Buon anno a tutti! Il primo problema dell'anno nuovo mi lascia sbigottito... sara' il panettone..
Con il Client VPN (NON) mi collego ad un Cisco 1800 che di "strano" ha solo la FastEthernet0 come interfaccia di outside in quanto collegamento in fibra. conf cisco: version 12.4 service nagle no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime localtime service timestamps log datetime localtime service password-encryption ! hostname C1800 ! boot-start-marker boot system flash c180x-adventerprisek9-mz.124-15.T1.bin boot-end-marker ! logging buffered 16384 no logging console enable password ******************* ! aaa new-model ! ! aaa authentication login default local aaa authentication login sdm_vpn_xauth_ml_1 local aaa authorization exec default local aaa authorization network sdm_vpn_group_ml_1 local ! ! aaa session-id common clock timezone CET 1 clock summer-time CET recurring ! crypto pki trustpoint TP-................ ! ! crypto pki certificate chain TP.................. ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 crypto isakmp key ************ address 0.0.0.0 0.0.0.0 no-xauth ! crypto isakmp client configuration group GRUPPO key ************ pool SDM_POOL_1 ! ! crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac comp-lzs crypto ipsec transform-set ESP-AES-MD5 esp-aes esp-md5-hmac comp-lzs ! crypto dynamic-map SDM_DYNMAP_1 1 set transform-set ESP-AES-MD5 ESP-3DES-SHA reverse-route ! ! crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_1 crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1 crypto map SDM_CMAP_1 client configuration address respond crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1 ! no ip source-route ! ! ip cef no ip dhcp use vrf connected ip dhcp excluded-address 192.168.1.1 192.168.1.223 ! ip dhcp pool CLIENT import all network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 lease 0 2 ! ! no ip bootp server ip inspect name myfw cuseeme timeout 3600 ip inspect name myfw ftp timeout 3600 ip inspect name myfw http timeout 3600 ip inspect name myfw rcmd timeout 3600 ip inspect name myfw realaudio timeout 3600 ip inspect name myfw smtp timeout 3600 ip inspect name myfw tftp timeout 30 ip inspect name myfw udp timeout 15 ip inspect name myfw tcp timeout 3600 ! multilink bundle-name authenticated ! ! username ******* privilege 15 secret ************* archive log config hidekeys ! ! ! class-map match-all voice-traffic match access-group 190 ! ! policy-map wfq class class-default fair-queue policy-map VOICE-POLICY class voice-traffic priority 512 class class-default fair-queue ! ! ! ! interface Null0 no ip unreachables ! interface FastEthernet0 ip address IPPUBBLICO 255.255.255.252 ip access-group 110 in ip verify unicast reverse-path no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip virtual-reassembly no ip route-cache cef no ip route-cache no ip mroute-cache speed 100 full-duplex no cdp enable service-policy output VOICE-POLICY ! ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 ! interface FastEthernet5 ! interface FastEthernet6 ! interface FastEthernet7 ! interface FastEthernet8 ! ! interface Vlan1 ip address 192.168.1.1 255.255.255.0 secondary ip address IPPUBBLICO2 255.255.255.248 ip access-group 120 in no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly no ip route-cache cef no ip route-cache no ip mroute-cache crypto map SDM_CMAP_1 ! ip local pool SDM_POOL_1 192.168.1.10 192.168.1.15 ip route 0.0.0.0 0.0.0.0 GW ! ! ip http server ip http secure-server ip nat pool IPOUT IPPUBBLICO IPPUBBLICO netmask 255.255.255.248 ip nat inside source list 101 pool IPOUT overload ! access-list 101 permit ip 192.168.1.0 0.0.0.255 any ! no cdp run ! ! ! ! ! ! control-plane ! ! line con 0 line aux 0 line vty 0 4 access-class 10 in exec-timeout 15 0 ! ! webvpn cef end ho escuso un po di cose superflue tra cui le ACL che ho gia' verificato. Il problema nasce durante la FASE1 (quindi non si passano nemmeno i dati per l'autenticazione!) errori del client: Cisco Systems VPN Client Version 5.0.00.0340 Copyright (C) 1998-2006 Cisco Systems, Inc. All Rights Reserved. Client Type(s): Windows, WinNT Running on: 5.1.2600 Service Pack 2 1 11:00:29.171 01/03/08 Sev=Info/6 IKE/0x6300003B Attempting to establish a connection with *********. 2 11:00:29.218 01/03/08 Sev=Info/4 IKE/0x63000013 SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to ********* 3 11:00:29.343 01/03/08 Sev=Info/5 IKE/0x6300002F Received ISAKMP packet: peer = *********** 4 11:00:29.343 01/03/08 Sev=Warning/2 IKE/0xE300009B Invalid SPI size (PayloadNotify:116) 5 11:00:29.343 01/03/08 Sev=Info/4 IKE/0xE30000A6 Invalid payload: Stated payload length, 568, is not sufficient for Notification:(PayloadList:149) 6 11:00:29.343 01/03/08 Sev=Warning/3 IKE/0xA3000058 Received malformed message or negotiation no longer active (message id: 0x00000000) 7 11:00:29.578 01/03/08 Sev=Info/4 IPSEC/0x63700008 IPSec driver successfully started 8 11:00:29.578 01/03/08 Sev=Info/4 IPSEC/0x63700014 Deleted all keys 9 11:00:34.578 01/03/08 Sev=Info/4 IKE/0x63000021 Retransmitting last packet! 10 11:00:34.578 01/03/08 Sev=Info/4 IKE/0x63000013 SENDING >>> ISAKMP OAK AG (Retransmission) to ************ 11 11:00:35.046 01/03/08 Sev=Info/4 IKE/0x63000001 IKE received signal to terminate VPN connection 12 11:00:35.046 01/03/08 Sev=Info/4 IKE/0x63000017 Marking IKE SA for deletion (I_Cookie=63131076301D6A77 R_Cookie=2055C1A64BDCE767) reason = DEL_REASON_RESET_SADB 13 11:00:35.046 01/03/08 Sev=Info/4 IKE/0x6300004B Discarding IKE SA negotiation (I_Cookie=63131076301D6A77 R_Cookie=2055C1A64BDCE767) reason = DEL_REASON_RESET_SADB 14 11:00:35.078 01/03/08 Sev=Info/4 IPSEC/0x63700014 Deleted all keys 15 11:00:35.078 01/03/08 Sev=Info/4 IPSEC/0x63700014 Deleted all keys 16 11:00:35.078 01/03/08 Sev=Info/4 IPSEC/0x63700014 Deleted all keys 17 11:00:35.078 01/03/08 Sev=Info/4 IPSEC/0x6370000A IPSec driver successfully stopped l'ip che uso e' quello della vlan1 (non il privato ovviamente...) dagli gli errori del router invece si capisce che non si mettono d'accordo nemmeno sulla preshared key: Jan 3 11:19:26: ISAKMP:(0):Checking ISAKMP transform 11 against priority 1 policy Jan 3 11:19:26: ISAKMP: encryption 3DES-CBC Jan 3 11:19:26: ISAKMP: hash SHA Jan 3 11:19:26: ISAKMP: default