These are the debugs at the EAZY VPN Client
*May 11 07:35:06.563: ISAKMP:(0):Checking ISAKMP transform 1 against priority
65526 policy*May 11 07:35:06.563: ISAKMP: encryption 3DES-CBC*May 11
07:35:06.563: ISAKMP: hash SHA*May 11 07:35:06.563: ISAKMP: default
group 2*May 11 07:35:06.563: ISAKMP: auth XAUTHInitPreShared*May 11
07:35:06.563: ISAKMP: life type in seconds*May 11 07:35:06.563: ISAKMP:
life duration (VPI) of 0x0 0x20 0xC4 0x9B*May 11 07:35:06.563:
ISAKMP:(0):Encryption algorithm offered does not match policy!*May 11
07:35:06.563: ISAKMP:(0):atts are not acceptable. Next payload is 0*May 11
07:35:06.563: ISAKMP:(0):Checking ISAKMP transform 1 against priority 65527
policy*May 11 07:35:06.563: ISAKMP: encryption 3DES-CBC*May 11
07:35:06.563: ISAKMP: hash SHA*May 11 07:35:06.563: ISAKMP: default
group 2*May 11 07:35:06.563: ISAKMP: auth XAUTHInitPreShared*May 11
07:35:06.563: ISAKMP: life type in seconds*May 11 07:35:06.563: ISAKMP:
life duration (VPI) of 0x0 0x20 0xC4 0x9B*May 11 07:35:06.563:
ISAKMP:(0):atts are acceptable. Next payload is 0*May 11 07:35:06.563:
ISAKMP:(0):Acceptable atts:actual life: 2147483*May 11 07:35:06.563:
ISAKMP:(0):Acceptable atts:life: 0*May 11 07:35:06.563: ISAKMP:(0):Fill atts in
sa vpi_length:4*May 11 07:35:06.563: ISAKMP:(0):Fill atts in sa
life_in_seconds:2147483*May 11 07:35:06.563: ISAKMP:(0):Returning Actual
lifetime: 2147483*May 11 07:35:06.563: ISAKMP:(0)::Started lifetime timer:
2147483.
*May 11 07:35:06.563: ISAKMP (0): vendor ID is NAT-T RFC 3947*May 11
07:35:06.567: ISAKMP:(0): processing KE payload. message ID = 0*May 11
07:35:06.615: ISAKMP:(0): processing NONCE payload. message ID = 0*May 11
07:35:06.615: ISAKMP: no pre-shared key based on address 10.22.22.1!*May 11
07:35:06.615: ISAKMP:(0):found peer pre-shared key matching 192.1.22.1*May 11
07:35:06.615: ISAKMP:(1013): processing HASH payload. message ID = 0*May 11
07:35:06.615: ISAKMP:received payload type 20*May 11 07:35:06.615: ISAKMP
(1013): His hash no match - this node outside NAT*May 11 07:35:06.615:
ISAKMP:received payload type 20*May 11 07:35:06.615: ISAKMP (1013): His hash no
match - this node outside NAT*May 11 07:35:06.615: ISAKMP:(1013):SA
authentication status: authenticated*May 11 07:35:06.619:
ISAKMP:(1013):SA has been authenticated with 192.1.22.1*May 11 07:35:06.619:
ISAKMP: Trying to insert a peer 192.1.24.4/192.1.22.1/4500/, and inserted
successfully 48D56FCC.*May 11 07:35:06.619: ISAKMP:(1013):Send initial
contact*May 11 07:35:06.619: ISAKMP:(1013): sending packet to 192.1.22.1
my_port 4500 peer_port 4500 (I) AG_INIT_EXCH*May 11 07:35:06.619:
ISAKMP:(1013):Sending an IKE IPv4 Packet.*May 11 07:35:06.619:
ISAKMP:(1013):Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH*May 11 07:35:06.619:
ISAKMP:(1013):Old State = IKE_I_AM1 New State = IKE_P1_COMPLETE
*May 11 07:35:06.619: ISAKMP:(1013):Need XAUTH*May 11 07:35:06.619:
ISAKMP:(1013):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE*May 11
07:35:06.619: ISAKMP:(1013):Old State = IKE_P1_COMPLETE New State =
IKE_P1_COMPLETE
*May 11 07:35:16.283: ISAKMP:(1013): no outgoing phase 1 packet to retransmit.
