011 21:39:01  Authentication=RSA_SIGNATURES,Encryption=AES,Hash=MD5,DHGroup=5,KeyLen=256
22.09.2011 21:39:01Ike: peit ->Support for NAT-T version - 9
22.09.2011 21:39:01Ike: XMIT_MSG3_MAIN - peit
22.09.2011 21:39:01Ike: RECV_MSG4_MAIN - peit
22.09.2011 21:39:01Ike: Turning on NATD mode - peit - 3
22.09.2011 21:39:01Ike: XMIT_MSG5_MAIN - peit
22.09.2011 21:39:02Ike: XMIT_MSG5_MAIN_RESUME - peit
22.09.2011 21:39:02Ike: RECV_MSG6_MAIN - peit
22.09.2011 21:39:02Ike: RECV_MSG6_MAIN_RESUME - peit
22.09.2011 21:39:02Ike: IkeSa negotiated with the following properties -
22.09.2011 21:39:02  Authentication=RSA_SIGNATURES,Encryption=AES,Hash=MD5,DHGroup=5,KeyLen=256
22.09.2011 21:39:02Ike: Turning on DPD mode - peit
22.09.2011 21:39:02Ike: phase1:name(peit) - connected
22.09.2011 21:39:02SUCCESS: IKE phase 1 ready
22.09.2011 21:39:02IPSec: Phase1 is Ready - IkeIndex=41,AltRekey=1
22.09.2011 21:39:02IkeCfg: XMIT_IKECFG_REQUEST - peit
22.09.2011 21:39:02IkeCfg: RECV_IKECFG_REPLY - peit
22.09.2011 21:39:02IkeCfg: name  - enter state open
22.09.2011 21:39:02SUCCESS: IkeCfg ready
22.09.2011 21:39:02IPSec: Quick Mode is Ready: IkeIndex = 00000029 , VpnSrcPort = 4500
22.09.2011 21:39:02IPSec: Assigned IP Address: 10.242.4.1
22.09.2011 21:39:02IPSec: DNS Server: 192.168.10.100
22.09.2011 21:39:02IPSec: Domain is: compworld.co.il
22.09.2011 21:39:02IkeQuick: XMIT_MSG1_QUICK - peit
22.09.2011 21:39:02IkeQuick: RECV_MSG2_QUICK - peit
22.09.2011 21:39:02IkeQuick: XMIT_MSG3_QUICK - peit
22.09.2011 21:39:02IkeQuick: phase2:name(peit) - connected
22.09.2011 21:39:02SUCCESS: Ike phase 2 (quick mode) ready
22.09.2011 21:39:02IPSec: Created an IPSEC SA with the following characteristics -
22.09.2011 21:39:02  IpSrcRange=[10.242.4.1-10.242.4.1],IpDstRange=[0.0.0.0-255.255.255.255],IpProt=0,SrcPort=0,DstPort=0
22.09.2011 21:39:02IPSec: connected: LifeDuration in Seconds = 2520 and in KiloBytes = 0
22.09.2011 21:39:02IPSec: Connected to peit on channel 1.
22.09.2011 21:39:02PPP(Ipcp): connected to peit with IP Address: 10.242.4.1
22.09.2011 21:39:02SUCCESS: IpSec connection ready
22.09.2011 21:39:17SUCCESS: Link ->  IP address assigned to IP stack - link is operational.
22.09.2011 21:39:21Ike: NOTIFY : peit : SENT : NOTIFY_MSG_R_U_HERE : 36136
22.09.2011 21:39:21Ike: NOTIFY : peit : RECEIVED : NOTIFY_MSG_R_U_HERE_ACK : 36137
22.09.2011 21:39:41Ike: NOTIFY : peit : SENT : NOTIFY_MSG_R_U_HERE : 36136
22.09.2011 21:39:41Ike: NOTIFY : peit : RECEIVED : NOTIFY_MSG_R_U_HERE_ACK : 36137
22.09.2011 21:39:51IkeQuick: phase2:name(peit) - error - deltimer expired
22.09.2011 21:40:01Ike: NOTIFY : peit : SENT : NOTIFY_MSG_R_U_HERE : 36136
22.09.2011 21:40:01Ike: NOTIFY : peit : RECEIVED : NOTIFY_MSG_R_U_HERE_ACK : 36137
22.09.2011 21:40:21Ike: NOTIFY : peit : SENT : NOTIFY_MSG_R_U_HERE : 36136
22.09.2011 21:40:21Ike: NOTIFY : peit : RECEIVED : NOTIFY_MSG_R_U_HERE_ACK : 36137
22.09.2011 21:40:41Ike: NOTIFY : peit : SENT : NOTIFY_MSG_R_U_HERE : 36136
22.09.2011 21:40:41Ike: NOTIFY : peit : RECEIVED : NOTIFY_MSG_R_U_HERE_ACK : 36137
22.09.2011 21:41:01Ike: NOTIFY : peit : SENT : NOTIFY_MSG_R_U_HERE : 36136
22.09.2011 21:41:01Ike: NOTIFY : peit : RECEIVED : NOTIFY_MSG_R_U_HERE_ACK : 36137
and not always connected client displays
- 11.JPG
- View
- Hide
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data