group 2 Jan 3 11:19:26: ISAKMP: auth pre-share Jan 3 11:19:26: ISAKMP: life type in seconds Jan 3 11:19:26: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B Jan 3 11:19:26: ISAKMP:(0):Preshared authentication offered but does not match policy! Jan 3 11:19:26: ISAKMP:(0):atts are not acceptable. Next payload is 3 comunque li metto tutti: Jan 3 11:19:26: ISAKMP (0:0): received packet from ********** dport 500 sport 1103 Global (N) NEW SA Jan 3 11:19:26: ISAKMP: Created a peer struct for **********, peer port 1103 Jan 3 11:19:26: ISAKMP: New peer created peer = 0x844ADF6C peer_handle = 0x80000021 Jan 3 11:19:26: ISAKMP: Locking peer struct 0x844ADF6C, refcount 1 for crypto_isakmp_process_block Jan 3 11:19:26: ISAKMP: local port 500, remote port 1103 Jan 3 11:19:26: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 85351118 Jan 3 11:19:26: ISAKMP:(0): processing SA payload. message ID = 0 Jan 3 11:19:26: ISAKMP:(0): processing ID payload. message ID = 0 Jan 3 11:19:26: ISAKMP (0:0): ID payload next-payload : 13 type : 11 group id : GRUPPO protocol : 17 port : 500 length : 18 Jan 3 11:19:26: ISAKMP:(0):: peer matches *none* of the profiles Jan 3 11:19:26: ISAKMP:(0): processing vendor id payload Jan 3 11:19:26: ISAKMP:(0): vendor ID seems Unity/DPD but major 215 mismatch Jan 3 11:19:26: ISAKMP:(0): vendor ID is XAUTH Jan 3 11:19:26: ISAKMP:(0): processing vendor id payload Jan 3 11:19:26: ISAKMP:(0): vendor ID is DPD Jan 3 11:19:26: ISAKMP:(0): processing vendor id payload Jan 3 11:19:26: ISAKMP:(0): vendor ID seems Unity/DPD but major 194 mismatch Jan 3 11:19:26: ISAKMP:(0): processing vendor id payload Jan 3 11:19:26: ISAKMP:(0): vendor ID seems Unity/DPD but major 123 mismatch Jan 3 11:19:26: ISAKMP:(0): vendor ID is NAT-T v2 Jan 3 11:19:26: ISAKMP:(0): processing vendor id payload Jan 3 11:19:26: ISAKMP:(0): vendor ID is Unity Jan 3 11:19:26: ISAKMP : Scanning profiles for xauth ... Jan 3 11:19:26: ISAKMP:(0):Checking ISAKMP transform 1 against priority 1 policy Jan 3 11:19:26: ISAKMP: encryption AES-CBC Jan 3 11:19:26: ISAKMP: hash SHA Jan 3 11:19:26: ISAKMP: default group 2 Jan 3 11:19:26: ISAKMP: auth XAUTHInitPreShared Jan 3 11:19:26: ISAKMP: life type in seconds Jan 3 11:19:26: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B Jan 3 11:19:26: ISAKMP: keylength of 256 Jan 3 11:19:26: ISAKMP:(0):Encryption algorithm offered does not match policy! Jan 3 11:19:26: ISAKMP:(0):atts are not acceptable. Next payload is 3 Jan 3 11:19:26: ISAKMP:(0):Checking ISAKMP transform 2 against priority 1 policy Jan 3 11:19:26: ISAKMP: encryption AES-CBC Jan 3 11:19:26: ISAKMP: hash MD5 Jan 3 11:19:26: ISAKMP: default group 2 Jan 3 11:19:26: ISAKMP: auth XAUTHInitPreShared Jan 3 11:19:26: ISAKMP: life type in seconds Jan 3 11:19:26: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B Jan 3 11:19:26: ISAKMP: keylength of 256 Jan 3 11:19:26: ISAKMP:(0):Encryption algorithm offered does not match policy! Jan 3 11:19:26: ISAKMP:(0):atts are not acceptable. Next payload is 3 Jan 3 11:19:26: ISAKMP:(0):Checking ISAKMP transform 3 against priority 1 policy Jan 3 11:19:26: ISAKMP: encryption