EFW Support

Support => VPN Support => Topic started by: diamondcomputer on Saturday 25 January 2014, 06:45:26 am



Title: EFW 3.0 IPSEC VPN to a Netgear SRX5308...
Post by: diamondcomputer on Saturday 25 January 2014, 06:45:26 am
Good afternoon.

We've been running the 2.5.2 Endian Community Edition for a while now, including an IPSEC VPN connection to a Netgear SRX5308 Firewall with no significant issues.  Today we upgraded (well, ended up reloading and reconfiguring from scratch due to issues with the upgrade process) to the 3.0 release, and are having significant issues getting a solid VPN tunnel back to the router.  It establishes, works for a few minutes, then drops, then eventually reestablishes.  The VPN logs on the Netgear Router are full of errors including :

[SRX5308] [IKE] ERROR:  Received mode config from xx.xx.xx.xx[500], but local configuration does not have mode config or xauth.
...
[SRX5308] [IKE] ERROR:  failed to start post getspi.
[SRX5308] [IKE] ERROR:  encryption 5 failed.
...
[SRX5308] [IKE] ERROR:  can't start the IKE_AUTH exchange, there is no IKE-SA, 8130a72f6ea88b6c:94e415d4477173c4:00000001

I've verified that the settings and timeouts are the same on both sides, and before 3.0 this configuration was working so I'm a bit at a loss.  Does anyone have any thoughts?

Thanks in advance.

Phil Malmstrom
Diamond Computer Inc.