[Cug] VPN con iPhone

Wed, 23 Jul 2008 03:59:36 -0700 

Salve,
sto cercando di configurare la VPN per l'iPhone... Ho seguito quanto scritto qua: 

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/l2tp_ips.html#wp1046219

e quanto scritto qua:

http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a00801c4246.shtml

In sostanza la configurazione aggiunta e':

aaa new-model
!
aaa authentication login userauthen local
aaa authorization network groupauthor local
!
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
crypto isakmp nat keepalive 20
!
crypto isakmp client configuration group XXX
key YYY
dns 195.32.69.20
domain micso.it
pool pool83
!
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
crypto dynamic-map dynmap 10
set transform-set myset
!
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
ip local pool pool83 192.168.xx.161 192.168.xx.190


C'e' un utente configurato e la crypto map "clientmap" applicata 
all'interfaccia esterna.
L'autenticazione funziona e anche la parte di configurazione del client. 
A occhio la fase 2 ha problemi. Non sono riuscito a trovare informazioni 
in merito. Mi potete aiutare?

Di seguito il debug della connessione:


Jul 23 09:58:58.233: ISAKMP (0:0): received packet from 62.13.173.82 
dport 500 sport 13080 Global (N) NEW SA
Jul 23 09:58:58.233: ISAKMP: Created a peer struct for 62.13.173.82, 
peer port 13080
Jul 23 09:58:58.233: ISAKMP: New peer created peer = 0x8778E2C8 
peer_handle = 0x80000012
Jul 23 09:58:58.233: ISAKMP: Locking peer struct 0x8778E2C8, refcount 1 
for crypto_isakmp_process_block

Jul 23 09:58:58.233: ISAKMP:(0):Setting client config settings 887EB5C4
Jul 23 09:58:58.233: ISAKMP:(0):(Re)Setting client xauth list  and state
Jul 23 09:58:58.233: ISAKMP/xauth: initializing AAA request
Jul 23 09:58:58.233: ISAKMP: local port 500, remote port 13080

Jul 23 09:58:58.233: ISAKMP: Find a dup sa in the avl tree during 
calling isadb_insert sa = 8833AC98

Jul 23 09:58:58.233: ISAKMP:(0): processing SA payload. message ID = 0
Jul 23 09:58:58.233: ISAKMP:(0): processing ID payload. message ID = 0
Jul 23 09:58:58.233: ISAKMP (0:0): ID payload
       next-payload : 13
       type         : 11
       group id     : Tecnici
       protocol     : 0
       port         : 0
       length       : 15
Jul 23 09:58:58.233: ISAKMP:(0):: peer matches *none* of the profiles
Jul 23 09:58:58.233: ISAKMP:(0): processing vendor id payload

Jul 23 09:58:58.233: ISAKMP:(0): vendor ID seems Unity/DPD but major 69 
mismatch

Jul 23 09:58:58.233: ISAKMP (0:0): vendor ID is NAT-T RFC 3947
Jul 23 09:58:58.233: ISAKMP:(0): processing vendor id payload

Jul 23 09:58:58.233: ISAKMP:(0): vendor ID seems Unity/DPD but major 198 
mismatch

Jul 23 09:58:58.233: ISAKMP:(0): processing vendor id payload

Jul 23 09:58:58.233: ISAKMP:(0): vendor ID seems Unity/DPD but major 29 
mismatch

Jul 23 09:58:58.233: ISAKMP:(0): processing vendor id payload

Jul 23 09:58:58.233: ISAKMP:(0): vendor ID seems Unity/DPD but major 245 
mismatch

Jul 23 09:58:58.233: ISAKMP (0:0): vendor ID is NAT-T v7
Jul 23 09:58:58.233: ISAKMP:(0): processing vendor id payload

Jul 23 09:58:58.233: ISAKMP:(0): vendor ID seems Unity/DPD but major 114 
mismatch

Jul 23 09:58:58.233: ISAKMP:(0): processing vendor id payload

Jul 23 09:58:58.237: ISAKMP:(0): vendor ID seems Unity/DPD but major 227 
mismatch

Jul 23 09:58:58.237: ISAKMP:(0): processing vendor id payload

Jul 23 09:58:58.237: ISAKMP:(0): vendor ID seems Unity/DPD but major 250 
mismatch

Jul 23 09:58:58.237: ISAKMP:(0): processing vendor id payload

Jul 23 09:58:58.237: ISAKMP:(0): vendor ID seems Unity/DPD but major 157 
mismatch

