Cisco easy VPN issue Solutions

hello all,

i am having issues trying to connect a Cisco IOS router as easy VPN client to the HQ easy VPN server - VPN 3000 series concentrator. can anybody tell from the crypto debugs on the remote router what the issue might be?

RTRSlovakiaWH#
RTRSlovakiaWH#conf t
Enter configuration commands, one per line. End with CNTL/Z.
RTRSlovakiaWH(config)#int eth 1
000123: *Mar 1 00:03:59.095 UTC: IPSEC(key_engine): major = 1
000124: *Mar 1 00:03:59.095 UTC: IPSEC(key_engine): expired_timer
RTRSlovakiaWH(config-if)#crypto ipsec client ezvpn uk
RTRSlovakiaWH(config-if)#
000125: *Mar 1 00:04:02.631 UTC: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
000126: *Mar 1 00:04:02.631 UTC: ISAKMP: Looking for a matching key for 212.86.84.40 in default
000127: *Mar 1 00:04:02.635 UTC: ISAKMP: received ke message (1/1)
000128: *Mar 1 00:04:02.635 UTC: ISAKMP:(0:0:N/A:0): SA request profile is (NULL)
000129: *Mar 1 00:04:02.635 UTC: ISAKMP: Created a peer struct for 212.86.84.40, peer port 500
000130: *Mar 1 00:04:02.635 UTC: ISAKMP: Locking peer struct 0x81A6EFB4, IKE refcount 1 for isakmp_initiator
000131: *Mar 1 00:04:02.635 UTC: ISAKMP:(0:0:N/A:0):Setting client config settings 81B52744
000132: *Mar 1 00:04:02.635 UTC: ISAKMP: local port 500, remote port 500
000133: *Mar 1 00:04:02.639 UTC: insert sa successfully sa = 818AB56C
000134: *Mar 1 00:04:02.639 UTC: ISAKMP:(0:1:HW:2): client mode configured.
000135: *Mar 1 00:04:02.639 UTC: ISAKMP:(0:1:HW:2): constructed NAT-T vendor-03 ID
000136: *Mar 1 00:04:02.643 UTC: ISAKMP:(0:1:HW:2): constructed NAT-T vendor-02 ID
A pre-shared key for address mask 212.86.84.40 255.255.255.255 already exists!

000137: *Mar 1 00:04:03.083 UTC: ISAKMP:(0:1:HW:2):SA is doing pre-shared key authentication plus XAUTH using id type ID_KEY_ID
000138: *Mar 1 00:04:03.083 UTC: ISAKMP (0:268435457): ID payload
      next-payload : 13
      type : 11
      group id : NCHSlovakiaWH100
      protocol : 17
      port : 0
      length : 24
000139: *Mar 1 00:04:03.083 UTC: ISAKMP:(0:1:HW:2):Total payload length: 24
000140: *Mar 1 00:04:03.083 UTC: ISAKMP:(0:1:HW:2):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_AM
000141: *Mar 1 00:04:03.083 UTC: ISAKMP:(0:1:HW:2):Old State = IKE_READY New State = ýo)úbal (I) AG_INIT_EXCH
000145: *Mar 1 00:04:03.423 UTC: ISAKMP:(0:1:HW:2): processing SA payload. message ID = 0
000146: *Mar 1 00:04:03.423 UTC: ISAKMP:(0:1:HW:2): processing ID payload. message ID = 0
000147: *Mar 1 00:04:03.423 UTC: ISAKMP (0:268435457): ID payload
      next-payload : 8
      type : 1
      address : 212.86.84.40
      protocol : 17
      port : 0
      length : 12
000148: *Mar 1 00:04:03.427 UTC: ISAKMP:(0:1:HW:2): processing vendor id payload
000149: *Mar 1 00:04:03.427 UTC: ISAKMP:(0:1:HW:2): vendor ID is Unity
000150: *Mar 1 00:04:03.427 UTC: ISAKMP:(0:1:HW:2): processing vendor id payload
000151: *Mar 1 00:04:03.427 UTC: ISAKMP:(0:1:HW:2): vendor ID seems Unity/DPD but major 215 mismatch
000152: *Mar 1 00:04:03.427 UTC: ISAKMP:(0:1:HW:2): vendor ID is XAUTH
000153: *Mar 1 00:04:03.427 UTC: ISAKMP:(0:1:HW:2): processing vendor id payload
000154: *Mar 1 00:04:03.427 UTC: ISAKMP:(0:1:HW:2): vendor ID is DPD
000155: *Mar 1 00:04:03.431 UTC: ISAKMP:(0:1:HW:2): local preshared key found
000156: *Mar 1 00:04:03.431 UTC: ISAKMP : Scanning profiles for xauth ...
000157: *Mar 1 00:04:03.431 UTC: ISAKMP:(0:1:HW:2): Authentication by xauth preshared
000158: *Mar 1 00:04:03.431 UTC: ISAKMP:(0:1:HW:2):Checking ISAKMP transform 2 against priority 65527 policy
000159: *Mar 1 00:04:03.431 UTC: ISAKMP: encryption 3DES-CBC
000160: *Mar 1 00:04:03.431 UTC: ISAKMP: hash MD5
000161: *Mar 1 00:04:03.431 UTC: ISAKMP: default group 2
000162: *Mar 1 00:04:03.431 UTC: ISAKMP: auth XAUTHInitPreShared
000163: *Mar 1 00:04:03.435 UTC: ISAKMP: life type in seconds
000164: *Mar 1 00:04:03.435 UTC: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
000165: *Mar 1 00:04:03.435 UTC: ISAKMP:(0:1:HW:2):Hash algorithm offered does not match policy!
000166: *Mar 1 00:04:03.435 UTC: ISAKMP:(0:1:HW:2):atts are not acceptable. Next payload is 0
000167: *Mar 1 00:04:03.435 UTC: ISAKMP:(0:1:HW:2):Checking ISAKMP transform 2 against priority 65528 policy
000168: *Mar 1 00:04:03.435 UTC: ISAKMP: encryption 3DES-CBC
000169: *Mar 1 00:04:03.435 UTC: ISAKMP: hash MD5
000170: *Mar 1 00:04:03.435 UTC: ISAKMP: default group 2
000171: *Mar 1 00:04:03.439 UTC: ISAKMP: auth XAUTHInitPreShared
000172: *Mar 1 00:04:03.439 UTC: ISAKMP: life type in seconds
000173: *Mar 1 00:04:03.439 UTC: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
000174: *Mar 1 00:04:03.439 UTC: ISAKMP:(0:1:HW:2):atts are acceptable. Next payload is 0
000175: *Mar 1 00:04:03.439 UTC: ISAKMP:(0:1:HW:2): processing KE payload. message ID = 0
000176: *Mar 1 00:04:03.879 UTC: ISAKMP:(0:1:HW:2): processing NONCE payload. message ID = 0
000177: *Mar 1 00:04:03.883 UTC: ISAKMP:(0:1:HW:2):SKEYID state generated
000178: *Mar 1 00:04:03.883 UTC: ISAKMP:(0:1:HW:2): processing HASH payload. message ID = 0
000179: *Mar 1 00:04:03.891 UTC: ISAKMP:(0:1:HW:2): vendor ID is NAT-T v2
000180: *Mar 1 00:04:03.891 UTC: ISAKMP:received payload type 17
000181: *Mar 1 00:04:03.891 UTC: ISAKMP:received payload type 17
000182: *Mar 1 00:04:03.891 UTC: ISAKMP:(0:1:HW:2):SA has been authenticated with 212.86.84.40
000183: *Mar 1 00:04:03.891 UTC: ISAKMP: Trying to insert a peer 211.86.83.218/212.86.84.40/500/, and inserted successfully.
000184: *Mar 1 00:04:03.891 UTC: ISAKMP:(0:1:HW:2):: peer matches *none* of the profiles
000185: *Mar 1 00:04:03.891 UTC: ISAKMP:(0:1:HW:2):Send initial contact
000186: *Mar 1 00:04:03.899 UTC: ISAKMP:(0:1:HW:2): sending packet to 212.86.84.40 my_port 500 peer_port 500 (I) AG_INIT_EXCH
000187: *Mar 1 00:04:03.899 UTC: ISAKMP:(0:1:HW:2):Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH
000188: *Mar 1 00:04:03.899 UTC: ISAKMP:(0:1:HW:2):Old State = IKE_I_AM1 New State = IKE_P1_COMPLETE

