L2 VPN setup, BR100 can't established tunnel ?

  • 1
  • Question
  • Updated 2 years ago

Hello Guys,

I'm trying to setup L2 VPN tunnelling between BR100 (VPN client) and AP330 (VPN server). I managed to get whole config and both devices connected to our HM and can see VPN server up with green arrow. However VPN client has red arrow and seems not to be connected. Both UDP ports 500 and 4500 has been open on our firewall. When checking IKE events I can see below logs:

BR100:

2016-11-23 15:51:56:Compare IKE ID and certificate name failed(172.27.6.12[4500]->217.34.x.x[4500])
2016-11-23 15:52:45:Peer not responding(172.27.6.12[4500]->217.34.x.x[4500])
2016-11-23 15:52:45:Phase 1 deleted(172.27.6.12[4500]->217.34.x.x[4500])
2016-11-23 15:52:46:Phase 1 started(172.27.6.12[500]->217.34.x.x[500])
2016-11-23 15:52:47:Compare IKE ID and certificate name failed(172.27.6.12[4500]->217.34.x.x[4500])
2016-11-23 15:53:36:Peer not responding(172.27.6.12[4500]->217.34.x.x[4500])
2016-11-23 15:53:36:Phase 1 deleted(172.27.6.12[4500]->217.34.x.x[4500])
2016-11-23 15:53:42:Phase 1 started(172.27.6.12[500]->217.34.x.x[500])
2016-11-23 15:53:42:Compare IKE ID and certificate name failed(172.27.6.12[4500]->217.34.x.x[4500])

AP330:

2016-11-23 15:56:50:Phase 1 deleted(192.168.126.12[4500]->94.228.x.x[64916])
2016-11-23 15:57:13:Phase 1 started(192.168.126.12[500]->94.228.x.x[1011])
2016-11-23 15:57:14:Xauth exchange start(192.168.126.12[4500]->94.228.x.x[64916])
2016-11-23 15:57:14:Phase 1 established(192.168.126.12[4500]->94.228.x.x[64916])
2016-11-23 15:57:14:Xauth server no need ISAKMP mode config(192.168.126.12[4500]->94.228.x.x[64916])
2016-11-23 15:57:23:Xauth exchange start(192.168.126.12[4500]->94.228.x.x[64916])
2016-11-23 15:57:33:Xauth exchange start(192.168.126.12[4500]->94.228.x.x[64916])
2016-11-23 15:57:38:Peer not reachable anymore(DPD timeout)(192.168.126.12[4500]->94.228.x.x[64916])
2016-11-23 15:57:40:Phase 1 deleted(192.168.126.12[4500]->94.228.x.x[64916])
2016-11-23 15:58:12:Phase 1 started(192.168.126.12[500]->94.228.x.x[1011])
2016-11-23 15:58:13:Xauth exchange start(192.168.126.12[4500]->94.228.x.x[64916])
2016-11-23 15:58:13:Phase 1 established(192.168.126.12[4500]->94.228.x.x[64916])
2016-11-23 15:58:13:Xauth server no need ISAKMP mode config(192.168.126.12[4500]->94.228.x.x[64916])

Is anyone able to advice why L2 tunnel hasn't been established and where problem is ?

Thanks,

Szymon

Photo of Szymon

Szymon

  • 15 Posts
  • 1 Reply Like

Posted 2 years ago

  • 1
Photo of Szymon

Szymon

  • 15 Posts
  • 1 Reply Like
I managed to make tunnel up by build new CSR self-sign by HM. Tunnel between BR100 and AP330 is up but can't see of test SSID's broadcasting by BR100 ...