Netzwerkanalyse, Fehlersuche, Testberichte
Home / News
Netzwerkanalyse
Grundlagen
Verkabelung
Erste Schritte
Baselining
Let's sniff
Tools
Auswerten/Filtern
Typische Probleme 1
Typische Probleme 2
Sicherheit
Bücher
Tutorials
Cacti
DSL einrichten
DynDNS einrichten
m0n0wall | pfSense
Nmap
VirtualBox
Wireshark
Forum
Shop
FAQ
Know How
Testberichte
Hardware-DB
Events
Netzwerklexikon
Links / Service
Suche
Kontakt
Impressum
Feedback
Sitemap
Partner
Unser Partner für
SSL Zertifikate
ist Checkdomain GmbH.
Netzwerktechnik Forum

Forum Netzwerktechnik (Archiv)

Kategorie Netzwerktechnik - Forum VPN

 
VPN Netgear zu Cisco funktioniert aber umgedreht nicht

geschrieben am 24.04.2010 um 20:21 von Stefan3110

Hallo,

ich möchte seit einer Stunde einen VPN Verbindung (Gateway to Gateway) einrichten. Die Verbindung soll von einem Netgear FVS114 zu einem Cisco WRVS4400N gehen.
Ich habe alles eingerichtet und es funktioniert auch so halb. So halb deswegen, da ich vom Netgear den Tunnel zum Cisco aufbauen und auch Daten über den Tunnel senden (in beide Richtungen) kann. Nur umgekehrt vom Cisco zum Netgear kann ich den Tunnel nicht aufbauen.

