zamacola
Posts: 2
Joined: 7.Aug.2008
Status: offline
|
I have a IPSEC Site to Site tunnel beetwin a DLink 804 and ISAServer.
From DLink network we can Access to shared folders, Terminal Server, Exchange, etc.
From ISAServer network we cannot open shared folders, access to remote PCs by Terminal Server or open http configuration page of Dlink or remote printer.
ISA server log show the following error:
Intento de conexión erróneo 28VOL-A-SV03 07/08/2008 10:40:23
Tipo de registro: Proxy web (directo)
Estado: 10065 Se ha intentado una operación de socket en un host no accesible.
Regla: [System] Permitir todo el tráfico HTTP desde el servidor ISA hacia todas las redes (para las descargas de CRL)
Origen: Host local (80.59.188.126)
Destino: Castellana (192.168.3.1:80)
Petición: GET http://192.168.3.1/
Información de filtro: Req ID: 0f705fa0; Compression: client=No, server=No, compress rate=0% decompress rate=0%
Protocolo: http
Usuario: anonymous
Información adicional
Agente del cliente: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Origen del objeto: Internet (El origen es Internet. El objeto se había agregado a la caché.)
Información de la caché: 0x0
Tiempo de procesamiento: 63094 Tipo MIME:
This message say something like that "you try a socket operation to an accessible host”
On DLink side, we have the following:
WAN Type: Static IP Address (V1.51)
[80.59.188.126|192.168.0.0] phase 2');L2(18000,' IKE phase2 (IPSec SA) remove : 192.168.3.0 192.168.0.0');L2(18000,' inbound SPI = 0x1100eaf3, outbound SPI = 0x4d949fcf');L2(18000,' Send IKE (INFO) : delete 217.127.197.124 -> 80.59.188.126 phase 1');L2(18000,' IKE phase1 (ISAKMP SA) remove : 217.127.197.124 80.59.188.126');L2(17000,' Send IKE M1(INIT) : 217.127.197.124 --> 80.59.188.126');L2(17000,' Receive IKE M2(RESP) : 80.59.188.126 --> 217.127.197.124');L2(17000,' Try to match with ENC:3DES AUTH:PSK HASH:SHA1 Group:Group2');L2(17000,' Send IKE M3(KEYINIT) : 217.127.197.124 --> 80.59.188.126');L2(16500,' Receive IKE M4(KEYRESP) : 80.59.188.126 --> 217.127.197.124');L2(16500,' Send IKE M5(IDINIT) : 217.127.197.124 --> 80.59.188.126');L2(16500,' Receive IKE M6(IDRESP) : 80.59.188.126 --> 217.127.197.124');L2(16500,' IKE Phase1 (ISAKMP SA) established : 80.59.188.126 217.127.197.124');L2(16000,' Send IKE Q1(QINIT) : 192.168.3.0 --> 192.168.0.0');L2(16000,' Receive IKE Q2(QRESP) : [192.168.0.0|80.59.188.126]-->[217.127.197.124|192.168.3.0]');L2(16000,' Try to match ESP with MODE:Tunnel PROTOCAL:ESP-3DES AUTH:SHA1 HASH:Others PFS(Group):Group2');L2(16000,' Send IKE Q3(QHASH) : 192.168.3.0 --> 192.168.0.0');L2(16000,' IKE Phase2 (IPSEC SA) established : [192.168.0.0|80.59.188.126][217.127.197.124|192.168.3.0]');L2(16000,' inbound SPI = 0x1400a86b, outbound SPI = 0x9da55f6');L2(15500,' IKED quick mode Notify : ISAKMP_NMT_CONNECTED');
var f=document.forms[0]
if(cur==0)f._pp.disabled=true;
if(cur==pages)f._np.disabled=true;
//-->
Display time: Thursday August 07, 2008 09:50:40
Thursday August 07, 2008 09:50:22 Send IKE (INFO) : delete [192.168.3.0|217.127.197.124]-->[80.59.188.126|192.168.0.0] phase 2
Thursday August 07, 2008 09:50:22 IKE phase2 (IPSec SA) remove : 192.168.3.0 <-> 192.168.0.0
Thursday August 07, 2008 09:50:22 inbound SPI = 0x1100eaf3, outbound SPI = 0x4d949fcf
Thursday August 07, 2008 09:50:22 Send IKE (INFO) : delete 217.127.197.124 -> 80.59.188.126 phase 1
Thursday August 07, 2008 09:50:22 IKE phase1 (ISAKMP SA) remove : 217.127.197.124 <-> 80.59.188.126
