[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 678
  • Last Modified:

Cisco VPN Connection Problem

I'm trying to setup a connection to dial in to a Cisco 1711 router and connect to it with a Cisco VPN Client (version 5.0.00.0340).  When trying to establish the connection, it never prompts to enter in the XAuth credentials.  When I try port over the VPN configurations from a Cisco 1841 (where the connection works) over to the 1711 router to allow the VPN client to connect, I can't get to the logon prompt.  I get the following errors:

Secure VPN Connection terminated locally by the Client.
Reason 412: The remote peer is no longer responding.


The router already has a site to site VPN to the Cisco 1841 at a different site.  The 1841 is the one that is already allowing the dial-in VPN connection along with a number of other site to site connections.

I'm connecting to the right IP, the VPN ports are open, I'm using the same transform set information on the other router and aaa is enabled for the authentication.  I'm not sure what I'm missing but it's obviously something.

I would like to be able to at least get some kind of reply from the router when I try to connect from the client.
0
acsservices
Asked:
acsservices
  • 6
  • 2
2 Solutions
 
cstosgaleCommented:
This message indicates you are getting nothing from the remote side, which would indicate a connectivity issue. To confirm this, use "debug crypto isakmp" and see if you get any output when you try to connect.
0
 
acsservicesAuthor Commented:
I'm not getting debut responses from the SSH connection to the router.  Do I need to be on a console session to get debut information?
0
 
acsservicesAuthor Commented:
...I meant debug information.
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
cstosgaleCommented:
Type in term mon. This will let you see debug messages via ssh.
0
 
acsservicesAuthor Commented:
Thanks for that.  The debug information is below.  It does say something about the hash not matching the policy.