Jul 23 09:58:58.237: ISAKMP:(0): vendor ID is NAT-T v3
Jul 23 09:58:58.237: ISAKMP:(0): processing vendor id payload

Jul 23 09:58:58.237: ISAKMP:(0): vendor ID seems Unity/DPD but major 164 
mismatch

Jul 23 09:58:58.237: ISAKMP:(0): processing vendor id payload

Jul 23 09:58:58.237: ISAKMP:(0): vendor ID seems Unity/DPD but major 123 
mismatch

Jul 23 09:58:58.237: ISAKMP:(0): vendor ID is NAT-T v2
Jul 23 09:58:58.237: ISAKMP:(0): processing vendor id payload

Jul 23 09:58:58.237: ISAKMP:(0): vendor ID seems Unity/DPD but major 242 
mismatch

Jul 23 09:58:58.237: ISAKMP:(0): vendor ID is XAUTH
Jul 23 09:58:58.237: ISAKMP:(0): processing vendor id payload
Jul 23 09:58:58.237: ISAKMP:(0): vendor ID is Unity
Jul 23 09:58:58.237: ISAKMP:(0): processing vendor id payload
Jul 23 09:58:58.237: ISAKMP:(0): vendor ID is DPD
Jul 23 09:58:58.237: ISAKMP:(0): Authentication by xauth preshared

Jul 23 09:58:58.237: ISAKMP:(0):Checking ISAKMP transform 1 against 
priority 3 policy

Jul 23 09:58:58.237: ISAKMP:      life type in seconds
Jul 23 09:58:58.237: ISAKMP:      life duration (basic) of 3600
Jul 23 09:58:58.237: ISAKMP:      encryption AES-CBC
Jul 23 09:58:58.237: ISAKMP:      keylength of 256
Jul 23 09:58:58.237: ISAKMP:      auth XAUTHInitPreShared
Jul 23 09:58:58.237: ISAKMP:      hash SHA
Jul 23 09:58:58.237: ISAKMP:      default group 2

Jul 23 09:58:58.237: ISAKMP:(0):Encryption algorithm offered does not 
match policy!

Jul 23 09:58:58.237: ISAKMP:(0):atts are not acceptable. Next payload is 3

Jul 23 09:58:58.237: ISAKMP:(0):Checking ISAKMP transform 2 against 
priority 3 policy

Jul 23 09:58:58.237: ISAKMP:      life type in seconds
Jul 23 09:58:58.237: ISAKMP:      life duration (basic) of 3600
Jul 23 09:58:58.237: ISAKMP:      encryption AES-CBC
Jul 23 09:58:58.237: ISAKMP:      keylength of 128
Jul 23 09:58:58.237: ISAKMP:      auth XAUTHInitPreShared
Jul 23 09:58:58.237: ISAKMP:      hash SHA
Jul 23 09:58:58.237: ISAKMP:      default group 2

Jul 23 09:58:58.237: ISAKMP:(0):Encryption algorithm offered does not 
match policy!

Jul 23 09:58:58.237: ISAKMP:(0):atts are not acceptable. Next payload is 3

Jul 23 09:58:58.237: ISAKMP:(0):Checking ISAKMP transform 3 against 
priority 3 policy

Jul 23 09:58:58.237: ISAKMP:      life type in seconds
Jul 23 09:58:58.237: ISAKMP:      life duration (basic) of 3600
Jul 23 09:58:58.237: ISAKMP:      encryption AES-CBC
Jul 23 09:58:58.237: ISAKMP:      keylength of 256
Jul 23 09:58:58.237: ISAKMP:      auth XAUTHInitPreShared
Jul 23 09:58:58.237: ISAKMP:      hash MD5
Jul 23 09:58:58.237: ISAKMP:      default group 2

Jul 23 09:58:58.237: ISAKMP:(0):Encryption algorithm offered does not 
match policy!

Jul 23 09:58:58.237: ISAKMP:(0):atts are not acceptable. Next payload is 3

Jul 23 09:58:58.237: ISAKMP:(0):Checking ISAKMP transform 4 against 
priority 3 policy

Jul 23 09:58:58.237: ISAKMP:      life type in seconds
Jul 23 09:58:58.237: ISAKMP:      life duration (basic) of 3600
Jul 23 09:58:58.237: ISAKMP:      encryption AES-CBC
Jul 23 09:58:58.237: ISAKMP:      keylength of 128
Jul 23 09:58:58.237: ISAKMP:      auth XAUTHInitPreShared
Jul 23 09:58:58.237: ISAKMP:      hash MD5
Jul 23 09:58:58.237: ISAKMP:      default group 2

Jul 23 09:58:58.237: ISAKMP:(0):Encryption algorithm offered does not 
match policy!

