Reply
Posts: 2
Registered: ‎10-06-2014

VPN IPSec tunnel problem

[ Edited ]

Hi,

I have problem with making tunnel between ZyXEL P-335U and LinkSys RV082. The generali idea is to make VPN IPSec tunnel to server which is behind LinkSys device.

Configuration:

ZYXEL
--------------------

WAN: ZYXEL PUBLIC IP
LOCAL IP: 192.168.2.1
MASK: 255.255.255.0
Client local IP: 192.168.2.71

VPN

IPSec Keing Mode: IKE
DNS Server (for IDSec VPN): 0.0.0.0

Local Policy

Local Address: 192.168.2.71
Local Address End/Mask: 255.255.255.255

Remote Policy

Remote Address Start: LINKSYS PUBLIC IP
Remote Address End/Mask: 255.255.255.255

Authentication Method

My IP Address: ZYXEL PUBLIC IP
Local ID Type: IP
Local Content: ZYXEL PUBLIC IP
Secure Gateway Adress: LINKSYS PUBLIC IP
Peer ID Type: IP
Peer Content: LINKSYS PUBLIC IP

IKE Phase 1

Negotiation Mode: Main
Encryption Algorithm: 3DES
Authentication Algorithm: SHA1
SA Life Time: 28800
Key Group: DH2
Pre-Shared Key: SECUREKEY

IKE Phase 2

Encapsulation Mode: Tunel
IPSec Protocol: EPS
Encryption Algorithm: 3DES
Authentication Algorithm: SHA1
SA Life Time: 3600
Perfect Forward Secrecy (PFS): None


LINKSYS
--------------------

WAN2: LINKSYS PUBLIC IP
LOCAL IP: 192.168.1.1
MASK: 255.255.255.0
Server local IP: 192.168.1.3

VPN

Tunnel No.: 2
Interface: WAN2
Enable: Yes

Local Group Setup

Local Security Gateway Type: IP Only
IP address: LINKSYS PUBLIC IP
Local Security Group Type: IP
IP address: 192.168.1.3

Remote Group Setup

Remote Security Gateway Type: IP Only
IP address: ZYXEL PUBLIC IP
Remote Security Group Type: IP
IP address: 192.168.2.71

IPSec Setup

Keying Mode: IKE with Preshared key
Phase DH Group: Group2
Phase1 Encription: 3DES
Phase1 Authentication: SHA1
Phase1 SA Life Time: 28000 seconds
Perfect Forward Secrecy: no
Phase2 Encryption: 3DES
Phase2 Authentication: SHA1
Phase2 SA Life Time: 3600 seceonds
Preshared Key: SECUREKEY

LINSYS LOG
--------------------

Ignoring Vendor ID payload [...]
[Tunnel Negotiation Info] <<< Responder Received Main Mode 1st packet
[Tunnel Negotiation Info] >>> Responder Send Main Mode 2st packet
[Tunnel Negotiation Info] <<< Responder Received Main Mode 3rd packet
[Tunnel Negotiation Info] >>>> Responder Send Main Mode 4th packet
Received information payload, type IPSEC_INITIAL_CONTACT
[Tunnel Negotiation Info] <<< Responder Received Main Mode 5th packet
Main mode peer ID is ID_IPV4_ADDR: 'ZYXEL PUBLIC IP'
[Tunnel Negotiation Info] >>>> Responder Send Main Mode 6th packet
[Tunnel Negotiation Info] Main Mode Phase 1 SA Established
[Tunnel Negotiation Info] <<< Responder Received Quick Mode 1st packet
Cannot respond to IPsec SA request because no connection is known for LINKSYS PUBLIC IP...ZYXEL PUBLIC IP===192.168.2.71/32
Quick Mode l1 message is unacceptable bacause it uses a previously used Message ID 0xf0030ee9 (perhaps this is a duplicated packet)

Can someone tell me what is wrong with the configuration?

Expert
Posts: 14,487
Registered: ‎01-18-2013

Re: VPN IPSec tunnel problem

Your wording is a little confusing. Are you trying to make a VPN between the routers or between a router and a VPN server?

 

I'm guessing that it is the latter. In which case you will need to place the VPN server in the router's DMZ or port forward required VPN ports to the server.


Smiley Wink Please remember to Kudo those that help you.

Linksys
Communities Technical Support
Highlighted
Posts: 2
Registered: ‎10-06-2014

Re: VPN IPSec tunnel problem

I would like to make secure tunnel between two gateways. My idea is to use this tunnel to access some services on server in local network behind LinkSys gateway. For example the server may serve FTP or HTTP services however those  services will be available for outside word only via tunnel. Do you think is such configuration possible?