000189: *Mar 1 00:04:03.903 UTC: ISAKMP:(0:1:HW:2):Need XAUTH
000190: *Mar 1 00:04:03.903 UTC: ISAKMP:(0:1:HW:2):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
000191: *Mar 1 00:04:03.903 UTC: ISAKMP:(0:1:HW:2):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE

000192: *Mar 1 00:04:03.911 UTC: ISAKMP (0:268435457): received packet from 212.86.84.40 dport 500 sport 500 Global (I) CONF_XAUTH
000193: *Mar 1 00:04:03.911 UTC: ISAKMP: set new node 1393683013 to CONF_XAUTH
000194: *Mar 1 00:04:03.915 UTC: ISAKMP:(0:1:HW:2):processing transaction payload from 212.86.84.40. message ID = 1393683013
000195: *Mar 1 00:04:03.919 UTC: ISAKMP: Config payload REQUEST
000196: *Mar 1 00:04:03.919 UTC: ISAKMP:(0:1:HW:2):checking request:
000197: *Mar 1 00:04:03.919 UTC: ISAKMP: XAUTH_TYPE_V2
000198: *Mar 1 00:04:03.919 UTC: ISAKMP: XAUTH_USER_NAME_V2
000199: *Mar 1 00:04:03.919 UTC: ISAKMP: XAUTH_USER_PASSWORD_V2
000200: *Mar 1 00:04:03.923 UTC: ISAKMP: XAUTH_MESSAGE_V2
000201: *Mar 1 00:04:03.923 UTC: ISAKMP:(0:1:HW:2):Xauth process request
000202: *Mar 1 00:04:03.923 UTC: ISAKMP:(0:1:HW:2):Input = IKE_MESG_FROM_PEER, IKE_CFG_REQUEST
000203: *Mar 1 00:04:03.923 UTC: ISAKMP:(0:1:HW:2):Old State = IKE_P1_COMPLETE New State = IKE_XAUTH_REPLY_AWAIT

000204: *Mar 1 00:04:03.927 UTC: xauth-type: 0
000205: *Mar 1 00:04:03.927 UTC: username: NCHSlovakiaWH200
000206: *Mar 1 00:04:03.927 UTC: password: <omitted>
000207: *Mar 1 00:04:03.927 UTC: message <Enter Username and Password.>
000208: *Mar 1 00:04:03.931 UTC: ISAKMP:(0:1:HW:2): responding to peer config from 212.86.84.40. ID = 1393683013
000209: *Mar 1 00:04:03.931 UTC: ISAKMP:(0:1:HW:2): sending packet to 212.86.84.40 my_port 500 peer_port 500 (I) CONF_XAUTH
000210: *Mar 1 00:04:03.939 UTC: ISAKMP:(0:1:HW:2):deleting node 1393683013 error FALSE reason "done with xauth request/reply exchange"
000211: *Mar 1 00:04:03.939 UTC: ISAKMP:(0:1:HW:2):Input = IKE_MESG_INTERNAL, IKE_XAUTH_REPLY_ATTR
000212: *Mar 1 00:04:03.939 UTC: ISAKMP:(0:1:HW:2):Old State = IKE_XAUTH_REPLY_AWAIT New State = IKE_XAUTH_REPLY_SENT

000213: *Mar 1 00:04:04.247 UTC: ISAKMP (0:268435457): received packet from 212.86.84.40 dport 500 sport 500 Global (I) CONF_XAUTH
000214: *Mar 1 00:04:04.247 UTC: ISAKMP: set new node -556280520 to CONF_XAUTH
000215: *Mar 1 00:04:04.251 UTC: ISAKMP:(0:1:HW:2):processing transaction payload from 212.86.84.40. message ID = -556280520
000216: *Mar 1 00:04:04.255 UTC: ISAKMP: Config payload SET
000217: *Mar 1 00:04:04.255 UTC: ISAKMP:(0:1:HW:2):Xauth process set, status = 1
000218: *Mar 1 00:04:04.255 UTC: ISAKMP:(0:1:HW:2):checking SET:
000219: *Mar 1 00:04:04.255 UTC: ISAKMP: XAUTH_STATUS_V2 XAUTH-OK
000220: *Mar 1 00:04:04.255 UTC: ISAKMP:(0:1:HW:2):attributes sent in message:
000221: *Mar 1 00:04:04.255 UTC: Status: 1
000222: *Mar 1 00:04:04.267 UTC: ISAKMP:(0:1:HW:2): sending packet to 212.86.84.40 my_port 500 peer_port 500 (I) CONF_XAUTH
000223: *Mar 1 00:04:04.267 UTC: ISAKMP:(0:1:HW:2):deleting node -556280520 error FALSE reason ""
000224: *Mar 1 00:04:04.267 UTC: ISAKMP:(0:1:HW:2):Input = IKE_MESG_FROM_PEER, IKE_CFG_SET
000225: *Mar 1 00:04:04.267 UTC: ISAKMP:(0:1:HW:2):Old State = IKE_XAUTH_REPLY_SENT New State = IKE_P1_COMPLETE

000226: *Mar 1 00:04:04.271 UTC: ISAKMP:(0:1:HW:2):Need config/address
000227: *Mar 1 00:04:04.271 UTC: ISAKMP:(0:1:HW:2):Need config/address
000228: *Mar 1 00:04:04.271 UTC: ISAKMP: set new node -868256208 to CONF_ADDR
000229: *Mar 1 00:04:04.271 UTC: ISAKMP: Sending APPLICATION_VERSION string:
Cisco IOS Software, C831 Software (C831-K9O3SY6-M), Version 12.3(2)XE, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
Synched to technology version 12.3(3.5)T
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2003 by Cisco Systems, Inc.
Compiled Wed 19-Nov-03 03:13 by ealyon
000230: *Mar 1 00:04:04.271 UTC: ISAKMP:(0:1:HW:2): initiating peer config to 212.86.84.40. ID = -868256208
000231: *Mar 1 00:04:04.275 UTC: ISAKMP:(0:1:HW:2): sending packet to 212.86.84.40 my_port 500 peer_port 500 (I) CONF_ADDR
000232: *Mar 1 00:04:04.275 UTC: ISAKMP:(0:1:HW:2):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
000233: *Mar 1 00:04:04.275 UTC: ISAKMP:(0:1:HW:2):Old State = IKE_P1_COMPLETE New State = IKE_CONFIG_MODE_REQ_SENT

000234: *Mar 1 00:04:04.283 UTC: ISAKMP (0:268435457): received packet from 212.86.84.40 dport 500 sport 500 Global (I) CONF_ADDR
000235: *Mar 1 00:04:04.287 UTC: ISAKMP:(0:1:HW:2):processing transaction payload from 212.86.84.40. message ID = -868256208
000236: *Mar 1 00:04:04.291 UTC: ISAKMP: Config payload REPLY
000237: *Mar 1 00:04:04.291 UTC: ISAKMP(0:268435457) process config reply
000238: *Mar 1 00:04:04.291 UTC: ISAKMP:(0:1:HW:2):deleting node -868256208 error FALSE reason "done with transaction"
000239: *Mar 1 00:04:04.291 UTC: ISAKMP:(0:1:HW:2):Input = IKE_MESG_FROM_PEER, IKE_CFG_REPLY
000240: *Mar 1 00:04:04.291 UTC: ISAKMP:(0:1:HW:2):Old State = IKE_CONFIG_MODE_REQ_SENT New State = IKE_P1_COMPLETE

000241: *Mar 1 00:04:04.315 UTC: ISAKMP:(0:1:HW:2):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
000242: *Mar 1 00:04:04.315 UTC: ISAKMP:(0:1:HW:2):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE

000243: *Mar 1 00:04:04.315 UTC: IPSEC(sa_request): ,
(key eng. msg.) OUTBOUND local= 211.86.83.218, remote= 212.86.84.40,
local_proxy= 10.4.80.0/255.255.240.0/0/0 (type=4),
remote_proxy= 10.0.0.0/255.255.240.0/0/0 (type=4),
protocol= ESP, transform= esp-3des esp-sha-hmac ,
lifedur= 2147483s and 4608000kb,
spi= 0xFF5455B9(4283717049), conn_id= 0, keysize= 0, flags= 0x400A
000244: *Mar 1 00:04:04.319 UTC: IPSEC(sa_request): ,
(key eng. msg.) OUTBOUND local= 211.86.83.218, remote= 212.86.84.40,
local_proxy= 10.4.80.0/255.255.240.0/0/0 (type=4),
remote_proxy= 10.0.0.0/255.255.240.0/0/0 (type=4),
protocol= ESP, transform= esp-3des esp-md5-hmac ,
lifedur= 2147483s and 4608000kb,
spi= 0x28BE689F(683567263), conn_id= 0, keysize= 0, flags= 0x400A
000245: *Mar 1 00:04:04.319 UTC: IPSEC(sa_request): ,
(key eng. msg.) OUTBOUND local= 211.86.83.218, remote= 212.86.84.40,
local_proxy= 10.4.80.0/255.255.240.0/0/0 (type=4),
remote_proxy= 10.0.0.0/255.255.240.0/0/0 (type=4),
protocol= ESP, transform= esp-des esp-sha-hmac ,
lifedur= 2147483s and 4608000kb,
spi= 0x4F649719(1331992345), conn_id= 0, keysize= 0, flags= 0x400A
000246: *Mar 1 00:04:04.323 UTC: IPSEC(sa_request): ,
(key eng. msg.) OUTBOUND local= 211.86.83.218, remote= 212.86.84.40,
local_proxy= 10.4.80.0/255.255.240.0/0/0 (type=4),
remote_proxy= 10.0.0.0/255.255.240.0/0/0 (type=4),
protocol= ESP, transform= esp-des esp-md5-hmac ,
lifedur= 2147483s and 4608000kb,
spi= 0xCA427891(3393353873), conn_id= 0, keysize= 0, flags= 0x400A
000247: *Mar 1 00:04:04.327 UTC: ISAKMP: received ke message (1/4)
000248: *Mar 1 00:04:04.327 UTC: ISAKMP: set new node 0 to QM_IDLE
000249: *Mar 1 00:04:04.327 UTC: ISAKMP:(0:1:HW:2): sitting IDLE. Starting QM immediately (QM_IDLE )
000250: *Mar 1 00:04:04.327 UTC: ISAKMP:(0:1:HW:2):beginning Quick Mode exchange, M-ID of -1767969252
000251: *Mar 1 00:04:04.339 UTC: IPSEC(sa_request): ,
(key eng. msg.) OUTBOUND local= 211.86.83.218, remote= 212.86.84.40,
local_proxy= 10.4.80.0/255.255.240.0/0/0 (type=4),
remote_proxy= 172.17.0.0/255.255.0.0/0/0 (type=4),
protocol= ESP, transform= esp-3des esp-sha-hmac ,
lifedur= 2147483s and 4608000kb,
spi= 0xB8711355(3094418261), conn_id= 0, keysize= 0, flags= 0x400A
000252: *Mar 1 00:04:04.347 UTC: IPSEC(sa_request): ,
(key eng. msg.) OUTBOUND local= 211.86.83.218, remote= 212.86.84.40,
local_proxy= 10.4.80.0/255.255.240.0/0/0 (type=4),
remote_proxy= 172.17.0.0/255.255.0.0/0/0 (type=4),
protocol= ESP, transform= esp-3des esp-md5-hmac ,
lifedur= 2147483s and 4608000kb,
spi= 0x81E02099(2178949273), conn_id= 0, keysize= 0, flags= 0x400A
000253: *Mar 1 00:04:04.347 UTC: IPSEC(sa_request): ,
(key eng. msg.) OUTBOUND local= 211.86.83.218, remote= 212.86.84.40,
local_proxy= 10.4.80.0/255.255.240.0/0/0 (type=4),
remote_proxy= 172.17.0.0/255.255.0.0/0/0 (type=4),
protocol= ESP, transform= esp-des esp-sha-hmac ,
lifedur= 2147483s and 4608000kb,
spi= 0x4E143C9B(1309949083), conn_id= 0, keysize= 0, flags= 0x400A
000254: *Mar 1 00:04:04.351 UTC: IPSEC(sa_request): ,
(key eng. msg.) OUTBOUND local= 211.86.83.218, remote= 212.86.84.40,
local_proxy= 10.4.80.0/255.255.240.0/0/0 (type=4),
remote_proxy= 172.17.0.0/255.255.0.0/0/0 (type=4),
protocol= ESP, transform= esp-des esp-md5-hmac ,
lifedur= 2147483s and 4608000kb,
spi= 0xE4B6ABFE(3837176830), conn_id= 0, keysize= 0, flags= 0x400A
000255: *Mar 1 00:04:04.359 UTC: ISAKMP:(0:1:HW:2): sending packet to 212.86.84.40 my_port 500 peer_port 500 (I) QM_IDLE
000256: *Mar 1 00:04:04.359 UTC: ISAKMP:(0:1:HW:2):Node -1767969252, Input = IKE_MESG_INTERNAL, IKE_INIT_QM
000257: *Mar 1 00:04:04.359 UTC: ISAKMP:(0:1:HW:2):Old State = IKE_QM_READY New State = IKE_QM_I_QM1
000258: *Mar 1 00:04:04.359 UTC: ISAKMP: received ke message (1/4)
000259: *Mar 1 00:04:04.359 UTC: ISAKMP: set new node 0 to QM_IDLE
000260: *Mar 1 00:04:04.359 UTC: ISAKMP:(0:1:HW:2): sitting IDLE. Starting QM immediately (QM_IDLE )
000261: *Mar 1 00:04:04.359 UTC: ISAKMP:(0:1:HW:2):beginning Quick Mode exchange, M-ID of 808372997
000262: *Mar 1 00:04:04.367 UTC: IPSEC(sa_request): ,
(key eng. msg.) OUTBOUND local= 211.86.83.218, remote= 212.86.84.40,
local_proxy= 10.4.80.0/255.255.240.0/0/0 (type=4),
remote_proxy= 10.0.16.71/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= esp-3des esp-sha-hmac ,
lifedur= 2147483s and 4608000kb,
spi= 0xF88A3E55(4169809493), conn_id= 0, keysize= 0, flags= 0x400A
000263: *Mar 1 00:04:04.371 UTC: IPSEC(sa_request): ,
(key eng. msg.) OUTBOUND local= 211.86.83.218, remote= 212.86.84.40,
local_proxy= 10.4.80.0/255.255.240.0/0/0 (type=4),
remote_proxy= 10.0.16.71/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= esp-3des esp-md5-hmac ,
lifedur= 2147483s and 4608000kb,
spi= 0x592F1CBC(1496259772), conn_id= 0, keysize= 0, flags= 0x400A
000264: *Mar 1 00:04:04.371 UTC: IPSEC(sa_request): ,
(key eng. msg.) OUTBOUND local= 211.86.83.218, remote= 212.86.84.40,
local_proxy= 10.4.80.0/255.255.240.0/0/0 (type=4),
remote_proxy= 10.0.16.71/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= esp-des esp-sha-hmac ,
lifedur= 2147483s and 4608000kb,
spi= 0x41869D2C(1099341100), conn_id= 0, keysize= 0, flags= 0x400A
000265: *Mar 1 00:04:04.375 UTC: IPSEC(sa_request): ,
(key eng. msg.) OUTBOUND local= 211.86.83.218, remote= 212.86.84.40,
local_proxy= 10.4.80.0/255.255.240.0/0/0 (type=4),
remote_proxy= 10.0.16.71/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= esp-des esp-md5-hmac ,
lifedur= 2147483s and 4608000kb,
spi= 0xBF73A07C(3212025980), conn_id= 0, keysize= 0, flags= 0x400A
000266: *Mar 1 00:04:04.391 UTC: IPSEC(sa_request): ,
(key eng. msg.) OUTBOUND local= 211.86.83.218, remote= 212.86.84.40,
local_proxy= 10.4.80.0/255.255.240.0/0/0 (type=4),
remote_proxy= 10.0.80.0/255.255.240.0/0/0 (type=4),
protocol= ESP, transform= esp-3des esp-sha-hmac ,
lifedur= 2147483s and 4608000kb,
spi= 0xF8F7F182(4176998786), conn_id= 0, keysize= 0, flags= 0x400A
000267: *Mar 1 00:04:04.395 UTC: IPSEC(sa_request): ,
(key eng. msg.) OUTBOUND local= 211.86.83.218, remote= 212.86.84.40,
local_proxy= 10.4.80.0/255.255.240.0/0/0 (type=4),
remote_proxy= 10.0.80.0/255.255.240.0/0/0 (type=4),
protocol= ESP, transform= esp-3des esp-md5-hmac ,
lifedur= 2147483s and 4608000kb,
spi= 0x1F9A25DA(530195930), conn_id= 0, keysize= 0, flags= 0x400A
000268: *Mar 1 00:04:04.395 UTC: IPSEC(sa_request): ,
(key eng. msg.) OUTBOUND local= 211.86.83.218, remote= 212.86.84.40,
local_proxy= 10.4.80.0/255.255.240.0/0/0 (type=4),
remote_proxy= 10.0.80.0/255.255.240.0/0/0 (type=4),
protocol= ESP, transform= esp-des esp-sha-hmac ,
lifedur= 2147483s and 4608000kb,
spi= 0x7A977E69(2056748649), conn_id= 0, keysize= 0, flags= 0x400A
000269: *Mar 1 00:04:04.399 UTC: IPSEC(sa_request): ,
(key eng. msg.) OUTBOUND local= 211.86.83.218, remote= 212.86.84.40,
local_proxy= 10.4.80.0/255.255.240.0/0/0 (type=4),
remote_proxy= 10.0.80.0/255.255.240.0/0/0 (type=4),
protocol= ESP, transform= esp-des esp-md5-hmac ,
lifedur= 2147483s and 4608000kb,
spi= 0xDDA2D5E4(3718436324), conn_id= 0, keysize= 0, flags= 0x400A
000270: *Mar 1 00:04:04.403 UTC: ISAKMP:(0:1:HW:2): sending packet to 212.86.84.40 my_port 500 peer_port 500 (I) QM_IDLE
000271: *Mar 1 00:04:04.407 UTC: ISAKMP:(0:1:HW:2):Node 808372997, Input = IKE_MESG_INTERNAL, IKE_INIT_QM
000272: *Mar 1 00:04:04.407 UTC: ISAKMP:(0:1:HW:2):Old State = IKE_QM_READY New State = IKE_QM_I_QM1
000273: *Mar 1 00:04:04.415 UTC: IPSEC(sa_request): ,
(key eng. msg.) OUTBOUND local= 211.86.83.218, remote= 212.86.84.40,
local_proxy= 10.4.80.0/255.255.240.0/0/0 (type=4),
remote_proxy= 10.2.128.0/255.255.240.0/0/0 (type=4),
protocol= ESP, transform= esp-3des esp-sha-hmac ,
lifedur= 2147483s and 4608000kb,
spi= 0x3AE2B059(987934809), conn_id= 0, keysize= 0, flags= 0x400A
000274: *Mar 1 00:04:04.415 UTC: IPSEC(sa_request): ,
(key eng. msg.) OUTBOUND local= 211.86.83.218, remote= 212.86.84.40,
local_proxy= 10.4.80.0/255.255.240.0/0/0 (type=4),
remote_proxy= 10.2.128.0/255.255.240.0/0/0 (type=4),
protocol= ESP, transform= esp-3des esp-md5-hmac ,
lifedur= 2147483s and 4608000kb,
spi= 0x46A4B4A3(1185199267), conn_id= 0, keysize= 0, flags= 0x400A
000275: *Mar 1 00:04:04.419 UTC: IPSEC(sa_request): ,
(key eng. msg.) OUTBOUND local= 211.86.83.218, remote= 212.86.84.40,
local_proxy= 10.4.80.0/255.255.240.0/0/0 (type=4),
remote_proxy= 10.2.128.0/255.255.240.0/0/0 (type=4),
protocol= ESP, transform= esp-des esp-sha-hmac ,
lifedur= 2147483s and 4608000kb,
spi= 0x8173E299(2171855513), conn_id= 0, keysize= 0, flags= 0x400A
000276: *Mar 1 00:04:04.419 UTC: IPSEC(sa_request): ,
(key eng. msg.) OUTBOUND local= 211.86.83.218, remote= 212.86.84.40,
local_proxy= 10.4.80.0/255.255.240.0/0/0 (type=4),
remote_proxy= 10.2.128.0/255.255.240.0/0/0 (type=4),
protocol= ESP, transform= esp-des esp-md5-hmac ,
lifedur= 2147483s and 4608000kb,
spi= 0xA31707A3(2736195491), conn_id= 0, keysize= 0, flags= 0x400A
000277: *Mar 1 00:04:04.423 UTC: ISAKMP (0:268435457): received packet from 212.86.84.40 dport 500 sport 500 Global (I) QM_IDLE
000278: *Mar 1 00:04:04.423 UTC: ISAKMP: set new node -833937446 to QM_IDLE
000279: *Mar 1 00:04:04.431 UTC: ISAKMP:(0:1:HW:2): processing HASH payload. message ID = -833937446
000280: *Mar 1 00:04:04.431 UTC: ISAKMP:(0:1:HW:2): processing NOTIFY RESPONDER_LIFETIME protocol 1
      spi 0, message ID = -833937446, sa = 818AB56C
000281: *Mar 1 00:04:04.431 UTC: ISAKMP:(0:1:HW:2): processing responder lifetime
000282: *Mar 1 00:04:04.431 UTC: ISAKMP:(0:1:HW:2): start processing isakmp responder lifetime
000283: *Mar 1 00:04:04.431 UTC: ISAKMP:(0:1:HW:2): restart ike sa timer to 86400 secs
000284: *Mar 1 00:04:04.439 UTC: ISAKMP:(0:1:HW:2):deleting node -833937446 error FALSE reason "informational (in) state 1"
000285: *Mar 1 00:04:04.439 UTC: ISAKMP:(0:1:HW:2):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
000286: *Mar 1 00:04:04.439 UTC: ISAKMP:(0:1:HW:2):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE

