Netgear FVS338 – ProSafe VPN Firewall 50 with 8-Port 10/100 Switch 사용자 설명서
Troubleshoot the VPN Client
116
NETGEAR ProSAFE VPN Client
Resolution. Ensure that both the phase 2 address types and phase 2 address values (see
37) match the remote endpoint’s address configuration.
Ensure that no old SA is still alive on the VPN gateway.
No Response to a Phase 1 Request
VPN console log:
Default (SA CnxVpn1-P1) SEND phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [VID]
Default (SA CnxVpn1-P1) SEND phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [VID]
Default (SA CnxVpn1-P1) SEND phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [VID]
Default (SA CnxVpn1-P1) SEND phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [VID]
Explanation. The remote gateway does not answer because some phase 1 settings
mismatch on the tunnel endpoints.
mismatch on the tunnel endpoints.
Resolution. Ensure that the algorithms are the same on each side of the VPN tunnel. For
information about configuring algorithms, see
information about configuring algorithms, see
28.
Also ensure that the local and remote IDs are correctly specified on each side of the VPN
tunnel. For information about configuring local and remote IDs, see
The Console Shows Only SEND and RECV
VPN console log:
Default (SA CnxVpn1-P1) SEND phase 1 Aggressive Mode [SA] [KEY_EXCH] [NONCE] [ID] [VID]
Default (SA CnxVpn1-P1) RECV phase 1 Aggressive Mode [HASH][SA][KEY_EXCH][NONCE] [ID]
[VID]
[VID]
Explanation. The pre-shared keys might mismatch on the tunnel endpoints.
Resolution. Ensure that you use the same pre-shared key on each side of the VPN tunnel
and that no second VPN tunnel connects to the VPN Client on the VPN router.
and that no second VPN tunnel connects to the VPN Client on the VPN router.
No Response to Phase 2 Requests
VPN console log:
Default (SA CnxVpn1-CnxVpn1-P2) SEND phase 2 Quick Mode [HASH] [SA] [NONCE] [ID] [ID]
Default (SA CnxVpn1-CnxVpn1-P2) SEND phase 2 Quick Mode [HASH] [SA] [NONCE] [ID] [ID]
Default (SA CnxVpn1-CnxVpn1-P2) SEND phase 2 Quick Mode [HASH] [SA] [NONCE] [ID] [ID]
Default (SA CnxVpn1-CnxVpn1-P2) SEND phase 2 Quick Mode [HASH] [SA] [NONCE] [ID] [ID]
Explanation. The phase 2 encryption algorithms or phase 2 addresses might mismatch on
the tunnel endpoints.
the tunnel endpoints.
Resolution. Ensure that the phase 2 ESP encryption algorithms are the same on each side
of the VPN tunnel. For information about encryption algorithms, see
of the VPN tunnel. For information about encryption algorithms, see