DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Vigor 2925 Lan To Lan VPN log help

More
28 Mar 2017 15:27 #88581 by jinx
Hi All

I'm trying to set up a Lan to Lan VPN between a Vigor 2925 and a WatchGuard Firebox x750. It's been a while since I've done one of these (over 6 years...) and I'm having a few issues getting this working. Currently the VPN is showing as connected for about 8 seconds. It then drops and tries to reconnect. I'm sure I've made a config error somewhere but I'm struggling to track it down. Below is a copy of the Syslog from the Vigor (IP and names removed). I was hoping someone could take a quick look and let me know what the log errors mean, the duplicate packet one is one I can't remember seeing before. Any help is much appreciated.

Thanks

Chris

2017-03-28 15:10:38 IKE_RELEASE VPN : Profile not found !!
2017-03-28 15:10:38 [L2L][DOWN][IPsec][@0:****]
2017-03-28 15:10:38 Can't find route for L2L[1] c0a80000/ffffff00 and restart this tunnel...
2017-03-28 15:10:36 [IPSEC/IKE][L2L][1:****][@213.***.***.**] duplicate packet(1), stuck at state? STATE_QUICK_I2
2017-03-28 15:10:33 [IPSEC/IKE][L2L][1:****][@213.***.***.**] duplicate packet(1), stuck at state? STATE_QUICK_I2
2017-03-28 15:10:30 [L2L][UP][IPsec][@1:****]
2017-03-28 15:10:30 sent QI2, IPsec SA established with 213.***.***.**. In/Out Index: 0/-1
2017-03-28 15:10:30 IPsec SA #2339 will be replaced after 23700 seconds
2017-03-28 15:10:30 Accept ESP prorosal ENCR ESP_3DES, HASH AUTH_ALGORITHM_HMAC_SHA1
2017-03-28 15:10:30 [IPSEC/IKE][L2L][1:****][@213.***.***.**] quick_outI1: match network
2017-03-28 15:10:30 Client L2L remote network setting is 192.168.0.0/24
2017-03-28 15:10:30 Start IKE Quick Mode to 213.***.***.**
2017-03-28 15:10:30 ISAKMP SA established with 213.***.***.**. In/Out Index: 0/-1
2017-03-28 15:10:30 ISAKMP SA #2338 will be replaced after 21150 seconds
2017-03-28 15:10:30 NAT-Traversal: Using draft-ietf-ipsec-nat-t-ike-02/03, no NAT detected
2017-03-28 15:10:30 Accept Phase1 prorosals : ENCR OAKLEY_3DES_CBC, HASH OAKLEY_SHA
2017-03-28 15:10:30 [IPSEC/IKE][L2L][1:****][@213.***.***.**] Initiating IKE Main Mode
2017-03-28 15:10:30 Initiating IKE Main Mode to 213.***.***.**

Please Log in or Create an account to join the conversation.

Moderators: ChrisSami