000287: *Mar 1 00:04:04.439 UTC: ISAKMP (0:268435457): received packet from 212.86.84.40 dport 500 sport 500 Global (I) QM_IDLE
000288: *Mar 1 00:04:04.439 UTC: ISAKMP: set new node -527525587 to QM_IDLE
000289: *Mar 1 00:04:04.443 UTC: ISAKMP:(0:1:HW:2): processing HASH payload. message ID = -527525587
000290: *Mar 1 00:04:04.443 UTC: ISAKMP:(0:1:HW:2): processing DELETE payload. message ID = -527525587
000291: *Mar 1 00:04:04.443 UTC: ISAKMP:(0:1:HW:2):peer does not do paranoid keepalives.

000292: *Mar 1 00:04:04.443 UTC: ISAKMP:(0:1:HW:2):deleting SA reason "P1 delete notify (in)" state (I) QM_IDLE (peer 212.86.84.40) input queue 0
000293: *Mar 1 00:04:04.443 UTC: ISAKMP:(0:1:HW:2):deleting node -527525587 error FALSE reason "informational (in) state 1"
000294: *Mar 1 00:04:04.447 UTC: ISAKMP:(0:1:HW:2):Input = IKE_MESG_FROM_PEER, IKE_INFO_DELETE
000295: *Mar 1 00:04:04.447 UTC: ISAKMP:(0:1:HW:2):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE

000296: *Mar 1 00:04:04.447 UTC: ISAKMP: received ke message (1/4)
000297: *Mar 1 00:04:04.447 UTC: ISAKMP: set new node 0 to QM_IDLE
000298: *Mar 1 00:04:04.447 UTC: ISAKMP:(0:1:HW:2): sitting IDLE. Starting QM immediately (QM_IDLE )
000299: *Mar 1 00:04:04.447 UTC: ISAKMP:(0:1:HW:2):beginning Quick Mode exchange, M-ID of 297923612
000300: *Mar 1 00:04:04.455 UTC: ISAKMP:(0:1:HW:2): sending packet to 212.86.84.40 my_port 500 peer_port 500 (I) QM_IDLE
000301: *Mar 1 00:04:04.455 UTC: ISAKMP:(0:1:HW:2):Node 297923612, Input = IKE_MESG_INTERNAL, IKE_INIT_QM
000302: *Mar 1 00:04:04.455 UTC: ISAKMP:(0:1:HW:2):Old State = IKE_QM_READY New State = IKE_QM_I_QM1
000303: *Mar 1 00:04:04.459 UTC: ISAKMP:(0:1:HW:2):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
000304: *Mar 1 00:04:04.459 UTC: ISAKMP:(0:1:HW:2):Old State = IKE_P1_COMPLETE New State = IKE_DEST_SA

