LS300 and VPN not working

kmeunier · April 8, 2015, 8:14am

Hi everybody,

I contact you about a IPSec VPN mount between a LS300 and a Zywall USG300 router. I apologize in advance for my english.
I don’t understand why but the VPN connection work well but I can’t ping the IP of the LS300 device.

Here the log of the USG300 :

1 2015-04-08 09:00:12 info IKE Dynamic Tunnel [GW_VPN_DiagBox:VPN_Diagbox_Limagrain_Maringues:0x05f5e230] built successfully 134.90.138.12:500 80.12.55.30:1011 IKE_LOG
2 2015-04-08 09:00:12 info IKE [ESP aes-cbc|hmac-sha1-96][SPI 0x30fc1c20|0x05f5e230][PFS:DH2][Lifetime 86420] 134.90.138.12:500 80.12.55.30:1011 IKE_LOG
3 2015-04-08 09:00:12 info IKE [Policy: ipv4(192.168.12.0-192.168.12.255)-ipv4(192.168.50.32-192.168.50.47)] 134.90.138.12:500 80.12.55.30:1011 IKE_LOG
4 2015-04-08 09:00:12 info IKE [Responder:134.90.138.12][Initiator:80.12.55.30] 134.90.138.12:500 80.12.55.30:1011 IKE_LOG
5 2015-04-08 09:00:12 info IKE Recv:[HASH] 80.12.55.30:1011 134.90.138.12:500 IKE_LOG
6 2015-04-08 09:00:11 info IKE Send:[HASH][NOTIFY:R_U_THERE_ACK] 134.90.138.12:500 80.12.35.142:1011 IKE_LOG
7 2015-04-08 09:00:11 info IKE The cookie pair is : 0x088f154d12c4b73c / 0xfa0a1d94162809ae 134.90.138.12:500 80.12.35.142:1011 IKE_LOG
8 2015-04-08 09:00:11 info IKE Recv:[HASH][NOTIFY:R_U_THERE] 80.12.35.142:1011 134.90.138.12:500 IKE_LOG
9 2015-04-08 09:00:11 info IKE The cookie pair is : 0xfa0a1d94162809ae / 0x088f154d12c4b73c 80.12.35.142:1011 134.90.138.12:500 IKE_LOG
10 2015-04-08 09:00:11 info IKE Send:[HASH][SA][NONCE][KE][ID][ID] 134.90.138.12:500 80.12.55.30:1011 IKE_LOG
11 2015-04-08 09:00:11 info IKE Recv:[HASH][SA][NONCE][KE][ID][ID] 80.12.55.30:1011 134.90.138.12:500 IKE_LOG
12 2015-04-08 09:00:11 notice Firewall priority:10, from LAN to ANY, ICMP Type:8, service Ping, ICMP Type:8, ACCEPT [count=20] 192.168.12.63 173.194.116.111 ACCESS FORWARD
13 2015-04-08 09:00:10 info IKE Phase 1 IKE SA process done 134.90.138.12:500 80.12.55.30:1011 IKE_LOG
14 2015-04-08 09:00:10 info IKE Send:[ID][HASH] 134.90.138.12:500 80.12.55.30:1011 IKE_LOG
15 2015-04-08 09:00:10 info IKE Recv:[ID][HASH] 80.12.55.30:1011 134.90.138.12:500 IKE_LOG
16 2015-04-08 09:00:09 info IKE Send:[KE][NONCE] 134.90.138.12:500 80.12.55.30:1011 IKE_LOG
17 2015-04-08 09:00:08 info IKE Recv:[KE][NONCE][PRV][PRV] 80.12.55.30:1011 134.90.138.12:500 IKE_LOG
18 2015-04-08 09:00:08 info IKE Send:[HASH][NOTIFY:R_U_THERE_ACK] 134.90.138.12:500 80.12.55.66:1011 IKE_LOG
19 2015-04-08 09:00:08 info IKE The cookie pair is : 0x885cbca92ea46e1a / 0xdbb6874607879b4b 134.90.138.12:500 80.12.55.66:1011 IKE_LOG
20 2015-04-08 09:00:08 info IKE Recv:[HASH][NOTIFY:R_U_THERE] 80.12.55.66:1011 134.90.138.12:500 IKE_LOG
21 2015-04-08 09:00:08 info IKE The cookie pair is : 0xdbb6874607879b4b / 0x885cbca92ea46e1a 80.12.55.66:1011 134.90.138.12:500 IKE_LOG
22 2015-04-08 09:00:07 info IKE Send:[SA][VID][VID][VID][VID][VID][VID][VID][VID] 134.90.138.12:500 80.12.55.30:1011 IKE_LOG
23 2015-04-08 09:00:07 info IKE The cookie pair is : 0x7398d78ff19868a1 / 0xba424154f3e5b7cb [count=9] 134.90.138.12:500 80.12.55.30:1011 IKE_LOG
24 2015-04-08 09:00:07 info IKE Recv:[SA][VID][VID][VID][VID][VID] 80.12.55.30:1011 134.90.138.12:500 IKE_LOG
25 2015-04-08 09:00:07 info IKE The cookie pair is : 0xba424154f3e5b7cb / 0x7398d78ff19868a1 [count=5] 80.12.55.30:1011 134.90.138.12:500 IKE_LOG
26 2015-04-08 09:00:07 info IKE Recv Main Mode request from [80.12.55.30] 80.12.55.30:1011 134.90.138.12:500 IKE_LOG
27 2015-04-08 09:00:07 info IKE The cookie pair is : 0x7398d78ff19868a1 / 0x0000000000000000 80.12.55.30:1011 134.90.138.12:500 IKE_LOG
28 2015-04-08 09:00:03 alert Firewall priority:41, from WAN to ZyWALL, UDP, service others, DROP 77.67.10.132:3478 134.90.138.9:62547 ACCESS BLOCK
29 2015-04-08 09:00:00 info IKE Send:[HASH][NOTIFY:R_U_THERE_ACK] 134.90.138.12:500 80.12.35.142:1011 IKE_LOG
30 2015-04-08 09:00:00 info IKE The cookie pair is : 0x088f154d12c4b73c / 0xfa0a1d94162809ae 134.90.138.12:500 80.12.35.142:1011 IKE_LOG
31 2015-04-08 09:00:00 info IKE Recv:[HASH][NOTIFY:R_U_THERE] 80.12.35.142:1011 134.90.138.12:500 IKE_LOG
32 2015-04-08 09:00:00 info IKE The cookie pair is : 0xfa0a1d94162809ae / 0x088f154d12c4b73c 80.12.35.142:1011 134.90.138.12:500 IKE_LOG

