How to allow all IP traffic to and from an external IP address
I have a Cisco PIX 515 in place and a T1 internet connection.
We are trying to access a client's VPN network and when behind the PIX, we can connect but cannot do anything on their network.
When I place the computer on the outside of the PIX, it connects to the VPN and functions perfectly.
What needs to be done to allow this connection to a set external IP address?
We are trying to access a client's VPN network and when behind the PIX, we can connect but cannot do anything on their network.
When I place the computer on the outside of the PIX, it connects to the VPN and functions perfectly.
What needs to be done to allow this connection to a set external IP address?
it could also be that you need no nat statements as that may be what is happening when you are behind the pix.
Do you have the following in your PIX:
fixup protocol esp-ike
Regards,
3nerds
fixup protocol esp-ike
Regards,
3nerds
ASKER
3nerds, no I don't have that line.
What is that command for?
What is that command for?
it enables outbound ipsec traffic.
It will allow the pix to better itranslate that protocol passing through the device and should fix your problem.
Good Luck,
3nerds
Good Luck,
3nerds
ASKER
I will add that fixup line and try.
Before doing anything, I will mention this, we can connect with the Cisco VPN client to the remote site, and the remote admin claims our outbound traffic reaches them, but anything inbound to us is stopped.
Before doing anything, I will mention this, we can connect with the Cisco VPN client to the remote site, and the remote admin claims our outbound traffic reaches them, but anything inbound to us is stopped.
ASKER
fixup protocol esp-ike doesn't work because I have ISAKMP enabled.
I will cleanup my config file and drop it here.
I will cleanup my config file and drop it here.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You have a site to site VPN and are now trying to do a Client vpn out through your pix?
If that is correct try what danf0x suggested, I do recall a bug/limitation with a pix and what you are trying to accomplish. I believe the limitation was fixed in the ASA.
Good Luck,
3nerds
If that is correct try what danf0x suggested, I do recall a bug/limitation with a pix and what you are trying to accomplish. I believe the limitation was fixed in the ASA.
Good Luck,
3nerds
ASKER
I enabled isakmp nat-traversal and same problem. Below is the log from our internal client. I just realized he is using a Mac laptop client, if it matters. He is able to connect to the external VPN when he has his Mac laptop at home on his home network.
Sorry for the long log.
>>>>
Cisco Systems VPN Client Version 4.9.01 (0080)
Copyright (C) 1998-2006 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Mac OS X
Running on: Darwin 9.7.0 Darwin Kernel Version 9.7.0: Tue Mar 31 22:52:17 PDT 2009; root:xnu-1228.12.14~1/RELE
Config file directory: /etc/opt/cisco-vpnclient
1 16:22:30.698 05/28/2009 Sev=Info/4 CM/0x43100002
Begin connection process
2 16:22:30.699 05/28/2009 Sev=Warning/2 CVPND/0x83400011
Error -28 sending packet. Dst Addr: 0xC0A8E1FF, Src Addr: 0xC0A8E101 (DRVIFACE:1158).
3 16:22:30.699 05/28/2009 Sev=Warning/2 CVPND/0x83400011
Error -28 sending packet. Dst Addr: 0xC0A84CFF, Src Addr: 0xC0A84C01 (DRVIFACE:1158).
4 16:22:30.699 05/28/2009 Sev=Info/4 CM/0x43100004
Establish secure connection using Ethernet
5 16:22:30.699 05/28/2009 Sev=Info/4 CM/0x43100024
Attempt connection with server "abc.clientname.com"
6 16:22:30.749 05/28/2009 Sev=Info/4 CVPND/0x43400019
Privilege Separation: binding to port: (500).
7 16:22:30.749 05/28/2009 Sev=Info/4 CVPND/0x43400019
Privilege Separation: binding to port: (4500).
8 16:22:30.749 05/28/2009 Sev=Info/6 IKE/0x4300003B
Attempting to establish a connection with aaa.bbb.ccc.ddd.
9 16:22:30.826 05/28/2009 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Unity)) to aaa.bbb.ccc.ddd
10 16:22:30.878 05/28/2009 Sev=Info/4 IPSEC/0x43700008
IPSec driver successfully started
11 16:22:30.878 05/28/2009 Sev=Info/4 IPSEC/0x43700014
Deleted all keys
12 16:22:30.878 05/28/2009 Sev=Info/6 IPSEC/0x4370002C
Sent 113 packets, 0 were fragmented.
13 16:22:31.145 05/28/2009 Sev=Info/5 IKE/0x4300002F
Received ISAKMP packet: peer = aaa.bbb.ccc.ddd
14 16:22:31.145 05/28/2009 Sev=Info/4 IKE/0x43000014
RECEIVING <<< ISAKMP OAK AG (SA, KE, NON, ID, HASH, VID(Unity), VID(Xauth), VID(dpd), VID(Frag), VID(?), VID(?)) from aaa.bbb.ccc.ddd
