locked
Trying to setup VPN (again) RRS feed

  • Question

  • I am trying to setup S2S VPN with Azure. I had this working before using a DLINK DSR-250N - but have had to change device due to change of ISP and need for VOIP on thr router. Now using Iinet Buddi Lite - which support IPsec VPN. Recreated gateway and think I have put in same parameters as last time. But it never connects.

    Here's the router settings:

    Tunnel Mode: ESP

    Key Exchange method: Auto (IKE)

    Pre-shared key XXXXXXXX

    Perfect Forward Secrecy: Disable

    Phase 1 Mode: Main

    Encryption: AES-256

    Integrity: SHA1

    Diffie-Helman 1024 bit

    Key Lifetime: 28800

    Phase 2:

    Encryption: AES-256

    Integrity: SHA1

    Diffie-Helman:1024 bit

    Key lifetime: 3600

    Any idea what I have got wrong? I have double checked GW IP numbers, subnets etc and cant see anything wrong.

    Thanks

    Friday, August 28, 2015 6:06 AM

Answers

All replies

  • Heres a little bit of the Azure VPN diagnostic log in case that gives a clue:

    [0]0300.0768::08/28/2015-06:34:46.008 [ikeext] 10|124.171.108.75|MM-LIFETIME-TYPE: 1
    [0]0300.0768::08/28/2015-06:34:46.008 [ikeext] 10|124.171.108.75|MM-LIFETIME-SEC: 28800
    [0]0300.0768::08/28/2015-06:34:46.008 [ikeext] 10|124.171.108.75|Comparing MM local policy proposal 0 with received transform 2
    [0]0300.0768::08/28/2015-06:34:46.008 [ikeext] 10|124.171.108.75|Attribute mismatch: MM-INTEGRITY, expected: SHA_256, received: SHA1
    [0]0300.0768::08/28/2015-06:34:46.008 [ikeext] 10|124.171.108.75|Comparing MM local policy proposal 1 with received transform 2
    [0]0300.0768::08/28/2015-06:34:46.008 [ikeext] 10|124.171.108.75|Accepted MM proposal. Local policy proposal: 1, Received transform: 2
    Unknown( 34): GUID=bcfc3a26-31c8-1ef4-9744-9e9a88f8ed1e (No Format Information found).
    [0]0300.0768::08/28/2015-06:34:46.008 [ikeext] 10|124.171.108.75|Construct IKEHeader
    [0]0300.0768::08/28/2015-06:34:46.013 [ikeext] 10|124.171.108.75|Construct KE
    [0]0300.0768::08/28/2015-06:34:46.013 [ikeext] 10|124.171.108.75|Construct NONCE
    Unknown( 11): GUID=a5074c67-c6c6-a625-7923-8565e9e4b0e5 (No Format Information found).
    Unknown( 32): GUID=0a0c7439-5f06-4edc-c528-eccb8aee9037 (No Format Information found).
    Unknown( 33): GUID=0a0c7439-5f06-4edc-c528-eccb8aee9037 (No Format Information found).
    [0]0300.0768::08/28/2015-06:34:46.013 [ikeext] 10|124.171.108.75|iCookie 2f386a31717dd8a8 rCookie c219170de9cfd489
    [0]0300.0768::08/28/2015-06:34:46.013 [ikeext] 10|124.171.108.75|Exchange type: IKE Main Mode Length 212 NextPayload KE Flags 0x0 Messid 0x00000000
    [0]0300.0768::08/28/2015-06:34:46.014 [ikeext] 10|124.171.108.75|Local Address: 191.239.182.189.500 Protocol 0
    [0]0300.0768::08/28/2015-06:34:46.014 [ikeext] 10|124.171.108.75|Peer Address: 124.171.108.75.500 Protocol 0
    Unknown( 34): GUID=0a0c7439-5f06-4edc-c528-eccb8aee9037 (No Format Information found).
    Unknown( 31): GUID=0a0c7439-5f06-4edc-c528-eccb8aee9037 (No Format Information found).
    Unknown( 13): GUID=e50917fd-367d-f30c-4c8a-5765c56125ee (No Format Information found).
    Unknown( 58): GUID=7857a320-42ee-6e90-d5d9-3f414e3ea2d3 (No Format Information found).
    [0]0300.0768::08/28/2015-06:34:46.014 [user] |124.171.108.75|IkeSaLookupByKeymodType failed with Windows error 1168(ERROR_NOT_FOUND)
    [0]0300.0768::08/28/2015-06:34:46.014 [user] |124.171.108.75|IkeSaLookupByKeymodType failed with HRESULT 0x80070490(ERROR_NOT_FOUND)
    Unknown( 23): GUID=0a0c7439-5f06-4edc-c528-eccb8aee9037 (No Format Information found).
    Unknown( 16): GUID=0a0c7439-5f06-4edc-c528-eccb8aee9037 (No Format Information found).
    Unknown( 10): GUID=29ad24a5-acd1-03fb-fbf5-339cd662b176 (No Format Information found).
    Unknown( 11): GUID=29ad24a5-acd1-03fb-fbf5-339cd662b176 (No Format Information found).
    [0]0300.0768::08/28/2015-06:34:46.023 [ikeext] 0|124.171.108.75|Local Address: 191.239.182.189.500 Protocol 0
    [0]0300.0768::08/28/2015-06:34:46.023 [ikeext] 0|124.171.108.75|Peer Address: 124.171.108.75.500 Protocol 0
    Unknown( 12): GUID=29ad24a5-acd1-03fb-fbf5-339cd662b176 (No Format Information found).
    Unknown( 13): GUID=29ad24a5-acd1-03fb-fbf5-339cd662b176 (No Format Information found).
    [0]0300.0768::08/28/2015-06:34:46.023 [ikeext] 0|124.171.108.75|iCookie 2f386a31717dd8a8 rCookie c219170de9cfd489
    [0]0300.0768::08/28/2015-06:34:46.023 [ikeext] 0|124.171.108.75|Exchange type: IKE Main Mode Length 88 NextPayload SA Flags 0x0 Messid 0x00000000
    Unknown( 27): GUID=29ad24a5-acd1-03fb-fbf5-339cd662b176 (No Format Information found).
    [0]0300.0768::08/28/2015-06:34:46.023 [user] |124.171.108.75|IkeFindPayloadInPacket failed with Windows error 13843(ERROR_IPSEC_IKE_INVALID_PAYLOAD)
    Unknown( 36): GUID=bcfc3a26-31c8-1ef4-9744-9e9a88f8ed1e (No Format Information found).
    [0]0300.0768::08/28/2015-06:34:46.023 [user] |124.171.108.75|IkeFindPayloadInPacket failed with HRESULT 0x80073613(ERROR_IPSEC_IKE_INVALID_PAYLOAD)

