Quale è l'altra configurazione del peer?
2009/7/22, [email protected] <[email protected]>: > mi hanno dato da verificare perchè non funziona la vpn su un router > abilitando > il debug crypto ipsec e isakmp... > vedo questa fase di errori che mi dicono che non viene fatto il match con > la > policy nella fase 1, eppure è configurato tutto correttamente. > > [quote]Jul 22 11:45:13.186: ISAKMP (0:0): received packet from 81.125.122.11 > dport 500 sport 2184 Global (N) NEW SA > Jul 22 11:45:13.186: ISAKMP: Created a peer struct for 81.125.122.11, peer > port 2184 > Jul 22 11:45:13.186: ISAKMP: Locking peer struct 0x81B70680, IKE refcount 1 > for crypto_isakmp_process_block > Jul 22 11:45:13.186: ISAKMP: local port 500, remote port 2184 > Jul 22 11:45:13.190: ISAKMP: Find a dup sa in the avl tree during calling > isadb_insert sa = 81CF28EC > Jul 22 11:45:13.190: ISAKMP:(0:5:HW:2): processing SA payload. message ID = > 0 > Jul 22 11:45:13.190: ISAKMP:(0:5:HW:2): processing ID payload. message ID = > 0 > Jul 22 11:45:13.194: ISAKMP (0:268435461): ID payload > next-payload : 13 > type : 11 > group id : VPNLASPEZIA > protocol : 17 > port : 500 > length : 22 > Jul 22 11:45:13.194: ISAKMP:(0:5:HW:2):: peer matches *none* of the profiles > Jul 22 11:45:13.194: ISAKMP:(0:5:HW:2): processing vendor id payload > Jul 22 11:45:13.194: ISAKMP:(0:5:HW:2): vendor ID seems Unity/DPD but major > 215 mismatch > Jul 22 11:45:13.194: ISAKMP:(0:5:HW:2): vendor ID is XAUTH > Jul 22 11:45:13.194: ISAKMP:(0:5:HW:2): processing vendor id payload > Jul 22 11:45:13.198: ISAKMP:(0:5:HW:2): vendor ID is DPD > Jul 22 11:45:13.198: ISAKMP:(0:5:HW:2): processing vendor id payload > Jul 22 11:45:13.198: ISAKMP:(0:5:HW:2): vendor ID seems Unity/DPD but major > 194 mismatch > Jul 22 11:45:13.198: ISAKMP:(0:5:HW:2): processing vendor id payload > Jul 22 11:45:13.198: ISAKMP:(0:5:HW:2): vendor ID seems Unity/DPD but major > 123 mismatch > Jul 22 11:45:13.198: ISAKMP:(0:5:HW:2): vendor ID is NAT-T v2 > Jul 22 11:45:13.198: ISAKMP:(0:5:HW:2): processing vendor id payload > Jul 22 11:45:13.202: ISAKMP:(0:5:HW:2): vendor ID is Unity > Jul 22 11:45:13.202: ISAKMP : Scanning profiles for xauth ... > Jul 22 11:45:13.202: ISAKMP:(0:5:HW:2):Checking ISAKMP transform 1 against > priority 3 policy > Jul 22 11:45:13.202: ISAKMP: encryption AES-CBC > Jul 22 11:45:13.202: ISAKMP: hash SHA > Jul 22 11:45:13.202: ISAKMP: default group 2 > Jul 22 11:45:13.202: ISAKMP: auth XAUTHInitPreShared > Jul 22 11:45:13.202: ISAKMP: life type in seconds > Jul 22 11:45:13.202: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 > 0x9B > Jul 22 11:45:13.206: ISAKMP: keylength of 256 > Jul 22 11:45:13.206: ISAKMP:(0:5:HW:2):Encryption algorithm offered does not > match policy! > Jul 22 11:45:13.206: ISAKMP:(0:5:HW:2):atts are not acceptable. Next payload > is 3 > Jul 22 11:45:13.206: ISAKMP:(0:5:HW:2):Checking ISAKMP transform 2 against > priority 3 policy > Jul 22 11:45:13.206: ISAKMP: encryption AES-CBC > Jul 22 11:45:13.206: ISAKMP: hash MD5 > Jul 22 11:45:13.206: ISAKMP: default group 2 > Jul 22 11:45:13.206: ISAKMP: auth XAUTHInitPreShared > Jul 22 11:45:13.210: ISAKMP: life type in seconds > Jul 22 