Netgear UTM25 – ProSECURE Unified Threat Management (UTM) Appliance 사용자 설명서

Troubleshoot the VPN Client

116

NETGEAR ProSAFE VPN Client

Resolution. Ensure that both the phase 2 address types and phase 2 address values (see

Configure IPSec Settings

on page

37) match the remote endpoint’s address configuration.

Ensure that no old SA is still alive on the VPN gateway.

No Response to a Phase 1 Request

VPN console log:

Default (SA CnxVpn1-P1) SEND phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [VID]

Explanation. The remote gateway does not answer because some phase 1 settings
mismatch on the tunnel endpoints.

Resolution. Ensure that the algorithms are the same on each side of the VPN tunnel. For
information about configuring algorithms, see

Configure IKE Authentication Settings

page

28.

Also ensure that the local and remote IDs are correctly specified on each side of the VPN

tunnel. For information about configuring local and remote IDs, see

Configure Advanced

Authentication Settings

on page

30.

The Console Shows Only SEND and RECV

VPN console log:

Default (SA CnxVpn1-P1) SEND phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [VID]

Default (SA CnxVpn1-P1) RECV phase 1 Aggressive Mode [HASH][SA][KEY_EXCH][NONCE] [ID]
[VID]

Explanation. The pre-shared keys might mismatch on the tunnel endpoints.

Resolution. Ensure that you use the same pre-shared key on each side of the VPN tunnel
and that no second VPN tunnel connects to the VPN Client on the VPN router.

No Response to Phase 2 Requests

VPN console log:

Default (SA CnxVpn1-CnxVpn1-P2) SEND phase 2 Quick Mode [HASH] [SA] [NONCE] [ID] [ID]

Explanation. The phase 2 encryption algorithms or phase 2 addresses might mismatch on
the tunnel endpoints.

Resolution. Ensure that the phase 2 ESP encryption algorithms are the same on each side
of the VPN tunnel. For information about encryption algorithms, see