Solved

Cisco VPN Connection Problem

Posted on 2010-11-16
9
641 Views
Last Modified: 2012-05-10
I'm trying to setup a connection to dial in to a Cisco 1711 router and connect to it with a Cisco VPN Client (version 5.0.00.0340).  When trying to establish the connection, it never prompts to enter in the XAuth credentials.  When I try port over the VPN configurations from a Cisco 1841 (where the connection works) over to the 1711 router to allow the VPN client to connect, I can't get to the logon prompt.  I get the following errors:

Secure VPN Connection terminated locally by the Client.
Reason 412: The remote peer is no longer responding.


The router already has a site to site VPN to the Cisco 1841 at a different site.  The 1841 is the one that is already allowing the dial-in VPN connection along with a number of other site to site connections.

I'm connecting to the right IP, the VPN ports are open, I'm using the same transform set information on the other router and aaa is enabled for the authentication.  I'm not sure what I'm missing but it's obviously something.

I would like to be able to at least get some kind of reply from the router when I try to connect from the client.
0
Comment
Question by:acsservices
  • 6
  • 2
9 Comments
 
LVL 10

Expert Comment

by:cstosgale
ID: 34149985
This message indicates you are getting nothing from the remote side, which would indicate a connectivity issue. To confirm this, use "debug crypto isakmp" and see if you get any output when you try to connect.
0
 

Author Comment

by:acsservices
ID: 34150270
I'm not getting debut responses from the SSH connection to the router.  Do I need to be on a console session to get debut information?
0
 

Author Comment

by:acsservices
ID: 34150278
...I meant debug information.
0
 
LVL 10

Expert Comment

by:cstosgale
ID: 34150291
Type in term mon. This will let you see debug messages via ssh.
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 

Author Comment

by:acsservices
ID: 34150469
Thanks for that.  The debug information is below.  It does say something about the hash not matching the policy.

