Question : Receive IPSec packet, but no corresponding tunnel exists

Hello.

VPN problem:

Zywall 5  <---> A-Link firewall & behind that is TheGreenBow VPN client.

Zywall 5 Setup
Ike Proposal:
Negotiation Mode=Aggressive
Encryption= AES128
Authentication=SHA1
SA Lifetime=3000000
Key Group= DH1

IPSec Proposal:
Encapsulation Mode= Tunnel
Active Protocol= ESP
Encryption Algorithm= Aes128
Authentication Alg=SHA1
SA Lifetime= 28800
PFS=DH1

There is problem Zywall 5 log: Receive IPSec packet, but no corresponding tunnel exists.

Where is problem?

When connect Zywall 2 plus <---> Zywall 5 (So called site to site) It works well. But thegreenbow VPN connect <--> Zywall 5 error log is there and connection is lost about 30min....

Thanks

Answer : Receive IPSec packet, but no corresponding tunnel exists

The router supports IPSec, don't think that is the problem. IKE is layered on UDP and uses UDP port 500 to exchange IKE information between the security gateways. Therefore, UDP port 500 packets must be permitted on any IP interface involved in connecting a security gateway peer (http://www.juniper.net/techpubs/software/erx/erx51x/swconfig-routing-vol1/html/ipsec-config5.html).

Can you try setting the IKE mode to Main mode, instead of aggresive and see if it works normally. Below is the manual for Zywall 5 router:

http://www.thegreenbow.com/doc/tgbvpn_cg_zywall5_en.pdf

Another suggestion is to download Ethereal (http://www.ethereal.com/
) which will help in finding out if packets are getting across the network properly. It needs to be installed on the destination machine and will monitor the network card for packets.

Hope it helps.
Random Solutions  
 
programming4us programming4us