Thursday August 07, 2008 09:50:23 Send IKE M1(INIT) : 217.127.197.124 --> 80.59.188.126
Thursday August 07, 2008 09:50:23 Receive IKE M2(RESP) : 80.59.188.126 --> 217.127.197.124
Thursday August 07, 2008 09:50:23 Try to match with ENC:3DES AUTH:PSK HASH:SHA1 Group:Group2
Thursday August 07, 2008 09:50:23 Send IKE M3(KEYINIT) : 217.127.197.124 --> 80.59.188.126
Thursday August 07, 2008 09:50:23 Receive IKE M4(KEYRESP) : 80.59.188.126 --> 217.127.197.124
Thursday August 07, 2008 09:50:23 Send IKE M5(IDINIT) : 217.127.197.124 --> 80.59.188.126
Thursday August 07, 2008 09:50:23 Receive IKE M6(IDRESP) : 80.59.188.126 --> 217.127.197.124
Thursday August 07, 2008 09:50:23 IKE Phase1 (ISAKMP SA) established : 80.59.188.126 <-> 217.127.197.124
Thursday August 07, 2008 09:50:24 Send IKE Q1(QINIT) : 192.168.3.0 --> 192.168.0.0
Thursday August 07, 2008 09:50:24 Receive IKE Q2(QRESP) : [192.168.0.0|80.59.188.126]-->[217.127.197.124|192.168.3.0]
Thursday August 07, 2008 09:50:24 Try to match ESP with MODE:Tunnel PROTOCAL:ESP-3DES AUTH:SHA1 HASH:Others PFS(Group):Group2
Thursday August 07, 2008 09:50:24 Send IKE Q3(QHASH) : 192.168.3.0 --> 192.168.0.0
Thursday August 07, 2008 09:50:24 IKE Phase2 (IPSEC SA) established : [192.168.0.0|80.59.188.126]<->[217.127.197.124|192.168.3.0]
Thursday August 07, 2008 09:50:24 inbound SPI = 0x1400a86b, outbound SPI = 0x9da55f6
Thursday August 07, 2008 09:50:24 IKED quick mode Notify : ISAKMP_NMT_CONNECTED
Thursday August 07, 2008 09:50:24 IKED quick mode Notify : ISAKMP_NMT_CONNECTED
Thursday August 07, 2008 09:50:36 Receive IKE Q1(QINIT) : [80.59.188.126]-->[217.127.197.124]
Thursday August 07, 2008 09:50:36 SPD Error : not found [80.59.188.126]<->[192.168.3.0] from peer IP address 80.59.188.126
Thursday August 07, 2008 09:50:36 error = 77
Thursday August 07, 2008 09:50:37 Receive IKE Q1(QINIT) : [80.59.188.126]-->[217.127.197.124]
Thursday August 07, 2008 09:50:37 SPD Error : not found [80.59.188.126]<->[192.168.3.0] from peer IP address 80.59.188.126
Thursday August 07, 2008 09:50:37 error = 77
Thursday August 07, 2008 09:50:39 Receive IKE Q1(QINIT) : [80.59.188.126]-->[217.127.197.124]
Thursday August 07, 2008 09:50:39 SPD Error : not found [80.59.188.126]<->[192.168.3.0] from peer IP address 80.59.188.126
Thursday August 07, 2008 09:50:39 error = 77
Thursday August 07, 2008 09:50:43 Receive IKE Q1(QINIT) : [80.59.188.126]-->[217.127.197.124]
Thursday August 07, 2008 09:50:43 SPD Error : not found [80.59.188.126]<->[192.168.3.0] from peer IP address 80.59.188.126
Thursday August 07, 2008 09:50:43 error = 77
Thursday August 07, 2008 09:50:51 Receive IKE Q1(QINIT) : [80.59.188.126]-->[217.127.197.124]
Thursday August 07, 2008 09:50:51 SPD Error : not found [80.59.188.126]<->[192.168.3.0] from peer IP address 80.59.188.126
Thursday August 07, 2008 09:50:51 error = 77
Thursday August 07, 2008 09:51:07 Receive IKE Q1(QINIT) : [80.59.188.126]-->[217.127.197.124]
Thursday August 07, 2008 09:51:07 SPD Error : not found [80.59.188.126]<->[192.168.3.0] from peer IP address 80.59.188.126
Thursday August 07, 2008 09:51:07 error = 77
I think the problem is on DLink. I've reported the 77 error to DLink but I have no response except to upgrede firmware from 1.44 to 1.51. The problems persist.
Any help will be appreciate. Best regards.
< Message edited by zamacola -- 7.Aug.2008 5:21:33 AM >
|
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
VPN is up and working but cannot access to dlink 804 site - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread