Hello..
I need some help....I am working on replacing several small sites that are using various Netgear Prosafes with Edgerouter Lites and running into an issue with IPSEC site to site VPN not working. I have read and tried several techniques described in the community but not having any luck. I have 3 sites I a trying to implement.
Site 1 (EdgeRouter Lite v1.9.0) - WAN - 1.1.1.1 LAN 10.1.1.0/24
Site 2 (Netgear SRX-5308) - WAN 2.2.2.2 LAN - 192.168.70.0/24
Site 3 (Nexgear FVS336G) - WAN 3.3.3.3 LAN - 192.168.140.0/24
I can get them to connect to other manufactures but no luck with Edgerouter. I used the gui with in Edge OS to build the tunnels and confirm key and IPs. I believe my issue my lie in the firewall rules. I do packet captures and see the remote packet comming in port 500 and see the following lines repeated but no tunnels come active.
Aug 31 22:30:05 14[IKE] <peer-2.2.2.2-tunnel-1|70> initiating Main Mode IKE_SA peer-2.2.2.2-tunnel-1[70] to 2.2.2.2
Aug 31 22:30:14 04[IKE] <1485> 3.3.3.3 is initiating a Aggressive Mode IKE_SA
Aug 31 22:30:45 08[IKE] <1486> 3.3.3.3 is initiating a Aggressive Mode IKE_SA
show vpn ipsec sa
peer-2.2.2.2-tunnel-1: #70, CONNECTING, IKEv1, 0de39249007d6a75:0000000000000000
local '%any' @ 1.1.1.1
remote '%any' @2.2.2.2
queued: QUICK_MODE
active: ISAKMP_VENDOR ISAKMP_CERT_PRE MAIN_MODE ISAKMP_CERT_POST ISAKMP_NATD
peer-3.3.3.3-tunnel-1: #36, CONNECTING, IKEv1, ce0baa8f52e62a3b:0000000000000000
local '%any' @ 1.1.1.1
remote '%any' @ 3.3.3.3
queued: QUICK_MODE
active: ISAKMP_VENDOR ISAKMP_CERT_PRE MAIN_MODE ISAKMP_CERT_POST ISAKMP_NATD
Ken@KNET-EDGEROUTER:~$ show vpn ipsec status
IPSec Process Running PID: 1602
0 Active IPsec Tunnels
IPsec Interfaces :
eth0 (1.1.1.1)