Help with IPSEC connection in ASUS RT-AX3000

[Kroonik]

Hi I'm new here.

I'm trying to connect an Asus RT-AX3000 with a Navigateworx NR300 using IPSEC (NR300 is using 4G). First I test my IPSEC server by connecting an iphone and it works, but when I try to connect my NR300 it doesn't work. Checking in the IPSEC log from the Asus i can't see what is the problem.

May 31 11:45:42 06[NET] received packet: from 181.xx.xx.xxx[11828] to 10.10.10.2[500] (976 bytes)
May 31 11:45:42 06[ENC] parsed ID_PROT request 0 [ SA V V V V V ]
May 31 11:45:42 06[IKE] received XAuth vendor ID
May 31 11:45:42 06[IKE] received DPD vendor ID
May 31 11:45:42 06[IKE] received FRAGMENTATION vendor ID
May 31 11:45:42 06[IKE] received NAT-T (RFC 3947) vendor ID
May 31 11:45:42 06[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
May 31 11:45:42 06[IKE] 181.42.28.156 is initiating a Main Mode IKE_SA
May 31 11:45:42 06[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
May 31 11:45:42 06[ENC] generating ID_PROT response 0 [ SA V V V V V ]
May 31 11:45:42 06[NET] sending packet: from 10.10.10.2[500] to 181.xx.xx.xxx[11828] (184 bytes)
May 31 11:45:43 08[NET] received packet: from 181.xx.xx.xxx[11828] to 10.10.10.2[500] (244 bytes)
May 31 11:45:43 08[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
May 31 11:45:43 08[IKE] local host is behind NAT, sending keep alives
May 31 11:45:43 08[IKE] remote host is behind NAT
May 31 11:45:43 08[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
May 31 11:45:43 08[NET] sending packet: from 10.10.10.2[500] to 181.xx.xx.xxx[11828] (244 bytes)
May 31 11:45:43 05[NET] received packet: from 181.xx.xx.xxx[11796] to 10.10.10.2[4500] (108 bytes)
May 31 11:45:43 05[ENC] parsed ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
May 31 11:45:43 05[CFG] looking for XAuthInitPSK peer configs matching 10.10.10.2...1xx.xx.xx.xxx[10.98.30.120]
May 31 11:45:43 05[CFG] selected peer config "Host-to-Net"
May 31 11:45:43 05[ENC] generating ID_PROT response 0 [ ID HASH ]
May 31 11:45:43 05[NET] sending packet: from 10.10.10.2[4500] to 1xx.xx.xx.xxx[11796] (76 bytes)
May 31 11:45:43 05[ENC] generating TRANSACTION request 1770487489 [ HASH CPRQ(X_USER X_PWD) ]
May 31 11:45:43 05[NET] sending packet: from 10.10.10.2[4500] to 181.xx.xx.xxx[11796] (76 bytes)
May 31 11:45:44 07[NET] received packet: from 181.xx.xx.xxx[11796] to 10.10.10.2[4500] (92 bytes)
May 31 11:45:44 07[ENC] parsed INFORMATIONAL_V1 request 1681678103 [ HASH D ]
May 31 11:45:44 07[IKE] received DELETE for IKE_SA Host-to-Net[7]
May 31 11:45:44 07[IKE] deleting IKE_SA Host-to-Net[7] between 10.10.10.2[10.10.10.2]...181.42.28.156[10.98.30.120]

Can someone help me or guide me? The only thing that catches my attention is that it says "Received DELETE for IKE_SA Host-to-NET"
Thank you in advance.

 

[rung]

Sounds like more an issue with your VPN device than a router issue. What settings have you tried (e.g. IKE version, Authentication Method, etc.)?

 

[Kroonik]

On the asus router I used IKE V1 and V2 and a pre-shared key (don't know if you can edit the settings, it's a super basic menu on my router)
On the NR300 i used the next configuration:

 

[rung]

Try authentication with just psk and no xauth?

 

[Kroonik]

without PSK the router Asus show this:

May 31 15:09:15 08[CFG] looking for pre-shared key peer configs matching 10.10.10.2...1xx.xx.xx.170[router]
May 31 15:09:15 08[IKE] found 1 matching config, but none allows pre-shared key authentication using Main Mode
May 31 15:09:15 08[ENC] generating INFORMATIONAL_V1 request 3644491644 [ HASH N(AUTH_FAILED) ]

 

[Kroonik]

Is there a way to further edit the IPSEC settings on the asus? I only have these settings.

 

[rung]

Sorry, I'm just shooting in the dark: I don't see any users listed in your config.

 

[Kroonik]

I have 4 users, router and router 2 users are for the NR300, i tried with V1 and V1 & V2.

 

[rung]

I'm sorry, I'm out of ideas. I use IKE v2 so I can't compare my logs with yours to see where they may diverge.