gveraa
asked on
no connection VPN
hello,
i'm having issues with my VPN setup I´m using a CIsco 1721 (C1700-ADVIPSERVICESK9-M), Version 12.4(3), Release FC2 .
1 FastEthernet interface (local network)
1 ATM interface (WIC-ADSL connection to internet)
1 Virtual Private Network (VPN) Module
I´m using a windows Cisco VPN client 5.0.07.04 in another site with subnet 172.16.1.0
this is my config
Current configuration : 2017 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$8m04$j2hrF5s52IdlWsvRU6 8Sv1
!
aaa new-model
!
!
aaa authentication login VPN-USERS local
aaa authorization network VPN-GROUP local
!
aaa session-id common
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
!
!
vpdn enable
username xxxx password 0 yyyyy
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group VPN-GROUP
key VPN
pool VPNPOOL
!
crypto map VPN-STATIC client authentication list VPN-USERS
crypto map VPN-STATIC isakmp authorization list VPN-GROUP
crypto map VPN-STATIC client configuration address respond
crypto map VPN-STATIC 10 ipsec-isakmp dynamic VPN-DYNAMIC
!
!
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no atm ilmi-keepalive
bundle-enable
dsl operating-mode auto
hold-queue 224 in
!
interface ATM0.1 point-to-point
no ip redirects
no ip unreachables
no ip proxy-arp
pvc 8/81
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
ip address 192.168.1.241 255.255.255.0
speed auto
!
interface Dialer1
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp authentication pap callin
ppp pap sent-username 12345 password 0 abcde
crypto map VPN-STATIC
!
ip local pool VPNPOOL 192.168.1.229 192.168.1.239
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
no ip http server
no ip http secure-server
!
!
!
control-plane
!
line con 0
line aux 0
line vty 0 4
password XXXXX
!
end
when i connect, i get the error
Router#
*Mar 1 22:17:11.006: ISAKMP (0:0): received packet from 189.133.25.117 dport 50
0 sport 54553 Global (N) NEW SA
*Mar 1 22:17:11.010: ISAKMP: Created a peer struct for 189.133.25.117, peer por
t 54553
*Mar 1 22:17:11.010: ISAKMP: New peer created peer = 0x84B2C3AC peer_handle = 0
x80000023
*Mar 1 22:17:11.010: ISAKMP: Locking peer struct 0x84B2C3AC, IKE refcount 1 for
crypto_isakmp_process_bloc k
*Mar 1 22:17:11.010: ISAKMP:(0:0:N/A:0):Setting client config settings 849876DC
*Mar 1 22:17:11.010: ISAKMP:(0:0:N/A:0):(Re)Set ting client xauth list and stat
e
*Mar 1 22:17:11.010: ISAKMP/xauth: initializing AAA request
*Mar 1 22:17:11.014: ISAKMP: local port 500, remote port 54553
*Mar 1 22:17:11.014: insert sa successfully sa = 84D71C90
*Mar 1 22:17:11.014: ISAKMP:(0:0:N/A:0): processing SA payload. message ID = 0
*Mar 1 22:17:11.018: ISAKMP:(0:0:N/A:0): processing ID payload. message ID = 0
*Mar 1 22:17:11.018: ISAKMP (0:0): ID payload
next-payload : 13
type : 11
group id : vpnuser
protocol : 17
port : 500
length : 15
*Mar 1 22:17:11.018: ISAKMP:(0:0:N/A:0):: peer matches *none* of the profiles
*Mar 1 22:17:11.018: ISAKMP:(0:0:N/A:0): processing vendor id payload
*Mar 1 22:17:11.018: ISAKMP:(0:0:N/A:0): vendor ID seems Unity/DPD but major 21
5 mismatch
*Mar 1 22:17:11.018: ISAKMP:(0:0:N/A:0): vendor ID is XAUTH