15 16:22:31.145 05/28/2009 Sev=Info/5 IKE/0x43000001
Peer is a Cisco-Unity compliant peer
16 16:22:31.145 05/28/2009 Sev=Info/5 IKE/0x43000001
Peer supports XAUTH
17 16:22:31.145 05/28/2009 Sev=Info/5 IKE/0x43000001
Peer supports DPD
18 16:22:31.145 05/28/2009 Sev=Info/5 IKE/0x43000001
Peer supports DWR Code and DWR Text
19 16:22:31.225 05/28/2009 Sev=Info/6 IKE/0x43000001
IOS Vendor ID Contruction successful
20 16:22:31.225 05/28/2009 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONT
21 16:22:31.225 05/28/2009 Sev=Info/4 IKE/0x43000083
IKE Port in use - Local Port = 0x01F4, Remote Port = 0x01F4
22 16:22:31.225 05/28/2009 Sev=Info/4 CM/0x4310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
23 16:22:31.367 05/28/2009 Sev=Info/5 IKE/0x4300002F
Received ISAKMP packet: peer = aaa.bbb.ccc.ddd
24 16:22:31.367 05/28/2009 Sev=Info/4 IKE/0x43000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from aaa.bbb.ccc.ddd
25 16:22:31.367 05/28/2009 Sev=Info/4 CM/0x43100015
Launch xAuth application
26 16:22:37.603 05/28/2009 Sev=Info/4 CM/0x43100017
xAuth application returned
27 16:22:37.603 05/28/2009 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to aaa.bbb.ccc.ddd
28 16:22:40.512 05/28/2009 Sev=Info/5 IKE/0x4300002F
Received ISAKMP packet: peer = aaa.bbb.ccc.ddd
29 16:22:40.513 05/28/2009 Sev=Info/4 IKE/0x43000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from aaa.bbb.ccc.ddd
30 16:22:40.513 05/28/2009 Sev=Info/4 CM/0x43100015
Launch xAuth application
31 16:22:47.451 05/28/2009 Sev=Info/4 CM/0x43100017
xAuth application returned
32 16:22:47.452 05/28/2009 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to aaa.bbb.ccc.ddd
33 16:22:54.859 05/28/2009 Sev=Info/5 IKE/0x4300002F
Received ISAKMP packet: peer = aaa.bbb.ccc.ddd
34 16:22:54.860 05/28/2009 Sev=Info/4 IKE/0x43000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from aaa.bbb.ccc.ddd
35 16:22:54.860 05/28/2009 Sev=Info/4 CM/0x43100015
Launch xAuth application
36 16:23:11.388 05/28/2009 Sev=Info/4 CM/0x43100017
xAuth application returned
37 16:23:11.388 05/28/2009 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to aaa.bbb.ccc.ddd
38 16:23:18.393 05/28/2009 Sev=Info/5 IKE/0x4300002F
Received ISAKMP packet: peer = aaa.bbb.ccc.ddd
39 16:23:18.393 05/28/2009 Sev=Info/4 IKE/0x43000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from aaa.bbb.ccc.ddd
40 16:23:18.393 05/28/2009 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to aaa.bbb.ccc.ddd
41 16:23:18.393 05/28/2009 Sev=Info/4 IKE/0x43000017
Marking IKE SA for deletion (I_Cookie=FF77BA907A32E01A
42 16:23:18.393 05/28/2009 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK INFO *(HASH, DWR) to aaa.bbb.ccc.ddd
43 16:23:19.378 05/28/2009 Sev=Info/4 IKE/0x4300004B
Discarding IKE SA negotiation (I_Cookie=FF77BA907A32E01A
44 16:23:19.379 05/28/2009 Sev=Info/4 CM/0x43100014
Unable to establish Phase 1 SA with server "abc.clientname.com" because of "DEL_REASON_WE_FAILED_AUTH
45 16:23:19.379 05/28/2009 Sev=Info/5 CM/0x43100025
Initializing CVPNDrv
46 16:23:19.379 05/28/2009 Sev=Info/4 CVPND/0x4340001F
Privilege Separation: restoring MTU on primary interface.
47 16:23:19.379 05/28/2009 Sev=Info/4 IKE/0x43000001
IKE received signal to terminate VPN connection
48 16:23:19.380 05/28/2009 Sev=Info/4 IPSEC/0x43700014
Deleted all keys
49 16:23:19.380 05/28/2009 Sev=Info/4 IPSEC/0x43700014
Deleted all keys
50 16:23:19.380 05/28/2009 Sev=Info/4 IPSEC/0x43700014
Deleted all keys
51 16:23:19.380 05/28/2009 Sev=Info/4 IPSEC/0x4370000A
IPSec driver successfully stopped
52 16:23:40.020 05/28/2009 Sev=Info/4 CM/0x43100002
Begin connection process
53 16:23:40.020 05/28/2009 Sev=Warning/2 CVPND/0x83400011
Error -28 sending packet. Dst Addr: 0xC0A8E1FF, Src Addr: 0xC0A8E101 (DRVIFACE:1158).
54 16:23:40.020 05/28/2009 Sev=Warning/2 CVPND/0x83400011
Error -28 sending packet. Dst Addr: 0xC0A84CFF, Src Addr: 0xC0A84C01 (DRVIFACE:1158).
55 16:23:40.023 05/28/2009 Sev=Info/4 CM/0x43100004
Establish secure connection using Ethernet
56 16:23:40.023 05/28/2009 Sev=Info/4 CM/0x43100024
Attempt connection with server "abc.clientname.com"
57 16:23:40.023 05/28/2009 Sev=Info/4 CVPND/0x43400019
Privilege Separation: binding to port: (500).
58 16:23:40.024 05/28/2009 Sev=Info/4 CVPND/0x43400019
Privilege Separation: binding to port: (4500).
59 16:23:40.024 05/28/2009 Sev=Info/6 IKE/0x4300003B
Attempting to establish a connection with aaa.bbb.ccc.ddd.
