Question : Site to Site VPN Using D-Link DI-804HV and Netgear Prosafe DGFV338 ADSL Routers

We have taken on a new customer who has 4 remote sites which are connected via VPN router to router.

1 site has stopped working. When looking at the VPN logs I get the following messages...

2010 Aug 17 15:21:26 [MC.LUTON-DGFV338] [VPNKA] Peer 10.1.1.254 failed 534 of 3 times_
2010 Aug 17 15:21:26 [MC.LUTON-DGFV338] [VPNKA] Failed to send Keep-Alive Request to _
2010 Aug 17 15:21:33 [MC.LUTON-DGFV338] [IKE] accept a request to establish IKE-SA: 213.123.227.14_
2010 Aug 17 15:21:34 [MC.LUTON-DGFV338] [IKE] Configuration found for 213.123.227.14._
2010 Aug 17 15:21:36 [MC.LUTON-DGFV338] [VPNKA] Peer 10.1.1.254 failed 535 of 3 times_
2010 Aug 17 15:21:36 [MC.LUTON-DGFV338] [VPNKA] Failed to send Keep-Alive Request to _
2010 Aug 17 15:21:40 [MC.LUTON-DGFV338] [IKE] The packet is retransmitted by 222.222.222.22[500]._
2010 Aug 17 15:21:41 [MC.LUTON-DGFV338] [IKE] Ignore information because ISAKMP-SA has not been established yet._
2010 Aug 17 15:21:46 [MC.LUTON-DGFV338] [VPNKA] Peer 10.1.1.254 failed 536 of 3 times_
2010 Aug 17 15:21:46 [MC.LUTON-DGFV338] [VPNKA] Failed to send Keep-Alive Request to _
2010 Aug 17 15:21:50 [MC.LUTON-DGFV338] [IKE] Phase 1 negotiation failed due to time up for 222.222.222.22[500]. 64858552ec1cc8d0:27462c5f9167dded_
2010 Aug 17 15:21:56 [MC.LUTON-DGFV338] [VPNKA] Peer 10.1.1.254 failed 537 of 3 times_
2010 Aug 17 15:21:56 [MC.LUTON-DGFV338] [VPNKA] Failed to send Keep-Alive Request to _
2010 Aug 17 15:22:05 [MC.LUTON-DGFV338] [IKE] Invalid SA protocol type: 0_
2010 Aug 17 15:22:05 [MC.LUTON-DGFV338] [IKE] Phase 2 negotiation failed due to time up waiting for phase1. _
2010 Aug 17 15:22:06 [MC.LUTON-DGFV338] [VPNKA] Peer 10.1.1.254 failed 538 of 3 times_
2010 Aug 17 15:22:06 [MC.LUTON-DGFV338] [VPNKA] Failed to send Keep-Alive Request to _
2010 Aug 17 15:22:06 [MC.LUTON-DGFV338] [IKE] Using IPsec SA configuration: 10.3.1.0/24<->10.1.1.0/24_
2010 Aug 17 15:22:06 [MC.LUTON-DGFV338] [IKE] Configuration found for 222.222.222.22._
2010 Aug 17 15:22:06 [MC.LUTON-DGFV338] [IKE] Initiating new phase 1 negotiation: 222.222.222.22[500]<=>222.222.222.21[500]_
2010 Aug 17 15:22:06 [MC.LUTON-DGFV338] [IKE] Beginning Identity Protection mode._
2010 Aug 17 15:22:12 [MC.LUTON-DGFV338] [IKE] The packet is retransmitted by 222.222.222.22[500]._
2010 Aug 17 15:22:16 [MC.LUTON-DGFV338] [VPNKA] Peer 10.1.1.254 failed 539 of 3 times_
2010 Aug 17 15:22:16 [MC.LUTON-DGFV338] [VPNKA] Failed to send Keep-Alive Request to _
2010 Aug 17 15:22:17 [MC.LUTON-DGFV338] [IKE] The packet is retransmitted by 222.222.222.22[500]._

I have tried to create another VPN using the same settings but still get the same error message. As far as we can tell nothing has changed as the other 3 sites are working fine.

I have update the ADSL and Router firmware on the Netgear Prosafe.

Can anyone help me try and find out whats going on?

Answer : Site to Site VPN Using D-Link DI-804HV and Netgear Prosafe DGFV338 ADSL Routers

After some hours of going over the settings again and again I found the PassPhrase to be incorrect on the D-Link Router.

Recreated the rule again and now connects OK.