    Friday, August 28, 2015 6:40 AM
  • and this:

    Event Header:
      Timestamp: 1601-01-01T00:00:00.000Z
      Flags: 0x00000106
        Local address field set
        Remote address field set
        IP version field set
      IP version: IPv4
      IP protocol: 0
      Local address: 191.239.182.189
      Remote address: 124.171.108.75
      Local Port: 0
      Remote Port: 0
      Application ID:
      User SID: <invalid>
    Failure type: IKE/Authip Main Mode Failure
    Type specific info:
      Failure error code:0x000035ed
        Negotiation timed out

      Failure point: Local
      Flags: 0x00000000
      Keying module type: Ike
      MM State: Final roundtrip packet sent
      MM SA role: Initiator
      MM auth method: Preshared Key
      Cert hash:
    0000000000000000000000000000000000000000
      MM ID: 0x0000000000000009
      MM Filter ID: 0x0000000000011c83
      Local Principal Name: 
      Remote Principal Name: 
      Local Principal Group SIDs:
      Remote Principal Group SIDs:

    Friday, August 28, 2015 6:42 AM
  • Hi,

    Greetings!!

    you may like to check this link Step-By-Step: Create a Site-to-Site VPN between your network and Azure if all configuration are in placed.

    you may like to see the similar thread discussed on How to troubleshoot Site to Site IPSEC Tunnel.

    If this not helps please create a Support Ticket and have an Azure Support Professional look into this issue from the backend and determine the root cause.

    Best Regards
    Prasandhi Kumar

    Saturday, August 29, 2015 5:21 AM
  • Hi ,

    There is good post written here https://azure.microsoft.com/en-in/documentation/articles/vpn-gateway-site-to-site-create/

    If problem still persist connect with Azure Team  Support Ticket .

    Thanks

    Abhishek

    Saturday, August 29, 2015 5:43 AM