Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion Groups
General
GeneralPortable MacsHardwareNetworking
Applications
Mac ApplicationsEudoraFirefox / MozillaInternet ExplorerOutlook ExpressMS OfficeEntourageExcelPowerPointWordVirtual PCMedia PlayerOther MS Products
Programming
Mac ProgrammingCodeWarriorPerl
Country Specific
Australian Mac GroupUK Mac Group

Mac Forum / General / Networking / January 2005


Tip: Looking for answers? Try searching our database.

Vpntracker to D-link DFL-200

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Robert Willemstein - 30 Sep 2004 15:42 GMT
Hello,

I'm currently trying to make an ipsec connection with our D-link DFL-200
firewall/ vpn router, and it's not quite working. The situation is as
follows:

There is already one vpn up and running for a remote network, which is
network to network. But this one is from an ibook running 10.3.5 with
vpntracker to the network. I get some error messages in vpntracker like
this:

2004-09-30 12:37:37: DEBUG: isakmp_inf.c:781:isakmp_info_recv_n():
notification message 14:NO-PROPOSAL-CHOSEN, doi=1 proto_id=1
spi=bb706247fdc6e339 6345f4c373134cee (size=16).

I'm a bit confused by the distinction of multiple VPN connections. Am i
supposed to specify which vpn i want to connect to with the remote
identifier in vpn tracker, or does this have a different cause? I know
the firewall is sending back messages, i saw them in ethereal when i
tried to connect. It sends the NO-Proposal-Chosen response to the client.

Both the firewall manual and the VPN tracker manual weren't able to
answer the question as to what this meant, any suggestions are more than
welcome.

Kind regards,

Robert Willemstein
Reply to this Message
Feanor - 27 Jan 2005 16:12 GMT
Robert,
I am not familiar with Macs and I don't know which client you may be
using but I have  a DFL-200 and I have successfully configured the
D-Link DS-601 VPN Client and the SafeNet SoftRemote to connect through
a Watchguard firewall. I had to finesse things a bit and D-Link's tech
support group, specifically a tech named Zenen Jaimes, was utterly
useless in the process. So with that said make sure you have defined a
Roaming User Profile on the DFL-200 and configured the IKE & IPSec
Cipher's to match those used by the client. I had more success with
3Des at first but I eventually got the AES-128 encryption working
correctly. I am using SHA-1 as MD5 seemed to error out more frequently.
FYI. I pulled down the 2.1firmware from the UK D-Link FTP server and
it's been solid so far. I ordered the DS-601 client from
http://www.expansys-usa.com/product.asp?code=116680 and while it took
weeks to come in it's been worth the wait. Other considerations include
ping time between client and endpoint, Client support for NAT
traversal, tweaking your keep alive times and disabling Perfect Forward
Secrecy.  Hope some of this helps & Good Luck!
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.