11:45:13.210: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 > 0x9B > Jul 22 11:45:13.210: ISAKMP: keylength of 256 > Jul 22 11:45:13.210: ISAKMP:(0:5:HW:2):Encryption algorithm offered does not > match policy! > Jul 22 11:45:13.210: ISAKMP:(0:5:HW:2):atts are not acceptable. Next payload > is 3 > Jul 22 11:45:13.210: ISAKMP:(0:5:HW:2):Checking ISAKMP transform 3 against > priority 3 policy > Jul 22 11:45:13.210: ISAKMP: encryption AES-CBC > Jul 22 11:45:13.210: ISAKMP: hash SHA > Jul 22 11:45:13.210: ISAKMP: default group 2 > Jul 22 11:45:13.214: ISAKMP: auth pre-share > Jul 22 11:45:13.214: ISAKMP: life type in seconds > Jul 22 11:45:13.214: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 > 0x9B > Jul 22 11:45:13.214: ISAKMP: keylength of 256 > Jul 22 11:45:13.214: ISAKMP:(0:5:HW:2):Encryption algorithm offered does not > match policy! > Jul 22 11:45:13.214: ISAKMP:(0:5:HW:2):atts are not acceptable. Next payload > is 3 > Jul 22 11:45:13.214: ISAKMP:(0:5:HW:2):Checking ISAKMP transform 4 against > priority 3 policy > Jul 22 11:45:13.214: ISAKMP: encryption AES-CBC > Jul 22 11:45:13.218: ISAKMP: hash MD5 > Jul 22 11:45:13.218: ISAKMP: default group 2 > Jul 22 11:45:13.218: ISAKMP: auth pre-share > Jul 22 11:45:13.218: ISAKMP: life type in seconds > Jul 22 11:45:13.218: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 > 0x9B > Jul 22 11:45:13.218: ISAKMP: keylength of 256 > Jul 22 11:45:13.218: ISAKMP:(0:5:HW:2):Encryption algorithm offered does not > match policy! > Jul 22 11:45:13.218: ISAKMP:(0:5:HW:2):atts are not acceptable. Next payload > is 3 > Jul 22 11:45:13.218: ISAKMP:(0:5:HW:2):Checking ISAKMP transform 5 against > priority 3 policy > Jul 22 11:45:13.222: ISAKMP: encryption AES-CBC > Jul 22 11:45:13.222: ISAKMP: hash SHA > Jul 22 11:45:13.222: ISAKMP: default group 2 > Jul 22 11:45:13.222: ISAKMP: auth XAUTHInitPreShared > Jul 22 11:45:13.222: ISAKMP: life type in seconds > Jul 22 11:45:13.222: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 > 0x9B > Jul 22 11:45:13.222: ISAKMP: keylength of 128 > Jul 22 11:45:13.222: ISAKMP:(0:5:HW:2):Encryption algorithm offered does not > match policy! > Jul 22 11:45:13.222: ISAKMP:(0:5:HW:2):atts are not acceptable. Next payload > is 3 > Jul 22 11:45:13.226: ISAKMP:(0:5:HW:2):Checking ISAKMP transform 6 against > priority 3 policy > Jul 22 11:45:13.226: ISAKMP: encryption AES-CBC > Jul 22 11:45:13.226: ISAKMP: hash MD5 > Jul 22 11:45:13.226: ISAKMP: default group 2 > Jul 22 11:45:13.226: ISAKMP: auth XAUTHInitPreShared > Jul 22 11:45:13.226: ISAKMP: life type in seconds > Jul 22 11:45:13.226: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 > 0x9B > Jul 22 11:45:13.226: ISAKMP: keylength of 128 > Jul 22 11:45:13.226: ISAKMP:(0:5:HW:2):Encryption algorithm offered does not > match policy! > Jul 22 11:45:13.234: ISAKMP:(0:5:HW:2):atts are not acceptable. Next payload > is 3 > Jul 22 11:45:13.234: ISAKMP:(0:5:HW:2):Checking ISAKMP transform 7 against > priority 3 policy > Jul 22 11:45:13.234: ISAKMP: encryption AES-CBC > Jul 22 11:45:13.234: ISAKMP: hash SHA > Jul 22 11:45:13.234: ISAKMP: default group 2 > Jul 22 11:45:13.234: ISAKMP: auth pre-share > Jul 22 