VPN - IPSec on 3Com OfficeConnecr 3CR858 with any Win VPN client

Author

IPSec on 3Com OfficeConnecr 3CR858 with any Win VPN client

Stefan Huebner

2007-10-27, 7:14 pm

Hi all,

we have some serious trouble in configuring an IPSec tunnel between a
3Com 3CR858 router and a Windows PC. The router is behind a
transparent bridge on a 2/2Mbit/s SDSL link with a static IP address.
I've tried to connect to the IPSec tunnel using NCP, Greenbow and SSH
Sentinel so far with no success. Phase I finishes as long as I use
aggressive mode, but Phase II always terminates with a "Something
wrong" log entry on the router.
The 3Com hotline lacks any kind of competence so far, after 20 minutes
telephoning with a guy asking for the serial number, the weather and
several other major important things he told us he is not a technician
and we should ask for a service ticket online.
My "road warrior" setup on the windows PC is directly connected to an
ADSL modem to eliminate NAT trouble.

Any idea?

Lutz Donnerhacke

2007-10-27, 7:14 pm

* Stefan Huebner wrote:
> The 3Com hotline lacks any kind of competence so far, after 20 minutes
> telephoning with a guy asking for the serial number, the weather and
> several other major important things he told us he is not a technician
> and we should ask for a service ticket online.

YGWYPF.

> My "road warrior" setup on the windows PC is directly connected to an
> ADSL modem to eliminate NAT trouble.
> Any idea?

Take the log from the Windows XP VPN connection. It's unusual clear and easy
to read. In the failure dialog mark "Enable logging" and retry. The next
failure dialog offers a link to the report generator.

If you have further problems, please ask me directly (in German, if you
prefer).

As an educated guess, I'd suspect an NO_PROROCOL_CHOOSEN from the 3com,
because there is PFS enabled for Phase 2 on the 3com device.