60 16:23:40.116 05/28/2009 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Unity)) to aaa.bbb.ccc.ddd
61 16:23:40.507 05/28/2009 Sev=Info/4 IPSEC/0x43700008
IPSec driver successfully started
62 16:23:40.507 05/28/2009 Sev=Info/4 IPSEC/0x43700014
Deleted all keys
63 16:23:40.507 05/28/2009 Sev=Info/5 IKE/0x4300002F
Received ISAKMP packet: peer = aaa.bbb.ccc.ddd
64 16:23:40.508 05/28/2009 Sev=Info/4 IKE/0x43000014
RECEIVING <<< ISAKMP OAK AG (SA, KE, NON, ID, HASH, VID(Unity), VID(Xauth), VID(dpd), VID(Frag), VID(?), VID(?)) from aaa.bbb.ccc.ddd
65 16:23:40.508 05/28/2009 Sev=Info/5 IKE/0x43000001
Peer is a Cisco-Unity compliant peer
66 16:23:40.508 05/28/2009 Sev=Info/5 IKE/0x43000001
Peer supports XAUTH
67 16:23:40.508 05/28/2009 Sev=Info/5 IKE/0x43000001
Peer supports DPD
68 16:23:40.508 05/28/2009 Sev=Info/5 IKE/0x43000001
Peer supports DWR Code and DWR Text
69 16:23:40.620 05/28/2009 Sev=Info/6 IKE/0x43000001
IOS Vendor ID Contruction successful
70 16:23:40.620 05/28/2009 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONT
71 16:23:40.620 05/28/2009 Sev=Info/4 IKE/0x43000083
IKE Port in use - Local Port = 0x01F4, Remote Port = 0x01F4
72 16:23:40.620 05/28/2009 Sev=Info/4 CM/0x4310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
73 16:23:40.720 05/28/2009 Sev=Info/5 IKE/0x4300002F
Received ISAKMP packet: peer = aaa.bbb.ccc.ddd
74 16:23:40.720 05/28/2009 Sev=Info/4 IKE/0x43000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from aaa.bbb.ccc.ddd
75 16:23:40.721 05/28/2009 Sev=Info/4 CM/0x43100015
Launch xAuth application
76 16:23:49.396 05/28/2009 Sev=Info/4 CM/0x43100017
xAuth application returned
77 16:23:49.396 05/28/2009 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to aaa.bbb.ccc.ddd
78 16:23:56.403 05/28/2009 Sev=Info/5 IKE/0x4300002F
Received ISAKMP packet: peer = aaa.bbb.ccc.ddd
79 16:23:56.403 05/28/2009 Sev=Info/4 IKE/0x43000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from aaa.bbb.ccc.ddd
80 16:23:56.403 05/28/2009 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to aaa.bbb.ccc.ddd
81 16:23:56.403 05/28/2009 Sev=Info/4 CM/0x4310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system
82 16:23:56.404 05/28/2009 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to aaa.bbb.ccc.ddd
83 16:23:56.531 05/28/2009 Sev=Info/5 IKE/0x4300002F
Received ISAKMP packet: peer = aaa.bbb.ccc.ddd
84 16:23:56.531 05/28/2009 Sev=Info/4 IKE/0x43000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from aaa.bbb.ccc.ddd
85 16:23:56.531 05/28/2009 Sev=Info/5 IKE/0x43000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_ADDRESS: , value = 10.131.162.95
86 16:23:56.531 05/28/2009 Sev=Info/5 IKE/0x43000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_NETMASK: , value = 255.255.254.0
87 16:23:56.531 05/28/2009 Sev=Info/5 IKE/0x43000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS(1): , value = 10.130.3.250
88 16:23:56.531 05/28/2009 Sev=Info/5 IKE/0x43000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS(2): , value = 10.130.3.254
89 16:23:56.531 05/28/2009 Sev=Info/5 IKE/0x43000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_NBNS(1) (a.k.a. WINS) : , value = 10.130.3.238
90 16:23:56.531 05/28/2009 Sev=Info/5 IKE/0x43000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_NBNS(2) (a.k.a. WINS) : , value = 10.1.20.221
91 16:23:56.531 05/28/2009 Sev=Info/5 IKE/0x4300000E
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_BANNER, value = This equipment is the property of ClientNAME. and is intended for use by employees and authorized agents of ClientNAME. in accordance with its stated policies. Unauthorized access or use of this system, or use in excess of that which is authorized, may subject you to disciplinary action and possible civil or criminal prosecution.
92 16:23:56.531 05/28/2009 Sev=Info/5 IKE/0x4300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SAVEPWD: , value = 0x00000000
93 16:23:56.531 05/28/2009 Sev=Info/5 IKE/0x4300000E
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_DEFDOMAIN: , value = ClientNAME.com
94 16:23:56.531 05/28/2009 Sev=Info/5 IKE/0x4300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_PFS: , value = 0x00000000
95 16:23:56.531 05/28/2009 Sev=Info/5 IKE/0x4300000E
MODE_CFG_REPLY: Attribute = APPLICATION_VERSION, value = Cisco Systems, Inc./VPN 3000 Concentrator Version 4.7.1.Rel built by NAME on Jun 01 2005 02:16:46
96 16:23:56.531 05/28/2009 Sev=Info/4 CVPND/0x43400018
Privilege Separation: opening file: (/etc/opt/cisco-vpnclient/
97 16:23:56.532 05/28/2009 Sev=Info/4 CM/0x43100019
Mode Config data received
98 16:23:56.533 05/28/2009 Sev=Info/4 IKE/0x43000056
Received a key request from Driver: Local IP = 192.168.7.160, GW IP = aaa.bbb.ccc.ddd, Remote IP = 0.0.0.0
99 16:23:56.533 05/28/2009 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID) to aaa.bbb.ccc.ddd
100 16:23:56.660 05/28/2009 Sev=Info/5 IKE/0x4300002F
Received ISAKMP packet: peer = aaa.bbb.ccc.ddd
101 16:23:56.660 05/28/2009 Sev=Info/4 IKE/0x43000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIM
102 16:23:56.660 05/28/2009 Sev=Info/5 IKE/0x43000045
RESPONDER-LIFETIME notify has value of 86400 seconds
103 16:23:56.660 05/28/2009 Sev=Info/5 IKE/0x43000047
This SA has already been alive for 16 seconds, setting expiry to 86384 seconds from now
104 16:23:56.660 05/28/2009 Sev=Info/5 IKE/0x4300002F
Received ISAKMP packet: peer = aaa.bbb.ccc.ddd
105 16:23:56.660 05/28/2009 Sev=Info/4 IKE/0x43000014
RECEIVING <<< ISAKMP OAK QM *(HASH, SA, NON, ID, ID, NOTIFY:STATUS_RESP_LIFETIM
106 16:23:56.660 05/28/2009 Sev=Info/5 IKE/0x43000045
RESPONDER-LIFETIME notify has value of 28800 seconds
107 16:23:56.660 05/28/2009 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK QM *(HASH) to aaa.bbb.ccc.ddd
108 16:23:56.660 05/28/2009 Sev=Info/5 IKE/0x43000059
Loading IPsec SA (MsgID=15B5349D OUTBOUND SPI = 0x6DEE5D93 INBOUND SPI = 0xDD60B3D9)
109 16:23:56.661 05/28/2009 Sev=Info/5 IKE/0x43000025
Loaded OUTBOUND ESP SPI: 0x6DEE5D93
110 16:23:56.661 05/28/2009 Sev=Info/5 IKE/0x43000026
Loaded INBOUND ESP SPI: 0xDD60B3D9
111 16:23:56.661 05/28/2009 Sev=Info/4 CM/0x4310001A
One secure connection established
112 16:23:56.661 05/28/2009 Sev=Info/4 CVPND/0x4340001E
Privilege Separation: reducing MTU on primary interface.
113 16:23:56.662 05/28/2009 Sev=Info/4 CVPND/0x4340001B
Privilege Separation: backing up resolv.conf file.
114 16:23:56.716 05/28/2009 Sev=Info/4 CVPND/0x4340001D
Privilege Separation: chown( /var/run/resolv.conf.vpnba
115 16:23:56.717 05/28/2009 Sev=Info/4 CVPND/0x43400018
Privilege Separation: opening file: (/var/run/resolv.conf).