CONF_XAUTH*May 11 07:35:16.571: ISAKMP (1013): received packet from 192.1.22.1
dport 500 sport 500 Global (I) CONF_XAUTH*May 11 07:35:16.571: ISAKMP:(1013):
phase 1 packet is a duplicate of a previous packet.*May 11 07:35:16.571:
ISAKMP:(1013): retransmitting due to retransmit phase 1*May 11 07:35:16.571:
ISAKMP:(1013): no outgoing phase 1 packet to retransmit. CONF_XAUTHR4#R4#*May
11 07:35:26.567: ISAKMP (1013): received packet from 192.1.22.1 dport 500 sport
500 Global (I) CONF_XAUTH*May 11 07:35:26.567: ISAKMP:(1013): phase 1 packet is
a duplicate of a previous packet.*May 11 07:35:26.567: ISAKMP:(1013):
retransmitting due to retransmit phase 1*May 11 07:35:26.567: ISAKMP:(1013): no
outgoing phase 1 packet to retransmit. CONF_XAUTHR4#*May 11 07:35:36.567:
ISAKMP (1013): received packet from 192.1.22.1 dport 500 sport 500 Global (I)
CONF_XAUTH*May 11 07:35:36.567: ISAKMP:(1013): phase 1 packet is a duplicate of
a previous packet.*May 11 07:35:36.567: ISAKMP:(1013): retransmitting due to
retransmit phase 1*May 11 07:35:36.567: ISAKMP:(1013): no outgoing phase 1
packet to retransmit. CONF_XAUTHR4#*May 11 07:35:46.567: ISAKMP (1013):
received packet from 192.1.22.1 dport 500 sport 500 Global (I) CONF_XAUTH*May
11 07:35:46.571: ISAKMP:(1013): phase 1 packet is a duplicate of a previous
packet.*May 11 07:35:46.571: ISAKMP:(1013): retransmitting due to retransmit
phase 1*May 11 07:35:46.571: ISAKMP:(1013): no outgoing phase 1 packet to
retransmit. CONF_XAUTHR4#*May 11 07:35:56.571: ISAKMP (1013): received packet
from 192.1.22.1 dport 500 sport 500 Global (I) CONF_XAUTH*May 11 07:35:56.571:
ISAKMP:(1013): phase 1 packet is a duplicate of a previous packet.*May 11
07:35:56.571: ISAKMP:(1013): retransmitting due to retransmit phase 1*May 11
07:35:56.571: ISAKMP:(1013): no outgoing phase 1 packet to retransmit.
CONF_XAUTHR4#*May 11 07:36:04.311: ISAKMP:(1012):purging SA., sa=482E894C,
delme=482E894CR4#
From: [email protected]
To: [email protected]
Date: Tue, 11 May 2010 12:44:15 +0530
Subject: Re: [OSL | CCIE_Security] EZVPN
Hello All,
I often face difficulty in EAZY VPN....
is there a specific order in which we should apple the inside and outside
statement on the physical ineterfaces of eazy vpn client?
From: [email protected]
To: [email protected]
Subject: EZVPN
Date: Tue, 11 May 2010 12:31:14 +0530
Hello All,
Could any one please suggest that why do we get this error ?
R4#crypto ipsec client ezvpn xauth
EZVPN(EZC): There are no pending Xauth Requests
Catch the changing security environment Get it now.
The battle for the FIH Hockey World Cup Drag n' drop
_________________________________________________________________
Climate, controversies and the changing signatures of nature
http://green.in.msn.com/_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