11:45:13.234: ISAKMP: life type in seconds > Jul 22 11:45:13.234: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 > 0x9B > Jul 22 11:45:13.238: ISAKMP: keylength of 128 > Jul 22 11:45:13.238: ISAKMP:(0:5:HW:2):Encryption algorithm offered does not > match policy! > Jul 22 11:45:13.238: ISAKMP:(0:5:HW:2):atts are not acceptable. Next payload > is 3 > Jul 22 11:45:13.238: ISAKMP:(0:5:HW:2):Checking ISAKMP transform 8 against > priority 3 policy > Jul 22 11:45:13.238: ISAKMP: encryption AES-CBC > Jul 22 11:45:13.238: ISAKMP: hash MD5 > Jul 22 11:45:13.238: ISAKMP: default group 2 > Jul 22 11:45:13.238: ISAKMP: auth pre-share > Jul 22 11:45:13.238: ISAKMP: life type in seconds > Jul 22 11:45:13.238: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 > 0x9B > Jul 22 11:45:13.242: ISAKMP: keylength of 128 > Jul 22 11:45:13.242: ISAKMP:(0:5:HW:2):Encryption algorithm offered does not > match policy! > Jul 22 11:45:13.242: ISAKMP:(0:5:HW:2):atts are not acceptable. Next payload > is 3 > Jul 22 11:45:13.242: ISAKMP:(0:5:HW:2):Checking ISAKMP transform 9 against > priority 3 policy > Jul 22 11:45:13.242: ISAKMP: encryption 3DES-CBC > Jul 22 11:45:13.242: ISAKMP: hash SHA > Jul 22 11:45:13.242: ISAKMP: default group 2 > Jul 22 11:45:13.242: ISAKMP: auth XAUTHInitPreShared > Jul 22 11:45:13.246: ISAKMP: life type in seconds > Jul 22 11:45:13.246: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 > 0x9B > Jul 22 11:45:13.246: ISAKMP:(0:5:HW:2):Xauth authentication by pre-shared > key > offered but does not match policy! > Jul 22 11:45:13.246: ISAKMP:(0:5:HW:2):atts are not acceptable. Next payload > is 3 > Jul 22 11:45:13.246: ISAKMP:(0:5:HW:2):Checking ISAKMP transform 10 against > priority 3 policy > Jul 22 11:45:13.246: ISAKMP: encryption 3DES-CBC > Jul 22 11:45:13.246: ISAKMP: hash MD5 > Jul 22 11:45:13.246: ISAKMP: default group 2 > Jul 22 11:45:13.246: ISAKMP: auth XAUTHInitPreShared > Jul 22 11:45:13.246: ISAKMP: life type in seconds > Jul 22 11:45:13.246: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 > 0x9B > Jul 22 11:45:13.246: ISAKMP:(0:5:HW:2):Hash algorithm offered does not match > policy! > Jul 22 11:45:13.246: ISAKMP:(0:5:HW:2):atts are not acceptable. Next payload > is 3 > Jul 22 11:45:13.246: ISAKMP:(0:5:HW:2):Checking ISAKMP transform 11 against > priority 3 policy > Jul 22 11:45:13.246: ISAKMP: encryption 3DES-CBC > Jul 22 11:45:13.246: ISAKMP: hash SHA > Jul 22 11:45:13.246: ISAKMP: default group 2 > Jul 22 11:45:13.250: ISAKMP: auth pre-share > Jul 22 11:45:13.250: ISAKMP: life type in seconds > Jul 22 11:45:13.250: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 > 0x9B > Jul 22 11:45:13.250: ISAKMP:(0:5:HW:2):Preshared authentication offered but > does not match policy! > Jul 22 11:45:13.250: ISAKMP:(0:5:HW:2):atts are not acceptable. Next payload > is 3 > Jul 22 11:45:13.250: ISAKMP:(0:5:HW:2):Checking ISAKMP transform 12 against > priority 3 policy > Jul 22 11:45:13.250: ISAKMP: encryption 3DES-CBC > Jul 22 11:45:13.250: ISAKMP: hash MD5 > Jul 22 11:45:13.254: ISAKMP: default group 2 > Jul 22 11:45:13.254: ISAKMP: auth pre-share > Jul 22 11:45:13.254: ISAKMP: life type in seconds > Jul 22 