*Aug 21 01:53:00: ISAKMP:(0:0:N/A:0):purging SA., sa=8344C4C4, delme=8344C4C4
*Aug 21 01:53:01: ISAKMP (0:0): received packet from <MY_IP_ADDRESS> dport 500 sport 2379 Global (N) NEW SA
*Aug 21 01:53:01: ISAKMP: Created a peer struct for <MY_IP_ADDRESS>, peer port 2379
*Aug 21 01:53:01: ISAKMP: New peer created peer = 0x834F9514 peer_handle = 0x8000006B
*Aug 21 01:53:01: ISAKMP: Locking peer struct 0x834F9514, IKE refcount 1 for crypto_isakmp_process_block
*Aug 21 01:53:01: ISAKMP: local port 500, remote port 2379
*Aug 21 01:53:01: insert sa successfully sa = 8339186C
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0): processing SA payload. message ID = 0
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0): processing ID payload. message ID = 0
*Aug 21 01:53:01: ISAKMP (0:0): ID payload
        next-payload : 13
        type         : 11
        group id     : 4xclient
        protocol     : 17
        port         : 500
        length       : 16
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):: peer matches vpnclient profile
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Setting client config settings 833B5444
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):(Re)Setting client xauth list  and state
*Aug 21 01:53:01: ISAKMP/xauth: initializing AAA request
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0): processing vendor id payload
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0): vendor ID seems Unity/DPD but major 215 mismatch
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0): vendor ID is XAUTH
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0): processing vendor id payload
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0): vendor ID is DPD
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0): processing vendor id payload
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0): vendor ID seems Unity/DPD but major 194 mismatch
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0): processing vendor id payload
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0): vendor ID seems Unity/DPD but major 123 mismatch
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0): vendor ID is NAT-T v2
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0): processing vendor id payload
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0): vendor ID is Unity
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0): Authentication by xauth preshared
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 1 against priority 5 policy
*Aug 21 01:53:01: ISAKMP:      encryption AES-CBC
*Aug 21 01:53:01: ISAKMP:      hash SHA
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth XAUTHInitPreShared
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:      keylength of 256
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 2 against priority 5 policy
*Aug 21 01:53:01: ISAKMP:      encryption AES-CBC
*Aug 21 01:53:01: ISAKMP:      hash MD5
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth XAUTHInitPreShared
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:      keylength of 256
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 3 against priority 5 policy
*Aug 21 01:53:01: ISAKMP:      encryption AES-CBC
*Aug 21 01:53:01: ISAKMP:      hash SHA
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth pre-share
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:      keylength of 256
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 4 against priority 5 policy
*Aug 21 01:53:01: ISAKMP:      encryption AES-CBC
*Aug 21 01:53:01: ISAKMP:      hash MD5
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth pre-share
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:      keylength of 256
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 5 against priority 5 policy
*Aug 21 01:53:01: ISAKMP:      encryption AES-CBC
*Aug 21 01:53:01: ISAKMP:      hash SHA
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth XAUTHInitPreShared
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:      keylength of 128
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 6 against priority 5 policy
*Aug 21 01:53:01: ISAKMP:      encryption AES-CBC
*Aug 21 01:53:01: ISAKMP:      hash MD5
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth XAUTHInitPreShared
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:      keylength of 128
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 7 against priority 5 policy
*Aug 21 01:53:01: ISAKMP:      encryption AES-CBC
*Aug 21 01:53:01: ISAKMP:      hash SHA
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth pre-share
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:      keylength of 128
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 8 against priority 5 policy
*Aug 21 01:53:01: ISAKMP:      encryption AES-CBC
*Aug 21 01:53:01: ISAKMP:      hash MD5
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth pre-share
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:      keylength of 128
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 9 against priority 5 policy
*Aug 21 01:53:01: ISAKMP:      encryption 3DES-CBC
*Aug 21 01:53:01: ISAKMP:      hash SHA
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth XAUTHInitPreShared
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 10 against priority 5 policy
*Aug 21 01:53:01: ISAKMP:      encryption 3DES-CBC
*Aug 21 01:53:01: ISAKMP:      hash MD5
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth XAUTHInitPreShared
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 11 against priority 5 policy
*Aug 21 01:53:01: ISAKMP:      encryption 3DES-CBC
*Aug 21 01:53:01: ISAKMP:      hash SHA
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth pre-share
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 12 against priority 5 policy
*Aug 21 01:53:01: ISAKMP:      encryption 3DES-CBC
*Aug 21 01:53:01: ISAKMP:      hash MD5
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth pre-share
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 13 against priority 5 policy
*Aug 21 01:53:01: ISAKMP:      encryption DES-CBC
*Aug 21 01:53:01: ISAKMP:      hash MD5
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth XAUTHInitPreShared
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Hash algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 14 against priority 5 policy
*Aug 21 01:53:01: ISAKMP:      encryption DES-CBC
*Aug 21 01:53:01: ISAKMP:      hash MD5
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth pre-share
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Hash algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 0
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 1 against priority 65535 policy
*Aug 21 01:53:01: ISAKMP:      encryption AES-CBC
*Aug 21 01:53:01: ISAKMP:      hash SHA
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth XAUTHInitPreShared
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:      keylength of 256
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 2 against priority 65535 policy
*Aug 21 01:53:01: ISAKMP:      encryption AES-CBC
*Aug 21 01:53:01: ISAKMP:      hash MD5
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth XAUTHInitPreShared
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:      keylength of 256
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 3 against priority 65535 policy
*Aug 21 01:53:01: ISAKMP:      encryption AES-CBC
*Aug 21 01:53:01: ISAKMP:      hash SHA
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth pre-share
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:      keylength of 256
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 4 against priority 65535 policy
*Aug 21 01:53:01: ISAKMP:      encryption AES-CBC
*Aug 21 01:53:01: ISAKMP:      hash MD5
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth pre-share
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:      keylength of 256
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 5 against priority 65535 policy
*Aug 21 01:53:01: ISAKMP:      encryption AES-CBC
*Aug 21 01:53:01: ISAKMP:      hash SHA
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth XAUTHInitPreShared
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:      keylength of 128
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 6 against priority 65535 policy
*Aug 21 01:53:01: ISAKMP:      encryption AES-CBC
*Aug 21 01:53:01: ISAKMP:      hash MD5
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth XAUTHInitPreShared
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:      keylength of 128
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 7 against priority 65535 policy
*Aug 21 01:53:01: ISAKMP:      encryption AES-CBC
*Aug 21 01:53:01: ISAKMP:      hash SHA
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth pre-share
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:      keylength of 128
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 8 against priority 65535 policy
*Aug 21 01:53:01: ISAKMP:      encryption AES-CBC
*Aug 21 01:53:01: ISAKMP:      hash MD5
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth pre-share
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:      keylength of 128
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 9 against priority 65535 policy
*Aug 21 01:53:01: ISAKMP:      encryption 3DES-CBC
*Aug 21 01:53:01: ISAKMP:      hash SHA
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth XAUTHInitPreShared
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 10 against priority 65535 policy
*Aug 21 01:53:01: ISAKMP:      encryption 3DES-CBC
*Aug 21 01:53:01: ISAKMP:      hash MD5
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth XAUTHInitPreShared
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 11 against priority 65535 policy
*Aug 21 01:53:01: ISAKMP:      encryption 3DES-CBC
*Aug 21 01:53:01: ISAKMP:      hash SHA
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth pre-share
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 12 against priority 65535 policy
*Aug 21 01:53:01: ISAKMP:      encryption 3DES-CBC
*Aug 21 01:53:01: ISAKMP:      hash MD5
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth pre-share
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 13 against priority 65535 policy
*Aug 21 01:53:01: ISAKMP:      encryption DES-CBC
*Aug 21 01:53:01: ISAKMP:      hash MD5
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth XAUTHInitPreShared
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Hash algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 14 against priority 65535 policy
*Aug 21 01:53:01: ISAKMP:      encryption DES-CBC
*Aug 21 01:53:01: ISAKMP:      hash MD5
*Aug 21 01:53:01: ISAKMP:      default group 2
*Aug 21 01:53:01: ISAKMP:      auth pre-share
*Aug 21 01:53:01: ISAKMP:      life type in seconds
*Aug 21 01:53:01: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Hash algorithm offered does not match policy!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 0
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):no offers accepted!
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0): phase 1 SA policy not acceptable! (local <ROUTER_IP_ADDRESS> remote <MY_IP_ADDRESS>)
*Aug 21 01:53:01: ISAKMP (0:0): incrementing error counter on sa, attempt 1 of 5: construct_fail_ag_init
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0): sending packet to <MY_IP_ADDRESS> my_port 500 peer_port 2379 (R) AG_NO_STATE
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):peer does not do paranoid keepalives.