000305: *Mar 1 00:04:04.459 UTC: ISAKMP: received ke message (1/4)
000306: *Mar 1 00:04:04.459 UTC: ISAKMP: set new node 0 to QM_IDLE
000307: *Mar 1 00:04:04.463 UTC: ISAKMP:(0:1:HW:2): sitting IDLE. Starting QM immediately (QM_IDLE )
000308: *Mar 1 00:04:04.463 UTC: ISAKMP:(0:1:HW:2):beginning Quick Mode exchange, M-ID of 2017300063
000309: *Mar 1 00:04:04.471 UTC: ISAKMP:(0:1:HW:2): sending packet to 212.86.84.40 my_port 500 peer_port 500 (I) QM_IDLE
000310: *Mar 1 00:04:04.471 UTC: ISAKMP:(0:1:HW:2):Node 2017300063, Input = IKE_MESG_INTERNAL, IKE_INIT_QM
000311: *Mar 1 00:04:04.471 UTC: ISAKMP:(0:1:HW:2):Old State = IKE_QM_READY New State = IKE_QM_I_QM1
000312: *Mar 1 00:04:04.475 UTC: ISAKMP (0:268435457): received packet from 212.86.84.40 dport 500 sport 500 Global (I) QM_IDLE
000313: *Mar 1 00:04:04.475 UTC: ISAKMP (0:268435457): received packet from 212.86.84.40 dport 500 sport 500 Global (I) QM_IDLE
000314: *Mar 1 00:04:04.479 UTC: ISAKMP:(0:1:HW:2):deleting SA reason "" state (I) QM_IDLE (peer 212.86.84.40) input queue 0
000315: *Mar 1 00:04:04.479 UTC: ISAKMP: Unlocking IKE struct 0x81A6EFB4 for isadb_mark_sa_deleted(), count 0
000316: *Mar 1 00:04:04.479 UTC: ISAKMP: Deleting peer node by peer_reap for 212.86.84.40: 81A6EFB4
000317: *Mar 1 00:04:04.483 UTC: ISAKMP:(0:1:HW:2):deleting node -1767969252 error FALSE reason ""
000318: *Mar 1 00:04:04.483 UTC: ISAKMP:(0:1:HW:2):deleting node 808372997 error FALSE reason ""
000319: *Mar 1 00:04:04.483 UTC: ISAKMP:(0:1:HW:2):deleting node 297923612 error FALSE reason ""
000320: *Mar 1 00:04:04.487 UTC: ISAKMP:(0:1:HW:2):deleting node 2017300063 error FALSE reason ""
000321: *Mar 1 00:04:04.487 UTC: ISAKMP:(0:1:HW:2):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
000322: *Mar 1 00:04:04.487 UTC: ISAKMP:(0:1:HW:2):Old State = IKE_DEST_SA New State = IKE_DEST_SA

000323: *Mar 1 00:04:04.487 UTC: ISAKMP: received ke message (1/4)
000324: *Mar 1 00:04:04.487 UTC: ISAKMP: set new node 0 to QM_IDLE
000325: *Mar 1 00:04:04.487 UTC: ISAKMP:(0:1:HW:2): beginning Main Mode exchange
000326: *Mar 1 00:04:04.519 UTC: ISAKMP: received ke message (1/1)
000327: *Mar 1 00:04:04.523 UTC: ISAKMP:(0:0:N/A:0): SA request profile is (NULL)
000328: *Mar 1 00:04:04.523 UTC: ISAKMP: Created a peer struct for 212.86.84.40, peer port 500
000329: *Mar 1 00:04:04.523 UTC: ISAKMP: Locking peer struct 0x818AAADC, IKE refcount 1 for isakmp_initiator
000330: *Mar 1 00:04:04.523 UTC: ISAKMP:(0:0:N/A:0):Setting client config settings 8153B2EC
000331: *Mar 1 00:04:04.523 UTC: ISAKMP: local port 500, remote port 500
000332: *Mar 1 00:04:04.527 UTC: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 81C345E8
000333: *Mar 1 00:04:04.527 UTC: ISAKMP:(0:2:HW:2): client mode configured.
000334: *Mar 1 00:04:04.527 UTC: ISAKMP:(0:2:HW:2): constructed NAT-T vendor-03 ID
000335: *Mar 1 00:04:04.531 UTC: ISAKMP:(0:2:HW:2): constructed NAT-T vendor-02 ID
000336: *Mar 1 00:04:04.979 UTC: ISAKMP:(0:2:HW:2):SA is doing pre-shared key authentication plus XAUTH using id type ID_KEY_ID
000337: *Mar 1 00:04:04.979 UTC: ISAKMP (0:268435458): ID payload
      next-payload : 13
      type : 11
      group id : NCHSlovakiaWH100
      protocol : 17
      port : 0
      length : 24
000338: *Mar 1 00:04:04.979 UTC: ISAKMP:(0:2:HW:2):Total payload length: 24
000339: *Mar 1 00:04:04.979 UTC: ISAKMP:(0:2:HW:2):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_AM
000340: *Mar 1 00:04:04.983 UTC: ISAKMP:(0:2:HW:2):Old State = IKE_READY New State = IKE_I_AM1

000341: *Mar 1 00:04:04.983 UTC: ISAKMP:(0:2:HW:2): beginning Aggressive Mode exchange
000342: *Mar 1 00:04:04.983 UTC: ISAKMP:(0:2:HW:2): sending packet to 212.86.84.40 my_port 500 peer_port 500 (I) AG_INIT_EXCH
000343: *Mar 1 00:04:05.323 UTC: ISAKMP (0:268435458): received packet from 212.86.84.40 dport 500 sport 500 Global (I) AG_INIT_EXCH
000344: *Mar 1 00:04:05.327 UTC: ISAKMP:(0:2:HW:2): processing SA payload. message ID = 0
000345: *Mar 1 00:04:05.327 UTC: ISAKMP:(0:2:HW:2): processing ID payload. message ID = 0
000346: *Mar 1 00:04:05.327 UTC: ISAKMP (0:268435458): ID payload
      next-payload : 8
      type : 1
      address : 212.86.84.40
      protocol : 17
      port : 0
      length : 12
000347: *Mar 1 00:04:05.327 UTC: ISAKMP:(0:2:HW:2): processing vendor id payload
000348: *Mar 1 00:04:05.327 UTC: ISAKMP:(0:2:HW:2): vendor ID is Unity
000349: *Mar 1 00:04:05.331 UTC: ISAKMP:(0:2:HW:2): processing vendor id payload
000350: *Mar 1 00:04:05.331 UTC: ISAKMP:(0:2:HW:2): vendor ID seems Unity/DPD but major 215 mismatch
000351: *Mar 1 00:04:05.331 UTC: ISAKMP:(0:2:HW:2): vendor ID is XAUTH
000352: *Mar 1 00:04:05.331 UTC: ISAKMP:(0:2:HW:2): processing vendor id payload
000353: *Mar 1 00:04:05.331 UTC: ISAKMP:(0:2:HW:2): vendor ID is DPD
000354: *Mar 1 00:04:05.331 UTC: ISAKMP:(0:2:HW:2): local preshared key found
000355: *Mar 1 00:04:05.331 UTC: ISAKMP : Scanning profiles for xauth ...
000356: *Mar 1 00:04:05.335 UTC: ISAKMP:(0:2:HW:2): Authentication by xauth preshared
000357: *Mar 1 00:04:05.335 UTC: ISAKMP:(0:2:HW:2):Checking ISAKMP transform 2 against priority 65527 policy
000358: *Mar 1 00:04:05.335 UTC: ISAKMP: encryption 3DES-CBC
000359: *Mar 1 00:04:05.335 UTC: ISAKMP: hash MD5
000360: *Mar 1 00:04:05.335 UTC: ISAKMP: default group 2
000361: *Mar 1 00:04:05.335 UTC: ISAKMP: auth XAUTHInitPreShared
000362: *Mar 1 00:04:05.335 UTC: ISAKMP: life type in seconds
000363: *Mar 1 00:04:05.335 UTC: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
000364: *Mar 1 00:04:05.335 UTC: ISAKMP:(0:2:HW:2):Hash algorithm offered does not match policy!
000365: *Mar 1 00:04:05.339 UTC: ISAKMP:(0:2:HW:2):atts are not acceptable. Next payload is 0
000366: *Mar 1 00:04:05.339 UTC: ISAKMP:(0:2:HW:2):Checking ISAKMP transform 2 against priority 65528 policy
000367: *Mar 1 00:04:05.339 UTC: ISAKMP: encryption 3DES-CBC
000368: *Mar 1 00:04:05.339 UTC: ISAKMP: hash MD5
000369: *Mar 1 00:04:05.339 UTC: ISAKMP: default group 2
000370: *Mar 1 00:04:05.339 UTC: ISAKMP: auth XAUTHInitPreShared
000371: *Mar 1 00:04:05.339 UTC: ISAKMP: life type in seconds
000372: *Mar 1 00:04:05.343 UTC: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
000373: *Mar 1 00:04:05.343 UTC: ISAKMP:(0:2:HW:2):atts are acceptable. Next payload is 0
000374: *Mar 1 00:04:05.343 UTC: ISAKMP:(0:2:HW:2): processing KE payload. message ID = 0
000375: *Mar 1 00:04:05.775 UTC: ISAKMP:(0:2:HW:2): processing NONCE payload. message ID = 0
000376: *Mar 1 00:04:05.783 UTC: ISAKMP:(0:2:HW:2):SKEYID state generated
000377: *Mar 1 00:04:05.783 UTC: ISAKMP:(0:2:HW:2): processing HASH payload. message ID = 0
000378: *Mar 1 00:04:05.791 UTC: ISAKMP:(0:2:HW:2): vendor ID is NAT-T v2
000379: *Mar 1 00:04:05.791 UTC: ISAKMP:received payload type 17
000380: *Mar 1 00:04:05.791 UTC: ISAKMP:received payload type 17
000381: *Mar 1 00:04:05.791 UTC: ISAKMP:(0:2:HW:2):SA has been authenticated with 212.86.84.40
000382: *Mar 1 00:04:05.791 UTC: ISAKMP: Trying to insert a peer 211.86.83.218/212.86.84.40/500/, and inserted successfully.
000383: *Mar 1 00:04:05.791 UTC: ISAKMP:(0:2:HW:2):: peer matches *none* of the profiles
000384: *Mar 1 00:04:05.795 UTC: ISAKMP:(0:2:HW:2):Send initial contact
000385: *Mar 1 00:04:05.799 UTC: ISAKMP:(0:2:HW:2): sending packet to 212.86.84.40 my_port 500 peer_port 500 (I) AG_INIT_EXCH
000386: *Mar 1 00:04:05.799 UTC: ISAKMP:(0:2:HW:2):Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH
000387: *Mar 1 00:04:05.799 UTC: ISAKMP:(0:2:HW:2):Old State = IKE_I_AM1 New State = IKE_P1_COMPLETE