116 16:23:56.722 05/28/2009 Sev=Info/4 CM/0x4310003B
Address watch added for 192.168.7.160. Current hostname: MacBook-Pro.local, Current address(es): 192.168.7.160, 192.168.225.1, 192.168.76.1.
117 16:23:57.021 05/28/2009 Sev=Info/4 IPSEC/0x43700014
Deleted all keys
118 16:23:57.021 05/28/2009 Sev=Info/4 IPSEC/0x43700010
Created a new key structure
119 16:23:57.021 05/28/2009 Sev=Info/4 IPSEC/0x4370000F
Added key with SPI=0x935dee6d into key list
120 16:23:57.021 05/28/2009 Sev=Info/4 IPSEC/0x43700010
Created a new key structure
121 16:23:57.021 05/28/2009 Sev=Info/4 IPSEC/0x4370000F
Added key with SPI=0xd9b360dd into key list
122 16:24:07.380 05/28/2009 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to aaa.bbb.ccc.ddd
123 16:24:07.380 05/28/2009 Sev=Info/6 IKE/0x4300003D
Sending DPD request to aaa.bbb.ccc.ddd, our seq# = 699723002
124 16:24:07.495 05/28/2009 Sev=Info/5 IKE/0x4300002F
Received ISAKMP packet: peer = aaa.bbb.ccc.ddd
125 16:24:07.495 05/28/2009 Sev=Info/4 IKE/0x43000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from aaa.bbb.ccc.ddd
126 16:24:07.495 05/28/2009 Sev=Info/5 IKE/0x43000040
Received DPD ACK from aaa.bbb.ccc.ddd, seq# received = 699723002, seq# expected = 699723002
127 16:24:17.880 05/28/2009 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to aaa.bbb.ccc.ddd
128 16:24:17.880 05/28/2009 Sev=Info/6 IKE/0x4300003D
Sending DPD request to aaa.bbb.ccc.ddd, our seq# = 699723003
129 16:24:17.984 05/28/2009 Sev=Info/5 IKE/0x4300002F
Received ISAKMP packet: peer = aaa.bbb.ccc.ddd
130 16:24:17.984 05/28/2009 Sev=Info/4 IKE/0x43000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from aaa.bbb.ccc.ddd
131 16:24:17.984 05/28/2009 Sev=Info/5 IKE/0x43000040
Received DPD ACK from aaa.bbb.ccc.ddd, seq# received = 699723003, seq# expected = 699723003
132 16:24:28.380 05/28/2009 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to aaa.bbb.ccc.ddd
133 16:24:28.380 05/28/2009 Sev=Info/6 IKE/0x4300003D
Sending DPD request to aaa.bbb.ccc.ddd, our seq# = 699723004
134 16:24:28.482 05/28/2009 Sev=Info/5 IKE/0x4300002F
Received ISAKMP packet: peer = aaa.bbb.ccc.ddd
135 16:24:28.482 05/28/2009 Sev=Info/4 IKE/0x43000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from aaa.bbb.ccc.ddd
136 16:24:28.482 05/28/2009 Sev=Info/5 IKE/0x43000040
Received DPD ACK from aaa.bbb.ccc.ddd, seq# received = 699723004, seq# expected = 699723004
137 16:24:38.880 05/28/2009 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to aaa.bbb.ccc.ddd
138 16:24:38.880 05/28/2009 Sev=Info/6 IKE/0x4300003D
Sending DPD request to aaa.bbb.ccc.ddd, our seq# = 699723005
139 16:24:38.991 05/28/2009 Sev=Info/5 IKE/0x4300002F
Received ISAKMP packet: peer = aaa.bbb.ccc.ddd
140 16:24:38.991 05/28/2009 Sev=Info/4 IKE/0x43000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from aaa.bbb.ccc.ddd
141 16:24:38.991 05/28/2009 Sev=Info/5 IKE/0x43000040
Received DPD ACK from aaa.bbb.ccc.ddd, seq# received = 699723005, seq# expected = 699723005
142 16:24:49.380 05/28/2009 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to aaa.bbb.ccc.ddd
143 16:24:49.380 05/28/2009 Sev=Info/6 IKE/0x4300003D
Sending DPD request to aaa.bbb.ccc.ddd, our seq# = 699723006
144 16:24:49.488 05/28/2009 Sev=Info/5 IKE/0x4300002F
Received ISAKMP packet: peer = aaa.bbb.ccc.ddd
145 16:24:49.488 05/28/2009 Sev=Info/4 IKE/0x43000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from aaa.bbb.ccc.ddd
146 16:24:49.489 05/28/2009 Sev=Info/5 IKE/0x43000040
Received DPD ACK from aaa.bbb.ccc.ddd, seq# received = 699723006, seq# expected = 699723006
147 16:24:59.880 05/28/2009 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to aaa.bbb.ccc.ddd
148 16:24:59.881 05/28/2009 Sev=Info/6 IKE/0x4300003D
Sending DPD request to aaa.bbb.ccc.ddd, our seq# = 699723007
149 16:24:59.998 05/28/2009 Sev=Info/5 IKE/0x4300002F
Received ISAKMP packet: peer = aaa.bbb.ccc.ddd
150 16:24:59.998 05/28/2009 Sev=Info/4 IKE/0x43000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from aaa.bbb.ccc.ddd
151 16:24:59.998 05/28/2009 Sev=Info/5 IKE/0x43000040
Received DPD ACK from aaa.bbb.ccc.ddd, seq# received = 699723007, seq# expected = 699723007
152 16:25:10.881 05/28/2009 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to aaa.bbb.ccc.ddd
153 16:25:10.881 05/28/2009 Sev=Info/6 IKE/0x4300003D
Sending DPD request to aaa.bbb.ccc.ddd, our seq# = 699723008
154 16:25:15.881 05/28/2009 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to aaa.bbb.ccc.ddd
155 16:25:15.881 05/28/2009 Sev=Info/6 IKE/0x4300003D
Sending DPD request to aaa.bbb.ccc.ddd, our seq# = 699723009
156 16:25:16.002 05/28/2009 Sev=Info/5 IKE/0x4300002F
Received ISAKMP packet: peer = aaa.bbb.ccc.ddd
157 16:25:16.002 05/28/2009 Sev=Info/4 IKE/0x43000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from aaa.bbb.ccc.ddd
158 16:25:16.002 05/28/2009 Sev=Info/5 IKE/0x43000040
Received DPD ACK from aaa.bbb.ccc.ddd, seq# received = 699723009, seq# expected = 699723009
159 16:25:26.381 05/28/2009 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to aaa.bbb.ccc.ddd
160 16:25:26.381 05/28/2009 Sev=Info/6 IKE/0x4300003D
Sending DPD request to aaa.bbb.ccc.ddd, our seq# = 699723010
161 16:25:26.482 05/28/2009 Sev=Info/5 IKE/0x4300002F
Received ISAKMP packet: peer = aaa.bbb.ccc.ddd
162 16:25:26.482 05/28/2009 Sev=Info/4 IKE/0x43000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from aaa.bbb.ccc.ddd
163 16:25:26.482 05/28/2009 Sev=Info/5 IKE/0x43000040
Received DPD ACK from aaa.bbb.ccc.ddd, seq# received = 699723010, seq# expected = 699723010
Sorry for the long log.