AES-CBC Jan 3 11:19:26: ISAKMP: hash SHA Jan 3 11:19:26: ISAKMP: default group 2 Jan 3 11:19:26: ISAKMP: auth pre-share Jan 3 11:19:26: ISAKMP: life type in seconds Jan 3 11:19:26: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B Jan 3 11:19:26: ISAKMP: keylength of 256 Jan 3 11:19:26: ISAKMP:(0):Encryption algorithm offered does not match policy! Jan 3 11:19:26: ISAKMP:(0):atts are not acceptable. Next payload is 3 Jan 3 11:19:26: ISAKMP:(0):Checking ISAKMP transform 4 against priority 1 policy Jan 3 11:19:26: ISAKMP: encryption AES-CBC Jan 3 11:19:26: ISAKMP: hash MD5 Jan 3 11:19:26: ISAKMP: default group 2 Jan 3 11:19:26: ISAKMP: auth pre-share Jan 3 11:19:26: ISAKMP: life type in seconds Jan 3 11:19:26: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B Jan 3 11:19:26: ISAKMP: keylength of 256 Jan 3 11:19:26: ISAKMP:(0):Encryption algorithm offered does not match policy! Jan 3 11:19:26: ISAKMP:(0):atts are not acceptable. Next payload is 3 Jan 3 11:19:26: ISAKMP:(0):Checking ISAKMP transform 5 against priority 1 policy Jan 3 11:19:26: ISAKMP: encryption AES-CBC Jan 3 11:19:26: ISAKMP: hash SHA Jan 3 11:19:26: ISAKMP: default group 2 Jan 3 11:19:26: ISAKMP: auth XAUTHInitPreShared Jan 3 11:19:26: ISAKMP: life type in seconds Jan 3 11:19:26: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B Jan 3 11:19:26: ISAKMP: keylength of 128 Jan 3 11:19:26: ISAKMP:(0):Encryption algorithm offered does not match policy! Jan 3 11:19:26: ISAKMP:(0):atts are not acceptable. Next payload is 3 Jan 3 11:19:26: ISAKMP:(0):Checking ISAKMP transform 6 against priority 1 policy Jan 3 11:19:26: ISAKMP: encryption AES-CBC Jan 3 11:19:26: ISAKMP: hash MD5 Jan 3 11:19:26: ISAKMP: default group 2 Jan 3 11:19:26: ISAKMP: auth XAUTHInitPreShared Jan 3 11:19:26: ISAKMP: life type in seconds Jan 3 11:19:26: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B Jan 3 11:19:26: ISAKMP: keylength of 128 Jan 3 11:19:26: ISAKMP:(0):Encryption algorithm offered does not match policy! Jan 3 11:19:26: ISAKMP:(0):atts are not acceptable. Next payload is 3 Jan 3 11:19:26: ISAKMP:(0):Checking ISAKMP transform 7 against priority 1 policy Jan 3 11:19:26: ISAKMP: encryption AES-CBC Jan 3 11:19:26: ISAKMP: hash SHA Jan 3 11:19:26: ISAKMP: default group 2 Jan 3 11:19:26: ISAKMP: auth pre-share Jan 3 11:19:26: ISAKMP: life type in seconds Jan 3 11:19:26: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B Jan 3 11:19:26: ISAKMP: keylength of 128 Jan 3 11:19:26: ISAKMP:(0):Encryption algorithm offered does not match policy! Jan 3 11:19:26: ISAKMP:(0):atts are not acceptable. Next payload is 3 Jan 3 11:19:26: ISAKMP:(0):Checking ISAKMP transform 8 against priority 1 policy Jan 3 11:19:26: ISAKMP: encryption AES-CBC Jan 3 11:19:26: ISAKMP: hash MD5 Jan 3 11:19:26: ISAKMP: default group 2 Jan 3 11:19:26: ISAKMP: auth pre-share Jan 3 11:19:26: ISAKMP: life type in seconds Jan 3 11:19:26: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B Jan 3 11:19:26: ISAKMP: keylength of 128 Jan 3 11:19:26: ISAKMP:(0):Encryption algorithm offered does not match policy! Jan 3 11:19:26: ISAKMP:(0):atts are not acceptable. Next