000388: *Mar 1 00:04:05.799 UTC: ISAKMP:(0:2:HW:2):Need XAUTH
000389: *Mar 1 00:04:05.799 UTC: ISAKMP:(0:2:HW:2):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
000390: *Mar 1 00:04:05.803 UTC: ISAKMP:(0:2:HW:2):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE

000391: *Mar 1 00:04:05.811 UTC: ISAKMP (0:268435458): received packet from 212.86.84.40 dport 500 sport 500 Global (I) CONF_XAUTH
000392: *Mar 1 00:04:05.811 UTC: ISAKMP: set new node -1006186145 to CONF_XAUTH
000393: *Mar 1 00:04:05.815 UTC: ISAKMP:(0:2:HW:2):processing transaction payload from 212.86.84.40. message ID = -1006186145
000394: *Mar 1 00:04:05.819 UTC: ISAKMP: Config payload REQUEST
000395: *Mar 1 00:04:05.819 UTC: ISAKMP:(0:2:HW:2):checking request:
000396: *Mar 1 00:04:05.819 UTC: ISAKMP: XAUTH_TYPE_V2
000397: *Mar 1 00:04:05.819 UTC: ISAKMP: XAUTH_USER_NAME_V2
000398: *Mar 1 00:04:05.819 UTC: ISAKMP: XAUTH_USER_PASSWORD_V2
000399: *Mar 1 00:04:05.819 UTC: ISAKMP: XAUTH_MESSAGE_V2
000400: *Mar 1 00:04:05.819 UTC: ISAKMP:(0:2:HW:2):Xauth process request
000401: *Mar 1 00:04:05.819 UTC: ISAKMP:(0:2:HW:2):Input = IKE_MESG_FROM_PEER, IKE_CFG_REQUEST
000402: *Mar 1 00:04:05.823 UTC: ISAKMP:(0:2:HW:2):Old State = IKE_P1_COMPLETE New State = IKE_XAUTH_REPLY_AWAIT

000403: *Mar 1 00:04:05.823 UTC: xauth-type: 0
000404: *Mar 1 00:04:05.823 UTC: username: NCHSlovakiaWH200
000405: *Mar 1 00:04:05.823 UTC: password: <omitted>
000411: *Mar 1 00:04:05.835 UTC: ISAKMP:(0:2:HW:2):Old State = IKE_XAUTH_REPLY_AWAIT New State = IKE_XAUTH_REPLY_SENT

000412: *Mar 1 00:04:06.175 UTC: ISAKMP (0:268435458): received packet from 212.86.84.40 dport 500 sport 500 Global (I) CONF_XAUTH
000413: *Mar 1 00:04:06.175 UTC: ISAKMP: set new node -1101248849 to CONF_XAUTH
000414: *Mar 1 00:04:06.179 UTC: ISAKMP:(0:2:HW:2):processing transaction payload from 212.86.84.40. message ID = -1101248849
000415: *Mar 1 00:04:06.183 UTC: ISAKMP: Config payload SET
000416: *Mar 1 00:04:06.183 UTC: ISAKMP:(0:2:HW:2):Xauth process set, status = 1
000417: *Mar 1 00:04:06.183 UTC: ISAKMP:(0:2:HW:2):checking SET:
000429: *Mar 1 00:04:06.203 UTC: ISAKMP:(0:2:HW:2): initiating peer config to 212.86.84.40. ID = -1249823783
000430: *Mar 1 00:04:06.203 UTC: ISAKMP:(0:2:HW:2): sending packet to 212.86.84.40 my_port 500 peer_port 500 (I) CONF_ADDR
000431: *Mar 1 00:04:06.203 UTC: ISAKMP:(0:2:HW:2):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
000432: *Mar 1 00:04:06.203 UTC: ISAKMP:(0:2:HW:2):Old State = IKE_P1_COMPLETE New State = IKE_CONFIG_MODE_REQ_SENT

000433: *Mar 1 00:04:06.859 UTC: ISAKMP (0:268435458): received packet from 212.86.84.40 dport 500 sport 500 Global (I) CONF_ADDR
000452: *Mar 1 00:04:14.211 UTC: ISAKMP (0:268435458): received packet from 212.86.84.40 dport 500 sport 500 Global (I) QM_IDLE
000453: *Mar 1 00:04:14.211 UTC: ISAKMP:(0:2:HW:2): phase 2 packet is a duplicate of a previous packet.
000454: *Mar 1 00:04:14.211 UTC: ISAKMP:(0:2:HW:2): retransmitting due to retransmit phase 2
000455: *Mar 1 00:04:14.211 UTC: ISAKMP:(0:2:HW:2): retransmitting phase 2 QM_IDLE -1249823783 ...
000456: *Mar 1 00:04:14.711 UTC: ISAKMP:(0:2:HW:2): retransmitting phase 2 QM_IDLE -1249823783 ...
000457: *Mar 1 00:04:14.711 UTC: ISAKMP:(0:2:HW:2):incrementing error counter on sa: retransmit phase 2
000458: *Mar 1 00:04:14.711 UTC: ISAKMP:(0:2:HW:2):incrementing error counter on sa: retransmit phase 2
000459: *Mar 1 00:04:14.711 UTC: ISAKMP:(0:2:HW:2): retransmitting phase 2 -1249823783 QM_IDLE
000460: *Mar 1 00:04:14.711 UTC: ISAKMP:(0:2:HW:2): sending packet to 212.86.84.40 my_port 500 peer_port 500 (I) QM_IDLE
000461: *Mar 1 00:04:19.095 UTC: IPSEC(key_engine): major = 1
000462: *Mar 1 00:04:19.095 UTC: IPSEC(key_engine): expired_timer
000463: *Mar 1 00:04:22.211 UTC: ISAKMP (0:268435458): received packet from 212.86.84.40 dport 500 sport 500 Global (I) QM_IDLE
000464: *Mar 1 00:04:22.211 UTC: ISAKMP:(0:2:HW:2): phase 2 packet is a duplicate of a previous packet.
000465: *Mar 1 00:04:22.211 UTC: ISAKMP:(0:2:HW:2): retransmitting due to retransmit phase 2
000466: *Mar 1 00:04:22.211 UTC: ISAKMP:(0:2:HW:2): retransmitting phase 2 QM_IDLE -1249823783 ...
000467: *Mar 1 00:04:22.711 UTC: ISAKMP:(0:2:HW:2): retransmitting phase 2 QM_IDLE -1249823783 ...
000468: *Mar 1 00:04:22.711 UTC: ISAKMP:(0:2:HW:2):incrementing error counter on sa: retransmit phase 2
000469: *Mar 1 00:04:22.711 UTC: ISAKMP:(0:2:HW:2):incrementing error counter on sa: retransmit phase 2
000470: *Mar 1 00:04:22.711 UTC: ISAKMP:(0:2:HW:2): retransmitting phase 2 -1249823783 QM_IDLE
000471: *Mar 1 00:04:22.711 UTC: ISAKMP:(0:2:HW:2): sending packet to 212.86.84.40 my_port 500 peer_port 500 (I) QM_IDLE
000472: *Mar 1 00:04:22.715 UTC: ISAKMP (0:268435458): received packet from 212.86.84.40 dport 500 sport 500 Global (I) QM_IDLE
000473: *Mar 1 00:04:22.719 UTC: ISAKMP:(0:2:HW:2): phase 2 packet is a duplicate of a previous packet.
000474: *Mar 1 00:04:22.719 UTC: ISAKMP:(0:2:HW:2): retransmission skipped for phase 2 (time since last transmission 4)
000475: *Mar 1 00:04:30.719 UTC: ISAKMP (0:268435458): received packet from 212.86.84.40 dport 500 sport 500 Global (I) QM_IDLE
000476: *Mar 1 00:04:30.719 UTC: ISAKMP: set new node 840256213 to QM_IDLE
000477: *Mar 1 00:04:30.723 UTC: ISAKMP:(0:2:HW:2): processing HASH payload. message ID = 840256213
000478: *Mar 1 00:04:30.723 UTC: ISAKMP:(0:2:HW:2): processing DELETE payload. message ID = 840256213
000479: *Mar 1 00:04:30.723 UTC: ISAKMP:(0:2:HW:2):peer does not do paranoid keepalives.