>>>>
Cisco Systems VPN Client Version 4.9.01 (0080)
Copyright (C) 1998-2006 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Mac OS X
Running on: Darwin 9.7.0 Darwin Kernel Version 9.7.0: Tue Mar 31 22:52:17 PDT 2009; root:xnu-1228.12.14~1/RELE
Config file directory: /etc/opt/cisco-vpnclient
1 16:22:30.698 05/28/2009 Sev=Info/4 CM/0x43100002
Begin connection process
2 16:22:30.699 05/28/2009 Sev=Warning/2 CVPND/0x83400011
Error -28 sending packet. Dst Addr: 0xC0A8E1FF, Src Addr: 0xC0A8E101 (DRVIFACE:1158).
3 16:22:30.699 05/28/2009 Sev=Warning/2 CVPND/0x83400011
Error -28 sending packet. Dst Addr: 0xC0A84CFF, Src Addr: 0xC0A84C01 (DRVIFACE:1158).
4 16:22:30.699 05/28/2009 Sev=Info/4 CM/0x43100004
Establish secure connection using Ethernet
5 16:22:30.699 05/28/2009 Sev=Info/4 CM/0x43100024
Attempt connection with server "abc.clientname.com"
6 16:22:30.749 05/28/2009 Sev=Info/4 CVPND/0x43400019
Privilege Separation: binding to port: (500).
7 16:22:30.749 05/28/2009 Sev=Info/4 CVPND/0x43400019
Privilege Separation: binding to port: (4500).
8 16:22:30.749 05/28/2009 Sev=Info/6 IKE/0x4300003B
Attempting to establish a connection with aaa.bbb.ccc.ddd.
9 16:22:30.826 05/28/2009 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Unity)) to aaa.bbb.ccc.ddd
10 16:22:30.878 05/28/2009 Sev=Info/4 IPSEC/0x43700008
IPSec driver successfully started
11 16:22:30.878 05/28/2009 Sev=Info/4 IPSEC/0x43700014
Deleted all keys
12 16:22:30.878 05/28/2009 Sev=Info/6 IPSEC/0x4370002C
Sent 113 packets, 0 were fragmented.
13 16:22:31.145 05/28/2009 Sev=Info/5 IKE/0x4300002F
Received ISAKMP packet: peer = aaa.bbb.ccc.ddd
14 16:22:31.145 05/28/2009 Sev=Info/4 IKE/0x43000014
RECEIVING <<< ISAKMP OAK AG (SA, KE, NON, ID, HASH, VID(Unity), VID(Xauth), VID(dpd), VID(Frag), VID(?), VID(?)) from aaa.bbb.ccc.ddd
15 16:22:31.145 05/28/2009 Sev=Info/5 IKE/0x43000001
Peer is a Cisco-Unity compliant peer
16 16:22:31.145 05/28/2009 Sev=Info/5 IKE/0x43000001
Peer supports XAUTH
17 16:22:31.145 05/28/2009 Sev=Info/5 IKE/0x43000001
Peer supports DPD
18 16:22:31.145 05/28/2009 Sev=Info/5 IKE/0x43000001
Peer supports DWR Code and DWR Text
19 16:22:31.225 05/28/2009 Sev=Info/6 IKE/0x43000001
IOS Vendor ID Contruction successful
20 16:22:31.225 05/28/2009 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONT
21 16:22:31.225 05/28/2009 Sev=Info/4 IKE/0x43000083
IKE Port in use - Local Port = 0x01F4, Remote Port = 0x01F4
22 16:22:31.225 05/28/2009 Sev=Info/4 CM/0x4310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
23 16:22:31.367 05/28/2009 Sev=Info/5 IKE/0x4300002F
Received ISAKMP packet: peer = aaa.bbb.ccc.ddd
24 16:22:31.367 05/28/2009 Sev=Info/4 IKE/0x43000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from aaa.bbb.ccc.ddd
25 16:22:31.367 05/28/2009 Sev=Info/4 CM/0x43100015
Launch xAuth application
26 16:22:37.603 05/28/2009 Sev=Info/4 CM/0x43100017
xAuth application returned
27 16:22:37.603 05/28/2009 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to aaa.bbb.ccc.ddd
28 16:22:40.512 05/28/2009 Sev=Info/5 IKE/0x4300002F
Received ISAKMP packet: peer = aaa.bbb.ccc.ddd
29 16:22:40.513 05/28/2009 Sev=Info/4 IKE/0x43000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from aaa.bbb.ccc.ddd
30 16:22:40.513 05/28/2009 Sev=Info/4 CM/0x43100015
Launch xAuth application
31 16:22:47.451 05/28/2009 Sev=Info/4 CM/0x43100017
xAuth application returned
32 16:22:47.452 05/28/2009 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to aaa.bbb.ccc.ddd
33 16:22:54.859 05/28/2009 Sev=Info/5 IKE/0x4300002F
Received ISAKMP packet: peer = aaa.bbb.ccc.ddd
34 16:22:54.860 05/28/2009 Sev=Info/4 IKE/0x43000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from aaa.bbb.ccc.ddd
35 16:22:54.860 05/28/2009 Sev=Info/4 CM/0x43100015
Launch xAuth application
36 16:23:11.388 05/28/2009 Sev=Info/4 CM/0x43100017
xAuth application returned
37 16:23:11.388 05/28/2009 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to aaa.bbb.ccc.ddd
38 16:23:18.393 05/28/2009 Sev=Info/5 IKE/0x4300002F
Received ISAKMP packet: peer = aaa.bbb.ccc.ddd
39 16:23:18.393 05/28/2009 Sev=Info/4 IKE/0x43000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from aaa.bbb.ccc.ddd
40 16:23:18.393 05/28/2009 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to aaa.bbb.ccc.ddd
41 16:23:18.393 05/28/2009 Sev=Info/4 IKE/0x43000017
Marking IKE SA for deletion (I_Cookie=FF77BA907A32E01A
42 16:23:18.393 05/28/2009 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK INFO *(HASH, DWR) to aaa.bbb.ccc.ddd
43 16:23:19.378 05/28/2009 Sev=Info/4 IKE/0x4300004B
Discarding IKE SA negotiation (I_Cookie=FF77BA907A32E01A
44 16:23:19.379 05/28/2009 Sev=Info/4 CM/0x43100014
Unable to establish Phase 1 SA with server "abc.clientname.com" because of "DEL_REASON_WE_FAILED_AUTH
45 16:23:19.379 05/28/2009 Sev=Info/5 CM/0x43100025
Initializing CVPNDrv
46 16:23:19.379 05/28/2009 Sev=Info/4 CVPND/0x4340001F
Privilege Separation: restoring MTU on primary interface.
