Operating System: Windows XP Pro SP2
Virusscan: Antivir Premium Edition
VPN Client: Netgear ProSave Client
VPN Connection does not work when using VPN with certificates together with CFP.
VPN Connections with pre shared key (same environment) is working with CFP.
Switched on FW Logging to highest level → no Logging entries
FW Setting Train with save mode.
D+ not installed.
Tried with CFP V3.0.17 and V3.0.18 → not working
Tried to switch off D+ → not working
Installed CFP without D+ Module → not working
Deinstalling CFP and installing another FW solved the problem.
In the vpn client logfile you see that the client certificate was send to the vpn router, but the vpn client does not receive the certificate sent by the vpn router.
Detailed Log of the vpn client:
2-20: 09:09:59.921 My Connections\Zertifikat - Initiating IKE Phase 1 (IP ADDR=xxx.xx.xxx.xx)
2-20: 09:10:00.125 My Connections\Zertifikat - SENDING>>>> ISAKMP OAK MM (SA, VID 2x)
2-20: 09:10:01.718 My Connections\Zertifikat - RECEIVED<<< ISAKMP OAK MM (SA, VID 4x)
2-20: 09:10:02.000 My Connections\Zertifikat - Peer is NAT-T draft-02 capable
2-20: 09:10:02.140 My Connections\Zertifikat - SENDING>>>> ISAKMP OAK MM (KE, NON, NAT-D 2x, VID 4x)
2-20: 09:10:02.359 My Connections\Zertifikat - RECEIVED<<< ISAKMP OAK MM (KE, NON, CERT_REQ, NAT-D 2x)
2-20: 09:10:02.390 My Connections\Zertifikat - NAT is detected for Client
2-20: 09:10:02.390 My Connections\Zertifikat - Floating to IKE non-500 port
2-20: 09:10:02.656 My Connections\Zertifikat - Using configured user certificate “dummy Company_GmbH Company_VPN ID”.
2-20: 09:10:02.750 My Connections\Zertifikat - SENDING>>>> ISAKMP OAK MM *(ID, CERT, CERT_REQ, SIG, NOTIFY:STATUS_REPLAY_STATUS, NOTIFY:STATUS_INITIAL_CONTACT)
2-20: 09:10:13.234 My Connections\Zertifikat - RECEIVED<<< ISAKMP OAK MM (Retransmission)
2-20: 09:10:13.234 My Connections\Zertifikat - SENDING>>>> ISAKMP OAK MM *(Retransmission)
2-20: 09:10:18.265 My Connections\Zertifikat - message not received! Retransmitting!
2-20: 09:10:18.265 My Connections\Zertifikat - SENDING>>>> ISAKMP OAK MM *(Retransmission)
2-20: 09:10:27.484 My Connections\Zertifikat - RECEIVED<<< ISAKMP OAK MM (Retransmission)
…
2-20: 09:11:03.265 My Connections\Zertifikat - Exceeded 3 IKE SA negotiation attempts
Here is the logfile with CFP deinstalled an another FW installed on the client:
2-19: 19:46:55.843 My Connections\Zertifikat - Initiating IKE Phase 1 (IP ADDR=IP ADDR=xxx.xx.xxx.xx)
2-19: 19:46:55.890 My Connections\Zertifikat - SENDING>>>> ISAKMP OAK MM (SA, VID 2x)
2-19: 19:46:56.015 My Connections\Zertifikat - RECEIVED<<< ISAKMP OAK MM (SA, VID 4x)
2-19: 19:46:56.125 My Connections\Zertifikat - Peer is NAT-T draft-02 capable
2-19: 19:46:56.171 My Connections\Zertifikat - SENDING>>>> ISAKMP OAK MM (KE, NON, NAT-D 2x, VID 4x)
2-19: 19:46:56.312 My Connections\Zertifikat - RECEIVED<<< ISAKMP OAK MM (KE, NON, CERT_REQ, NAT-D 2x)
2-19: 19:46:56.328 My Connections\Zertifikat - NAT is detected for Client
2-19: 19:46:56.328 My Connections\Zertifikat - Floating to IKE non-500 port
2-19: 19:46:56.437 My Connections\Zertifikat - Using configured user certificate “dummy Company_GmbH Company_VPN ID”.
2-19: 19:46:56.468 My Connections\Zertifikat - SENDING>>>> ISAKMP OAK MM *(ID, CERT, CERT_REQ, SIG, NOTIFY:STATUS_REPLAY_STATUS, NOTIFY:STATUS_INITIAL_CONTACT)
2-19: 19:46:57.109 My Connections\Zertifikat - RECEIVED<<< ISAKMP OAK MM *(ID, CERT, SIG)
2-19: 19:46:57.140 My Connections\Zertifikat - Established IKE SA
2-19: 19:46:57.140 MY COOKIE ef a7 b6 b2 db 72 6c 28
2-19: 19:46:57.140 HIS COOKIE ba 84 a3 cf bf ed de 97
Thanks for your support
[Topic Closed: If issue returns PM an online mod to open]