Jul 23 09:58:58.237: ISAKMP:(0):atts are not acceptable. Next payload is 3

Jul 23 09:58:58.237: ISAKMP:(0):Checking ISAKMP transform 5 against 
priority 3 policy

Jul 23 09:58:58.237: ISAKMP:      life type in seconds
Jul 23 09:58:58.237: ISAKMP:      life duration (basic) of 3600
Jul 23 09:58:58.237: ISAKMP:      encryption 3DES-CBC
Jul 23 09:58:58.237: ISAKMP:      auth XAUTHInitPreShared
Jul 23 09:58:58.237: ISAKMP:      hash SHA
Jul 23 09:58:58.237: ISAKMP:      default group 2
Jul 23 09:58:58.237: ISAKMP:(0):atts are acceptable. Next payload is 3
Jul 23 09:58:58.237: ISAKMP:(0): processing KE payload. message ID = 0
Jul 23 09:58:58.265: ISAKMP:(0): processing NONCE payload. message ID = 0
Jul 23 09:58:58.265: ISAKMP (0:0): vendor ID is NAT-T RFC 3947
Jul 23 09:58:58.265: ISAKMP (0:0): vendor ID is NAT-T v7
Jul 23 09:58:58.265: ISAKMP:(0): vendor ID is NAT-T v3
Jul 23 09:58:58.269: ISAKMP:(0): vendor ID is NAT-T v2
Jul 23 09:58:58.269: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH

Jul 23 09:58:58.269: ISAKMP:(0):Old State = IKE_READY  New State = 
IKE_R_AM_AAA_AWAIT


Jul 23 09:58:58.269: ISAKMP:(2017): constructed NAT-T vendor-rfc3947 ID

Jul 23 09:58:58.269: ISAKMP:(2017):SA is doing pre-shared key 
authentication plus XAUTH using id type ID_IPV4_ADDR

Jul 23 09:58:58.269: ISAKMP (0:2017): ID payload
       next-payload : 10
       type         : 1
       address      : 195.32.xx.yy
       protocol     : 17
       port         : 0
       length       : 12
Jul 23 09:58:58.269: ISAKMP:(2017):Total payload length: 12

Jul 23 09:58:58.269: ISAKMP:(2017): sending packet to 62.13.173.82 
my_port 500 peer_port 13080 (R) AG_INIT_EXCH

Jul 23 09:58:58.269: ISAKMP:(2017):Sending an IKE IPv4 Packet.

Jul 23 09:58:58.269: ISAKMP:(2017):Input = IKE_MESG_FROM_AAA, 
PRESHARED_KEY_REPLY
Jul 23 09:58:58.269: ISAKMP:(2017):Old State = IKE_R_AM_AAA_AWAIT  New 
State = IKE_R_AM2



Jul 23 09:58:58.713: ISAKMP (0:2017): received packet from 62.13.173.82 
dport 4500 sport 13101 Global (R) AG_INIT_EXCH

Jul 23 09:58:58.713: ISAKMP:(2017): processing HASH payload. message ID = 0
Jul 23 09:58:58.713: ISAKMP:received payload type 20
Jul 23 09:58:58.713: ISAKMP:received payload type 20
Jul 23 09:58:58.713: ISAKMP (0:2017): NAT found, the node outside NAT

Jul 23 09:58:58.713: ISAKMP:(2017): processing NOTIFY INITIAL_CONTACT 
protocol 1

       spi 0, message ID = 0, sa = 8833AC98
Jul 23 09:58:58.713: ISAKMP:(2017):SA authentication status:
       authenticated

Jul 23 09:58:58.713: ISAKMP:(2017):SA has been authenticated with 
62.13.173.82

Jul 23 09:58:58.713: ISAKMP:(2017):Detected port,floating to port = 13101

Jul 23 09:58:58.713: ISAKMP: Trying to find existing peer 
195.32.xx.yy/62.13.173.82/13101/

Jul 23 09:58:58.713: ISAKMP:(2017):SA authentication status:
       authenticated
Jul 23 09:58:58.713: ISAKMP:(2017): Process initial contact,

bring down existing phase 1 and 2 SA's with local 195.32.xx.yy remote 
62.13.173.82 remote port 13101

Jul 23 09:58:58.713: ISAKMP:(2017):returning IP addr to the address pool

Jul 23 09:58:58.713: ISAKMP: Trying to insert a peer 
1195.32.xx.yy/62.13.173.82/13101/,  and inserted successfully 8778E2C8.