*Mar 1 22:17:11.022: ISAKMP:(0:0:N/A:0): processing vendor id payload
*Mar 1 22:17:11.022: ISAKMP:(0:0:N/A:0): vendor ID is DPD
*Mar 1 22:17:11.022: ISAKMP:(0:0:N/A:0): processing vendor id payload
*Mar 1 22:17:11.022: ISAKMP:(0:0:N/A:0): vendor ID seems Unity/DPD but major 19
4 mismatch
*Mar 1 22:17:11.022: ISAKMP:(0:0:N/A:0): processing vendor id payload
*Mar 1 22:17:11.022: ISAKMP:(0:0:N/A:0): vendor ID seems Unity/DPD but major 12
3 mismatch
*Mar 1 22:17:11.022: ISAKMP:(0:0:N/A:0): vendor ID is NAT-T v2
*Mar 1 22:17:11.026: ISAKMP:(0:0:N/A:0): processing vendor id payload
*Mar 1 22:17:11.026: ISAKMP:(0:0:N/A:0): vendor ID is Unity
*Mar 1 22:17:11.026: ISAKMP:(0:0:N/A:0): Authentication by xauth preshared
*Mar 1 22:17:11.026: ISAKMP:(0:0:N/A:0):Checkin g ISAKMP transform 1 against pri
ority 10 policy
*Mar 1 22:17:11.026: ISAKMP: encryption AES-CBC
*Mar 1 22:17:11.026: ISAKMP: hash SHA
*Mar 1 22:17:11.026: ISAKMP: default group 2
*Mar 1 22:17:11.026: ISAKMP: auth XAUTHInitPreShared
*Mar 1 22:17:11.026: ISAKMP: life type in seconds
*Mar 1 22:17:11.030: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Mar 1 22:17:11.030: ISAKMP: keylength of 256
*Mar 1 22:17:11.030: ISAKMP:(0:0:N/A:0):Encrypt ion algorithm offered does not m
atch policy!
*Mar 1 22:17:11.030: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload i
s 3
*Mar 1 22:17:11.030: ISAKMP:(0:0:N/A:0):Checkin g ISAKMP transform 2 against pri
ority 10 policy
*Mar 1 22:17:11.030: ISAKMP: encryption AES-CBC
*Mar 1 22:17:11.030: ISAKMP: hash MD5
*Mar 1 22:17:11.034: ISAKMP: default group 2
*Mar 1 22:17:11.034: ISAKMP: auth XAUTHInitPreShared
*Mar 1 22:17:11.034: ISAKMP: life type in seconds
*Mar 1 22:17:11.034: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Mar 1 22:17:11.034: ISAKMP: keylength of 256
*Mar 1 22:17:11.034: ISAKMP:(0:0:N/A:0):Encrypt ion algorithm offered does not m
atch policy!
*Mar 1 22:17:11.034: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload i
s 3
*Mar 1 22:17:11.034: ISAKMP:(0:0:N/A:0):Checkin g ISAKMP transform 3 against pri
ority 10 policy
*Mar 1 22:17:11.038: ISAKMP: encryption AES-CBC
*Mar 1 22:17:11.038: ISAKMP: hash SHA
*Mar 1 22:17:11.038: ISAKMP: default group 2
*Mar 1 22:17:11.038: ISAKMP: auth pre-share
*Mar 1 22:17:11.038: ISAKMP: life type in seconds
*Mar 1 22:17:11.038: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Mar 1 22:17:11.038: ISAKMP: keylength of 256
*Mar 1 22:17:11.038: ISAKMP:(0:0:N/A:0):Encrypt ion algorithm offered does not m
atch policy!
*Mar 1 22:17:11.042: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload i
s 3
*Mar 1 22:17:11.042: ISAKMP:(0:0:N/A:0):Checkin g ISAKMP transform 4 against pri
ority 10 policy
*Mar 1 22:17:11.042: ISAKMP: encryption AES-CBC
*Mar 1 22:17:11.042: ISAKMP: hash MD5
*Mar 1 22:17:11.042: ISAKMP: default group 2
*Mar 1 22:17:11.042: ISAKMP: auth pre-share
*Mar 1 22:17:11.042: ISAKMP: life type in seconds
*Mar 1 22:17:11.042: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Mar 1 22:17:11.042: ISAKMP: keylength of 256
*Mar 1 22:17:11.046: ISAKMP:(0:0:N/A:0):Encrypt ion algorithm offered does not m
atch policy!
