Safnet VPN

[b4n4n4m4n]

I'm new to VPN and have been trying to connect to works Netpilot using Safnet SoftRemoteLT Vers.9.0.1(Build 121)

Have a Westell 2400 (A90-240010-04)

I have the computer I'm using setup as the single static IP Address through the alternate IP Config in XP Pro the primary being the routers assigned IP Address from the DHCP

Setup Safenet but I'm getting this error when I attempt to connect :

7-01: 12:32:21.355
7-01: 12:32:21.365 My Connections\Test - Initiating IKE Phase 1 (IP ADDR=x.x.x.x)
7-01: 12:32:21.365 My Connections\Test - SENDING>>>> ISAKMP OAK MM (SA, VID 2x)
7-01: 12:32:21.435 My Connections\Test - RECEIVED<<< ISAKMP OAK MM (SA, VID)
7-01: 12:32:21.585 My Connections\Test - Peer is NAT-T draft-02 capable
7-01: 12:32:21.585 My Connections\Test - SENDING>>>> ISAKMP OAK MM (KE, NON, NAT-D 2x, VID 3x)
7-01: 12:32:21.705 My Connections\Test - RECEIVED<<< ISAKMP OAK MM (KE, NON, NAT-D 2x)
7-01: 12:32:21.775 My Connections\Test - SENDING>>>> ISAKMP OAK MM *(ID, HASH, NOTIFY:STATUS_INITIAL_CONTACT)
7-01: 12:32:21.846 My Connections\Test - RECEIVED<<< ISAKMP OAK INFO (NOTIFYAYLOAD_MALFORMED)
7-01: 12:32:21.846 My Connections\Test - Discarding SA negotiation
7-01: 12:32:31.850 My Connections\Test - RECEIVED<<< ISAKMP OAK MM (KE, NON, NAT-D 2x)
7-01: 12:32:31.850 My Connections\Test - Received message for non-active SA
7-01: 12:32:51.849 My Connections\Test - RECEIVED<<< ISAKMP OAK MM (KE, NON, NAT-D 2x)
7-01: 12:32:51.849 My Connections\Test - Received message for non-active SA

---------------------------------------------------------

I have Safenet pointing to the Remote Gateway and there is a Roadwarrior connection setup on the Netpilot with a key setup.

TIA feel a little out of my depth here

 

[ChrisAC]

Is the IP address of your XP system a private 'internal' address with the router doing NAT or have you got a real address on your system?

Chris.


**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************

 

[b4n4n4m4n]

Using the westell router you can configure a single user pc to share the single IP Address which I enabled from the PC I was trying to connect from.

Did say make sure IP Address of PC is set to it, so I did this with the alternate config and left the main ip address setup as server assigned

 

[ChrisAC]

The Safenet VPN client to Netpilot VPN will not work through a NAT device. The client needs to have a live IP address, not a private one.

This is a failing of the netpilot VPN "Road Warrior" setup. We've been having this issue with them for years!

Chris.

**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************

 

[b4n4n4m4n]

That's what I was told originally but the release of 3.0.7 I think on the netpilot update that was supposed to address the isssue with using NAT and is supposed to support it according to Equinet

 

[ChrisAC]

Interesting. I might try that. Your best bet would be to contact Equiinet and provide them with the logging from your netpilot and they should be able to point you in the right direction.

Chris.


**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************