Jul 23 09:58:58.713: ISAKMP: set new node -1801420455 to CONF_XAUTH

Jul 23 09:58:58.713: ISAKMP:(2017):Sending NOTIFY RESPONDER_LIFETIME 
protocol 1

       spi 2228722872, message ID = -1801420455

Jul 23 09:58:58.713: ISAKMP:(2017): sending packet to 62.13.173.82 
my_port 4500 peer_port 13101 (R) QM_IDLE

Jul 23 09:58:58.713: ISAKMP:(2017):Sending an IKE IPv4 Packet.
Jul 23 09:58:58.713: ISAKMP:(2017):purging node -1801420455
Jul 23 09:58:58.713: ISAKMP: Sending phase 1 responder lifetime 3600

Jul 23 09:58:58.713: ISAKMP:(2017):Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH

Jul 23 09:58:58.713: ISAKMP:(2017):Old State = IKE_R_AM2  New State = 
IKE_P1_COMPLETE



Jul 23 09:58:58.717: IPSEC(key_engine): got a queue event with 1 KMI 
message(s)

Jul 23 09:58:58.717: ISAKMP:(2017):Need XAUTH
Jul 23 09:58:58.717: ISAKMP: set new node -1393114462 to CONF_XAUTH
Jul 23 09:58:58.717: ISAKMP/xauth: request attribute XAUTH_USER_NAME_V2
Jul 23 09:58:58.717: ISAKMP/xauth: request attribute XAUTH_USER_PASSWORD_V2

Jul 23 09:58:58.717: ISAKMP:(2017): initiating peer config to 
62.13.173.82. ID = -1393114462
Jul 23 09:58:58.717: ISAKMP:(2017): sending packet to 62.13.173.82 
my_port 4500 peer_port 13101 (R) CONF_XAUTH

Jul 23 09:58:58.717: ISAKMP:(2017):Sending an IKE IPv4 Packet.

Jul 23 09:58:58.717: ISAKMP:(2017):Input = IKE_MESG_INTERNAL, 
IKE_PHASE1_COMPLETE
Jul 23 09:58:58.717: ISAKMP:(2017):Old State = IKE_P1_COMPLETE  New 
State = IKE_XAUTH_REQ_SENT



Jul 23 09:58:58.993: ISAKMP (0:2017): received packet from 62.13.173.82 
dport 4500 sport 13101 Global (R) CONF_XAUTH
Jul 23 09:58:58.993: ISAKMP:(2017):processing transaction payload from 
62.13.173.82. message ID = -1393114462

Jul 23 09:58:58.993: ISAKMP: Config payload REPLY
Jul 23 09:58:58.993: ISAKMP/xauth: reply attribute XAUTH_USER_NAME_V2
Jul 23 09:58:58.993: ISAKMP/xauth: reply attribute XAUTH_USER_PASSWORD_V2

Jul 23 09:58:58.993: ISAKMP:(2017):deleting node -1393114462 error FALSE 
reason "Done with xauth request/reply exchange"

Jul 23 09:58:58.993: ISAKMP:(2017):Input = IKE_MESG_FROM_PEER, IKE_CFG_REPLY

Jul 23 09:58:58.993: ISAKMP:(2017):Old State = IKE_XAUTH_REQ_SENT  New 
State = IKE_XAUTH_AAA_CONT_LOGIN_AWAIT


Jul 23 09:58:59.001: ISAKMP: set new node -1330138203 to CONF_XAUTH

Jul 23 09:58:59.001: ISAKMP:(2017): initiating peer config to 
62.13.173.82. ID = -1330138203
Jul 23 09:58:59.001: ISAKMP:(2017): sending packet to 62.13.173.82 
my_port 4500 peer_port 13101 (R) CONF_XAUTH

Jul 23 09:58:59.001: ISAKMP:(2017):Sending an IKE IPv4 Packet.