11:45:13.254: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 > 0x9B > Jul 22 11:45:13.254: ISAKMP:(0:5:HW:2):Hash algorithm offered does not match > policy! > Jul 22 11:45:13.254: ISAKMP:(0:5:HW:2):atts are not acceptable. Next payload > is 3 > Jul 22 11:45:13.254: ISAKMP:(0:5:HW:2):Checking ISAKMP transform 13 against > priority 3 policy > Jul 22 11:45:13.254: ISAKMP: encryption DES-CBC > Jul 22 11:45:13.254: ISAKMP: hash MD5 > Jul 22 11:45:13.258: ISAKMP: default group 2 > Jul 22 11:45:13.258: ISAKMP: auth XAUTHInitPreShared > Jul 22 11:45:13.258: ISAKMP: life type in seconds > Jul 22 11:45:13.258: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 > 0x9B > Jul 22 11:45:13.258: ISAKMP:(0:5:HW:2):Encryption algorithm offered does not > match policy! > Jul 22 11:45:13.258: ISAKMP:(0:5:HW:2):atts are not acceptable. Next payload > is 3 > Jul 22 11:45:13.262: ISAKMP:(0:5:HW:2):Checking ISAKMP transform 14 against > priority 3 policy > Jul 22 11:45:13.262: ISAKMP: encryption DES-CBC > Jul 22 11:45:13.262: ISAKMP: hash MD5 > Jul 22 11:45:13.262: ISAKMP: default group 2 > Jul 22 11:45:13.262: ISAKMP: auth pre-share > Jul 22 11:45:13.262: ISAKMP: life type in seconds > Jul 22 11:45:13.262: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 > 0x9B > Jul 22 11:45:13.262: ISAKMP:(0:5:HW:2):Encryption algorithm offered does not > match policy! > Jul 22 11:45:13.262: ISAKMP:(0:5:HW:2):atts are not acceptable. Next payload > is 0 > Jul 22 11:45:13.266: ISAKMP:(0:5:HW:2):Checking ISAKMP transform 1 against > priority 65535 policy > Jul 22 11:45:13.266: ISAKMP: encryption AES-CBC > Jul 22 11:45:13.266: ISAKMP: hash SHA > Jul 22 11:45:13.266: ISAKMP: default group 2 > Jul 22 11:45:13.266: ISAKMP: auth XAUTHInitPreShared > Jul 22 11:45:13.266: ISAKMP: life type in seconds > Jul 22 11:45:13.266: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 > 0x9B > Jul 22 11:45:13.266: ISAKMP: keylength of 256 > Jul 22 11:45:13.266: ISAKMP:(0:5:HW:2):Encryption algorithm offered does not > match policy! > Jul 22 11:45:13.270: ISAKMP:(0:5:HW:2):atts are not acceptable. Next payload > is 3 > Jul 22 11:45:13.270: ISAKMP:(0:5:HW:2):Checking ISAKMP transform 2 against > priority 65535 policy > Jul 22 11:45:13.270: ISAKMP: encryption AES-CBC > Jul 22 11:45:13.270: ISAKMP: hash MD5 > Jul 22 11:45:13.270: ISAKMP: default group 2 > Jul 22 11:45:13.270: ISAKMP: auth XAUTHInitPreShared > Jul 22 11:45:13.270: ISAKMP: life type in seconds > Jul 22 11:45:13.270: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 > 0x9B > Jul 22 11:45:13.270: ISAKMP: keylength of 256 > Jul 22 11:45:13.274: ISAKMP:(0:5:HW:2):Encryption algorithm offered does not > match policy! > Jul 22 11:45:13.274: ISAKMP:(0:5:HW:2):atts are not acceptable. Next payload > is 3 > Jul 22 11:45:13.274: ISAKMP:(0:5:HW:2):Checking ISAKMP transform 3 against > priority 65535 policy > Jul 22 11:45:13.274: ISAKMP: encryption AES-CBC > Jul 22 11:45:13.274: ISAKMP: hash SHA > Jul 22 11:45:13.274: ISAKMP: default group 2 > Jul 22 11:45:13.274: ISAKMP: auth pre-share > Jul 22 11:45:13.278: ISAKMP: life type in seconds > Jul 22 11:45:13.278: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 > 0x9B > Jul 22 11:45:13.278: ISAKMP: keylength of 256 > Jul 22 11:45:13.278: ISAKMP:(0:5:HW:2):Encryption algorithm offered does not > match policy! > Jul 22 11:45:13.278: ISAKMP:(0:5:HW:2):atts are not acceptable. Next payload > is 3 > Jul 22 11:45:13.278: ISAKMP:(0:5:HW:2):Checking ISAKMP transform 4 against > priority 65535 policy > Jul 22 11:45:13.278: ISAKMP: encryption AES-CBC > Jul 22 11:45:13.278: ISAKMP: hash MD5 > Jul 22 11:45:13.282: ISAKMP: default group 2 > Jul 22 11:45:13.282: ISAKMP: auth pre-share > Jul 22 11:45:13.282: ISAKMP: life type in seconds > Jul 22 11:45:13.282: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 > 0x9B > Jul 22 11:45:13.282: ISAKMP: keylength of 256 > Jul 22 11:45:13.282: ISAKMP:(0:5:HW:2):Encryption algorithm offered does not > match policy! > Jul 22 11:45:13.282: ISAKMP:(0:5:HW:2):atts are not acceptable. Next payload > is 3 > Jul 22 11:45:13.282: ISAKMP:(0:5:HW:2):Checking ISAKMP transform 5 against > priority 65535 policy > Jul 22 11:45:13.282: ISAKMP: encryption AES-CBC > Jul 22 11:45:13.286: ISAKMP: hash SHA > Jul 22 11:45:13.286: ISAKMP: default group 2 > Jul 22 11:45:13.286: ISAKMP: auth XAUTHInitPreShared > Jul 22 11:45:13.286: ISAKMP: life type in seconds > Jul 22 11:45:13.286: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 > 0x9B > Jul 22 11:45:13.286: ISAKMP: keylength of 128 > Jul 22 11:45:13.286: ISAKMP:(0:5:HW:2):Encryption algorithm offered does not > match policy! > Jul 22 11:45:13.290: ISAKMP:(0:5:HW:2):atts are not acceptable. Next payload > is 3 > Jul 22 11:45:13.290: ISAKMP:(0:5:HW:2):Checking ISAKMP transform 6 against > priority 65535 policy > Jul 22 11:45:13.290: ISAKMP: encryption AES-CBC > Jul 22 11:45:13.290: ISAKMP: hash MD5 > Jul 22 11:45:13.290: ISAKMP: default group 2 > Jul 22 11:45:13.290: ISAKMP: auth XAUTHInitPreShared > Jul 22 11:45:13.290: ISAKMP: life type in seconds > Jul 22 11:45:13.290: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 > 0x9B > Jul 22 11:45:13.290: ISAKMP: keylength of 128 > Jul 22 11:45:13.290: ISAKMP:(0:5:HW:2):Encryption algorithm offered does not > match policy! > Jul 22 11:45:13.294: ISAKMP:(0:5:HW:2):atts are not acceptable. Next payload > is 3 > Jul 22 11:45:13.294: ISAKMP:(0:5:HW:2):Checking ISAKMP transform 7 against > priority 65535 policy > Jul 22 11:45:13.294: ISAKMP: encryption AES-CBC > Jul 22 11:45:13.294: ISAKMP: hash SHA > Jul 22 11:45:13.294: ISAKMP: default group 2 > Jul 22 11:45:13.294: ISAKMP: auth pre-share > Jul 22 11:45:13.294: ISAKMP: life type in seconds > Jul 22 11:45:13.294: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 > 0x9B > Jul 22 11:45:13.294: ISAKMP: keylength of 128 > Jul 22 11:45:13.298: ISAKMP:(0:5:HW:2):Encryption algorithm offered does not > match policy! > Jul 22 11:45:13.298: ISAKMP:(0:5:HW:2):atts are not acceptable. Next payload > is 3 > Jul 22 11:45:13.298: ISAKMP:(0:5:HW:2):Checking ISAKMP transform 8 against > priority 65535 policy > Jul 22 11:45:13.298: ISAKMP: encryption AES-CBC > Jul 22 11:45:13.298: ISAKMP: hash MD5 > Jul 22 11:45:13.298: ISAKMP: default group 2 > Jul 22 11:45:13.298: ISAKMP: auth pre-share > Jul 22 11:45:13.298: ISAKMP: life type in seconds > Jul 22 11:45:13.298: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 > 0x9B > Jul 22 11:45:13.302: ISAKMP: keylength of 128 > Jul 22 11:45:13.302: ISAKMP:(0:5:HW:2):Encryption algorithm offered does not > match policy! > Jul 22 11:45:13.302: ISAKMP:(0:5:HW:2):atts are not acceptable. Next payload > is 3 > Jul 22 11:45:13.302: ISAKMP:(0:5:HW:2):Checking ISAKMP transform 9 against > priority 65535 policy > Jul 22 11:45:13.302: ISAKMP: encryption 3DES-CBC > Jul 22 11:45:13.302: ISAKMP: hash SHA > Jul 22 11:45:13.302: ISAKMP: default group 2 > Jul 22 11:45:13.306: ISAKMP: auth XAUTHInitPreShared > Jul 22 11:45:13.306: ISAKMP: life type in seconds > Jul 22 11:45:13.306: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 > 0x9B > Jul 22 11:45:13.306: ISAKMP:(0:5:HW:2):Encryption algorithm offered does not > match policy! > Jul 22 11:45:13.306: ISAKMP:(0:5:HW:2):atts are not acceptable. Next payload > is 3 > Jul 22 11:45:13.306: ISAKMP:(0:5:HW:2):Checking ISAKMP transform 10 against > priority 65535 policy > Jul 22 11:45:13.306: ISAKMP: encryption 3DES-CBC > Jul 22 11:45:13.306: ISAKMP: hash MD5 > Jul 22 11:45:13.310: ISAKMP: default group 2 > Jul 22 11:45:13.310: ISAKMP: auth XAUTHInitPreShared > Jul 22 11:45:13.310: ISAKMP: life type in seconds > Jul 22 11:45:13.310: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 > 0x9B > Jul 22 11:45:13.310: ISAKMP:(0:5:HW:2):Encryption algorithm offered does not > match policy! > Jul 22 11:45:13.310: ISAKMP:(0:5:HW:2):atts are not acceptable. Next payload > is 3 > Jul 22 11:45:13.310: ISAKMP:(0:5:HW:2):Checking ISAKMP transform 11 against > priority 65535 policy > Jul 22 11:45:13.310: ISAKMP: encryption 3DES-CBC > Jul 22 11:45:13.310: ISAKMP: hash SHA > Jul 22 11:45:13.314: ISAKMP: default group 2 > Jul 22 11:45:13.314: ISAKMP: auth pre-share > Jul 22 11:45:13.314: ISAKMP: life type in seconds > Jul 22 11:45:13.314: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 > 0x9B > Jul 22 11:45:13.314: ISAKMP:(0:5:HW:2):Encryption algorithm offered does not > match policy! > Jul 22 11:45:13.314: ISAKMP:(0:5:HW:2):atts are not acceptable. Next payload > is 3 > Jul 22 11:45:13.322: ISAKMP:(0:5:HW:2):Checking ISAKMP transform 12 against > priority 65535 policy > Jul 22 11:45:13.322: ISAKMP: encryption 3DES-CBC > Jul 22 11:45:13.322: ISAKMP: hash MD5 > Jul 22 11:45:13.322: ISAKMP: default group 2 > Jul 22 11:45:13.322: ISAKMP: auth pre-share > Jul 22 11:45:13.322: ISAKMP: life type in seconds > Jul 22 11:45:13.322: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 > 0x9B > Jul 22 11:45:13.322: ISAKMP:(0:5:HW:2):Encryption algorithm offered does not > match policy! > Jul 22 11:45:13.322: ISAKMP:(0:5:HW:2):atts are not acceptable. Next payload > is 3 > Jul 22 11:45:13.326: ISAKMP:(0:5:HW:2):Checking ISAKMP transform 13 against > priority 65535 policy > Jul 22 11:45:13.326: ISAKMP: encryption DES-CBC > Jul 22 11:45:13.326: ISAKMP: hash MD5 > Jul 22 11:45:13.326: ISAKMP: default group 2 > Jul 22 11:45:13.326: ISAKMP: auth XAUTHInitPreShared > Jul 22 11:45:13.326: ISAKMP: life type in seconds > Jul 22 11:45:13.326: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 > 0x9B > Jul 22 11:45:13.326: ISAKMP:(0:5:HW:2):Hash algorithm offered does not