Re: ISA 2006 Site-to-Site VPN to a Netgear FVS114 (IPSec Tunnel)
- From: Roy Hills <royhills@xxxxxxxxxxx>
- Date: Fri, 16 Mar 2007 15:39:53 GMT
On Fri, 16 Mar 2007 15:07:14 +0100, Christian <c_mwg@xxxxxx> wrote:
At the moment i´m only getting a "SanityCheckHeader failed errs 4"
whatevere that is?!?!
It sounds like an IKE packet is failing a header sanity check (like packet
length, IKE version or something).
You really need more logging to enable a better diagnosis. The first
question is: where in the negotiations is it failing - Phase-1 or Phase-2?
I'd try enabling IKE debugging on the VPN server. I'm not familiar with
the ISA product, but most IPsec implementations include this ability,
although how to turn it on and where the logs get sent varies.
An alternative is to look at the logs from the client (NetGear), although
generally a VPN server has better logging capabilities than a client.
If you get nowhere with this, then I'd sniff the traffic using wireshark or
similar, and use the packet dump to work out where it is failing.
Roy Hills
.
- Follow-Ups:
- Re: ISA 2006 Site-to-Site VPN to a Netgear FVS114 (IPSec Tunnel)
- From: Christian
- Re: ISA 2006 Site-to-Site VPN to a Netgear FVS114 (IPSec Tunnel)
- References:
- ISA 2006 Site-to-Site VPN to a Netgear FVS114 (IPSec Tunnel)
- From: Christian
- ISA 2006 Site-to-Site VPN to a Netgear FVS114 (IPSec Tunnel)
- Prev by Date: Re: VPN-Clients NetBIOS Lookup
- Next by Date: Re: ISA 2006 Site-to-Site VPN to a Netgear FVS114 (IPSec Tunnel)
- Previous by thread: ISA 2006 Site-to-Site VPN to a Netgear FVS114 (IPSec Tunnel)
- Next by thread: Re: ISA 2006 Site-to-Site VPN to a Netgear FVS114 (IPSec Tunnel)
- Index(es):
Relevant Pages
|