Jul 23 09:58:59.001: ISAKMP:(2017):Input = IKE_MESG_FROM_AAA, 
IKE_AAA_CONT_LOGIN
Jul 23 09:58:59.001: ISAKMP:(2017):Old State = 
IKE_XAUTH_AAA_CONT_LOGIN_AWAIT  New State = IKE_XAUTH_SET_SENT



Jul 23 09:58:59.133: ISAKMP (0:2017): received packet from 62.13.173.82 
dport 4500 sport 13101 Global (R) CONF_XAUTH
Jul 23 09:58:59.133: ISAKMP:(2017):processing transaction payload from 
62.13.173.82. message ID = -1330138203

Jul 23 09:58:59.133: ISAKMP: Config payload ACK
Jul 23 09:58:59.133: ISAKMP:(2017):       XAUTH ACK Processed

Jul 23 09:58:59.133: ISAKMP:(2017):deleting node -1330138203 error FALSE 
reason "Transaction mode done"

Jul 23 09:58:59.133: ISAKMP:(2017):Input = IKE_MESG_FROM_PEER, IKE_CFG_ACK

Jul 23 09:58:59.133: ISAKMP:(2017):Old State = IKE_XAUTH_SET_SENT  New 
State = IKE_P1_COMPLETE



Jul 23 09:58:59.133: ISAKMP:(2017):Input = IKE_MESG_INTERNAL, 
IKE_PHASE1_COMPLETE
Jul 23 09:58:59.133: ISAKMP:(2017):Old State = IKE_P1_COMPLETE  New 
State = IKE_P1_COMPLETE



Jul 23 09:58:59.173: ISAKMP (0:2017): received packet from 62.13.173.82 
dport 4500 sport 13101 Global (R) QM_IDLE

Jul 23 09:58:59.173: ISAKMP: set new node -804678717 to QM_IDLE

Jul 23 09:58:59.173: ISAKMP:(2017):processing transaction payload from 
62.13.173.82. message ID = -804678717

Jul 23 09:58:59.173: ISAKMP: Config payload REQUEST
Jul 23 09:58:59.173: ISAKMP:(2017):checking request:
Jul 23 09:58:59.173: ISAKMP:    IP4_ADDRESS
Jul 23 09:58:59.173: ISAKMP:    IP4_NETMASK
Jul 23 09:58:59.173: ISAKMP:    IP4_DNS
Jul 23 09:58:59.173: ISAKMP:    IP4_NBNS
Jul 23 09:58:59.173: ISAKMP:    ADDRESS_EXPIRY
Jul 23 09:58:59.173: ISAKMP:    APPLICATION_VERSION
Jul 23 09:58:59.173: ISAKMP:    MODECFG_BANNER
Jul 23 09:58:59.173: ISAKMP:    DEFAULT_DOMAIN
Jul 23 09:58:59.173: ISAKMP:    SPLIT_DNS
Jul 23 09:58:59.173: ISAKMP:    SPLIT_INCLUDE
Jul 23 09:58:59.173: ISAKMP:    INCLUDE_LOCAL_LAN
Jul 23 09:58:59.173: ISAKMP:    PFS
Jul 23 09:58:59.173: ISAKMP:    MODECFG_SAVEPWD
Jul 23 09:58:59.173: ISAKMP:    FW_RECORD
Jul 23 09:58:59.173: ISAKMP:    BACKUP_SERVER
Jul 23 09:58:59.173: ISAKMP:    MODECFG_BROWSER_PROXY

Jul 23 09:58:59.173: ISAKMP/author: Author request for group 
Tecnicisuccessfully sent to AAA
Jul 23 09:58:59.173: ISAKMP:(2017):Input = IKE_MESG_FROM_PEER, 
IKE_CFG_REQUEST
Jul 23 09:58:59.173: ISAKMP:(2017):Old State = IKE_P1_COMPLETE  New 
State = IKE_CONFIG_AUTHOR_AAA_AWAIT


Jul 23 09:58:59.173: ISAKMP:(2017):attributes sent in message:
Jul 23 09:58:59.173:         Address: 0.2.0.0
Jul 23 09:58:59.173: ISAKMP:(2017):allocating address 192.168.xx.175
Jul 23 09:58:59.173: ISAKMP: Sending private address: 192.168.xx.175
Jul 23 09:58:59.173: ISAKMP: Sending subnet mask: 255.255.254.0
Jul 23 09:58:59.173: ISAKMP: Sending IP4_DNS server address: 195.32.69.20

Jul 23 09:58:59.173: ISAKMP: Sending ADDRESS_EXPIRY seconds left to use 
the address: 3599
Jul 23 09:58:59.173: ISAKMP: Sending APPLICATION_VERSION string: Cisco 
IOS Software, UC500 Software (UC500-ADVIPSERVICESK9-M), Version 
12.4(11)XW6, RELEASE SOFTWARE (fc2)

Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Compiled Thu 14-Feb-08 02:24 by prod_rel_team

Jul 23 09:58:59.177: ISAKMP: Sending DEFAULT_DOMAIN default domain name: 
micso.it

Jul 23 09:58:59.177: ISAKMP: Sending save password reply value 0

Jul 23 09:58:59.177: ISAKMP:(2017): responding to peer config from 
62.13.173.82. ID = -804678717
Jul 23 09:58:59.177: ISAKMP:(2017): sending packet to 62.13.173.82 
my_port 4500 peer_port 13101 (R) CONF_ADDR

Jul 23 09:58:59.177: ISAKMP:(2017):Sending an IKE IPv4 Packet.