After the connection, I must launch a ping from the LS300 to the USG300 (inside the tunnel) to make the VPN Tunnel work. Without that, the VPN is connected but doesn’t work.

Is it a normal behaviour ? There is no “keepalive” option that applies to an IPSec VPN (i can only see this option on SSL VPN)?

Here is a screenshot of LS300 VPN configuration :
http://nsa33.casimages.com/img/2015/04/08/150408100923349794.png

Thank you in advance.

lechieng · April 15, 2015, 6:47pm

Hello,

If all tunnels are disabled, can ping function to the modem’s WAN ip?
What is the PINGS Response set to in Aleos?
How’s split tunneling set up?
What points are actually being pinged with the tunnel enabled? 192.168.13.31 ? WAN IP? Also, from which point.

If you continue to have problems, your might want to work closely with your reseller.

Cheers

Topic		Replies	Views
LS300: Some hosts on VPN, some not AirLink routers	0	812	January 20, 2016
IPsec VPN "Error in ESP proposal(s)" AirLink Routers	8	344	April 8, 2024
LS300 IPSec performance/problems AirLink routers	1	773	November 2, 2015
Need help setting up a LS300 AirLink routers	1	858	November 16, 2015
LS 300 VPN Ipsec to AVM FX30	2	1317	October 23, 2019

LS300 and VPN not working

Related topics