payload is 3 Jan 3 11:19:26: ISAKMP:(0):Checking ISAKMP transform 9 against priority 1 policy Jan 3 11:19:26: ISAKMP: encryption 3DES-CBC Jan 3 11:19:26: ISAKMP: hash SHA Jan 3 11:19:26: ISAKMP: default group 2 Jan 3 11:19:26: ISAKMP: auth XAUTHInitPreShared Jan 3 11:19:26: ISAKMP: life type in seconds Jan 3 11:19:26: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B Jan 3 11:19:26: ISAKMP:(0):Xauth authentication by pre-shared key offered but does not match policy! Jan 3 11:19:26: ISAKMP:(0):atts are not acceptable. Next payload is 3 Jan 3 11:19:26: ISAKMP:(0):Checking ISAKMP transform 10 against priority 1 policy Jan 3 11:19:26: ISAKMP: encryption 3DES-CBC Jan 3 11:19:26: ISAKMP: hash MD5 Jan 3 11:19:26: ISAKMP: default group 2 Jan 3 11:19:26: ISAKMP: auth XAUTHInitPreShared Jan 3 11:19:26: ISAKMP: life type in seconds Jan 3 11:19:26: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B Jan 3 11:19:26: ISAKMP:(0):Hash algorithm offered does not match policy! Jan 3 11:19:26: ISAKMP:(0):atts are not acceptable. Next payload is 3 Jan 3 11:19:26: ISAKMP:(0):Checking ISAKMP transform 11 against priority 1 policy Jan 3 11:19:26: ISAKMP: encryption 3DES-CBC Jan 3 11:19:26: ISAKMP: hash SHA Jan 3 11:19:26: ISAKMP: default group 2 Jan 3 11:19:26: ISAKMP: auth pre-share Jan 3 11:19:26: ISAKMP: life type in seconds Jan 3 11:19:26: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B Jan 3 11:19:26: ISAKMP:(0):Preshared authentication offered but does not match policy! Jan 3 11:19:26: ISAKMP:(0):atts are not acceptable. Next payload is 3 Jan 3 11:19:26: ISAKMP:(0):Checking ISAKMP transform 12 against priority 1 policy Jan 3 11:19:26: ISAKMP: encryption 3DES-CBC Jan 3 11:19:26: ISAKMP: hash MD5 Jan 3 11:19:26: ISAKMP: default group 2 Jan 3 11:19:26: ISAKMP: auth pre-share Jan 3 11:19:26: ISAKMP: life type in seconds Jan 3 11:19:26: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B Jan 3 11:19:26: ISAKMP:(0):Hash algorithm offered does not match policy! Jan 3 11:19:26: ISAKMP:(0):atts are not acceptable. Next payload is 3 Jan 3 11:19:26: ISAKMP:(0):Checking ISAKMP transform 13 against priority 1 policy Jan 3 11:19:26: ISAKMP: encryption DES-CBC Jan 3 11:19:26: ISAKMP: hash MD5 Jan 3 11:19:26: ISAKMP: default group 2 Jan 3 11:19:26: ISAKMP: auth XAUTHInitPreShared Jan 3 11:19:26: ISAKMP: life type in seconds Jan 3 11:19:26: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B Jan 3 11:19:26: ISAKMP:(0):Encryption algorithm offered does not match policy! Jan 3 11:19:26: ISAKMP:(0):atts are not acceptable. Next payload is 3 Jan 3 11:19:26: ISAKMP:(0):Checking ISAKMP transform 14 against priority 1 policy Jan 3 11:19:26: ISAKMP: encryption DES-CBC Jan 3 11:19:26: ISAKMP: hash MD5 Jan 3 11:19:26: ISAKMP: default group 2 Jan 3 11:19:26: ISAKMP: auth pre-share Jan 3 11:19:26: ISAKMP: life type in seconds Jan 3 11:19:26: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B Jan 3 11:19:26: ISAKMP:(0):Encryption algorithm offered does not match policy! Jan 3 11:19:26: ISAKMP:(0):atts are not acceptable. Next payload is 0 Jan 3 11:19:26: ISAKMP:(0):Checking ISAKMP transform 1 against priority 