47 16:23:19.379 05/28/2009 Sev=Info/4 IKE/0x43000001
IKE received signal to terminate VPN connection
48 16:23:19.380 05/28/2009 Sev=Info/4 IPSEC/0x43700014
Deleted all keys
49 16:23:19.380 05/28/2009 Sev=Info/4 IPSEC/0x43700014
Deleted all keys
50 16:23:19.380 05/28/2009 Sev=Info/4 IPSEC/0x43700014
Deleted all keys
51 16:23:19.380 05/28/2009 Sev=Info/4 IPSEC/0x4370000A
IPSec driver successfully stopped
52 16:23:40.020 05/28/2009 Sev=Info/4 CM/0x43100002
Begin connection process
53 16:23:40.020 05/28/2009 Sev=Warning/2 CVPND/0x83400011
Error -28 sending packet. Dst Addr: 0xC0A8E1FF, Src Addr: 0xC0A8E101 (DRVIFACE:1158).
54 16:23:40.020 05/28/2009 Sev=Warning/2 CVPND/0x83400011
Error -28 sending packet. Dst Addr: 0xC0A84CFF, Src Addr: 0xC0A84C01 (DRVIFACE:1158).
55 16:23:40.023 05/28/2009 Sev=Info/4 CM/0x43100004
Establish secure connection using Ethernet
56 16:23:40.023 05/28/2009 Sev=Info/4 CM/0x43100024
Attempt connection with server "abc.clientname.com"
57 16:23:40.023 05/28/2009 Sev=Info/4 CVPND/0x43400019
Privilege Separation: binding to port: (500).
58 16:23:40.024 05/28/2009 Sev=Info/4 CVPND/0x43400019
Privilege Separation: binding to port: (4500).
59 16:23:40.024 05/28/2009 Sev=Info/6 IKE/0x4300003B
Attempting to establish a connection with aaa.bbb.ccc.ddd.
60 16:23:40.116 05/28/2009 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Unity)) to aaa.bbb.ccc.ddd
61 16:23:40.507 05/28/2009 Sev=Info/4 IPSEC/0x43700008
IPSec driver successfully started
62 16:23:40.507 05/28/2009 Sev=Info/4 IPSEC/0x43700014
Deleted all keys
63 16:23:40.507 05/28/2009 Sev=Info/5 IKE/0x4300002F
Received ISAKMP packet: peer = aaa.bbb.ccc.ddd
64 16:23:40.508 05/28/2009 Sev=Info/4 IKE/0x43000014
RECEIVING <<< ISAKMP OAK AG (SA, KE, NON, ID, HASH, VID(Unity), VID(Xauth), VID(dpd), VID(Frag), VID(?), VID(?)) from aaa.bbb.ccc.ddd
65 16:23:40.508 05/28/2009 Sev=Info/5 IKE/0x43000001
Peer is a Cisco-Unity compliant peer
66 16:23:40.508 05/28/2009 Sev=Info/5 IKE/0x43000001
Peer supports XAUTH
67 16:23:40.508 05/28/2009 Sev=Info/5 IKE/0x43000001
Peer supports DPD
68 16:23:40.508 05/28/2009 Sev=Info/5 IKE/0x43000001
Peer supports DWR Code and DWR Text
69 16:23:40.620 05/28/2009 Sev=Info/6 IKE/0x43000001
IOS Vendor ID Contruction successful
70 16:23:40.620 05/28/2009 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONT
71 16:23:40.620 05/28/2009 Sev=Info/4 IKE/0x43000083
IKE Port in use - Local Port = 0x01F4, Remote Port = 0x01F4
72 16:23:40.620 05/28/2009 Sev=Info/4 CM/0x4310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
73 16:23:40.720 05/28/2009 Sev=Info/5 IKE/0x4300002F
Received ISAKMP packet: peer = aaa.bbb.ccc.ddd
74 16:23:40.720 05/28/2009 Sev=Info/4 IKE/0x43000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from aaa.bbb.ccc.ddd
75 16:23:40.721 05/28/2009 Sev=Info/4 CM/0x43100015
Launch xAuth application
76 16:23:49.396 05/28/2009 Sev=Info/4 CM/0x43100017
xAuth application returned
77 16:23:49.396 05/28/2009 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to aaa.bbb.ccc.ddd
78 16:23:56.403 05/28/2009 Sev=Info/5 IKE/0x4300002F
Received ISAKMP packet: peer = aaa.bbb.ccc.ddd
79 16:23:56.403 05/28/2009 Sev=Info/4 IKE/0x43000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from aaa.bbb.ccc.ddd
80 16:23:56.403 05/28/2009 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to aaa.bbb.ccc.ddd
81 16:23:56.403 05/28/2009 Sev=Info/4 CM/0x4310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system
82 16:23:56.404 05/28/2009 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to aaa.bbb.ccc.ddd
83 16:23:56.531 05/28/2009 Sev=Info/5 IKE/0x4300002F
Received ISAKMP packet: peer = aaa.bbb.ccc.ddd
84 16:23:56.531 05/28/2009 Sev=Info/4 IKE/0x43000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from aaa.bbb.ccc.ddd
85 16:23:56.531 05/28/2009 Sev=Info/5 IKE/0x43000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_ADDRESS: , value = 10.131.162.95
86 16:23:56.531 05/28/2009 Sev=Info/5 IKE/0x43000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_NETMASK: , value = 255.255.254.0
87 16:23:56.531 05/28/2009 Sev=Info/5 IKE/0x43000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS(1): , value = 10.130.3.250
88 16:23:56.531 05/28/2009 Sev=Info/5 IKE/0x43000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS(2): , value = 10.130.3.254
89 16:23:56.531 05/28/2009 Sev=Info/5 IKE/0x43000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_NBNS(1) (a.k.a. WINS) : , value = 10.130.3.238
90 16:23:56.531 05/28/2009 Sev=Info/5 IKE/0x43000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_NBNS(2) (a.k.a. WINS) : , value = 10.1.20.221
91 16:23:56.531 05/28/2009 Sev=Info/5 IKE/0x4300000E
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_BANNER, value = This equipment is the property of ClientNAME. and is intended for use by employees and authorized agents of ClientNAME. in accordance with its stated policies. Unauthorized access or use of this system, or use in excess of that which is authorized, may subject you to disciplinary action and possible civil or criminal prosecution.