000480: *Mar 1 00:04:30.727 UTC: ISAKMP:(0:2:HW:2):deleting SA reason "P1 delete notify (in)" state (I) QM_IDLE (peer 212.86.84.40) input queue 0
000481: *Mar 1 00:04:30.727 UTC: ISAKMP:(0:2:HW:2):deleting node 840256213 error FALSE reason "informational (in) state 1"
000482: *Mar 1 00:04:30.727 UTC: ISAKMP:(0:2:HW:2):Input = IKE_MESG_FROM_PEER, IKE_INFO_DELETE
000483: *Mar 1 00:04:30.727 UTC: ISAKMP:(0:2:HW:2):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE

000484: *Mar 1 00:04:30.731 UTC: ISAKMP:(0:2:HW:2):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
000485: *Mar 1 00:04:30.731 UTC: ISAKMP:(0:2:HW:2):Old State = IKE_P1_COMPLETE New State = IKE_DEST_SA

000486: *Mar 1 00:04:30.731 UTC: ISAKMP:(0:2:HW:2):deleting SA reason "" state (I) QM_IDLE (peer 212.86.84.40) input queue 0
000487: *Mar 1 00:04:30.731 UTC: ISAKMP: Unlocking IKE struct 0x818AAADC for isadb_mark_sa_deleted(), count 0
000488: *Mar 1 00:04:30.735 UTC: ISAKMP: Deleting peer node by peer_reap for 212.86.84.40: 818AAADC
000489: *Mar 1 00:04:30.735 UTC: ISAKMP:(0:2:HW:2):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
000490: *Mar 1 00:04:30.735 UTC: ISAKMP:(0:2:HW:2):Old State = IKE_DEST_SA New State = IKE_DEST_SA

000491: *Mar 1 00:04:32.711 UTC: ISAKMP:(0:2:HW:2): retransmitting phase 2 MM_NO_STATE -1249823783 ...
000492: *Mar 1 00:04:32.711 UTC: ISAKMP:(0:2:HW:2):incrementing error counter on sa: retransmit phase 2
000493: *Mar 1 00:04:32.711 UTC: ISAKMP:(0:2:HW:2):incrementing error counter on sa: retransmit phase 2
000494: *Mar 1 00:04:32.711 UTC: ISAKMP:(0:2:HW:2): retransmitting phase 2 -1249823783 MM_NO_STATE
000495: *Mar 1 00:04:32.711 UTC: ISAKMP:(0:2:HW:2): sending packet to 212.86.84.40 my_port 500 peer_port 500 (I) MM_NO_STATE
000496: *Mar 1 00:04:39.095 UTC: IPSEC(key_engine): major = 1
000497: *Mar 1 00:04:39.095 UTC: IPSEC(key_engine): expired_timer
000498: *Mar 1 00:04:42.711 UTC: ISAKMP:(0:2:HW:2): retransmitting phase 2 MM_NO_STATE -1249823783 ...
000499: *Mar 1 00:04:42.711 UTC: ISAKMP:(0:2:HW:2):incrementing error counter on sa: retransmit phase 2
000500: *Mar 1 00:04:42.711 UTC: ISAKMP:(0:2:HW:2):incrementing error counter on sa: retransmit phase 2
000501: *Mar 1 00:04:42.711 UTC: ISAKMP:(0:2:HW:2): retransmitting phase 2 -1249823783 MM_NO_STATE
000502: *Mar 1 00:04:42.711 UTC: ISAKMP:(0:2:HW:2): sending packet to 212.86.84.40 my_port 500 peer_port 500 (I) MM_NO_STATE
000503: *Mar 1 00:04:49.823 UTC: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on Ethernet1 (not full duplex), with INTERNET-SWITCH GigabitEthernet0/13 (full duplex).
000504: *Mar 1 00:04:52.711 UTC: ISAKMP:(0:2:HW:2): retransmitting phase 2 MM_NO_STATE -1249823783 ...
000505: *Mar 1 00:04:52.711 UTC: ISAKMP:(0:2:HW:2):incrementing error counter on sa: retransmit phase 2
000506: *Mar 1 00:04:52.711 UTC: ISAKMP:(0:2:HW:2):incrementing error counter on sa: retransmit phase 2
000507: *Mar 1 00:04:52.711 UTC: ISAKMP:(0:2:HW:2): retransmitting phase 2 -1249823783 MM_NO_STATE
000508: *Mar 1 00:04:52.711 UTC: ISAKMP:(0:2:HW:2): sending packet to 212.86.84.40 my_port 500 peer_port 500 (I) MM_NO_STATE
000509: *Mar 1 00:04:54.291 UTC: ISAKMP:(0:1:HW:2):purging node -868256208
000510: *Mar 1 00:04:54.439 UTC: ISAKMP:(0:1:HW:2):purging node -833937446
000511: *Mar 1 00:04:54.443 UTC: ISAKMP:(0:1:HW:2):purging node -527525587
000512: *Mar 1 00:04:54.483 UTC: ISAKMP:(0:1:HW:2):purging node -1767969252
000513: *Mar 1 00:04:54.483 UTC: ISAKMP:(0:1:HW:2):purging node 808372997
000514: *Mar 1 00:04:54.483 UTC: ISAKMP:(0:1:HW:2):purging node 297923612
000515: *Mar 1 00:04:54.487 UTC: ISAKMP:(0:1:HW:2):purging node 2017300063
000516: *Mar 1 00:04:56.871 UTC: ISAKMP:(0:2:HW:2):purging node -1249823783
000517: *Mar 1 00:04:59.095 UTC: IPSEC(key_engine): major = 1
000518: *Mar 1 00:04:59.095 UTC: IPSEC(key_engine): expired_timer
000519: *Mar 1 00:05:04.487 UTC: ISAKMP:(0:1:HW:2):purging SA., sa=818AB56C, delme=818AB56C
000520: *Mar 1 00:05:04.487 UTC: ISAKMP:(0:1:HW:2):purging node -1908192671
000521: *Mar 1 00:05:04.487 UTC: ISAKMP:(0:1:HW:2):purging node -556280520
000522: *Mar 1 00:05:04.487 UTC: ISAKMP:(0:1:HW:2):purging node 1393683013
000523: *Mar 1 00:05:19.095 UTC: IPSEC(key_engine): major = 1
000524: *Mar 1 00:05:19.095 UTC: IPSEC(key_engine): expired_timer
000525: *Mar 1 00:05:20.727 UTC: ISAKMP:(0:2:HW:2):purging node 840256213
000526: *Mar 1 00:05:30.735 UTC: ISAKMP:(0:2:HW:2):purging SA., sa=81C345E8, delme=81C345E8
000527: *Mar 1 00:05:30.735 UTC: ISAKMP:(0:2:HW:2):purging node -1101248849
000528: *Mar 1 00:05:30.735 UTC: ISAKMP:(0:2:HW:2):purging node -1006186145
RTRSlovakiaWH(config-if)#
RTRSlovakiaWH(config-if)#
RTRSlovakiaWH(config-if)#
RTRSlovakiaWH(config-if)#
RTRSlovakiaWH(config-if)#
RTRSlovakiaWH(config-if)#^Z
RTRSlovakiaWH#
RTRSlovakiaWH#
000529: *Mar 1 00:05:39.095 UTC: IPSEC(key_engine): major = 1
000530: *Mar 1 00:05:39.095 UTC: IPSEC(key_engine): expired_timer
RTRSlovakiaWH#
RTRSlovakiaWH#un
000531: *Mar 1 00:05:39.103 UTC: %SYS-5-CONFIG_I: Configured from console by 5Targat3 on console alll
undebug alll
^
% Invalid input detected at '^' marker.