*Aug 21 01:53:00: ISAKMP:(0:0:N/A:0):purging SA., sa=8344C4C4, delme=8344C4C4
*Aug 21 01:53:01: ISAKMP (0:0): received packet from <MY_IP_ADDRESS> dport 500 sport 2379 Global (N) NEW SA
*Aug 21 01:53:01: ISAKMP: Created a peer struct for <MY_IP_ADDRESS>, peer port 2379
*Aug 21 01:53:01: ISAKMP: New peer created peer = 0x834F9514 peer_handle = 0x8000006B
*Aug 21 01:53:01: ISAKMP: Locking peer struct 0x834F9514, IKE refcount 1 for crypto_isakmp_process_block
*Aug 21 01:53:01: ISAKMP: local port 500, remote port 2379
*Aug 21 01:53:01: insert sa successfully sa = 8339186C
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0): processing SA payload. message ID = 0
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0): processing ID payload. message ID = 0
*Aug 21 01:53:01: ISAKMP (0:0): ID payload
        next-payload : 13
        type         : 11
        group id     : 4xclient
        protocol     : 17
        port         : 500
        length       : 16
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):: peer matches vpnclient profile
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Setting client config settings 833B5444
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):(Re)Setting client xauth list  and state
*Aug 21 01:53:01: ISAKMP/xauth: initializing AAA request
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0): processing vendor id payload
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0): vendor ID seems Unity/DPD but major 215 mismatch
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0): vendor ID is XAUTH
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0): processing vendor id payload
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0): vendor ID is DPD
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0): processing vendor id payload
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0): vendor ID seems Unity/DPD but major 194 mismatch
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0): processing vendor id payload
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0): vendor ID seems Unity/DPD but major 123 mismatch
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0): vendor ID is NAT-T v2
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0): processing vendor id payload
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0): vendor ID is Unity
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0): Authentication by xauth preshared
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 1 against priority 5 policy
*Aug 21 01:53:01: ISAKMP:      encryption AES-CBC
*Aug 21 01:53:01: ISAKMP:      hash SHA
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth XAUTHInitPreShared
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:      keylength of 256
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 2 against priority 5 policy
*Aug 21 01:53:01: ISAKMP:      encryption AES-CBC
*Aug 21 01:53:01: ISAKMP:      hash MD5
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth XAUTHInitPreShared
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:      keylength of 256
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 3 against priority 5 policy
*Aug 21 01:53:01: ISAKMP:      encryption AES-CBC
*Aug 21 01:53:01: ISAKMP:      hash SHA
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth pre-share
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:      keylength of 256
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 4 against priority 5 policy
*Aug 21 01:53:01: ISAKMP:      encryption AES-CBC
*Aug 21 01:53:01: ISAKMP:      hash MD5
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth pre-share
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:      keylength of 256
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 5 against priority 5 policy
*Aug 21 01:53:01: ISAKMP:      encryption AES-CBC
*Aug 21 01:53:01: ISAKMP:      hash SHA
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth XAUTHInitPreShared
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:      keylength of 128
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 6 against priority 5 policy
*Aug 21 01:53:01: ISAKMP:      encryption AES-CBC
*Aug 21 01:53:01: ISAKMP:      hash MD5
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth XAUTHInitPreShared
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:      keylength of 128
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 7 against priority 5 policy
*Aug 21 01:53:01: ISAKMP:      encryption AES-CBC
*Aug 21 01:53:01: ISAKMP:      hash SHA
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth pre-share
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:      keylength of 128
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 8 against priority 5 policy
*Aug 21 01:53:01: ISAKMP:      encryption AES-CBC
*Aug 21 01:53:01: ISAKMP:      hash MD5
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth pre-share
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:      keylength of 128
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 9 against priority 5 policy
*Aug 21 01:53:01: ISAKMP:      encryption 3DES-CBC
*Aug 21 01:53:01: ISAKMP:      hash SHA
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth XAUTHInitPreShared
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 10 against priority 5 policy
*Aug 21 01:53:01: ISAKMP:      encryption 3DES-CBC
*Aug 21 01:53:01: ISAKMP:      hash MD5
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth XAUTHInitPreShared
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 11 against priority 5 policy
*Aug 21 01:53:01: ISAKMP:      encryption 3DES-CBC
*Aug 21 01:53:01: ISAKMP:      hash SHA
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth pre-share
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 12 against priority 5 policy
*Aug 21 01:53:01: ISAKMP:      encryption 3DES-CBC
*Aug 21 01:53:01: ISAKMP:      hash MD5
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth pre-share
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 13 against priority 5 policy
*Aug 21 01:53:01: ISAKMP:      encryption DES-CBC
*Aug 21 01:53:01: ISAKMP:      hash MD5
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth XAUTHInitPreShared
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Hash algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 14 against priority 5 policy
*Aug 21 01:53:01: ISAKMP:      encryption DES-CBC
*Aug 21 01:53:01: ISAKMP:      hash MD5
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth pre-share
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Hash algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 0
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 1 against priority 65535 policy
*Aug 21 01:53:01: ISAKMP:      encryption AES-CBC
*Aug 21 01:53:01: ISAKMP:      hash SHA
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth XAUTHInitPreShared
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:      keylength of 256
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 2 against priority 65535 policy
*Aug 21 01:53:01: ISAKMP:      encryption AES-CBC
*Aug 21 01:53:01: ISAKMP:      hash MD5
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth XAUTHInitPreShared
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:      keylength of 256
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 3 against priority 65535 policy
*Aug 21 01:53:01: ISAKMP:      encryption AES-CBC
*Aug 21 01:53:01: ISAKMP:      hash SHA
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth pre-share
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:      keylength of 256
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 4 against priority 65535 policy
*Aug 21 01:53:01: ISAKMP:      encryption AES-CBC
*Aug 21 01:53:01: ISAKMP:      hash MD5
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth pre-share
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:      keylength of 256
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 5 against priority 65535 policy
*Aug 21 01:53:01: ISAKMP:      encryption AES-CBC
*Aug 21 01:53:01: ISAKMP:      hash SHA
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth XAUTHInitPreShared
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:      keylength of 128
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 6 against priority 65535 policy
*Aug 21 01:53:01: ISAKMP:      encryption AES-CBC
*Aug 21 01:53:01: ISAKMP:      hash MD5
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth XAUTHInitPreShared
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:      keylength of 128
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 7 against priority 65535 policy
*Aug 21 01:53:01: ISAKMP:      encryption AES-CBC
*Aug 21 01:53:01: ISAKMP:      hash SHA
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth pre-share
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:      keylength of 128
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 8 against priority 65535 policy
*Aug 21 01:53:01: ISAKMP:      encryption AES-CBC
*Aug 21 01:53:01: ISAKMP:      hash MD5
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth pre-share
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:      keylength of 128
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 9 against priority 65535 policy
*Aug 21 01:53:01: ISAKMP:      encryption 3DES-CBC
*Aug 21 01:53:01: ISAKMP:      hash SHA
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth XAUTHInitPreShared
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 10 against priority 65535 policy
*Aug 21 01:53:01: ISAKMP:      encryption 3DES-CBC
*Aug 21 01:53:01: ISAKMP:      hash MD5
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth XAUTHInitPreShared
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 11 against priority 65535 policy
*Aug 21 01:53:01: ISAKMP:      encryption 3DES-CBC
*Aug 21 01:53:01: ISAKMP:      hash SHA
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth pre-share
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 12 against priority 65535 policy
*Aug 21 01:53:01: ISAKMP:      encryption 3DES-CBC
*Aug 21 01:53:01: ISAKMP:      hash MD5
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth pre-share
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 13 against priority 65535 policy
*Aug 21 01:53:01: ISAKMP:      encryption DES-CBC
*Aug 21 01:53:01: ISAKMP:      hash MD5
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth XAUTHInitPreShared
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Hash algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 14 against priority 65535 policy
*Aug 21 01:53:01: ISAKMP:      encryption DES-CBC
*Aug 21 01:53:01: ISAKMP:      hash MD5
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth pre-share
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Hash algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 0
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):no offers accepted!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0): phase 1 SA policy not acceptable! (local <ROUTER_IP_ADDRESS> remote <MY_IP_ADDRESS>)
*Aug 21 01:53:01: ISAKMP (0:0): incrementing error counter on sa, attempt 1 of 5: construct_fail_ag_init
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0): sending packet to <MY_IP_ADDRESS> my_port 500 peer_port 2379 (R) AG_NO_STATE
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):peer does not do paranoid keepalives.