*Mar 1 22:17:11.046: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload i
s 3
*Mar 1 22:17:11.046: ISAKMP:(0:0:N/A:0):Checkin g ISAKMP transform 5 against pri
ority 10 policy
*Mar 1 22:17:11.046: ISAKMP: encryption AES-CBC
*Mar 1 22:17:11.046: ISAKMP: hash SHA
*Mar 1 22:17:11.046: ISAKMP: default group 2
*Mar 1 22:17:11.046: ISAKMP: auth XAUTHInitPreShared
*Mar 1 22:17:11.046: ISAKMP: life type in seconds
*Mar 1 22:17:11.046: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Mar 1 22:17:11.050: ISAKMP: keylength of 128
*Mar 1 22:17:11.050: ISAKMP:(0:0:N/A:0):Encrypt ion algorithm offered does not m
atch policy!
*Mar 1 22:17:11.050: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload i
s 3
*Mar 1 22:17:11.050: ISAKMP:(0:0:N/A:0):Checkin g ISAKMP transform 6 against pri
ority 10 policy
*Mar 1 22:17:11.050: ISAKMP: encryption AES-CBC
*Mar 1 22:17:11.050: ISAKMP: hash MD5
*Mar 1 22:17:11.050: ISAKMP: default group 2
*Mar 1 22:17:11.050: ISAKMP: auth XAUTHInitPreShared
*Mar 1 22:17:11.054: ISAKMP: life type in seconds
*Mar 1 22:17:11.054: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Mar 1 22:17:11.054: ISAKMP: keylength of 128
*Mar 1 22:17:11.054: ISAKMP:(0:0:N/A:0):Encrypt ion algorithm offered does not m
atch policy!
*Mar 1 22:17:11.054: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload i
s 3
*Mar 1 22:17:11.054: ISAKMP:(0:0:N/A:0):Checkin g ISAKMP transform 7 against pri
ority 10 policy
*Mar 1 22:17:11.054: ISAKMP: encryption AES-CBC
*Mar 1 22:17:11.058: ISAKMP: hash SHA
*Mar 1 22:17:11.058: ISAKMP: default group 2
*Mar 1 22:17:11.058: ISAKMP: auth pre-share
*Mar 1 22:17:11.058: ISAKMP: life type in seconds
*Mar 1 22:17:11.058: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Mar 1 22:17:11.058: ISAKMP: keylength of 128
*Mar 1 22:17:11.058: ISAKMP:(0:0:N/A:0):Encrypt ion algorithm offered does not m
atch policy!
*Mar 1 22:17:11.058: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload i
s 3
*Mar 1 22:17:11.062: ISAKMP:(0:0:N/A:0):Checkin g ISAKMP transform 8 against pri
ority 10 policy
*Mar 1 22:17:11.062: ISAKMP: encryption AES-CBC
*Mar 1 22:17:11.062: ISAKMP: hash MD5
*Mar 1 22:17:11.062: ISAKMP: default group 2
*Mar 1 22:17:11.062: ISAKMP: auth pre-share
*Mar 1 22:17:11.062: ISAKMP: life type in seconds
*Mar 1 22:17:11.062: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Mar 1 22:17:11.066: ISAKMP: keylength of 128
*Mar 1 22:17:11.066: ISAKMP:(0:0:N/A:0):Encrypt ion algorithm offered does not m
atch policy!
