VPN Netgear FVG318 to Cisco PIX drops connection after 5 minutes of inactivity.

Discussion in 'Network Routers' started by darkcape, Jun 21, 2007.

  1. darkcape

    darkcape Guest

    I'm not sure why this netgear is acting differently then the FVS318
    routers I have out there but currently I can make a connection and
    keep it alive by sending a constant string of pings through it but if
    I do not I recieve this from the Netgear:

    --------Initial connection:
    Init Cookie: 0xecd501ce27778a2f & Resp Cookie: 0xcafea19a6796fc0c
    INFO :: Initiator SPD selectors sent: IP SUBNET, 192.168.10.0, mask 24
    proto 0, port 0
    Init Cookie: 0xecd501ce27778a2f & Resp Cookie: 0xcafea19a6796fc0c
    INFO :: Responder SPD selectors sent: IP SUBNET, 192.168.5.0, mask 24
    proto 0, port 0
    Init Cookie: 0xecd501ce27778a2f & Resp Cookie: 0xcafea19a6796fc0c
    INFO :: IKE phase-II started of message ID d341e23b
    Init Cookie: 0xecd501ce27778a2f & Resp Cookie: 0xcafea19a6796fc0c
    INFO :: Notify payload of notify type RESPONDER_LIFETIME with protocol
    ESP or AH received
    Init Cookie: 0xecd501ce27778a2f & Resp Cookie: 0xcafea19a6796fc0c
    INFO :: Received Notify Type RESPOND_NOTIFY with 28800 seconds
    Init Cookie: 0xecd501ce27778a2f & Resp Cookie: 0xcafea19a6796fc0c
    INFO :: Received Notify Type RESPOND_NOTIFY with 4608000 Kilo Bytes
    Init Cookie: 0xecd501ce27778a2f & Resp Cookie: 0xcafea19a6796fc0c
    INFO :: Quick Mode completed with message ID(0xd341e23b)
    -----after 5 minutes
    Init Cookie: 0xecd501ce27778a2f & Resp Cookie: 0xcafea19a6796fc0c
    INFO :: Sending phase-I notify of type R_U_THERE
    Init Cookie: 0xecd501ce27778a2f & Resp Cookie: 0xcafea19a6796fc0c
    INFO :: received NOTIFY PAYLOAD of notify type R_U_THERE_ACK
    Init Cookie: 0xecd501ce27778a2f & Resp Cookie: 0xcafea19a6796fc0c
    INFO :: Sending phase-I notify of type R_U_THERE
    Init Cookie: 0xecd501ce27778a2f & Resp Cookie: 0xcafea19a6796fc0c
    INFO :: Sending phase-I notify of type R_U_THERE
    Init Cookie: 0xecd501ce27778a2f & Resp Cookie: 0xcafea19a6796fc0c
    INFO :: Sending phase-I notify of type R_U_THERE
    Init Cookie: 0xecd501ce27778a2f & Resp Cookie: 0xcafea19a6796fc0c
    INFO :: Deleting the IsakmpSA
    Init Cookie: 0x063b2d5ee11db355 & Resp Cookie: 0x0000000000000000
    INFO :: IKE phase-I negotiation started
    Init Cookie: 0x063b2d5ee11db355 & Resp Cookie: 0xcafea19a6a988f99
    INFO :: Sending phase-I notify of type INITIAL_CONTACT
    Init Cookie: 0x063b2d5ee11db355 & Resp Cookie: 0xcafea19a6a988f99
    INFO :: Received DELETE PAYLOAD of protocol ESP detected with SPI :
    0xca86316,
    Init Cookie: 0x063b2d5ee11db355 & Resp Cookie: 0xcafea19a6a988f99
    HASH PAYLOAD :: Mismatching hash values in the received message
    Init Cookie: 0x063b2d5ee11db355 & Resp Cookie: 0xcafea19a6a988f99
    INFO :: Sending phase-I notify of type AUTHENTICATION_FAILED
    Init Cookie: 0x063b2d5ee11db355 & Resp Cookie: 0xcafea19a6a988f99
    INFO :: Phase-I negotiation failed
    Init Cookie: 0x063b2d5ee11db355 & Resp Cookie: 0xcafea19a6a988f99
    INFO :: Deleting the IsakmpSA
    -------If from here I ping from the netgear and a connection is re-
    established.

    listed but the connection counts reset to zeros.

    Has any one seen this before? or know where I may have messed things
    up?

    Cisco configureation addition:

    name 192.168.10.0 VPN_FVG318
    access-list FVG318_VPN permit ip 192.168.5.0 255.255.255.0 VPN_FVG318
    255.255.255.0
    access-list 100 permit ip 192.168.5.0 255.255.255.0 VPN_FVG318
    255.255.255.0
    crypto map newmap 35 ipsec-isakmp
    crypto map newmap 35 match address FVG318_VPN
    crypto map newmap 35 set peer xxx.xxx.xxx.xxx
    crypto map newmap 35 set transform-set esp-3des-md5
    isakmp key $0lut10n$ address xxx.xxx.xxx.xxx netmask 255.255.255.255
    no-xauth no-config-mode
     
    darkcape, Jun 21, 2007
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.