3 TL-R600VPN Routers at 3 sites with dynamic DNS
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
3 TL-R600VPN Routers at 3 sites with dynamic DNS
Region : UnitedStates
Model : TL-R600VPN
Hardware Version : V2
Firmware Version : 1.2.2
ISP : Cablevision & FIOS
I have 3 TL-R600VPN routers. 1 at the main office. The other 2 at remotes sites. Each remote site has 1 pc. These remote PCs are to connect to server in main office.
All 3 sites have Dynamic DNS & we have setup properly with Dyndns to translate the Domain names.
Main office is set up locally with address range 192.168.1.x
Remote Office1 is setup locally with address range 192.168.2.x
Remote Office2 is setup locally with address range 192.168.3.x
IKE Policy:
Mode: Agrressive
ID Type: IP
MD5 3DES DH2
SA Lifetime: 28800
DPD: 10 seconds
IPsec Policy:
Remote Gateway: Domain Name
Mode: IKE
Security Protocol: ESP
Authentication Algorithm: MD5
Encryption Algorithm: 3DES
PFS Group: NONE
Lifetime: 28800
Status: Enabled
I setup separate IKE & IPsec for each connection.
Problem: Only Remote Office1 establishes a connection to Main Office. Remote Office2 does not establish an SA.
Remote Office2 log:
Index Time Type Level Log Content
23 Mar 12 00:56:14 VPN ERROR phase2 negotiation failed due to time up waiting for phase1. ESP 24.187.94.203[500]->192.168.100.4[500]
22 Mar 12 00:56:10 VPN INFO Selected NAT-T version: RFC 3947
21 Mar 12 00:56:10 VPN INFO respond new phase 1 negotiation: 192.168.100.4[500]<=>24.187.94.203[500]
20 Mar 12 00:56:07 VPN INFO ISAKMP-SA deleted 192.168.100.4[500]-24.187.94.203[500] spi:81a2c399f9e5ee87:e16131ae93cd243c
19 Mar 12 00:55:48 VPN INFO Selected NAT-T version: RFC 3947
18 Mar 12 00:55:48 VPN INFO respond new phase 1 negotiation: 192.168.100.4[500]<=>24.187.94.203[500]
17 Mar 12 00:55:44 VPN INFO ISAKMP-SA deleted 192.168.100.4[500]-24.187.94.203[500] spi:bfad329ace66b40e:ea10c70852c42c79
16 Mar 12 00:55:31 VPN ERROR phase2 negotiation failed due to time up waiting for phase1. ESP 24.187.94.203[500]->192.168.100.4[500]
15 Mar 12 00:55:31 DHCP NOTICE DHCPS:Recv INFORM from F0:4D:A2:9B:E1:D1
14 Mar 12 00:55:24 VPN INFO Selected NAT-T version: RFC 3947
13 Mar 12 00:55:24 VPN INFO respond new phase 1 negotiation: 192.168.100.4[500]<=>24.187.94.203[500]
12 Mar 12 00:55:23 VPN INFO ISAKMP-SA deleted 192.168.100.4[500]-24.187.94.203[500] spi:2aa2f5f75a59bef7:3b625a3d7245ad05
11 Mar 12 00:55:02 VPN INFO Selected NAT-T version: RFC 3947
10 Mar 12 00:55:02 VPN INFO respond new phase 1 negotiation: 192.168.100.4[500]<=>24.187.94.203[500]
9 Mar 12 00:54:59 VPN INFO ISAKMP-SA deleted 192.168.100.4[500]-24.187.94.203[500] spi:7fe7c3ce05181f90:dec13cddb20962cf
8 Mar 12 00:54:58 VPN ERROR phase2 negotiation failed due to time up waiting for phase1. ESP 24.187.94.203[0]->192.168.100.4[0]
7 Mar 12 00:54:40 VPN INFO ISAKMP-SA deleted 192.168.100.4[500]-24.187.94.203[500] spi:83f5c2c87bda1700:0000000000000000
6 Mar 12 00:54:39 VPN INFO Selected NAT-T version: RFC 3947
5 Mar 12 00:54:39 VPN INFO respond new phase 1 negotiation: 192.168.100.4[500]<=>24.187.94.203[500]
4 Mar 12 00:54:36 VPN INFO initiate new phase 1 negotiation: 192.168.100.4[500]<=>24.187.94.203[500]
3 Mar 12 00:54:35 VPN INFO ISAKMP-SA deleted 192.168.100.4[500]-24.187.94.203[500] spi:bc192cac5c99ff51:e6b1b6ab77ad0a0b
2 Mar 12 00:54:23 DHCP NOTICE DHCPS:Recv INFORM from F0:4D:A2:9B:E1:D1
1 Mar 12 00:54:23 OTHER INFO User clear system log.
Time = 2014-03-12 0:55:14 6558s
H-Ver = R600VPN v2 00000000 : S-Ver = 1.2.2 Build 140212 Rel.58039n
L = 192.168.3.1 : M = 255.255.255.0
W1 = DHCP : W = 192.168.100.4 : M = 255.255.255.0 : G = 192.168.100.1
Model : TL-R600VPN
Hardware Version : V2
Firmware Version : 1.2.2
ISP : Cablevision & FIOS
I have 3 TL-R600VPN routers. 1 at the main office. The other 2 at remotes sites. Each remote site has 1 pc. These remote PCs are to connect to server in main office.