*Mar 1 22:17:11.066: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload i
s 3
*Mar 1 22:17:11.066: ISAKMP:(0:0:N/A:0):Checkin g ISAKMP transform 9 against pri
ority 10 policy
*Mar 1 22:17:11.066: ISAKMP: encryption 3DES-CBC
*Mar 1 22:17:11.070: ISAKMP: hash SHA
*Mar 1 22:17:11.070: ISAKMP: default group 2
*Mar 1 22:17:11.070: ISAKMP: auth XAUTHInitPreShared
*Mar 1 22:17:11.070: ISAKMP: life type in seconds
*Mar 1 22:17:11.070: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Mar 1 22:17:11.074: ISAKMP:(0:0:N/A:0):atts are acceptable. Next payload is 3
*Mar 1 22:17:11.326: ISAKMP:(0:1:HW:2): processing KE payload. message ID = 0
*Mar 1 22:17:11.574: ISAKMP:(0:1:HW:2): processing NONCE payload. message ID =
0
*Mar 1 22:17:11.574: ISAKMP:(0:1:HW:2): vendor ID is NAT-T v2
*Mar 1 22:17:11.578: ISAKMP:(0:1:HW:2):Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH
*Mar 1 22:17:11.578: ISAKMP:(0:1:HW:2):Old State = IKE_READY New State = IKE_R
_AM_AAA_AWAIT
*Mar 1 22:17:11.578: AAA/AUTHOR/IKMP/LOCAL: group vpnuser does not exist
*Mar 1 22:17:11.578: ISAKMP (0:268435457): incrementing error counter on sa, at
tempt 1 of 5: construct_fail_ag_init
*Mar 1 22:17:16.062: ISAKMP (0:268435457): received packet from 189.133.25.117
dport 500 sport 54553 Global (R) AG_NO_STATE
*Mar 1 22:17:16.062: ISAKMP:(0:1:HW:2): phase 1 packet is a duplicate of a prev
ious packet.
*Mar 1 22:17:16.066: ISAKMP:(0:1:HW:2): retransmitting due to retransmit phase
1
*Mar 1 22:17:16.066: ISAKMP:(0:1:HW:2): retransmitting phase 1 AG_NO_STATE...
*Mar 1 22:17:16.566: ISAKMP:(0:1:HW:2): retransmitting phase 1 AG_NO_STATE...
*Mar 1 22:17:16.566: ISAKMP (0:268435457): incrementing error counter on sa, at
tempt 2 of 5: retransmit phase 1
*Mar 1 22:17:16.566: ISAKMP:(0:1:HW:2): retransmitting phase 1 AG_NO_STATE
*Mar 1 22:17:16.566: ISAKMP:(0:1:HW:2): sending packet to 189.133.25.117 my_por
t 500 peer_port 54553 (R) AG_NO_STATE
*Mar 1 22:17:21.066: ISAKMP (0:268435457): received packet from 189.133.25.117
dport 500 sport 54553 Global (R) AG_NO_STATE
*Mar 1 22:17:21.066: ISAKMP:(0:1:HW:2): phase 1 packet is a duplicate of a prev
ious packet.
*Mar 1 22:17:21.066: ISAKMP:(0:1:HW:2): retransmitting due to retransmit phase
1
*Mar 1 22:17:21.066: ISAKMP:(0:1:HW:2): retransmitting phase 1 AG_NO_STATE...
*Mar 1 22:17:21.566: ISAKMP:(0:1:HW:2): retransmitting phase 1 AG_NO_STATE...
*Mar 1 22:17:21.566: ISAKMP (0:268435457): incrementing error counter on sa, at
tempt 3 of 5: retransmit phase 1
*Mar 1 22:17:21.566: ISAKMP:(0:1:HW:2): no outgoing phase 1 packet to retransmi
t. AG_NO_STATE
*Mar 1 22:17:21.566: ISAKMP:(0:1:HW:2):peer does not do paranoid keepalives.
*Mar 1 22:17:21.566: ISAKMP:(0:1:HW:2):deleting SA reason "Death by retransmiss
ion P1" state (R) AG_NO_STATE (peer 189.133.25.117)
*Mar 1 22:17:21.570: ISAKMP:(0:1:HW:2):deleting SA reason "Death by retransmiss
ion P1" state (R) AG_NO_STATE (peer 189.133.25.117)
*Mar 1 22:17:21.570: ISAKMP: Unlocking IKE struct 0x84B2C3AC for isadb_mark_sa_
deleted(), count 0
*Mar 1 22:17:21.570: ISAKMP: Deleting peer node by peer_reap for 189.133.25.117
: 84B2C3AC
*Mar 1 22:17:21.574: ISAKMP:(0:1:HW:2):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DE
L
*Mar 1 22:17:21.574: ISAKMP:(0:1:HW:2):Old State = IKE_R_AM_AAA_AWAIT New Stat
e = IKE_DEST_SA
*Mar 1 22:17:21.574: IPSEC(key_engine): got a queue event with 1 kei messages
*Mar 1 22:17:26.066: ISAKMP (0:268435457): received packet from 189.133.25.117
dport 500 sport 54553 Global (R) MM_NO_STATE
*Mar 1 22:18:21.574: ISAKMP:(0:1:HW:2):purging SA., sa=84D71C90, delme=84D71C90
Could you help me please¡¡¡¡
i'm having issues with my VPN setup I´m using a CIsco 1721 (C1700-ADVIPSERVICESK9-M),
1 FastEthernet interface (local network)
1 ATM interface (WIC-ADSL connection to internet)
1 Virtual Private Network (VPN) Module
I´m using a windows Cisco VPN client 5.0.07.04 in another site with subnet 172.16.1.0
this is my config
Current configuration : 2017 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$8m04$j2hrF5s52IdlWsvRU6
!
