Hi everyone,
I have created a Dial-up VPN. It is working with policy which has permission for any services. When i change service rule to spesific service ( it may be ping or rdp whatever ), it doesnt work, giving below errors. On Shrew site, there isnt any error, it says tunnel enabled but doesnt work.
With Any rule (working) :
2016-05-16 15:01:45 info IKE 85.96.xx.xx: XAuth login was passed for gateway AydinPR_Engineering_GW, username AydinPRTest_1, retry: 0, Client IP Addr 192.168.173.2, IPPool name: XAuthIPPool2, Session-Timeout: 0s, Idle-Timeout: 0s.
2016-05-16 15:01:45 info Rejected an IKE packet on ethernet0/2 from 85.96.xx.xx:4500 to 178.22.xx.xx:4500 with cookies 5b91196bbfa49e7f and bbe7def62b36ab8e because A Phase 2 packet arrived while XAuth was still pending.
2016-05-16 15:01:45 info IKE 85.96.xx.xx Phase 1: Completed Aggressive mode negotiations with a 28800-second lifetime.
2016-05-16 15:01:45 info IKE 85.96.xx.xx Phase 1: Completed for user aydinprengineering_vpn@xx.com.
2016-05-16 15:01:45 info IKE<85.96.xx.xx> Phase 1: IKE responder has detected NAT in front of the remote device.
2016-05-16 15:01:45 info IKE<85.96.xx.xx> Phase 1: IKE responder has detected NAT in front of the local device.
2016-05-16 15:01:45 info IKE 85.96.xx.xx phase 1:The symmetric crypto key has been generated successfully.
2016-05-16 15:01:45 info IKE 85.96.xx.xx Phase 1: Responder starts AGGRESSIVE mode negotiations.
With a spesific service ( Ping or something else) :
2016-05-16 12:28:09 info IKE 85.96.xx.xx Phase 2 msg ID 22df89fa: Negotiations have failed.
2016-05-16 12:28:09 info IKE 85.96.xx.xx Phase 2 msg ID 22df89fa: Negotiations have failed for user aydinprengineering_vpn@xx.com.
2016-05-16 12:28:09 info Rejected an IKE packet on ethernet0/2 from 85.96.xx.xx:1138 to 178.22.xx.xx:4500 with cookies f99f6b73c9a3e3cc and f2ce0a36bfe10f0f because The VPN does not have an application SA configured.
2016-05-16 12:28:09 info IKE 85.96.xx.xx Phase 2: No policy exists for the proxy ID received: local ID (10.10.0.0/255.255.252.0, 0, 0) remote ID (192.168.173.2/255.255.255.255, 0, 0).
2016-05-16 12:28:09 info IKE 85.96.xx.xx Phase 2 msg ID 22df89fa: Responded to the peer's first message from user aydinprengineering_vpn@xx.com.
2016-05-16 12:28:04 info IKE 85.96.xx.xx Phase 2 msg ID 22df89fa: Negotiations have failed.
2016-05-16 12:28:04 info IKE 85.96.xx.xx Phase 2 msg ID 22df89fa: Negotiations have failed for user aydinprengineering_vpn@xx.com.
2016-05-16 12:28:04 info Rejected an IKE packet on ethernet0/2 from 85.96.xx.xx:1138 to 178.22.xx.xx:4500 with cookies f99f6b73c9a3e3cc and f2ce0a36bfe10f0f because The VPN does not have an application SA configured.
2016-05-16 12:28:04 info IKE 85.96.xx.xx Phase 2: No policy exists for the proxy ID received: local ID (10.10.0.0/255.255.252.0, 0, 0) remote ID (192.168.173.2/255.255.255.255, 0, 0).
2016-05-16 12:28:04 info IKE 85.96.xx.xx Phase 2 msg ID 22df89fa: Responded to the peer's first message from user aydinprengineering_vpn@xx.com.
2016-05-16 12:28:03 info IKE 85.96.xx.xx: XAuth login was passed for gateway AydinPR_Engineering_GW, username AydinPRTest_1, retry: 0, Client IP Addr 192.168.173.2, IPPool name: XAuthIPPool2, Session-Timeout: 0s, Idle-Timeout: 0s.
2016-05-16 12:28:03 info IKE85.96.xx.xx: XAuth login was terminated because the user logged in again. Previous gateway: 85.96.xx.xx. Username: AydinPRTest_1 at 192.168.173.29/0.0.0.0.
2016-05-16 12:28:03 info Rejected an IKE packet on ethernet0/2 from 85.96.xx.xx:1138 to 178.22.xx.xx:4500 with cookies f99f6b73c9a3e3cc and f2ce0a36bfe10f0f because A Phase 2 packet arrived while XAuth was still pending.
2016-05-16 12:28:03 info IKE 85.96.xx.xx Phase 1: Completed Aggressive mode negotiations with a 28800-second lifetime.
2016-05-16 12:28:03 info IKE 85.96.xx.xx Phase 1: Completed for user aydinprengineering_vpn@xx.com.
PS : Proxy ID Check is disabled. Shrew Client is working fine with any rule.