*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):deleting SA reason "Phase1 SA policy proposal not accepted" state (R) AG_NO_STATE (peer <MY_IP_ADDRESS>)
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0): processing KE payload. message ID = 0
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0): group size changed! Should be 0, is 128
*Aug 21 01:53:01: ISAKMP (0:0): incrementing error counter on sa, attempt 2 of 5: reset_retransmission
*Aug 21 01:53:01: ISAKMP (0:0): Unknown Input IKE_MESG_FROM_PEER, IKE_AM_EXCH:  state = IKE_READY
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Old State = IKE_READY  New State = IKE_READY

*Aug 21 01:53:01: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode failed with peer at <MY_IP_ADDRESS>
Router#
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):deleting SA reason "Phase1 SA policy proposal not accepted" state (R) AG_NO_STATE (peer <MY_IP_ADDRESS>)
*Aug 21 01:53:01: ISAKMP: Unlocking IKE struct 0x834F9514 for isadb_mark_sa_deleted(), count 0
*Aug 21 01:53:01: ISAKMP: Deleting peer node by peer_reap for <MY_IP_ADDRESS>: 834F9514
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Old State = IKE_READY  New State = IKE_DEST_SA

Router#
*Aug 21 01:53:06: ISAKMP (0:0): received packet from <MY_IP_ADDRESS> dport 500 sport 2379 Global (R) MM_NO_STATE
Router#
*Aug 21 01:53:11: ISAKMP (0:0): received packet from <MY_IP_ADDRESS> dport 500 sport 2379 Global (R) MM_NO_STATE
Router#
*Aug 21 01:53:17: ISAKMP (0:0): received packet from <MY_IP_ADDRESS> dport 500 sport 2379 Global (R) MM_NO_STATE
0
 
BooSTidCommented:
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):deleting SA reason "Phase1 SA policy proposal not accepted" state (R) AG_NO_STATE (peer

That's your culprit. Failing Phase1.

In you ISAKMP policies, I'd not set lifetime. Try something basic like...

crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2

You have a ton of policies defined; would blow out anything you don't use.
0
 
acsservicesAuthor Commented:
I'll try it later today as soon as I get the chance.  I'll let you know how it goes.
0
 
acsservicesAuthor Commented:
I wasn't able to get the thing working initially but I was able to resolve the issue by taking the configuration and load it onto the SDM for the router.  While doing this, I was prompted to allow the creation of translations for the policies.  After doing so, I was able to get it to work.

The issue was with getting phase 1 to complete.  The terminal monitor command (which I completely could not remember) was very helpful to get feedback from the debug.

Thanks cstosgale for your help.
0
 
acsservicesAuthor Commented:
There was an initial complication in that the VPN connection used to dial in needs to coexist with a site to site VPN.  In whichever case, it's working now which is great.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 6
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now