aaa new-model
!
!
aaa authentication login VPN-USERS local
aaa authorization network VPN-GROUP local
!
aaa session-id common
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
!
!
vpdn enable
username xxxx password 0 yyyyy
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group VPN-GROUP
key VPN
pool VPNPOOL
!
crypto map VPN-STATIC client authentication list VPN-USERS
crypto map VPN-STATIC isakmp authorization list VPN-GROUP
crypto map VPN-STATIC client configuration address respond
crypto map VPN-STATIC 10 ipsec-isakmp dynamic VPN-DYNAMIC
!
!
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no atm ilmi-keepalive
bundle-enable
dsl operating-mode auto
hold-queue 224 in
!
interface ATM0.1 point-to-point
no ip redirects
no ip unreachables
no ip proxy-arp
pvc 8/81
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
ip address 192.168.1.241 255.255.255.0
speed auto
!
interface Dialer1
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp authentication pap callin
ppp pap sent-username 12345 password 0 abcde
crypto map VPN-STATIC
!
ip local pool VPNPOOL 192.168.1.229 192.168.1.239
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
no ip http server
no ip http secure-server
!
!
!
control-plane
!
line con 0
line aux 0
line vty 0 4
password XXXXX
!
end
when i connect, i get the error
Router#
*Mar 1 22:17:11.006: ISAKMP (0:0): received packet from 189.133.25.117 dport 50
0 sport 54553 Global (N) NEW SA
*Mar 1 22:17:11.010: ISAKMP: Created a peer struct for 189.133.25.117, peer por
t 54553
*Mar 1 22:17:11.010: ISAKMP: New peer created peer = 0x84B2C3AC peer_handle = 0
x80000023
*Mar 1 22:17:11.010: ISAKMP: Locking peer struct 0x84B2C3AC, IKE refcount 1 for
crypto_isakmp_process_bloc
*Mar 1 22:17:11.010: ISAKMP:(0:0:N/A:0):Setting
*Mar 1 22:17:11.010: ISAKMP:(0:0:N/A:0):(Re)Set
e
*Mar 1 22:17:11.010: ISAKMP/xauth: initializing AAA request
*Mar 1 22:17:11.014: ISAKMP: local port 500, remote port 54553
*Mar 1 22:17:11.014: insert sa successfully sa = 84D71C90
*Mar 1 22:17:11.014: ISAKMP:(0:0:N/A:0): processing SA payload. message ID = 0
*Mar 1 22:17:11.018: ISAKMP:(0:0:N/A:0): processing ID payload. message ID = 0
*Mar 1 22:17:11.018: ISAKMP (0:0): ID payload
next-payload : 13
type : 11
group id : vpnuser
protocol : 17
port : 500
length : 15
*Mar 1 22:17:11.018: ISAKMP:(0:0:N/A:0):: peer matches *none* of the profiles
*Mar 1 22:17:11.018: ISAKMP:(0:0:N/A:0): processing vendor id payload
*Mar 1 22:17:11.018: ISAKMP:(0:0:N/A:0): vendor ID seems Unity/DPD but major 21
5 mismatch
*Mar 1 22:17:11.018: ISAKMP:(0:0:N/A:0): vendor ID is XAUTH
*Mar 1 22:17:11.022: ISAKMP:(0:0:N/A:0): processing vendor id payload
*Mar 1 22:17:11.022: ISAKMP:(0:0:N/A:0): vendor ID is DPD
