User guide
Table Of Contents
- 1 Introduction
- 2 Cisco SA 520W Security Appliance VPN configuration
- 3 TheGreenBow IPSec VPN Client configuration
- 4 Tools in case of trouble
- 5 VPN IPSec Troubleshooting
- 5.1 « PAYLOAD MALFORMED » error (wrong Phase 1 [SA])
- 5.2 « INVALID COOKIE » error
- 5.3 « no keystate » error
- 5.4 « received remote ID other than expected » error
- 5.5 « NO PROPOSAL CHOSEN » error
- 5.6 « INVALID ID INFORMATION » error
- 5.7 I clicked on “Open tunnel”, but nothing happens.
- 5.8 The VPN tunnel is up but I can’t ping !
- 6 Contacts
Doc.Ref tgbvpn_cg-cisco-SA500-series-en
Doc.version 3.0 – May 2010
VPN version 4.x
IPSec VPN Router Configuration Property of TheGreenBow Sistech SA - © 2001-2010 12/14
• If you still cannot ping, follow ICMP traffic on VPN server LAN interface and on LAN computer interface
(with Wireshark for example). You will have an indication that encryption works.
• Check the “default gateway” value in VPN Server LAN. A target on your remote LAN can receive pings
but does not answer because there is a no “Default gateway” setting.
• You cannot access to the computers in the LAN by their name. You must specify their IP address inside
the LAN.
• We recommend you to install Wireshark (http://www.wireshark.org) on one of your target computer. You
can check that your pings arrive inside the LAN.