In den Cisco Logs steht folgendes:
Apr 24 20:14:27 - [vpn log]: shutting down
Apr 24 20:14:27 - [vpn log]: forgetting secrets
Apr 24 20:14:27 - [vpn log]: "Karlsruhe": deleting connection
Apr 24 20:14:27 - [vpn log]: "Karlsruhe" #1: deleting state (STATE_AGGR_I1)
Apr 24 20:14:27 - [vpn log]: ERROR: "Karlsruhe": pfkey write() of SADB_X_DELFLOW message 6 for flow int.0@0.0.0.0 failed. Errno 14: Bad address
Apr 24 20:14:27 - [vpn log]: | 02 0f 00 0b 0e 00 00 00 06 00 00 00 91 0f 00 00
Apr 24 20:14:27 - [vpn log]: | 03 00 15 00 00 00 00 00 02 00 00 00 c0 a8 14 00
Apr 24 20:14:27 - [vpn log]: | 00 00 00 00 84 0b 00 40 03 00 16 00 00 00 00 00
Apr 24 20:14:27 - [vpn log]: | 02 00 00 00 c0 a8 0c 00 b0 25 01 00 27 00 00 00
Apr 24 20:14:27 - [vpn log]: | 03 00 17 00 00 00 00 00 02 00 00 00 ff ff ff 00
Apr 24 20:14:27 - [vpn log]: | 4e 54 5f 52 45 54 52 41 03 00 18 00 00 00 00 00
Apr 24 20:14:27 - [vpn log]: | 02 00 00 00 ff ff ff 00 65 6e 74 20 00 00 00 00
Apr 24 20:14:28 - [vpn log]: "Karlsruhe": unroute-client output: 0
Apr 24 20:14:28 - [vpn log]: shutting down interface ipsec0/ppp0 89.196.67.216:4500
Apr 24 20:14:28 - [vpn log]: shutting down interface ipsec0/ppp0 89.196.67.216:500
Apr 24 20:14:31 - [vpn log]: Starting Pluto (Openswan Version cvs2006Jan12_11:29:56 X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OE@ECqImzhFD)
Apr 24 20:14:31 - [vpn log]: @(#) built on Aug 13 2009:02:39:00:
Apr 24 20:14:31 - [vpn log]: Setting NAT-Traversal port-4500 floating to on
Apr 24 20:14:31 - [vpn log]: port floating activation criteria nat_t=1/port_fload=1
Apr 24 20:14:31 - [vpn log]: including NAT-Traversal patch (Version 0.6c)
Apr 24 20:14:31 - [vpn log]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Apr 24 20:14:31 - [vpn log]: starting up 1 cryptographic helpers
Apr 24 20:14:31 - [vpn log]: started helper pid=4334 (fd:5)
Apr 24 20:14:31 - [vpn log]: Using KLIPS IPsec interface code on 2.4.27-star
Apr 24 20:14:31 - [vpn log]: Changing to directory '/etc/ipsec.d/cacerts'
Apr 24 20:14:31 - [vpn log]: Changing to directory '/etc/ipsec.d/aacerts'
Apr 24 20:14:31 - [vpn log]: Changing to directory '/etc/ipsec.d/ocspcerts'
Apr 24 20:14:31 - [vpn log]: Changing to directory '/etc/ipsec.d/crls'
Apr 24 20:14:31 - [vpn log]: Warning: empty directory
Apr 24 20:14:31 - [vpn log]: added connection description "Karlsruhe"
Apr 24 20:14:32 - [vpn log]: listening for IKE messages
Apr 24 20:14:32 - [vpn log]: adding interface ipsec0/ppp0 89.196.67.216:500
Apr 24 20:14:32 - [vpn log]: adding interface ipsec0/ppp0 89.196.67.216:4500
Apr 24 20:14:32 - [vpn log]: loading secrets from "/etc/ipsec.secrets"
Apr 24 20:14:33 - [vpn log]: "Karlsruhe": route-client output: 0
Apr 24 20:14:33 - [vpn log]: "Karlsruhe" #1: initiating Main Mode
Apr 24 20:14:33 - [vpn log]: "Karlsruhe" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Apr 24 20:14:33 - [vpn log]: "Karlsruhe" #1: STATE_MAIN_I2: sent MI2, expecting MR2
Apr 24 20:14:35 - [vpn log]: "Karlsruhe" #1: I did not send a certificate because I do not have one.
Apr 24 20:14:35 - [vpn log]: "Karlsruhe" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Apr 24 20:14:35 - [vpn log]: "Karlsruhe" #1: STATE_MAIN_I3: sent MI3, expecting MR3
Apr 24 20:14:36 - [vpn log]: "Karlsruhe" #1: Main mode peer ID is ID_FQDN: '@kiekr.dyndns.org'
Apr 24 20:14:36 - [vpn log]: "Karlsruhe" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Apr 24 20:14:36 - [vpn log]: "Karlsruhe" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
Apr 24 20:14:36 - [vpn log]: "Karlsruhe" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+DISABLEARRIVALCHECK+UP {using isakmp#1}
Apr 24 20:14:50 - [vpn log]: shutting down
Apr 24 20:14:50 - [vpn log]: forgetting secrets
Apr 24 20:14:50 - [vpn log]: "Karlsruhe": deleting connection
Apr 24 20:14:50 - [vpn log]: "Karlsruhe" #2: deleting state (STATE_QUICK_I1)
Apr 24 20:14:50 - [vpn log]: "Karlsruhe" #1: deleting state (STATE_MAIN_I4)
Apr 24 20:14:50 - [vpn log]: ERROR: "Karlsruhe": pfkey write() of SADB_X_DELFLOW message 6 for flow int.0@0.0.0.0 failed. Errno 14: Bad address
