SOHO 6 and MUVPN not connecting

[MichaelDell]

I have a SOHO 6 and I am trying to get it to accept connections from a Win2k desktop using the MUVPN client.

It appears to negotiate the Phase 1, but into Phase 2, I get
Sending >>>> ISAKMP OAK TRANS *(HASH, ATTR)
Received <<< ISAKMP OAK INFO *(HASH, NOTIFY:INVALID_ID_INFO)
Bad Hash

This is repeated several times until it gives up.

It is set up just as the manual states

http://www.watchguard.com/help/docs/v60SOHOMUVPNClientGuide.pdf

.

Any thoughts or ideas would be appreciated.

 

[Istvan67]

Have you found a solution for this problem???
I had the same and I didn't find a good solution.
Thanks

 

[MichaelDell]

I was able to get a login to actually contact WatchGaurd's support yesterday. I'll post any info they give.

 

[Istvan67]

Thanks,
I hope that they will be able to resolve it.

Bye

 

[mtompkins]

Under Options, Global Policy settings, make sure you have "Allow to Specify Internal Network Address" selected. All your local trafic will (unfortunately) need to traverse the tunnel to the remove Soho.

It is a small nightmare but it works.

 

[MichaelDell]

Thanks for the info, but that is set.

I am still trying to work with their support in India, but due to the time differences, I don't have access to the SOHO during their hours of operation (9 PM EST to 6 AM EST). I may just have to make arrangements to spend the night their soon.

Man I wish these guys would have bought a Cisco PIX instead of the SOHO.

 

[Raul102801]

Did you ever get this to work? I am having the same problem and can't figure it out

 

[MichaelDell]

I did. I have to go over my notes and post it here. I basically through out their manual and did was seemed logical. Again, I'll post it shortly.

 

[Raul102801]

please do... I desperatly need to get this working ASAP
Any input will be greatly appreciated.
thanks

 

[MichaelDell]

Here is what I did:
On page 107 of the manual for the SOHO 6 it says in step 5: Type the virtual IP address in the applicable field. The virtual IP address is the same as the IP address on the Trusted Network Configuration page. This doesn't work (nor does it make any sense). The IP address they are referring to is the internal address of the SOHO???

What I did:
Type in an address that is within the internal subnet that you are using, but outside of the scope of the DHCP range you are using (if you have the SOHO 6 handing out DHCP addresses).

Set the two algorithms to match what you will be setting on the MUVPN client.

Go ahead and put the addresses in for the WINS and DNS server, but they won't pass them to the MUVPN clients. Why, I don't know. I you must have this, I can't help you. The only thing I was doing over this VPN was a Windows Terminal Server session to an XP Pro desktop that has a static IP.

Check the box for "All traffic uses tunnel". It wouldn't authenticate if it wasn't. I didn't dig into why.

On the MUVPN client config, follow the book.

Forget calling their tech support. They are completely worthless. I had posted in their online forum within the "case" I had opened that I wanted to speak with the tech that night between a certain time, 9:00 PM to 10:00 PM EST since he is in India and those are the hours he works. He agreed. When I called, he was on another call and they said he would call back in 10 or 20 minutes. After an 1/2 hour of trying things, I got it working myself. 12 hours 20 minutes later, I get a call from a U.S. based tech. He acted as if it was a big inconvenience to actually have to call someone back and was bothered a bit when I didn't need to work on the problem with him anymore. After I explained that they were supposed to call back 12 hours earlier, he said it wasn't his problem and something to the affect of he wouldn't "charge" me for calling which he would normally do even if we didn't actually accomplish anything.

If anyone comes to me know and asks about a VPN for a small office setting, I think for the money, the Cisco PIX 501 is the best value and easiest to configure, with better tech support. If they mention WatchGuard, I may just spit in their face.

 

[Raul102801]

Alright this is starting to get on my nerves.
I noticed that the book says I need to activate my MUVPN upgrade and vpn options for the Soho... I thought that the soho comes with one VPN by default and I would have to purchase any aditional licenses for more clients. If I only use 1 client, would I still need to activate anything? how about the MUVPN client? this is a little confusing and after following everybodys advice I still can't get it to work.

 

[MichaelDell]

That is what I thought too. $200 for five licenses. If you haven't spent it yet, dump the SOHO and get a PIX. You'll save money and nerves.

 

[KMS1000]

Don't know if you guys are having the same problem as I've had today but I've just spent about 5 hours troubleshooting the very same INVALID_ID_INFO & Bad Hash errors. It eventually turned out that there was another remote user elsewhere trying to establish a VPN into the Watchguard SOHO who had the same local IP range as I had here. I changed my local IP range & the whole thing burst into life. However I would point out that despite the VPN working perfectly now, I can see that I still get the same errors during phase 2 of the negotiation??? They've been red-herring errors for me all day!!