Question : Gateway to Gateway VPN tunnel problems

I'm trying to setup a VPN tunnel and no matter what I do I can't seem to get it to connect.  I purchased 2 cisco 120W VPN Firewalls.  I'm using the identical default config on both routers so all encryption, authentication etc are the exact same, I've tried connecting from WAN IP to WAN IP, IP to fqdn, and fqdn to fqdn and still can not get IPSec connection to establish. I've tried both aggressive and main mode on both as well.  I always get the following message:

 Initiating new phase 1 negotiation: x.x.44.149[500]<=>x.x.44.148[500]
2010-06-28 04:02:46: INFO: Beginning Aggressive mode.
2010-06-28 04:02:46: INFO:  NAT-Traversal is Enabled
2010-06-28 04:02:46: INFO:   [agg_i1send:254]: XXX: NUMNATTVENDORIDS: 3
2010-06-28 04:02:46: INFO:   [agg_i1send:258]: XXX: setting vendorid: 4
2010-06-28 04:02:46: INFO:   [agg_i1send:258]: XXX: setting vendorid: 8
2010-06-28 04:02:46: INFO:   [agg_i1send:258]: XXX: setting vendorid: 9
2010-06-28 04:03:17: ERROR:  Invalid SA protocol type: 0
2010-06-28 04:03:17: ERROR:  Phase 2 negotiation failed due to time up waiting for phase1.
2010-06-28 04:03:46: ERROR:  Phase 1 negotiation failed due to time up for x.x.44.148[500]. b66f955da527f135:0000000000000000
2010-06-28 04:05:26: WARNING:  no phase2 found for "djsc"

I'm guessing it may have something it may with the fact that I'm using the same ISP which has issued me a block of 5 IPs all apart of the same subnet, using the same gateway and dns servers....???  Would that be a problem?  Neither router is recognizing that another router is attempting to connect....

Here is the info:
Site A:
WAN IP: x.x.44.148
DG: x.x.44.150

Site B:
Wan IP: x.x.44.149
DG: x.x.44.150

Here is the IKE Policy View
Policy Name: djsc    
Direction / Type Both    
Exchange Mode: Main    
Enable XAUTH Client: None    
Local Identification
Identifier Type: Local Wan IP    
Local Wan IP: x.x.44.149    
Peer IKE Identification
Identifier Type: Remote Wan IP    
Local Wan IP: x,x.44.148    
IKE SA Parameters
Encryption Algorithm: 3DES    
Authentication Algorithm: SHA-1    
Authentication Method: Pre-shared key    
Pre-Shared Key: xxxxx    
Diffie-Hellman (DH) Group: 2    
SA-Lifetime: 28800 Seconds  

Any help would be sincerely appreciated, i have a company flying in, to install some hardware and I really need this tunnel.  Thanks in advance for any help.


Answer : Gateway to Gateway VPN tunnel problems

Are they running the latest firmware? I found a recent posting at Cisco forums relating to 520W's having the same error and a new firmware supposedly fixed many VPN problems. Also, have you tried rebooting/clearing the SA's? The settings you have look pretty basic and should work fine, I don't see anything out of the ordinary.

I also found a suggestion relating to a Cisco -> Netgear setup where they used a dynamic DNS name and that solved the problem oddly enough.
Random Solutions  
programming4us programming4us