Jul 23 09:58:59.177: ISAKMP:(2017):deleting node -804678717 error FALSE 
reason "No Error"
Jul 23 09:58:59.177: ISAKMP:(2017):Input = IKE_MESG_FROM_AAA, 
IKE_AAA_GROUP_ATTR
Jul 23 09:58:59.177: ISAKMP:(2017):Old State = 
IKE_CONFIG_AUTHOR_AAA_AWAIT  New State = IKE_P1_COMPLETE



Jul 23 09:58:59.177: ISAKMP:(2017):Input = IKE_MESG_INTERNAL, 
IKE_PHASE1_COMPLETE
Jul 23 09:58:59.177: ISAKMP:(2017):Old State = IKE_P1_COMPLETE  New 
State = IKE_P1_COMPLETE



Jul 23 09:59:00.893: ISAKMP (0:2017): received packet from 62.13.173.82 
dport 4500 sport 13101 Global (R) QM_IDLE

Jul 23 09:59:00.893: ISAKMP: set new node -843233219 to QM_IDLE

Jul 23 09:59:00.893: ISAKMP:(2017): processing HASH payload. message ID 
= -843233219
Jul 23 09:59:00.893: ISAKMP:(2017): processing SA payload. message ID = 
-843233219

Jul 23 09:59:00.893: ISAKMP:(2017):Checking IPSec proposal 1
Jul 23 09:59:00.893: ISAKMP: transform 1, ESP_AES
Jul 23 09:59:00.893: ISAKMP:   attributes in transform:
Jul 23 09:59:00.893: ISAKMP:      SA life type in seconds
Jul 23 09:59:00.893: ISAKMP:      SA life duration (basic) of 3600
Jul 23 09:59:00.893: ISAKMP:      encaps is 3 (Tunnel-UDP)
Jul 23 09:59:00.893: ISAKMP:      key length is 256
Jul 23 09:59:00.893: ISAKMP:      authenticator is HMAC-SHA
Jul 23 09:59:00.893: ISAKMP:(2017):atts are acceptable.
Jul 23 09:59:00.893: ISAKMP:(2017):Checking IPSec proposal 1
Jul 23 09:59:00.893: ISAKMP: transform 2, ESP_AES
Jul 23 09:59:00.893: ISAKMP:   attributes in transform:
Jul 23 09:59:00.893: ISAKMP:      SA life type in seconds
Jul 23 09:59:00.893: ISAKMP:      SA life duration (basic) of 3600
Jul 23 09:59:00.893: ISAKMP:      encaps is 3 (Tunnel-UDP)
Jul 23 09:59:00.893: ISAKMP:      key length is 256
Jul 23 09:59:00.893: ISAKMP:      authenticator is HMAC-MD5
Jul 23 09:59:00.893: ISAKMP:(2017):atts are acceptable.
Jul 23 09:59:00.893: ISAKMP:(2017):Checking IPSec proposal 1
Jul 23 09:59:00.893: ISAKMP: transform 3, ESP_AES
Jul 23 09:59:00.893: ISAKMP:   attributes in transform:
Jul 23 09:59:00.893: ISAKMP:      SA life type in seconds
Jul 23 09:59:00.893: ISAKMP:      SA life duration (basic) of 3600
Jul 23 09:59:00.893: ISAKMP:      encaps is 3 (Tunnel-UDP)
Jul 23 09:59:00.893: ISAKMP:      key length is 128
Jul 23 09:59:00.893: ISAKMP:      authenticator is HMAC-SHA
Jul 23 09:59:00.893: ISAKMP:(2017):atts are acceptable.
Jul 23 09:59:00.893: ISAKMP:(2017):Checking IPSec proposal 1
Jul 23 09:59:00.893: ISAKMP: transform 4, ESP_AES
Jul 23 09:59:00.893: ISAKMP:   attributes in transform:
Jul 23 09:59:00.893: ISAKMP:      SA life type in seconds
Jul 23 09:59:00.893: ISAKMP:      SA life duration (basic) of 3600
Jul 23 09:59:00.893: ISAKMP:      encaps is 3 (Tunnel-UDP)
Jul 23 09:59:00.893: ISAKMP:      key length is 128
Jul 23 09:59:00.893: ISAKMP:      authenticator is HMAC-MD5
Jul 23 09:59:00.893: ISAKMP:(2017):atts are acceptable.
Jul 23 09:59:00.893: ISAKMP:(2017):Checking IPSec proposal 1
Jul 23 09:59:00.893: ISAKMP: transform 5, ESP_3DES
Jul 23 09:59:00.893: ISAKMP:   attributes in transform:
Jul 23 09:59:00.893: ISAKMP:      SA life type in seconds
Jul 23 09:59:00.893: ISAKMP:      SA life duration (basic) of 3600
Jul 23 09:59:00.893: ISAKMP:      encaps is 3 (Tunnel-UDP)
Jul 23 09:59:00.893: ISAKMP:      authenticator is HMAC-SHA
Jul 23 09:59:00.893: ISAKMP:(2017):atts are acceptable.
Jul 23 09:59:00.893: ISAKMP:(2017):Checking IPSec proposal 1
Jul 23 09:59:00.893: ISAKMP: transform 6, ESP_3DES
Jul 23 09:59:00.897: ISAKMP:   attributes in transform:
Jul 23 09:59:00.897: ISAKMP:      SA life type in seconds
Jul 23 09:59:00.897: ISAKMP:      SA life duration (basic) of 3600
Jul 23 09:59:00.897: ISAKMP:      encaps is 3 (Tunnel-UDP)
Jul 23 09:59:00.897: ISAKMP:      authenticator is HMAC-MD5
Jul 23 09:59:00.897: ISAKMP:(2017):atts are acceptable.
Jul 23 09:59:00.897: IPSEC(validate_proposal_request): proposal part #1
Jul 23 09:59:00.897: *IPSEC(initialize_sas): invalid IPv4 proxy IDs*