All 3 sites have Dynamic DNS & we have setup properly with Dyndns to translate the Domain names.
Main office is set up locally with address range 192.168.1.x
Remote Office1 is setup locally with address range 192.168.2.x
Remote Office2 is setup locally with address range 192.168.3.x
IKE Policy:
Mode: Agrressive
ID Type: IP
MD5 3DES DH2
SA Lifetime: 28800
DPD: 10 seconds
IPsec Policy:
Remote Gateway: Domain Name
Mode: IKE
Security Protocol: ESP
Authentication Algorithm: MD5
Encryption Algorithm: 3DES
PFS Group: NONE
Lifetime: 28800
Status: Enabled
I setup separate IKE & IPsec for each connection.
Problem: Only Remote Office1 establishes a connection to Main Office. Remote Office2 does not establish an SA.
Remote Office2 log:
Index Time Type Level Log Content
23 Mar 12 00:56:14 VPN ERROR phase2 negotiation failed due to time up waiting for phase1. ESP 24.187.94.203[500]->192.168.100.4[500]
22 Mar 12 00:56:10 VPN INFO Selected NAT-T version: RFC 3947
21 Mar 12 00:56:10 VPN INFO respond new phase 1 negotiation: 192.168.100.4[500]<=>24.187.94.203[500]
20 Mar 12 00:56:07 VPN INFO ISAKMP-SA deleted 192.168.100.4[500]-24.187.94.203[500] spi:81a2c399f9e5ee87:e16131ae93cd243c
19 Mar 12 00:55:48 VPN INFO Selected NAT-T version: RFC 3947
18 Mar 12 00:55:48 VPN INFO respond new phase 1 negotiation: 192.168.100.4[500]<=>24.187.94.203[500]
17 Mar 12 00:55:44 VPN INFO ISAKMP-SA deleted 192.168.100.4[500]-24.187.94.203[500] spi:bfad329ace66b40e:ea10c70852c42c79
16 Mar 12 00:55:31 VPN ERROR phase2 negotiation failed due to time up waiting for phase1. ESP 24.187.94.203[500]->192.168.100.4[500]
15 Mar 12 00:55:31 DHCP NOTICE DHCPS:Recv INFORM from F0:4D:A2:9B:E1:D1
14 Mar 12 00:55:24 VPN INFO Selected NAT-T version: RFC 3947
13 Mar 12 00:55:24 VPN INFO respond new phase 1 negotiation: 192.168.100.4[500]<=>24.187.94.203[500]
12 Mar 12 00:55:23 VPN INFO ISAKMP-SA deleted 192.168.100.4[500]-24.187.94.203[500] spi:2aa2f5f75a59bef7:3b625a3d7245ad05
11 Mar 12 00:55:02 VPN INFO Selected NAT-T version: RFC 3947
10 Mar 12 00:55:02 VPN INFO respond new phase 1 negotiation: 192.168.100.4[500]<=>24.187.94.203[500]
9 Mar 12 00:54:59 VPN INFO ISAKMP-SA deleted 192.168.100.4[500]-24.187.94.203[500] spi:7fe7c3ce05181f90:dec13cddb20962cf
8 Mar 12 00:54:58 VPN ERROR phase2 negotiation failed due to time up waiting for phase1. ESP 24.187.94.203[0]->192.168.100.4[0]
7 Mar 12 00:54:40 VPN INFO ISAKMP-SA deleted 192.168.100.4[500]-24.187.94.203[500] spi:83f5c2c87bda1700:0000000000000000
6 Mar 12 00:54:39 VPN INFO Selected NAT-T version: RFC 3947
5 Mar 12 00:54:39 VPN INFO respond new phase 1 negotiation: 192.168.100.4[500]<=>24.187.94.203[500]
4 Mar 12 00:54:36 VPN INFO initiate new phase 1 negotiation: 192.168.100.4[500]<=>24.187.94.203[500]
3 Mar 12 00:54:35 VPN INFO ISAKMP-SA deleted 192.168.100.4[500]-24.187.94.203[500] spi:bc192cac5c99ff51:e6b1b6ab77ad0a0b
2 Mar 12 00:54:23 DHCP NOTICE DHCPS:Recv INFORM from F0:4D:A2:9B:E1:D1
1 Mar 12 00:54:23 OTHER INFO User clear system log.
Time = 2014-03-12 0:55:14 6558s
H-Ver = R600VPN v2 00000000 : S-Ver = 1.2.2 Build 140212 Rel.58039n
L = 192.168.3.1 : M = 255.255.255.0
W1 = DHCP : W = 192.168.100.4 : M = 255.255.255.0 : G = 192.168.100.1