Hi!
my customer is planning to establish a VPN between his cisco 2600 and our
Checkpoint.
i configured the cisco appropriately and my FW1 for this VPN support .
debugging the router returns something strang - and i do not know which
failure i have made.
i attached my debuging-results.
would be very urgent.
thanx in advance.
hans
Router#sh run
Building configuration...
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
!
!
!
!
!
ip subnet-zero
!
isdn voice-call-failure 0
!
!
crypto isakmp policy 10
authentication pre-share
group 2
--More-- ��������� ���������crypto isakmp key abc123 address 213.47.62.85
!
!
crypto ipsec transform-set testset esp-des esp-sha-hmac
!
!
crypto map testmap 10 ipsec-isakmp
set peer 213.47.62.85
set transform-set testset
match address 101
!
!
controller E1 0/0
!
controller E1 0/1
!
!
!
!
!
interface FastEthernet0/0
ip address 213.164.0.54 255.255.255.0
no ip directed-broadcast
duplex auto
speed auto
crypto map testmap
!
interface FastEthernet0/1
ip address 10.10.10.1 255.255.255.0
no ip directed-broadcast
no keepalive
duplex auto
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 213.164.0.62
no ip http server
!
access-list 101 permit ip 10.10.10.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 101 permit ip 192.168.0.0 0.0.0.255 10.10.10.0 0.0.0.255
!
line con 0
transport input none
line aux 0
line vty 0 4
login
end
Router#
01:37:58: IPSEC(key_engine): request timer fired: count = 1,
(identity) local= 213.164.0.54, remote= 213.47.62.85,
local_proxy= 10.10.10.0/255.255.255.0/0/0 (type=4),
remote_proxy= 192.168.0.0/255.255.255.0/0/0 (type=4)
01:37:58: IPSEC(sa_request): ,
(key eng. msg.) src= 213.164.0.54, dest= 213.47.62.85,
src_proxy= 10.10.10.0/255.255.255.0/0/0 (type=4),
dest_proxy= 192.168.0.0/255.255.255.0/0/0 (type=4),
protocol= ESP, transform= esp-des esp-sha-hmac ,
lifedur= 3600s and 4608000kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4004
01:37:58: ISAKMP (0:2): beginning Main Mode exchange
01:37:58: ISAKMP (2): sending packet to 213.47.62.85 (I) MM_NO_STATE
01:37:58: ISAKMP (2): received packet from 213.47.62.85 (I) MM_NO_STATE
01:37:58: ISAKMP (0:2): processing SA payload. message ID = 0
01:37:58: ISAKMP (0:2): Checking ISAKMP transform 1 against priority 10 policy
01:37:58: ISAKMP: encryption DES-CBC
01:37:58: ISAKMP: hash SHA
01:37:58: ISAKMP: default group 2
01:37:58: ISAKMP: auth pre-share
01:37:58: ISAKMP: life type in seconds
01:37:58: ISAKMP: life duration (basic) of 3600
01:37:58: ISAKMP (0:2): atts are acceptable. Next payload is 0
01:37:58: ISAKMP (0:2): SA is doing pre-shared key authentication
01:37:58: ISAKMP (2): SA is doing pre-shared key authentication using id type
ID_IPV4_ADDR
01:37:58: ISAKMP (2): sending packet to 213.47.62.85 (I) MM_SA_SETUP
01:37:58: ISAKMP (2): received packet from 213.47.62.85 (I) MM_SA_SETUP
01:37:58: ISAKMP (0:2): processing KE payload. message ID = 0
01:37:59: ISAKMP (0:2): processing NONCE payload. message ID = 0
01:37:59: ISAKMP (0:2): SKEYID state generated
01:37:59: ISAKMP (2): ID payload
next-payload : 8
type : 1
protocol : 17
port : 500
length : 8
01:37:59: ISAKMP (2): Total payload length: 12
01:37:59: ISAKMP (2): sending packet to 213.47.62.85 (I) MM_KEY_EXCH
01:37:59: ISAKMP (2): received packet from 213.47.62.85 (I) MM_KEY_EXCH
01:37:59: ISAKMP (0:2): processing ID payload. message ID = 0
01:37:59: ISAKMP (0:2): processing HASH payload. message ID = 0
01:37:59: ISAKMP (0:2): SA has been authenticated with 213.47.62.85
01:37:59: ISAKMP (0:2): beginning Quick Mode exchange, M-ID of -981931657
01:37:59: IPSEC(key_engine): got a queue event...
01:37:59: IPSEC(spi_response): getting spi 24707372 for SA
from 213.47.62.85 to 213.164.0.54 for prot 3
01:37:59: ISAKMP (2): received packet from 213.47.62.85 (I) QM_IDLE
01:37:59: ISAKMP (0:2): phase 1 packet is a duplicate of a previous packet.
01:37:59: ISAKMP (0:2): retransmitting due to retransmit phase 1
01:37:59: ISAKMP (0:2): time remaining never
01:37:59: ISAKMP (0:2): current time 00:00:00
01:37:59: ISAKMP (0:2): retransmitting phase 1...
01:37:59: ISAKMP (2): received packet from 213.47.62.85 (I) QM_IDLE
01:37:59: ISAKMP (0:2): phase 1 packet is a duplicate of a previous packet.
01:37:59: ISAKMP (0:2): retransmitting due to retransmit phase 1
01:37:59: ISAKMP (0:2): time remaining never
01:37:59: ISAKMP (0:2): current time 00:00:00
01:37:59: ISAKMP (0:2): retransmitting phase 1...
01:37:59: ISAKMP (2): sending packet to 213.47.62.85 (I) QM_IDLE
01:37:59: ISAKMP (2): received packet from 213.47.62.85 (I) QM_IDLE
01:37:59: ISAKMP (2): processing NOTIFY payload 14 protocol 2
spi 24707372, message ID = -537148750
01:37:59: ISAKMP (2): deleting spi 24707372 message ID = -981931657
01:37:59: ISAKMP (0:2): deleting node -981931657
01:37:59: ISAKMP (0:2): deleting node -537148750
01:37:59: ISAKMP (0:2): processing terminal NOTIFY payload (14), protocol 2, message
ID = -537148750
01:37:59: ISAKMP (0:2): deleting SA
01:37:59: ISAKMP (2): sending packet to 213.47.62.85 (I) MM_NO_STATE
01:37:59: ISAKMP (0:2): deleting node -1865694245