Apr 24 20:14:50 - [vpn log]: | 02 0f 00 0b 0e 00 00 00 06 00 00 00 ed 10 00 00
Apr 24 20:14:50 - [vpn log]: | 03 00 15 00 00 00 00 00 02 00 00 00 c0 a8 14 00
Apr 24 20:14:50 - [vpn log]: | 00 00 00 00 84 0b 00 40 03 00 16 00 00 00 00 00
Apr 24 20:14:50 - [vpn log]: | 02 00 00 00 c0 a8 0c 00 b0 25 01 00 26 00 00 00
Apr 24 20:14:50 - [vpn log]: | 03 00 17 00 00 00 00 00 02 00 00 00 ff ff ff 00
Apr 24 20:14:50 - [vpn log]: | 60 3c 2c a0 85 02 41 c3 03 00 18 00 00 00 00 00
Apr 24 20:14:50 - [vpn log]: | 02 00 00 00 ff ff ff 00 4f c2 4c 0a 00 00 00 00
Apr 24 20:14:51 - [vpn log]: "Karlsruhe": unroute-client output: 0
Apr 24 20:14:51 - [vpn log]: shutting down interface ipsec0/ppp0 89.196.67.216:4500
Apr 24 20:14:51 - [vpn log]: shutting down interface ipsec0/ppp0 89.196.67.216:500
Apr 24 20:14:54 - [vpn log]: Starting Pluto (Openswan Version cvs2006Jan12_11:29:56 X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OE@ECqImzhFD)
Apr 24 20:14:54 - [vpn log]: @(#) built on Aug 13 2009:02:39:00:
Apr 24 20:14:54 - [vpn log]: Setting NAT-Traversal port-4500 floating to on
Apr 24 20:14:54 - [vpn log]: port floating activation criteria nat_t=1/port_fload=1
Apr 24 20:14:54 - [vpn log]: including NAT-Traversal patch (Version 0.6c)
Apr 24 20:14:54 - [vpn log]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Apr 24 20:14:54 - [vpn log]: starting up 1 cryptographic helpers
Apr 24 20:14:54 - [vpn log]: started helper pid=4537 (fd:5)
Apr 24 20:14:54 - [vpn log]: Using KLIPS IPsec interface code on 2.4.27-star
Apr 24 20:14:54 - [vpn log]: Changing to directory '/etc/ipsec.d/cacerts'
Apr 24 20:14:54 - [vpn log]: Changing to directory '/etc/ipsec.d/aacerts'
Apr 24 20:14:54 - [vpn log]: Changing to directory '/etc/ipsec.d/ocspcerts'
Apr 24 20:14:54 - [vpn log]: Changing to directory '/etc/ipsec.d/crls'
Apr 24 20:14:54 - [vpn log]: Warning: empty directory
Apr 24 20:14:54 - [vpn log]: added connection description "Karlsruhe"
Apr 24 20:14:54 - [vpn log]: listening for IKE messages
Apr 24 20:14:54 - [vpn log]: adding interface ipsec0/ppp0 89.196.67.216:500
Apr 24 20:14:55 - [vpn log]: adding interface ipsec0/ppp0 89.196.67.216:4500
Apr 24 20:14:55 - [vpn log]: loading secrets from "/etc/ipsec.secrets"
Apr 24 20:14:56 - [vpn log]: "Karlsruhe": route-client output: 0
Apr 24 20:14:56 - [vpn log]: "Karlsruhe" #1: initiating Main Mode
Apr 24 20:14:56 - [vpn log]: "Karlsruhe" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Apr 24 20:14:56 - [vpn log]: "Karlsruhe" #1: STATE_MAIN_I2: sent MI2, expecting MR2
Apr 24 20:14:58 - [vpn log]: "Karlsruhe" #1: I did not send a certificate because I do not have one.
Apr 24 20:14:58 - [vpn log]: "Karlsruhe" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Apr 24 20:14:58 - [vpn log]: "Karlsruhe" #1: STATE_MAIN_I3: sent MI3, expecting MR3
Apr 24 20:14:59 - [vpn log]: "Karlsruhe" #1: Main mode peer ID is ID_FQDN: '@kiekr.dyndns.org'
Apr 24 20:14:59 - [vpn log]: "Karlsruhe" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Apr 24 20:14:59 - [vpn log]: "Karlsruhe" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
Apr 24 20:14:59 - [vpn log]: "Karlsruhe" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+DISABLEARRIVALCHECK+UP {using isakmp#1}
Apr 24 20:15:01 - [vpn log]: "Karlsruhe" #3: initiating Quick Mode PSK+ENCRYPT+TUNNEL+DISABLEARRIVALCHECK+UP {using isakmp#1}

Was kann ich tun damit ich den Tunnel auch vom Cisco aus aufbauen kann?

Danke für Eure Hilfe
Stefan
 

geschrieben am 26.04.2010 um 09:15 von Otaku19

da ist imho nirgends ein fehler zu finden, das log endet da wo Phase 1 abgeschlossen ist und Phase 2 anfängt...da muss es noch weiter gehen.

Üblicherweise sind hier die Probleme meist ind en Encryptiondomains zu suchen
 

[ Dieses Thema im Live-Forum aufrufen ]

Sie befinden sich im Archiv des Forums.
Zum Forum

Archiv erstellt mit phpBB2HTML 0.1 - Foren in statisches HTML umwandeln © 2006 Mirko Kulpa

 

 
© 2004-2015, network lab - we make your net work - Netzwerkforum
aktualisiert am 23.10.2017