*Mar 1 22:17:11.022: ISAKMP:(0:0:N/A:0): processing vendor id payload
*Mar 1 22:17:11.022: ISAKMP:(0:0:N/A:0): vendor ID seems Unity/DPD but major 19
4 mismatch
*Mar 1 22:17:11.022: ISAKMP:(0:0:N/A:0): processing vendor id payload
*Mar 1 22:17:11.022: ISAKMP:(0:0:N/A:0): vendor ID seems Unity/DPD but major 12
3 mismatch
*Mar 1 22:17:11.022: ISAKMP:(0:0:N/A:0): vendor ID is NAT-T v2
*Mar 1 22:17:11.026: ISAKMP:(0:0:N/A:0): processing vendor id payload
*Mar 1 22:17:11.026: ISAKMP:(0:0:N/A:0): vendor ID is Unity
*Mar 1 22:17:11.026: ISAKMP:(0:0:N/A:0): Authentication by xauth preshared
*Mar 1 22:17:11.026: ISAKMP:(0:0:N/A:0):Checkin
ority 10 policy
*Mar 1 22:17:11.026: ISAKMP: encryption AES-CBC
*Mar 1 22:17:11.026: ISAKMP: hash SHA
*Mar 1 22:17:11.026: ISAKMP: default group 2
*Mar 1 22:17:11.026: ISAKMP: auth XAUTHInitPreShared
*Mar 1 22:17:11.026: ISAKMP: life type in seconds
*Mar 1 22:17:11.030: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Mar 1 22:17:11.030: ISAKMP: keylength of 256
*Mar 1 22:17:11.030: ISAKMP:(0:0:N/A:0):Encrypt
atch policy!
*Mar 1 22:17:11.030: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload i
s 3
*Mar 1 22:17:11.030: ISAKMP:(0:0:N/A:0):Checkin
ority 10 policy
*Mar 1 22:17:11.030: ISAKMP: encryption AES-CBC
*Mar 1 22:17:11.030: ISAKMP: hash MD5
*Mar 1 22:17:11.034: ISAKMP: default group 2
*Mar 1 22:17:11.034: ISAKMP: auth XAUTHInitPreShared
*Mar 1 22:17:11.034: ISAKMP: life type in seconds
*Mar 1 22:17:11.034: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Mar 1 22:17:11.034: ISAKMP: keylength of 256
*Mar 1 22:17:11.034: ISAKMP:(0:0:N/A:0):Encrypt
atch policy!
*Mar 1 22:17:11.034: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload i
s 3
*Mar 1 22:17:11.034: ISAKMP:(0:0:N/A:0):Checkin
ority 10 policy
*Mar 1 22:17:11.038: ISAKMP: encryption AES-CBC
*Mar 1 22:17:11.038: ISAKMP: hash SHA
*Mar 1 22:17:11.038: ISAKMP: default group 2
*Mar 1 22:17:11.038: ISAKMP: auth pre-share
*Mar 1 22:17:11.038: ISAKMP: life type in seconds
*Mar 1 22:17:11.038: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Mar 1 22:17:11.038: ISAKMP: keylength of 256
*Mar 1 22:17:11.038: ISAKMP:(0:0:N/A:0):Encrypt
atch policy!
*Mar 1 22:17:11.042: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload i
s 3
*Mar 1 22:17:11.042: ISAKMP:(0:0:N/A:0):Checkin
ority 10 policy
*Mar 1 22:17:11.042: ISAKMP: encryption AES-CBC
*Mar 1 22:17:11.042: ISAKMP: hash MD5
*Mar 1 22:17:11.042: ISAKMP: default group 2
*Mar 1 22:17:11.042: ISAKMP: auth pre-share
*Mar 1 22:17:11.042: ISAKMP: life type in seconds
*Mar 1 22:17:11.042: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Mar 1 22:17:11.042: ISAKMP: keylength of 256
*Mar 1 22:17:11.046: ISAKMP:(0:0:N/A:0):Encrypt
atch policy!