match > policy! > Jul 22 11:45:13.330: ISAKMP:(0:5:HW:2):atts are not acceptable. Next payload > is 3 > Jul 22 11:45:13.330: ISAKMP:(0:5:HW:2):Checking ISAKMP transform 14 against > priority 65535 policy > Jul 22 11:45:13.330: ISAKMP: encryption DES-CBC > Jul 22 11:45:13.330: ISAKMP: hash MD5 > Jul 22 11:45:13.330: ISAKMP: default group 2 > Jul 22 11:45:13.330: ISAKMP: auth pre-share > Jul 22 11:45:13.330: ISAKMP: life type in seconds > Jul 22 11:45:13.330: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 > 0x9B > Jul 22 11:45:13.330: ISAKMP:(0:5:HW:2):Hash algorithm offered does not match > policy! > Jul 22 11:45:13.334: ISAKMP:(0:5:HW:2):atts are not acceptable. Next payload > is 0 > Jul 22 11:45:13.334: ISAKMP:(0:5:HW:2):no offers accepted! > Jul 22 11:45:13.334: ISAKMP:(0:5:HW:2): phase 1 SA policy not acceptable! > (local 80.20.2xx.2xx remote 81.125.122.11) > Jul 22 11:45:13.334: ISAKMP:(0:5:HW:2):incrementing error counter on sa: > construct_fail_ag_init > Jul 22 11:45:13.334: ISAKMP (0:268435461): Unknown Input IKE_MESG_FROM_PEER, > IKE_AM_EXCH: state = IKE_READY > Jul 22 11:45:13.338: ISAKMP:(0:5:HW:2):Input = IKE_MESG_FROM_PEER, > IKE_AM_EXCH > Jul 22 11:45:13.338: ISAKMP:(0:5:HW:2):Old State = IKE_READY New State = > IKE_READY > [/quote] > > qualcuno sa dirmi cos'è che non va? > > questa è la parte di conf del router: > [quote] > crypto isakmp policy 3 > encr 3des > authentication pre-share > group 2 > ! > crypto isakmp client configuration group VPNLASPEZIA > key xxxxxx > domain interbusiness.it > pool ippoo1 > acl 109 > ! > ! > crypto ipsec transform-set myset esp-3des esp-sha-hmac > ! > crypto dynamic-map dynmap 10 > set transform-set myset > ! > ! > crypto map clientmap client authentication list userauthen > crypto map clientmap isakmp authorization list groupauthor > crypto map clientmap client configuration address respond > crypto map clientmap 10 ipsec-isakmp dynamic dynmap > ! > interface Ethernet0 > description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-Ethernet 10/100$ > ip address 10.18.5.90 255.255.255.0 secondary > ip address 80.20.2xx.2xx 255.255.255.248 > ip nat inside > crypto map clientmap > hold-queue 100 out > ! > ip local pool ippoo1 192.168.1.241 192.168.1.245 > ! > ip nat pool NAT_118_LIGURIA 80.20.2xx.2xx 80.20.2xx.2xx netmask > 255.255.255.248 > ip nat inside source list 101 pool NAT > ! > access-list 101 deny ip any 192.168.5.0 0.0.0.255 > access-list 101 permit ip host 10.18.5.19 any > access-list 101 permit ip host 10.18.5.59 any > access-list 101 permit ip host 10.18.5.13 any > access-list 101 permit ip host 10.18.5.14 any > access-list 101 permit ip host 10.18.5.17 any > access-list 101 permit ip host 10.18.5.58 any > access-list 109 permit ip host 10.18.5.59 host 192.168.1.241 > access-list 109 permit ip host 10.18.5.59 host 192.168.1.242 > access-list 109 permit ip host 10.18.5.59 host 192.168.1.243 > access-list 109 permit ip host 10.18.5.59 host 192.168.1.244 > access-list 109 permit ip host 10.18.5.59 host 192.168.1.245 > [/quote] > _______________________________________________ http://cug.areanetworking.it [email protected] http://ml.areanetworking.it/mailman/listinfo/cug