RTRSlovakiaWH#
RTRSlovakiaWH#un alll
All possible debugging has been turned off
RTRSlovakiaWH#
RTRSlovakiaWH#
RTRSlovakiaWH#exit

View Solutions Only

nativevlan

Commented: 2011-11-02

Verify the hasing for both sides.

000165: *Mar 1 00:04:03.435 UTC: ISAKMP:(0:1:HW:2):Hash algorithm offered does not match policy!

And set your eth1 interface to FULL DUPLEX.

000503: *Mar 1 00:04:49.823 UTC: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on Ethernet1 (not full duplex), with INTERNET-SWITCH GigabitEthernet0/13 (full duplex).

L-Plate

Author

will try this tomorrow and let you know how it goes.

thanks for your reply.

John MeggersNetwork Architect

I suspect the duplex issue is not related, as I see MM_NO_STATE messages prior to the duplex message. Agreed on double checking the configurations to make sure they are compatible. Looks to me like Phase 1 is completing and there's something wrong with Phase 2. Any chance you could post sanitized confiigs?

Duplex is not related, I just saw the console message, won't hurt to fix. The "000165: *Mar 1 00:04:03.435 UTC: ISAKMP:(0:1:HW:2):Hash algorithm offered does not match policy!" indicates that the configs on the devices don't agree on the hashing.

Commented: 2011-11-03

am still getting the same issue guys, even with trying alternative IPSEC hash algorithm. On the VPN concentrator, in the security association, IPSEC authentication algorithm, there is only 2 options - SHA1 or MD5. I have tried using both options. also, at phase 1, i have tried main and aggresive mode, with both hash algorithms at phase 2, nothing works.

my current router config is this...

Current configuration : 2934 bytes
!
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
no service password-encryption
service sequence-numbers
!
hostname RTRSlovakiaWH
!
boot-start-marker
boot-end-marker
!
enable secret................
enable password ................
!
username ..............................
no aaa new-model
ip subnet-zero
--More-- !
!
ip dhcp excluded-address 10.4.80.0 10.4.80.100
!
ip dhcp pool USERS
network 10.4.80.0 255.255.240.0
dns-server 10.0.0.113 10.0.0.114
default-router 10.4.80.1
lease 2
!
!
no ip domain lookup
ip domain name nch.com
ip inspect name FIREWALL tcp
ip inspect name FIREWALL udp
ip inspect name FIREWALL icmp
ip audit notify log
ip audit po max-events 100
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh break-string
login block-for 20 attempts 3 within 60
no ftp-server write-enable
--More-- no scripting tcl init
no scripting tcl encdir
!
!
!
!
!
!
!
!
crypto ipsec client ezvpn uk
connect auto
group NCHSlovakiaWH100 key 3xpAn510nNcH776
mode network-extension
peer 215.23.45.111
username NCHSlovakiaWH200 password .........................
!
!
!
!
interface Ethernet0
description ## CONNECTS TO LAN ##
ip address 10.4.80.1 255.255.240.0
--More-- ip tcp adjust-mss 1452
crypto ipsec client ezvpn uk inside
!
interface Ethernet1
ip address 211.84.54.218 255.255.255.224
ip inspect FIREWALL out
duplex auto
crypto ipsec client ezvpn uk
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet3
no ip address
shutdown
--More-- duplex auto
speed auto
!
interface FastEthernet4
no ip address
shutdown
duplex auto
speed auto
!
ip nat inside source route-map EZVPN interface Ethernet1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 211.84.54.193
!
no ip http server
no ip http secure-server
!
!
ip access-list extended outside_access_in
permit esp host 215.23.45.111 host 192.168.1.2
permit udp host 215.23.45.111 host 192.168.1.2 eq non500-isakmp
permit udp host 215.23.45.111 host 192.168.1.2 eq isakmp
permit esp host 215.23.45.111 host 211.84.54.218
permit udp host 215.23.45.111 host 211.84.54.218 eq non500-isakmp
permit udp host 215.23.45.111 host 211.84.54.218 eq isakmp
access-list 177 deny ip 10.4.80.0 0.0.15.255 10.0.0.0 0.255.255.255
access-list 177 permit ip 10.4.80.0 0.0.15.255 any
dialer-list 1 protocol ip permit
route-map EZVPN permit 10
match ip address 177
!
!
control-plane
!
!
line con 0
exec-timeout 5 0
login local
no modem enable
transport preferred all
transport output all
line aux 0
transport preferred all
transport output all
line vty 0 4
exec-timeout 5 0
password .....................
--More-- login
transport preferred all
transport input all
transport output all
!
scheduler max-task-time 5000
!
end

RTRSlovakiaWH# exit

also i have tried this on a cisco 1721 router, again it does not connect. strange thing on this router - i noticed it does not support the username and password command under the crypto config. i see the following error message on the 1721 router when trying to connect...

000251: Jul 6 06:43:05.827 UTC: EZVPN(uk): Pending XAuth Request, Please enter the following command:
000252: Jul 6 06:43:05.827 UTC: EZVPN: crypto ipsec client ezvpn xauth

000253: Jul 6 06:43:16.739 UTC: EZVPN(uk): Pending XAuth Request, Please enter the following command:
000254: Jul 6 06:43:16.739 UTC: EZVPN: crypto ipsec client ezvpn xauth

000255: Jul 6 06:43:26.739 UTC: EZVPN(uk): Pending XAuth Request, Please enter the following command:
000256: Jul 6 06:43:26.739 UTC: EZVPN: crypto ipsec client ezvpn xauth

strange thing is, i really cant see anywhere where i can put the command it tells me to execute - it does not accept it anywhere.

Would it be the:
crypto ipsec client ezvpn uk
connect auto
group NCHSlovakiaWH100 key 3xpAn510nNcH776
mode network-extension
peer 215.23.45.111

part of the config they want you to enter:

crypto ipsec client ezvpn xauth
connect auto
group NCHSlovakiaWH100 key 3xpAn510nNcH776
mode network-extension
peer 215.23.45.111

???

Sorry, haven't configured EVPN before, only site-to-site.

tried that but still getting the same...

RTRSlovakiaWH#sh crypto isakmp sa
dst src state conn-id slot
21........... 21.......... CONF_XAUTH 27 0
21........ 21........ MM_NO_STATE 26 0 (deleted)

RTRSlovakiaWH#sh crypto isakmp sa
dst src state conn-id slot
21.............. 21.......... CONF_XAUTH 27 0
21.............. 21........... MM_NO_STATE 26 0 (deleted)

RTRSlovakiaWH#
RTRSlovakiaWH#
000804: Jul 6 07:30:34.195 UTC: EZVPN(xauth): Pending XAuth Request, Please enter the following command:
000805: Jul 6 07:30:34.195 UTC: EZVPN: crypto ipsec client ezvpn xauth

is my 1st attempt at easy vpn also. normally standard IPSEC site to site.

i am trying to facilitate a site which has a standard DSL connection with dynamic ISP assigned public IP address.

Not finding the easy vpn all that easy lol :)

I hate to suggest it, but have you tried to config this part of the router via CCP?

i'm not familiar with CCP to be honest. all my router configs are done via the CLI. Is this a web based tool?

It's the "config for dummies" GUI that Cisco has. I've used SDM to study for exam becuase it was required, I would assume that it would be about the same. Not sure if that would help or not. http://www.cisco.com/en/US/products/ps9422/index.html

Cisco easy VPN issue

Premium Content

Premium Content

View Solutions Only

Explore More Content

Explore More ContentExplore courses, solutions, and other research materials related to this topic.