*Mar 1 22:17:11.046: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload i
s 3
*Mar 1 22:17:11.046: ISAKMP:(0:0:N/A:0):Checkin
ority 10 policy
*Mar 1 22:17:11.046: ISAKMP: encryption AES-CBC
*Mar 1 22:17:11.046: ISAKMP: hash SHA
*Mar 1 22:17:11.046: ISAKMP: default group 2
*Mar 1 22:17:11.046: ISAKMP: auth XAUTHInitPreShared
*Mar 1 22:17:11.046: ISAKMP: life type in seconds
*Mar 1 22:17:11.046: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Mar 1 22:17:11.050: ISAKMP: keylength of 128
*Mar 1 22:17:11.050: ISAKMP:(0:0:N/A:0):Encrypt
atch policy!
*Mar 1 22:17:11.050: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload i
s 3
*Mar 1 22:17:11.050: ISAKMP:(0:0:N/A:0):Checkin
ority 10 policy
*Mar 1 22:17:11.050: ISAKMP: encryption AES-CBC
*Mar 1 22:17:11.050: ISAKMP: hash MD5
*Mar 1 22:17:11.050: ISAKMP: default group 2
*Mar 1 22:17:11.050: ISAKMP: auth XAUTHInitPreShared
*Mar 1 22:17:11.054: ISAKMP: life type in seconds
*Mar 1 22:17:11.054: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Mar 1 22:17:11.054: ISAKMP: keylength of 128
*Mar 1 22:17:11.054: ISAKMP:(0:0:N/A:0):Encrypt
atch policy!
*Mar 1 22:17:11.054: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload i
s 3
*Mar 1 22:17:11.054: ISAKMP:(0:0:N/A:0):Checkin
ority 10 policy
*Mar 1 22:17:11.054: ISAKMP: encryption AES-CBC
*Mar 1 22:17:11.058: ISAKMP: hash SHA
*Mar 1 22:17:11.058: ISAKMP: default group 2
*Mar 1 22:17:11.058: ISAKMP: auth pre-share
*Mar 1 22:17:11.058: ISAKMP: life type in seconds
*Mar 1 22:17:11.058: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Mar 1 22:17:11.058: ISAKMP: keylength of 128
*Mar 1 22:17:11.058: ISAKMP:(0:0:N/A:0):Encrypt
atch policy!
*Mar 1 22:17:11.058: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload i
s 3
*Mar 1 22:17:11.062: ISAKMP:(0:0:N/A:0):Checkin
ority 10 policy
*Mar 1 22:17:11.062: ISAKMP: encryption AES-CBC
*Mar 1 22:17:11.062: ISAKMP: hash MD5
*Mar 1 22:17:11.062: ISAKMP: default group 2
*Mar 1 22:17:11.062: ISAKMP: auth pre-share
*Mar 1 22:17:11.062: ISAKMP: life type in seconds
*Mar 1 22:17:11.062: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Mar 1 22:17:11.066: ISAKMP: keylength of 128
*Mar 1 22:17:11.066: ISAKMP:(0:0:N/A:0):Encrypt
atch policy!
*Mar 1 22:17:11.066: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload i
s 3
*Mar 1 22:17:11.066: ISAKMP:(0:0:N/A:0):Checkin
ority 10 policy
*Mar 1 22:17:11.066: ISAKMP: encryption 3DES-CBC
*Mar 1 22:17:11.070: ISAKMP: hash SHA
*Mar 1 22:17:11.070: ISAKMP: default group 2
*Mar 1 22:17:11.070: ISAKMP: auth XAUTHInitPreShared
*Mar 1 22:17:11.070: ISAKMP: life type in seconds
*Mar 1 22:17:11.070: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Mar 1 22:17:11.074: ISAKMP:(0:0:N/A:0):atts are acceptable. Next payload is 3
*Mar 1 22:17:11.326: ISAKMP:(0:1:HW:2): processing KE payload. message ID = 0
*Mar 1 22:17:11.574: ISAKMP:(0:1:HW:2): processing NONCE payload. message ID =
0
*Mar 1 22:17:11.574: ISAKMP:(0:1:HW:2): vendor ID is NAT-T v2
*Mar 1 22:17:11.578: ISAKMP:(0:1:HW:2):Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH
*Mar 1 22:17:11.578: ISAKMP:(0:1:HW:2):Old State = IKE_READY New State = IKE_R
_AM_AAA_AWAIT
*Mar 1 22:17:11.578: AAA/AUTHOR/IKMP/LOCAL: group vpnuser does not exist
*Mar 1 22:17:11.578: ISAKMP (0:268435457): incrementing error counter on sa, at
tempt 1 of 5: construct_fail_ag_init
*Mar 1 22:17:16.062: ISAKMP (0:268435457): received packet from 189.133.25.117
dport 500 sport 54553 Global (R) AG_NO_STATE
*Mar 1 22:17:16.062: ISAKMP:(0:1:HW:2): phase 1 packet is a duplicate of a prev
ious packet.