*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):deleting SA reason "Phase1 SA policy proposal not accepted" state (R) AG_NO_STATE (peer <MY_IP_ADDRESS>)
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0): processing KE payload. message ID = 0
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0): group size changed! Should be 0, is 128
*Aug 21 01:53:01: ISAKMP (0:0): incrementing error counter on sa, attempt 2 of 5: reset_retransmission
*Aug 21 01:53:01: ISAKMP (0:0): Unknown Input IKE_MESG_FROM_PEER, IKE_AM_EXCH:  state = IKE_READY
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Old State = IKE_READY  New State = IKE_READY

*Aug 21 01:53:01: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode failed with peer at <MY_IP_ADDRESS>
Router#
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):deleting SA reason "Phase1 SA policy proposal not accepted" state (R) AG_NO_STATE (peer <MY_IP_ADDRESS>)
*Aug 21 01:53:01: ISAKMP: Unlocking IKE struct 0x834F9514 for isadb_mark_sa_deleted(), count 0
*Aug 21 01:53:01: ISAKMP: Deleting peer node by peer_reap for <MY_IP_ADDRESS>: 834F9514
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):Old State = IKE_READY  New State = IKE_DEST_SA

Router#
*Aug 21 01:53:06: ISAKMP (0:0): received packet from <MY_IP_ADDRESS> dport 500 sport 2379 Global (R) MM_NO_STATE
Router#
*Aug 21 01:53:11: ISAKMP (0:0): received packet from <MY_IP_ADDRESS> dport 500 sport 2379 Global (R) MM_NO_STATE
Router#
*Aug 21 01:53:17: ISAKMP (0:0): received packet from <MY_IP_ADDRESS> dport 500 sport 2379 Global (R) MM_NO_STATE
0
 
LVL 5

Accepted Solution

by:
BooSTid earned 500 total points
ID: 34151169
*Aug 21 01:53:01: ISAKMP:(0:0:N/A:0):deleting SA reason "Phase1 SA policy proposal not accepted" state (R) AG_NO_STATE (peer

That's your culprit. Failing Phase1.

In you ISAKMP policies, I'd not set lifetime. Try something basic like...

crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2

You have a ton of policies defined; would blow out anything you don't use.
0
 

Author Comment

by:acsservices
ID: 34154656
I'll try it later today as soon as I get the chance.  I'll let you know how it goes.
0
 

Assisted Solution

by:acsservices
acsservices earned 0 total points
ID: 34173849
I wasn't able to get the thing working initially but I was able to resolve the issue by taking the configuration and load it onto the SDM for the router.  While doing this, I was prompted to allow the creation of translations for the policies.  After doing so, I was able to get it to work.

The issue was with getting phase 1 to complete.  The terminal monitor command (which I completely could not remember) was very helpful to get feedback from the debug.

Thanks cstosgale for your help.
0
 

Author Closing Comment

by:acsservices
ID: 34203668
There was an initial complication in that the VPN connection used to dial in needs to coexist with a site to site VPN.  In whichever case, it's working now which is great.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now