Here is what the traffic monitor showed when I was troubleshooting with one user 12:27:13 Member1 admd Authentication of IKEv2 user from x.x.x.x was accepted msg_id="1100-0004" No new windows updates no changes to our firewall, and in most cases the VPN was working fine, they went to lunch, put there computer to sleep, got back, attempted to, reconnected and got the error. Instead of disabling the Windows firewall, be maybe more advisable to allow exceptions in this firewall.Īctive Firewall of Windows and pays attention to unmark the "Do Not Allow Exceptions" box.Since the 14th I have had now 5 users report this same error to me when connecting to our M270 firefox running 12.7. Keep-alive interval, Message Interval and Max Failures. The 12 approximate minutes they come given by three parameters of the IKE (Phase 1) configuration in the gateway: It is possible that you see something similar to this:Īction : protocol : src-ip : dst-ip : src-port : dst-port : size : pathĭROP : UDP : your-gw-ip : 192.168.224.192 : 4500 : 4500 : 114 :RECEIVE You can verify it examining the file C:\WINDOWS\pfirewall.log. This is because the IKE Keep-Alive messages doesn't arrive from the VPN-gateway to your PC. So I have thought that the problem should be in the incoming connections from VPN-gateway to my pc 18:56:07 NOTIFY: profile-Name: SENT: NOTIFY_MSG_KEEPALIVE_ACK 18:56:07 NOTIFY: profile-Name: RECEIVED: NOTIFY_MSG_KEEPALIVE_REQUEST 18:53:08 NOTIFY: profile-Name: SENT: NOTIFY_MSG_KEEPALIVE_ACK 18:53:08 NOTIFY: profile-Name: RECEIVED: NOTIFY_MSG_KEEPALIVE_REQUEST 18:50:08 NOTIFY: profile-Name: SENT: NOTIFY_MSG_KEEPALIVE_ACK 18:50:08 NOTIFY: profile-Name: RECEIVED: NOTIFY_MSG_KEEPALIVE_REQUEST 18:41:10 NOTIFY: profile-Name: SENT: NOTIFY_MSG_KEEPALIVE_ACK 18:41:10 NOTIFY: profile-Name: RECEIVED: NOTIFY_MSG_KEEPALIVE_REQUEST When I have disabled Windows firewall (XP) I have been able to see in the MUVPN client log the following thing: RE: MUVPN connection drops every 12 minutes unclerico (IS/IT-Management) 7 Dec 07 13:14 This is my 1st experience with a Watchguard device so any help is greatly appreciated. 3:05:41 PM IPSDIAL - disconnected from bdubs on channel 1. 3:05:41 PM NCPIKE-phase1:name(bdubs) - error - WATCHGUARD_LICENSING TIMEOUT ERROR 2:53:42 PM IPSDIAL - connected to bdubs on channel 1. 2:53:42 PM NCPIKE-phase2:name(bdubs) - connected 2:53:42 PM Quick Mode is Ready: IkeIndex = 00000001, VpnSrcPort = 500 2:53:42 PM NCPIKE-xauth:name(bdubs) - IkeCfg: enter state open 2:53:40 PM Quick Mode is Ready: IkeIndex = 00000001, VpnSrcPort = 500 2:53:40 PM NCPIKE-phase1:name(bdubs) - connected 2:53:40 PM IKE phase I: Setting LifeTime to 0 seconds 2:53:39 PM NCPIKE-phase1:name(bdubs) - outgoing connect request - aggressive mode. 2:53:39 PM IPSDIALCHAN::start building connection 2:51:45 PM Firewall recognized adapter - NDISWAN 2:51:45 PM LinkStatus Change - 100,NDISWAN 1:44:09 PM Monitor : Licensed - WatchGuard Mobile VPN 1000 1:44:09 PM Monitor : Installed - WatchGuard Mobile VPN 1000 Build 101 (902) 1:44:08 PM WatchGuard Mobile VPN V10.00 Build 101 1:44:08 PM Firewall recognized adapter - NDISWAN 1:44:08 PM Found adapter: NDISWAN with MTU 1400 bytes 1:44:08 PM Firewall recognized adapter - Broadcom NetXtreme 57xx Gigabit Controller 1:44:08 PM Found adapter: Broadcom NetXtreme 57xx Gigabit Controller with MTU 1500 bytes 1:44:08 PM Installed as a test license - 5. 1:44:08 PM Firewall recognized adapter - NCP VPN Adapter 1:44:08 PM Warning: could not open file - C:\Program Files\WatchGuard\Mobile VPN\ncpphone.cfg 1:44:08 PM RWSGA using OperatingSystem - 5 Here is the log file from the MUVPN client: While connected, I'm able to access all of the necessary resources. However when using the Watchguard MUVPN client on a remote pc it only stays connected for 12 minutes (11 minutes and 58 seconds to be exact). I just took a job at a new company and recently setup MUVPN access on our Firebox X500.
0 Comments
Leave a Reply. |