92 16:23:56.531 05/28/2009 Sev=Info/5 IKE/0x4300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SAVEPWD: , value = 0x00000000
93 16:23:56.531 05/28/2009 Sev=Info/5 IKE/0x4300000E
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_DEFDOMAIN: , value = ClientNAME.com
94 16:23:56.531 05/28/2009 Sev=Info/5 IKE/0x4300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_PFS: , value = 0x00000000
95 16:23:56.531 05/28/2009 Sev=Info/5 IKE/0x4300000E
MODE_CFG_REPLY: Attribute = APPLICATION_VERSION, value = Cisco Systems, Inc./VPN 3000 Concentrator Version 4.7.1.Rel built by NAME on Jun 01 2005 02:16:46
96 16:23:56.531 05/28/2009 Sev=Info/4 CVPND/0x43400018
Privilege Separation: opening file: (/etc/opt/cisco-vpnclient/
97 16:23:56.532 05/28/2009 Sev=Info/4 CM/0x43100019
Mode Config data received
98 16:23:56.533 05/28/2009 Sev=Info/4 IKE/0x43000056
Received a key request from Driver: Local IP = 192.168.7.160, GW IP = aaa.bbb.ccc.ddd, Remote IP = 0.0.0.0
99 16:23:56.533 05/28/2009 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID) to aaa.bbb.ccc.ddd
100 16:23:56.660 05/28/2009 Sev=Info/5 IKE/0x4300002F
Received ISAKMP packet: peer = aaa.bbb.ccc.ddd
101 16:23:56.660 05/28/2009 Sev=Info/4 IKE/0x43000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIM
102 16:23:56.660 05/28/2009 Sev=Info/5 IKE/0x43000045
RESPONDER-LIFETIME notify has value of 86400 seconds
103 16:23:56.660 05/28/2009 Sev=Info/5 IKE/0x43000047
This SA has already been alive for 16 seconds, setting expiry to 86384 seconds from now
104 16:23:56.660 05/28/2009 Sev=Info/5 IKE/0x4300002F
Received ISAKMP packet: peer = aaa.bbb.ccc.ddd
105 16:23:56.660 05/28/2009 Sev=Info/4 IKE/0x43000014
RECEIVING <<< ISAKMP OAK QM *(HASH, SA, NON, ID, ID, NOTIFY:STATUS_RESP_LIFETIM
106 16:23:56.660 05/28/2009 Sev=Info/5 IKE/0x43000045
RESPONDER-LIFETIME notify has value of 28800 seconds
107 16:23:56.660 05/28/2009 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK QM *(HASH) to aaa.bbb.ccc.ddd
108 16:23:56.660 05/28/2009 Sev=Info/5 IKE/0x43000059
Loading IPsec SA (MsgID=15B5349D OUTBOUND SPI = 0x6DEE5D93 INBOUND SPI = 0xDD60B3D9)
109 16:23:56.661 05/28/2009 Sev=Info/5 IKE/0x43000025
Loaded OUTBOUND ESP SPI: 0x6DEE5D93
110 16:23:56.661 05/28/2009 Sev=Info/5 IKE/0x43000026
Loaded INBOUND ESP SPI: 0xDD60B3D9
111 16:23:56.661 05/28/2009 Sev=Info/4 CM/0x4310001A
One secure connection established
112 16:23:56.661 05/28/2009 Sev=Info/4 CVPND/0x4340001E
Privilege Separation: reducing MTU on primary interface.
113 16:23:56.662 05/28/2009 Sev=Info/4 CVPND/0x4340001B
Privilege Separation: backing up resolv.conf file.
114 16:23:56.716 05/28/2009 Sev=Info/4 CVPND/0x4340001D
Privilege Separation: chown( /var/run/resolv.conf.vpnba
115 16:23:56.717 05/28/2009 Sev=Info/4 CVPND/0x43400018
Privilege Separation: opening file: (/var/run/resolv.conf).
116 16:23:56.722 05/28/2009 Sev=Info/4 CM/0x4310003B
Address watch added for 192.168.7.160. Current hostname: MacBook-Pro.local, Current address(es): 192.168.7.160, 192.168.225.1, 192.168.76.1.