Jul 23 09:59:00.897: *ISAKMP:(2017): IPSec policy invalidated proposal 
with error 32*

Jul 23 09:59:00.897: IPSEC(validate_proposal_request): proposal part #1
Jul 23 09:59:00.897: IPSEC(initialize_sas): invalid IPv4 proxy IDs

Jul 23 09:59:00.897: ISAKMP:(2017): IPSec policy invalidated proposal 
with error 32

Jul 23 09:59:00.897: IPSEC(validate_proposal_request): proposal part #1
Jul 23 09:59:00.897: IPSEC(initialize_sas): invalid IPv4 proxy IDs

Jul 23 09:59:00.897: ISAKMP:(2017): IPSec policy invalidated proposal 
with error 32

Jul 23 09:59:00.897: IPSEC(validate_proposal_request): proposal part #1
Jul 23 09:59:00.897: IPSEC(initialize_sas): invalid IPv4 proxy IDs

Jul 23 09:59:00.897: ISAKMP:(2017): IPSec policy invalidated proposal 
with error 32

Jul 23 09:59:00.897: IPSEC(validate_proposal_request): proposal part #1
Jul 23 09:59:00.897: IPSEC(initialize_sas): invalid IPv4 proxy IDs

Jul 23 09:59:00.897: ISAKMP:(2017): IPSec policy invalidated proposal 
with error 32

Jul 23 09:59:00.897: IPSEC(validate_proposal_request): proposal part #1
Jul 23 09:59:00.897: IPSEC(initialize_sas): invalid IPv4 proxy IDs

Jul 23 09:59:00.897: ISAKMP:(2017): IPSec policy invalidated proposal 
with error 32
Jul 23 09:59:00.897: *ISAKMP:(2017): phase 2 SA policy not acceptable!* 
(local 195.32.xx.yy remote 62.13.173.82)

Jul 23 09:59:00.897: ISAKMP: set new node 516774839 to QM_IDLE

Jul 23 09:59:00.897: ISAKMP:(2017):Sending NOTIFY PROPOSAL_NOT_CHOSEN 
protocol 3

       spi 2228722680, message ID = 516774839

Jul 23 09:59:00.897: ISAKMP:(2017): sending packet to 62.13.173.82 
my_port 4500 peer_port 13101 (R) QM_IDLE

Jul 23 09:59:00.897: ISAKMP:(2017):Sending an IKE IPv4 Packet.
Jul 23 09:59:00.897: ISAKMP:(2017):purging node 516774839

Jul 23 09:59:00.897: ISAKMP:(2017):deleting node -843233219 error TRUE 
reason "QM rejected"
Jul 23 09:59:00.897: ISAKMP:(2017):Node -843233219, Input = 
IKE_MESG_FROM_PEER, IKE_QM_EXCH
Jul 23 09:59:00.897: ISAKMP:(2017):Old State = IKE_QM_READY  New State = 
IKE_QM_READY
Jul 23 09:59:04.073: ISAKMP (0:2017): received packet from 62.13.173.82 
dport 4500 sport 13101 Global (R) QM_IDLE
Jul 23 09:59:04.073: ISAKMP:(2017): phase 2 packet is a duplicate of a 
previous packet.