65535 policy Jan 3 11:19:26: ISAKMP: encryption AES-CBC Jan 3 11:19:26: ISAKMP: hash SHA Jan 3 11:19:26: ISAKMP: default group 2 Jan 3 11:19:26: ISAKMP: auth XAUTHInitPreShared Jan 3 11:19:26: ISAKMP: life type in seconds Jan 3 11:19:26: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B Jan 3 11:19:26: ISAKMP: keylength of 256 Jan 3 11:19:26: ISAKMP:(0):Encryption algorithm offered does not match policy! Jan 3 11:19:26: ISAKMP:(0):atts are not acceptable. Next payload is 3 Jan 3 11:19:26: ISAKMP:(0):Checking ISAKMP transform 2 against priority 65535 policy Jan 3 11:19:26: ISAKMP: encryption AES-CBC Jan 3 11:19:26: ISAKMP: hash MD5 Jan 3 11:19:26: ISAKMP: default group 2 Jan 3 11:19:26: ISAKMP: auth XAUTHInitPreShared Jan 3 11:19:26: ISAKMP: life type in seconds Jan 3 11:19:26: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B Jan 3 11:19:26: ISAKMP: keylength of 256 Jan 3 11:19:26: ISAKMP:(0):Encryption algorithm offered does not match policy! Jan 3 11:19:26: ISAKMP:(0):atts are not acceptable. Next payload is 3 Jan 3 11:19:26: ISAKMP:(0):Checking ISAKMP transform 3 against priority 65535 policy Jan 3 11:19:26: ISAKMP: encryption AES-CBC Jan 3 11:19:26: ISAKMP: hash SHA Jan 3 11:19:26: ISAKMP: default group 2 Jan 3 11:19:26: ISAKMP: auth pre-share Jan 3 11:19:26: ISAKMP: life type in seconds Jan 3 11:19:26: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B Jan 3 11:19:26: ISAKMP: keylength of 256 Jan 3 11:19:26: ISAKMP:(0):Encryption algorithm offered does not match policy! Jan 3 11:19:26: ISAKMP:(0):atts are not acceptable. Next payload is 3 Jan 3 11:19:26: ISAKMP:(0):Checking ISAKMP transform 4 against priority 65535 policy Jan 3 11:19:26: ISAKMP: encryption AES-CBC Jan 3 11:19:26: ISAKMP: hash MD5 Jan 3 11:19:26: ISAKMP: default group 2 Jan 3 11:19:26: ISAKMP: auth pre-share Jan 3 11:19:26: ISAKMP: life type in seconds Jan 3 11:19:26: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B Jan 3 11:19:26: ISAKMP: keylength of 256 Jan 3 11:19:26: ISAKMP:(0):Encryption algorithm offered does not match policy! Jan 3 11:19:26: ISAKMP:(0):atts are not acceptable. Next payload is 3 Jan 3 11:19:26: ISAKMP:(0):Checking ISAKMP transform 5 against priority 65535 policy Jan 3 11:19:26: ISAKMP: encryption AES-CBC Jan 3 11:19:26: ISAKMP: hash SHA Jan 3 11:19:26: ISAKMP: default group 2 Jan 3 11:19:26: ISAKMP: auth XAUTHInitPreShared Jan 3 11:19:26: ISAKMP: life type in seconds Jan 3 11:19:26: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B Jan 3 11:19:26: ISAKMP: keylength of 128 Jan 3 11:19:26: ISAKMP:(0):Encryption algorithm offered does not match policy! Jan 3 11:19:26: ISAKMP:(0):atts are not acceptable. Next payload is 3 Jan 3 11:19:26: ISAKMP:(0):Checking ISAKMP transform 6 against priority 65535 policy Jan 3 11:19:26: ISAKMP: encryption AES-CBC Jan 3 11:19:26: ISAKMP: hash MD5 Jan 3 11:19:26: ISAKMP: default group 2 Jan 3 11:19:26: ISAKMP: auth XAUTHInitPreShared Jan 3 11:19:26: ISAKMP: life type in seconds Jan 3 11:19:26: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B Jan 3 11:19:26: ISAKMP: keylength of 128 Jan 3 11:19:26: ISAKMP:(0):Encryption algorithm