What's new

Help with IPSEC connection in ASUS RT-AX3000

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Kroonik

New Around Here
Hi I'm new here.

I'm trying to connect an Asus RT-AX3000 with a Navigateworx NR300 using IPSEC (NR300 is using 4G). First I test my IPSEC server by connecting an iphone and it works, but when I try to connect my NR300 it doesn't work. Checking in the IPSEC log from the Asus i can't see what is the problem.

May 31 11:45:42 06[NET] received packet: from 181.xx.xx.xxx[11828] to 10.10.10.2[500] (976 bytes)
May 31 11:45:42 06[ENC] parsed ID_PROT request 0 [ SA V V V V V ]
May 31 11:45:42 06[IKE] received XAuth vendor ID
May 31 11:45:42 06[IKE] received DPD vendor ID
May 31 11:45:42 06[IKE] received FRAGMENTATION vendor ID
May 31 11:45:42 06[IKE] received NAT-T (RFC 3947) vendor ID
May 31 11:45:42 06[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
May 31 11:45:42 06[IKE] 181.42.28.156 is initiating a Main Mode IKE_SA
May 31 11:45:42 06[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
May 31 11:45:42 06[ENC] generating ID_PROT response 0 [ SA V V V V V ]
May 31 11:45:42 06[NET] sending packet: from 10.10.10.2[500] to 181.xx.xx.xxx[11828] (184 bytes)
May 31 11:45:43 08[NET] received packet: from 181.xx.xx.xxx[11828] to 10.10.10.2[500] (244 bytes)
May 31 11:45:43 08[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
May 31 11:45:43 08[IKE] local host is behind NAT, sending keep alives
May 31 11:45:43 08[IKE] remote host is behind NAT
May 31 11:45:43 08[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
May 31 11:45:43 08[NET] sending packet: from 10.10.10.2[500] to 181.xx.xx.xxx[11828] (244 bytes)
May 31 11:45:43 05[NET] received packet: from 181.xx.xx.xxx[11796] to 10.10.10.2[4500] (108 bytes)
May 31 11:45:43 05[ENC] parsed ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
May 31 11:45:43 05[CFG] looking for XAuthInitPSK peer configs matching 10.10.10.2...1xx.xx.xx.xxx[10.98.30.120]
May 31 11:45:43 05[CFG] selected peer config "Host-to-Net"
May 31 11:45:43 05[ENC] generating ID_PROT response 0 [ ID HASH ]
May 31 11:45:43 05[NET] sending packet: from 10.10.10.2[4500] to 1xx.xx.xx.xxx[11796] (76 bytes)
May 31 11:45:43 05[ENC] generating TRANSACTION request 1770487489 [ HASH CPRQ(X_USER X_PWD) ]
May 31 11:45:43 05[NET] sending packet: from 10.10.10.2[4500] to 181.xx.xx.xxx[11796] (76 bytes)
May 31 11:45:44 07[NET] received packet: from 181.xx.xx.xxx[11796] to 10.10.10.2[4500] (92 bytes)
May 31 11:45:44 07[ENC] parsed INFORMATIONAL_V1 request 1681678103 [ HASH D ]
May 31 11:45:44 07[IKE] received DELETE for IKE_SA Host-to-Net[7]
May 31 11:45:44 07[IKE] deleting IKE_SA Host-to-Net[7] between 10.10.10.2[10.10.10.2]...181.42.28.156[10.98.30.120]

Can someone help me or guide me? The only thing that catches my attention is that it says "Received DELETE for IKE_SA Host-to-NET"
Thank you in advance.
 
Last edited:
Sounds like more an issue with your VPN device than a router issue. What settings have you tried (e.g. IKE version, Authentication Method, etc.)?
 
On the asus router I used IKE V1 and V2 and a pre-shared key (don't know if you can edit the settings, it's a super basic menu on my router)
On the NR300 i used the next configuration:
1685555068351.png
 

Attachments

  • 1685554129253.png
    1685554129253.png
    119.5 KB · Views: 10
  • 1685555035932.png
    1685555035932.png
    99.4 KB · Views: 11
without PSK the router Asus show this:
May 31 15:09:15 08[CFG] looking for pre-shared key peer configs matching 10.10.10.2...1xx.xx.xx.170[router]
May 31 15:09:15 08[IKE] found 1 matching config, but none allows pre-shared key authentication using Main Mode
May 31 15:09:15 08[ENC] generating INFORMATIONAL_V1 request 3644491644 [ HASH N(AUTH_FAILED) ]
 
I have 4 users, router and router 2 users are for the NR300, i tried with V1 and V1 & V2.
1685558782515.png
 

Attachments

  • 1685558745170.png
    1685558745170.png
    24.7 KB · Views: 6
I'm sorry, I'm out of ideas. I use IKE v2 so I can't compare my logs with yours to see where they may diverge.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top