Jul 23 09:59:04.073: ISAKMP:(2017): retransmitting due to retransmit phase 2

Jul 23 09:59:04.073: ISAKMP:(2017): ignoring retransmission,because 
phase2 node marked dead -843233219
Jul 23 09:59:07.013: ISAKMP (0:2017): received packet from 62.13.173.82 
dport 4500 sport 13101 Global (R) QM_IDLE

Jul 23 09:59:07.013: ISAKMP: set new node -593716139 to QM_IDLE

Jul 23 09:59:07.013: ISAKMP:(2017): processing HASH payload. message ID 
= -593716139
Jul 23 09:59:07.013: ISAKMP:(2017): processing DELETE payload. message 
ID = -593716139

Jul 23 09:59:07.013: ISAKMP:(2017):peer does not do paranoid keepalives.


Jul 23 09:59:07.013: ISAKMP:(2017):deleting SA reason "No reason" state 
(R) QM_IDLE       (peer 62.13.173.82)
Jul 23 09:59:07.013: ISAKMP:(2017):deleting node -593716139 error FALSE 
reason "Informational (in) state 1"

Jul 23 09:59:07.013: ISAKMP: set new node 1617738423 to QM_IDLE

Jul 23 09:59:07.013: ISAKMP:(2017): sending packet to 62.13.173.82 
my_port 4500 peer_port 13101 (R) QM_IDLE

Jul 23 09:59:07.013: ISAKMP:(2017):Sending an IKE IPv4 Packet.
Jul 23 09:59:07.013: ISAKMP:(2017):purging node 1617738423
Jul 23 09:59:07.013: ISAKMP:(2017):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL

Jul 23 09:59:07.013: ISAKMP:(2017):Old State = IKE_P1_COMPLETE  New 
State = IKE_DEST_SA



Jul 23 09:59:07.017: ISAKMP:(2017):deleting SA reason "No reason" state 
(R) QM_IDLE       (peer 62.13.173.82)
Jul 23 09:59:07.017: ISAKMP:(0):Can't decrement IKE Call Admission 
Control stat incoming_active since it's already 0.
Jul 23 09:59:07.017: ISAKMP (0:2017): returning address 192.168.xx.175 
to pool
Jul 23 09:59:07.017: ISAKMP: Unlocking peer struct 0x8778E2C8 for 
isadb_mark_sa_deleted(), count 0

Jul 23 09:59:07.017: ISAKMP: returning address 192.168.xx.175 to pool

Jul 23 09:59:07.017: ISAKMP: Deleting peer node by peer_reap for 
62.13.173.82: 8778E2C8

Jul 23 09:59:07.017: ISAKMP: returning address 192.168.xx.175 to pool

Jul 23 09:59:07.017: ISAKMP:(2017):deleting node -1393114462 error FALSE 
reason "IKE deleted"
Jul 23 09:59:07.017: ISAKMP:(2017):deleting node -1330138203 error FALSE 
reason "IKE deleted"
Jul 23 09:59:07.017: ISAKMP:(2017):deleting node -804678717 error FALSE 
reason "IKE deleted"
Jul 23 09:59:07.017: ISAKMP:(2017):deleting node -843233219 error FALSE 
reason "IKE deleted"
Jul 23 09:59:07.017: ISAKMP:(2017):deleting node -593716139 error FALSE 
reason "IKE deleted"


Cosa ne pensate?
Grazie,
Normando

--
|  Normando Marcolongo | Micso s.r.l.           |
|   via Tiburtina, 318 | I-65128 Pescara, Italy |
|   tel. (+39)08554105 | mob. (+39)3386296362   |
| VoIP (+39)0857996598 | fax 199449777          |


_______________________________________________
Cug mailing list
http://www.areanetworking.it/index_docs.php
[email protected]
http://ml.areanetworking.it/mailman/listinfo/cug






















					Reply via email to