offered does not match policy! Jan 3 11:19:26: ISAKMP:(0):atts are not acceptable. Next payload is 3 Jan 3 11:19:26: ISAKMP:(0):Checking ISAKMP transform 7 against priority 65535 policy Jan 3 11:19:26: ISAKMP: encryption AES-CBC Jan 3 11:19:26: ISAKMP: hash SHA Jan 3 11:19:26: ISAKMP: default group 2 Jan 3 11:19:26: ISAKMP: auth pre-share Jan 3 11:19:26: ISAKMP: life type in seconds Jan 3 11:19:26: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B Jan 3 11:19:26: ISAKMP: keylength of 128 Jan 3 11:19:26: ISAKMP:(0):Encryption algorithm offered does not match policy! Jan 3 11:19:26: ISAKMP:(0):atts are not acceptable. Next payload is 3 Jan 3 11:19:26: ISAKMP:(0):Checking ISAKMP transform 8 against priority 65535 policy Jan 3 11:19:26: ISAKMP: encryption AES-CBC Jan 3 11:19:26: ISAKMP: hash MD5 Jan 3 11:19:26: ISAKMP: default group 2 Jan 3 11:19:26: ISAKMP: auth pre-share Jan 3 11:19:26: ISAKMP: life type in seconds Jan 3 11:19:26: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B Jan 3 11:19:26: ISAKMP: keylength of 128 Jan 3 11:19:26: ISAKMP:(0):Encryption algorithm offered does not match policy! Jan 3 11:19:26: ISAKMP:(0):atts are not acceptable. Next payload is 3 Jan 3 11:19:26: ISAKMP:(0):Checking ISAKMP transform 9 against priority 65535 policy Jan 3 11:19:26: ISAKMP: encryption 3DES-CBC Jan 3 11:19:26: ISAKMP: hash SHA Jan 3 11:19:26: ISAKMP: default group 2 Jan 3 11:19:26: ISAKMP: auth XAUTHInitPreShared Jan 3 11:19:26: ISAKMP: life type in seconds Jan 3 11:19:26: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B Jan 3 11:19:26: ISAKMP:(0):Encryption algorithm offered does not match policy! Jan 3 11:19:26: ISAKMP:(0):atts are not acceptable. Next payload is 3 Jan 3 11:19:26: ISAKMP:(0):Checking ISAKMP transform 10 against priority 65535 policy Jan 3 11:19:26: ISAKMP: encryption 3DES-CBC Jan 3 11:19:26: ISAKMP: hash MD5 Jan 3 11:19:26: ISAKMP: default group 2 Jan 3 11:19:26: ISAKMP: auth XAUTHInitPreShared Jan 3 11:19:26: ISAKMP: life type in seconds Jan 3 11:19:26: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B Jan 3 11:19:26: ISAKMP:(0):Encryption algorithm offered does not match policy! Jan 3 11:19:26: ISAKMP:(0):atts are not acceptable. Next payload is 3 Jan 3 11:19:26: ISAKMP:(0):Checking ISAKMP transform 11 against priority 65535 policy Jan 3 11:19:26: ISAKMP: encryption 3DES-CBC Jan 3 11:19:26: ISAKMP: hash SHA Jan 3 11:19:26: ISAKMP: default group 2 Jan 3 11:19:26: ISAKMP: auth pre-share Jan 3 11:19:26: ISAKMP: life type in seconds Jan 3 11:19:26: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B Jan 3 11:19:26: ISAKMP:(0):Encryption algorithm offered does not match policy! Jan 3 11:19:26: ISAKMP:(0):atts are not acceptable. Next payload is 3 Jan 3 11:19:26: ISAKMP:(0):Checking ISAKMP transform 12 against priority 65535 policy Jan 3 11:19:26: ISAKMP: encryption 3DES-CBC Jan 3 11:19:26: ISAKMP: hash MD5 Jan 3 11:19:26: ISAKMP: default group 2 Jan 3 11:19:26: ISAKMP: auth pre-share Jan 3 11:19:26: ISAKMP: life type in seconds Jan 3 11:19:26: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B Jan 3 11:19:26: ISAKMP:(0):Encryption algorithm offered does not match policy! Jan 3 11:19:26: ISAKMP:(0):atts are not acceptable. Next payload is 3 Jan 3 11:19:26: ISAKMP:(0):Checking ISAKMP transform 13 against priority 65535 policy Jan 3 11:19:26: ISAKMP: encryption DES-CBC Jan 3 11:19:26: ISAKMP: hash MD5 Jan 3 11:19:26: ISAKMP: default group 2 Jan 3 11:19:26: ISAKMP: auth XAUTHInitPreShared Jan 3 11:19:26: ISAKMP: life type in seconds Jan 3 11:19:26: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B Jan 3 11:19:26: ISAKMP:(0):Hash algorithm offered does not match policy! Jan 3 11:19:26: ISAKMP:(0):atts are not acceptable. Next payload is 3 Jan 3 11:19:26: ISAKMP:(0):Checking ISAKMP transform 14 against priority 65535 policy Jan 3 11:19:26: ISAKMP: encryption DES-CBC Jan 3 11:19:26: ISAKMP: hash MD5 Jan 3 11:19:26: ISAKMP: default group 2 Jan 3 11:19:26: ISAKMP: auth pre-share Jan 3 11:19:26: ISAKMP: life type in seconds Jan 3 11:19:26: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B Jan 3 11:19:26: ISAKMP:(0):Hash algorithm offered does not match policy! Jan 3 11:19:26: ISAKMP:(0):atts are not acceptable. Next payload is 0 Jan 3 11:19:26: ISAKMP:(0):no offers accepted! Jan 3 11:19:26: ISAKMP:(0): phase 1 SA policy not acceptable! (local ********* remote **********) Jan 3 11:19:26: ISAKMP (0:0): incrementing error counter on sa, attempt 1 of 5: construct_fail_ag_init Jan 3 11:19:26: ISAKMP:(0): sending packet to ********** my_port 500 peer_port 1103 (R) AG_NO_STATE Jan 3 11:19:26: ISAKMP:(0):Sending an IKE IPv4 Packet. Jan 3 11:19:26: ISAKMP:(0):peer does not do paranoid keepalives. Jan 3 11:19:26: ISAKMP:(0):deleting SA reason "Phase1 SA policy proposal not accepted" state (R) AG_NO_STATE (peer **********) Jan 3 11:19:26: ISAKMP:(0): processing KE payload. message ID = 0 Jan 3 11:19:26: ISAKMP:(0): group size changed! Should be 0, is 128 Jan 3 11:19:26: ISAKMP (0:0): incrementing error counter on sa, attempt 2 of 5: reset_retransmission Jan 3 11:19:26: ISAKMP (0:0): Unknown Input IKE_MESG_FROM_PEER, IKE_AM_EXCH: state = IKE_READY Jan 3 11:19:26: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH Jan 3 11:19:26: ISAKMP:(0):Old State = IKE_READY New State = IKE_READY Jan 3 11:19:26: ISAKMP:(0):deleting SA reason "Phase1 SA policy proposal not accepted" state (R) AG_NO_STATE (peer **********) Jan 3 11:19:26: ISAKMP: Unlocking peer struct 0x844ADF6C for isadb_mark_sa_deleted(), count 0 Jan 3 11:19:26: ISAKMP: Deleting peer node by peer_reap for **********: 844ADF6C Jan 3 11:19:26: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL Jan 3 11:19:26: ISAKMP:(0):Old State = IKE_READY New State = IKE_DEST_SA Jan 3 11:19:26: IPSEC(key_engine): got a queue event with 1 KMI message(s) Jan 3 11:19:31: ISAKMP (0:0): received packet from ********** dport 500 sport 1103 Global (R) MM_NO_STATE Ho anche settato l'MTU a 576 o meno ma non cambia niente... scusate se ho scritto un miliardo di righe...! grazie! -- dario calamai http://www.linkedin.com/in/dariocalamai
_______________________________________________ Cug mailing list http://www.areanetworking.it/index_docs.php [email protected] http://ml.areanetworking.it/mailman/listinfo/cug