*Mar 1 22:17:16.066: ISAKMP:(0:1:HW:2): retransmitting due to retransmit phase
1
*Mar 1 22:17:16.066: ISAKMP:(0:1:HW:2): retransmitting phase 1 AG_NO_STATE...
*Mar 1 22:17:16.566: ISAKMP:(0:1:HW:2): retransmitting phase 1 AG_NO_STATE...
*Mar 1 22:17:16.566: ISAKMP (0:268435457): incrementing error counter on sa, at
tempt 2 of 5: retransmit phase 1
*Mar 1 22:17:16.566: ISAKMP:(0:1:HW:2): retransmitting phase 1 AG_NO_STATE
*Mar 1 22:17:16.566: ISAKMP:(0:1:HW:2): sending packet to 189.133.25.117 my_por
t 500 peer_port 54553 (R) AG_NO_STATE
*Mar 1 22:17:21.066: ISAKMP (0:268435457): received packet from 189.133.25.117
dport 500 sport 54553 Global (R) AG_NO_STATE
*Mar 1 22:17:21.066: ISAKMP:(0:1:HW:2): phase 1 packet is a duplicate of a prev
ious packet.
*Mar 1 22:17:21.066: ISAKMP:(0:1:HW:2): retransmitting due to retransmit phase
1
*Mar 1 22:17:21.066: ISAKMP:(0:1:HW:2): retransmitting phase 1 AG_NO_STATE...
*Mar 1 22:17:21.566: ISAKMP:(0:1:HW:2): retransmitting phase 1 AG_NO_STATE...
*Mar 1 22:17:21.566: ISAKMP (0:268435457): incrementing error counter on sa, at
tempt 3 of 5: retransmit phase 1
*Mar 1 22:17:21.566: ISAKMP:(0:1:HW:2): no outgoing phase 1 packet to retransmi
t. AG_NO_STATE
*Mar 1 22:17:21.566: ISAKMP:(0:1:HW:2):peer does not do paranoid keepalives.
*Mar 1 22:17:21.566: ISAKMP:(0:1:HW:2):deleting
ion P1" state (R) AG_NO_STATE (peer 189.133.25.117)
*Mar 1 22:17:21.570: ISAKMP:(0:1:HW:2):deleting
ion P1" state (R) AG_NO_STATE (peer 189.133.25.117)
*Mar 1 22:17:21.570: ISAKMP: Unlocking IKE struct 0x84B2C3AC for isadb_mark_sa_
deleted(), count 0
*Mar 1 22:17:21.570: ISAKMP: Deleting peer node by peer_reap for 189.133.25.117
: 84B2C3AC
*Mar 1 22:17:21.574: ISAKMP:(0:1:HW:2):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DE
L
*Mar 1 22:17:21.574: ISAKMP:(0:1:HW:2):Old State = IKE_R_AM_AAA_AWAIT New Stat
e = IKE_DEST_SA
*Mar 1 22:17:21.574: IPSEC(key_engine): got a queue event with 1 kei messages
*Mar 1 22:17:26.066: ISAKMP (0:268435457): received packet from 189.133.25.117
dport 500 sport 54553 Global (R) MM_NO_STATE
*Mar 1 22:18:21.574: ISAKMP:(0:1:HW:2):purging SA., sa=84D71C90, delme=84D71C90
Could you help me please¡¡¡¡
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER