[OSL | CCIE_Security] Lab4A, task 4.6

Simon Baumann Thu, 21 Jan 2010 01:45:01 -0800

Hi,
I'm working on task 4.6. I got the problem that the VPN client on the XP-WS got 
the error 433. Here's and "deb cry isa sa" from R4:


*Jan 21 10:39:56.861: ISAKMP (0): received packet from 8.9.2.222 dport 500 
sport 1112 Global (N) NEW SA
*Jan 21 10:39:56.861: ISAKMP: Created a peer struct for 8.9.2.222, peer port 
1112
*Jan 21 10:39:56.865: ISAKMP: New peer created peer = 0x487D0344 peer_handle = 
0x80000002
*Jan 21 10:39:56.865: ISAKMP: Locking peer struct 0x487D0344, refcount 1 for 
crypto_isakmp_process_block
*Jan 21 10:39:56.865: ISAKMP: local port 500, remote port 1112
*Jan 21 10:39:56.865: ISAKMP:(0):insert sa successfully sa = 483966CC
*Jan 21 10:39:56.865: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
*Jan 21 10:39:56.865: ISAKMP:(0):Old State = IKE_READY  New State = IKE_R_MM1 

*Jan 21 10:39:56.865: ISAKMP:(0): processing SA payload. message ID = 0
*Jan 21 10:39:56.865: ISAKMP:(0): processing vendor id payload
*Jan 21 10:39:56.869: ISAKMP:(0): vendor ID seems Unity/DPD but major 215 
mismatch
*Jan 21 10:39:56.869: ISAKMP:(0): vendor ID is XAUTH
*Jan 21 10:39:56.869: ISAKMP:(0): processing v
R4#endor id payload
*Jan 21 10:39:56.869: ISAKMP:(0): vendor ID is DPD
*Jan 21 10:39:56.869: ISAKMP:(0): processing vendor id payload
*Jan 21 10:39:56.869: ISAKMP:(0): processing IKE frag vendor id payload
*Jan 21 10:39:56.869: ISAKMP:(0):Support for IKE Fragmentation not enabled
*Jan 21 10:39:56.869: ISAKMP:(0): processing vendor id payload
*Jan 21 10:39:56.869: ISAKMP:(0): vendor ID seems Unity/DPD but major 123 
mismatch
*Jan 21 10:39:56.869: ISAKMP:(0): vendor ID is NAT-T v2
*Jan 21 10:39:56.869: ISAKMP:(0): processing vendor id payload
*Jan 21 10:39:56.869: ISAKMP:(0): vendor ID is Unity
*Jan 21 10:39:56.869: ISAKMP:(0):No pre-shared key with 8.9.2.222!
*Jan 21 10:39:56.869: ISAKMP : Scanning profiles for xauth ... ISA_PROF
*Jan 21 10:39:56.869: ISAKMP:(0): Authentication by xauth preshared

SOME OUTPUT EXCLUDED!

*Jan 21 10:39:56.945: ISAKMP:(0): constructed NAT-T vendor-02 ID
*Jan 21 10:39:56.945: ISAKMP:(0): sending packet to 8.9.2.222 my_port 500 
peer_port 1112 (R) MM_SA_SETUP
*Jan 21 10:39:57.069: ISAKMP:(1001):Input = IKE_MESG_INTERNAL, 
IKE_PROCESS_COMPLETE
*Jan 21 10:39:57.069: ISAKMP:(1001):Old State = IKE_R_MM3  New State = 
IKE_R_MM4 

*Jan 21 10:39:57.333: ISAKMP (1001): received packet from 8.9.2.222 dport 500 
sport 1112 Global (R) MM_KEY_EXCH
*Jan 21 10:39:57.333: ISAKMP:(1001):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
*Jan 21 10:39:57.333: ISAKMP:(1001):Old State = IKE_R_MM4  New State = 
IKE_R_MM5 

*Jan 21 10:39:57.337: ISAKMP:(1001): processing ID payload. message ID = 0
*Jan 21 10:39:57.337: ISAKMP (1001): ID payload 
        next-payload : 6
        type         : 9 
        Dist. name   : cn=XP-WS,ou=CCIE,o=IPExpert
*Jan 21 10:39:57.901: ISAKMP: set new node 23976384 to CONF_XAUTH   
*Jan 21 10:39:57.901: ISAKMP/xauth: request attribute XAUTH_USER_NAME_V2
*Jan 21 10:39:57.901: ISAKMP/xauth: request attribute XAUTH_USER_PASSWORD_V2
*Jan 21 10:39:57.901: ISAKMP:(1001): initiating peer config to 8.9.2.222. ID = 
23976384
*Jan 21 10:39:57.901: ISAKMP:(1001): sending packet to 8.9.2.222 my_port 500 
peer_port 1112 (R) CONF_XAUTH   
*Jan 21 10:39:57.901: ISAKMP:(1001):Sending an IKE IPv4 Packet.
*Jan 21 10:39:57.901: ISAKMP:(1001):Input = IKE_MESG_INTERNAL, 
IKE_PHASE1_COMPLETE
*Jan 21 10:39:57.901: ISAKMP:(1001):Old State = IKE_P1_COMPLETE  New State = 
IKE_XAUTH_REQ_SENT 

*Jan 21 10:40:00.221: ISAKMP (1001): received packet from 8.9.2.222 dport 500 
sport 1112 Global (R) CONF_XAUTH   
*Jan 21 10:40:00.221: ISAKMP:(1001):processing transaction payload from 
8.9.2.222. message ID = 23976384
*Jan 21 10:40:00.221: ISAKMP: Config payload REPLY
*Jan 21 10:40:00.221: ISAKMP/xauth: reply attribute XAUTH_USER_NAME_V2
*Jan 21 10:40:00.221: ISAKMP/xauth: reply attribute XAUTH_USER_PASSWORD_V2
*Jan 21 10:40:00.221: ISAKMP:(1001):deleting node 23976384 error FALSE reason 
"Done with xauth request/reply exchange"
*Jan 21 10:40:00.221: ISAKMP:(1001):Input = IKE_MESG_FROM_PEER, IKE_CFG_REPLY
*Jan 21 10:40:00.221: ISAKMP:(1001):Old State = IKE_XAUTH_REQ_SENT  New State = 
IKE_XAUTH_AAA_CONT_LOGIN_AWAIT 

*Jan 21 10:40:00.233: ISAKMP: set new node -94082272 to CONF_XAUTH   
*Jan 21 10:40:00.233: ISAKMP:(1001): initiating peer config to 8.9.2.222. ID = 
-94082272
*Jan 21 10:40:00.233: ISAKMP:(1001): sending packet to 8.9.2.222 my_port 500 
peer_port 1112 (R) CONF_XAUTH   
*Jan 21 10:40:00.233: ISAKMP:(1001):Sending an IKE IPv4 Packet.
*Jan 21 10:40:00.237: ISAKMP:(1001):Input = IKE_MESG_FROM_AAA, 
IKE_AAA_CONT_LOGIN
*Jan 21 10:40:00.237: ISAKMP:(1001):Old State = IKE_XAUTH_AAA_CONT_LOGIN_AWAIT  
New State = IKE_XAUTH_SET_SENT 

I configured and local user on R4:
username simon secret 5 $1$W02O$7crPT0GtcUVCVDc/gOAWK1

I get err 433 after I entered my username/pass when the VPN client requested 
it. Do you have an hint what to check next?

Cheers
Simon
 

_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

[OSL | CCIE_Security] Lab4A, task 4.6

Reply via email to