Support / Knowledge Base / Greenbow VPN client will fail with a Phase 2 error

Greenbow VPN client will fail with a Phase 2 error

With Digi Cellular firmware 2.13 and above Greenbow VPN client will fail with a Phase 2 error.
This is caused by old obsolete NAT-T draft protocols. Theses protocols will have to be turned off in the Digi. This is a configuration option that can be set from the CLI on the Digi Connect Cellular units.
 
Telnet to the command line and enter the following:
 
#> set vpn global

The output results will be similar to what is below
 
Global VPN Configuration :
antireplay : on
suppress_phase1_lifetimes : off
suppress_delete_sa_for_pfs : off
send_natt_draft_01_id : on
send_natt_draft_02_id : on -These options need to be off
send_natt_draft_03_id :on
dynamic_dns : off
 

To turn off the old NAT-T protocols enter the following commands in the CLI:
set vpn global send_natt_draft_01_id=off
set vpn global send_natt_draft_02_id=off
set vpn global send_natt_draft_03_id=off



After turning the of NAT-T options off verify by entering the following command:
set vpn global

You should see the following:
antireplay : on
suppress_phase1_lifetimes : off
suppress_delete_sa_for_pfs : off
send_natt_draft_01_id : off
send_natt_draft_02_id : off These options should now be off
send_natt_draft_03_id off
dynamic_dns : off


 
Last updated: Aug 23, 2017

Filed Under

Cellular/Transport

Recently Viewed Articles

No recently viewed articles
Contact a Digi expert and get started today! Contact Us