Start Netgear vpn error validating proxy ids

Netgear vpn error validating proxy ids

All computers deserve the protection of a firewall, whether it’s the thousands of servers and desktops that compose the network of a Fortune 500 company, a traveling salesperson’s laptop connecting to the wireless network of a coffee shop, or your grandmother’s new PC with a dial-up connection to the Internet.

Today, worms and viruses initiate the vast majority of attacks.

Worms and viruses generally find their targets randomly.

Applying host-based firewalls to all systems, including those behind the corporate firewall, should now be standard practice.

Who are these “hackers” who are trying to break into your computer?

I went thru each of the IPSec and IKE fields afterwards to double check everything and it seemed ok. is the VPN supposed to be configured to use the VLAN1 (internal lan) interface or the Fast Ethernet4 (wan ip)? I found an excel template on this site , "Cisco IOS IPSEC template" and one thing I noticed; not sure if it was a typo or not, was it specified group 2 as 768bit versus 1024bit. if any additional info is needed, just write and I'll respond ASAP.--rob Netgear's VPN log:2007-05-17 : INFO: accept a request to establish IKE-SA: 69.207-05-17 : INFO: Configuration found for 69.2.2007-05-17 : INFO: Initiating new phase 1 negotiation: 69.2[500]69.2[500]2007-05-17 : INFO: Beginning Identity Protection mode.2007-05-17 : INFO: Received Vendor ID: CISCO-UNITY2007-05-17 : INFO: Received unknown Vendor ID2007-05-17 : INFO: Received unknown Vendor ID2007-05-17 : INFO: Received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt2007-05-17 : INFO: ISAKMP-SA established for LOCAL WAN IP[500]-REMOTE WAN IP[500] with spi:f1ed2ddf353e4c38:d0cd78f24f0bc8152007-05-17 : INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]2007-05-17 : INFO: Initiating new phase 2 negotiation: LOCAL WAN IP[500]REMOTE WAN IP[0]2007-05-17 : ERROR: Unknown notify message from REMOTE WAN IP[500]. logging buffered 51200 debugginglogging console criticalenable secret 5 (blah blah)! aaa authentication login default localaaa authorization exec default local ! ip inspect name DEFAULT100 cuseemeip inspect name DEFAULT100 ftpip inspect name DEFAULT100 h323ip inspect name DEFAULT100 icmpip inspect name DEFAULT100 netshowip inspect name DEFAULT100 rcmdip inspect name DEFAULT100 realaudioip inspect name DEFAULT100 rtspip inspect name DEFAULT100 esmtpip inspect name DEFAULT100 sqlnetip inspect name DEFAULT100 streamworksip inspect name DEFAULT100 tftpip inspect name DEFAULT100 tcpip inspect name DEFAULT100 udpip inspect name DEFAULT100 vdoliveip inspect name DEFAULT100 pcanywheredataip inspect name DEFAULT100 pcanywherestatip tcp synwait-time 10no ip bootp serverip domain name (blah.com)ip name-server 10.1ip ssh time-out 60ip ssh authentication-retries 2!!

I have tried it both ways, but it seems the Fast Ethernet4 interface is the correct one to use. No phase2 handle found.2007-05-17 : ERROR: Giving up on REMOTE WAN IP to set up IPsec-SA due to time up2007-05-17 : INFO: Responding to new phase 2 negotiation: LOCAL WAN IP[0]10.119.69.0/24 from REMOTE WAN IP/32[500]Netgear FVS338 (192.168.100.200)"VPN POLICY"Auto Policy remote endpoint : ip address Traffic Selection local ip range remote ip range-------------------------------------------"AUTO POLICY PARAMETERS"SA Lifetime : 3600 sec Encryption Algorithm : 3DESIntegrity Algorithm : SHA-1PFS Key Group : DH Group 2 (1024 bit)-------------------------------------------"IKE POLICY"Direction / Type : both Exchange Mode : main Local Identifier Type : Local WAN IPRemote Identifier Type : Remote WAN IP"IKE SA PARAMETERS"Encryption Algorithm : 3DESAuthentication Algorithm : SHA-1Authentication Method : Pre-Shared Diffie-Hellman (DH) Group : Group 2 (1024 bit)SA Lifetime : 2800 sec XAUTH Config : None==========================================================================================================Cisco 871 (IOS 12.4(4)T1 and SDM v2.3.3) (10.1)Here is the running-config: Building configuration... version 12.4no service padservice tcp-keepalives-inservice tcp-keepalives-outservice timestamps debug datetime msec localtime show-timezoneservice timestamps log datetime msec localtime show-timezoneservice password-encryptionservice sequence-numbers! crypto pki trustpoint TP-self-signed-1410502436 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-1410502436 revocation-check none rsakeypair TP-self-signed-1410502436!! interface Fast Ethernet4 description $ES_WAN$$FW_OUTSIDE$ ip address dhcp client-id Fast Ethernet4 ip access-group 101 in no ip redirects no ip unreachables no ip proxy-arp ip inspect DEFAULT100 out ip nat outside ip virtual-reassembly ip route-cache flow duplex auto speed auto crypto map SDM_CMAP_1!

It fails on Phase 2 with the following error:000320: *Apr 21 .028 PCTime: IPSEC(validate_proposal_request): proposalpart #1, (key eng.