117 16:23:57.021 05/28/2009 Sev=Info/4 IPSEC/0x43700014
Deleted all keys
118 16:23:57.021 05/28/2009 Sev=Info/4 IPSEC/0x43700010
Created a new key structure
119 16:23:57.021 05/28/2009 Sev=Info/4 IPSEC/0x4370000F
Added key with SPI=0x935dee6d into key list
120 16:23:57.021 05/28/2009 Sev=Info/4 IPSEC/0x43700010
Created a new key structure
121 16:23:57.021 05/28/2009 Sev=Info/4 IPSEC/0x4370000F
Added key with SPI=0xd9b360dd into key list
122 16:24:07.380 05/28/2009 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to aaa.bbb.ccc.ddd
123 16:24:07.380 05/28/2009 Sev=Info/6 IKE/0x4300003D
Sending DPD request to aaa.bbb.ccc.ddd, our seq# = 699723002
124 16:24:07.495 05/28/2009 Sev=Info/5 IKE/0x4300002F
Received ISAKMP packet: peer = aaa.bbb.ccc.ddd
125 16:24:07.495 05/28/2009 Sev=Info/4 IKE/0x43000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from aaa.bbb.ccc.ddd
126 16:24:07.495 05/28/2009 Sev=Info/5 IKE/0x43000040
Received DPD ACK from aaa.bbb.ccc.ddd, seq# received = 699723002, seq# expected = 699723002
127 16:24:17.880 05/28/2009 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to aaa.bbb.ccc.ddd
128 16:24:17.880 05/28/2009 Sev=Info/6 IKE/0x4300003D
Sending DPD request to aaa.bbb.ccc.ddd, our seq# = 699723003
129 16:24:17.984 05/28/2009 Sev=Info/5 IKE/0x4300002F
Received ISAKMP packet: peer = aaa.bbb.ccc.ddd
130 16:24:17.984 05/28/2009 Sev=Info/4 IKE/0x43000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from aaa.bbb.ccc.ddd
131 16:24:17.984 05/28/2009 Sev=Info/5 IKE/0x43000040
Received DPD ACK from aaa.bbb.ccc.ddd, seq# received = 699723003, seq# expected = 699723003
132 16:24:28.380 05/28/2009 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to aaa.bbb.ccc.ddd
133 16:24:28.380 05/28/2009 Sev=Info/6 IKE/0x4300003D
Sending DPD request to aaa.bbb.ccc.ddd, our seq# = 699723004
134 16:24:28.482 05/28/2009 Sev=Info/5 IKE/0x4300002F
Received ISAKMP packet: peer = aaa.bbb.ccc.ddd
135 16:24:28.482 05/28/2009 Sev=Info/4 IKE/0x43000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from aaa.bbb.ccc.ddd
136 16:24:28.482 05/28/2009 Sev=Info/5 IKE/0x43000040
Received DPD ACK from aaa.bbb.ccc.ddd, seq# received = 699723004, seq# expected = 699723004
137 16:24:38.880 05/28/2009 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to aaa.bbb.ccc.ddd
138 16:24:38.880 05/28/2009 Sev=Info/6 IKE/0x4300003D
Sending DPD request to aaa.bbb.ccc.ddd, our seq# = 699723005
139 16:24:38.991 05/28/2009 Sev=Info/5 IKE/0x4300002F
Received ISAKMP packet: peer = aaa.bbb.ccc.ddd
140 16:24:38.991 05/28/2009 Sev=Info/4 IKE/0x43000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from aaa.bbb.ccc.ddd
141 16:24:38.991 05/28/2009 Sev=Info/5 IKE/0x43000040
Received DPD ACK from aaa.bbb.ccc.ddd, seq# received = 699723005, seq# expected = 699723005
142 16:24:49.380 05/28/2009 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to aaa.bbb.ccc.ddd
143 16:24:49.380 05/28/2009 Sev=Info/6 IKE/0x4300003D
Sending DPD request to aaa.bbb.ccc.ddd, our seq# = 699723006
144 16:24:49.488 05/28/2009 Sev=Info/5 IKE/0x4300002F
Received ISAKMP packet: peer = aaa.bbb.ccc.ddd
145 16:24:49.488 05/28/2009 Sev=Info/4 IKE/0x43000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from aaa.bbb.ccc.ddd
146 16:24:49.489 05/28/2009 Sev=Info/5 IKE/0x43000040
Received DPD ACK from aaa.bbb.ccc.ddd, seq# received = 699723006, seq# expected = 699723006
147 16:24:59.880 05/28/2009 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to aaa.bbb.ccc.ddd
148 16:24:59.881 05/28/2009 Sev=Info/6 IKE/0x4300003D
Sending DPD request to aaa.bbb.ccc.ddd, our seq# = 699723007
149 16:24:59.998 05/28/2009 Sev=Info/5 IKE/0x4300002F
Received ISAKMP packet: peer = aaa.bbb.ccc.ddd
150 16:24:59.998 05/28/2009 Sev=Info/4 IKE/0x43000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from aaa.bbb.ccc.ddd
151 16:24:59.998 05/28/2009 Sev=Info/5 IKE/0x43000040
Received DPD ACK from aaa.bbb.ccc.ddd, seq# received = 699723007, seq# expected = 699723007
152 16:25:10.881 05/28/2009 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to aaa.bbb.ccc.ddd
153 16:25:10.881 05/28/2009 Sev=Info/6 IKE/0x4300003D
Sending DPD request to aaa.bbb.ccc.ddd, our seq# = 699723008
154 16:25:15.881 05/28/2009 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to aaa.bbb.ccc.ddd
155 16:25:15.881 05/28/2009 Sev=Info/6 IKE/0x4300003D
Sending DPD request to aaa.bbb.ccc.ddd, our seq# = 699723009
156 16:25:16.002 05/28/2009 Sev=Info/5 IKE/0x4300002F
Received ISAKMP packet: peer = aaa.bbb.ccc.ddd
157 16:25:16.002 05/28/2009 Sev=Info/4 IKE/0x43000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from aaa.bbb.ccc.ddd
158 16:25:16.002 05/28/2009 Sev=Info/5 IKE/0x43000040
Received DPD ACK from aaa.bbb.ccc.ddd, seq# received = 699723009, seq# expected = 699723009
159 16:25:26.381 05/28/2009 Sev=Info/4 IKE/0x43000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to aaa.bbb.ccc.ddd
160 16:25:26.381 05/28/2009 Sev=Info/6 IKE/0x4300003D
Sending DPD request to aaa.bbb.ccc.ddd, our seq# = 699723010
161 16:25:26.482 05/28/2009 Sev=Info/5 IKE/0x4300002F
Received ISAKMP packet: peer = aaa.bbb.ccc.ddd
162 16:25:26.482 05/28/2009 Sev=Info/4 IKE/0x43000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from aaa.bbb.ccc.ddd
163 16:25:26.482 05/28/2009 Sev=Info/5 IKE/0x43000040
Received DPD ACK from aaa.bbb.ccc.ddd, seq# received = 699723010, seq# expected = 699723010
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks guys. I enabled nat-traversal on my side and the options on the client I checked the box to enable Transp. tunneling. and doing both it worked.
access-list outside permit tcp host 1.1.1.1 host 192.168.1.1 eq www
Thats just an example