x.x.x.x is the PFSense and y.y.y.y is the Cisco
Jul 16 00:05:54 charon: 11[IKE] <con2000|673> deleting IKE_SA con2000[673]
between x.x.x.x[x.x.x.x]...y.y.y.y[y.y.y.y]
Jul 16 00:05:54 charon: 11[IKE] <con2000|673> received DELETE for IKE_SA
con2000[673]
Jul 16 00:05:54 charon: 11[ENC] <con2000|673> parsed INFORMATIONAL_V1 request
3030444427 [ HASH D ]
Jul 16 00:05:54 charon: 11[NET] <con2000|673> received packet: from
y.y.y.y[500] to x.x.x.x[500] (84 bytes)
Jul 16 00:05:54 charon: 05[IKE] <con2000|673> received NO_PROPOSAL_CHOSEN error
notify
Jul 16 00:05:54 charon: 05[ENC] <con2000|673> parsed INFORMATIONAL_V1 request
1608868438 [ HASH N(NO_PROP) ]
Jul 16 00:05:54 charon: 05[NET] <con2000|673> received packet: from
y.y.y.y[500] to x.x.x.x[500] (84 bytes)
Jul 16 00:05:54 charon: 05[NET] <con2000|673> sending packet: from x.x.x.x[500]
to y.y.y.y[500] (396 bytes)
Jul 16 00:05:54 charon: 05[ENC] <con2000|673> generating QUICK_MODE request
4135665263 [ HASH SA No KE ID ID ]
Jul 16 00:05:54 charon: 05[IKE] <con2000|673> maximum IKE_SA lifetime 86369s
Jul 16 00:05:54 charon: 05[IKE] <con2000|673> scheduling reauthentication in
85829s
Jul 16 00:05:54 charon: 05[IKE] <con2000|673> IKE_SA con2000[673] established
between x.x.x.x[x.x.x.x]...y.y.y.y[y.y.y.y]
Jul 16 00:05:54 charon: 05[IKE] <con2000|673> received DPD vendor ID
Jul 16 00:05:54 charon: 05[ENC] <con2000|673> parsed ID_PROT response 0 [ ID
HASH V ]
Jul 16 00:05:54 charon: 05[NET] <con2000|673> received packet: from
y.y.y.y[500] to x.x.x.x[500] (84 bytes)
Jul 16 00:05:54 charon: 05[NET] <con2000|673> sending packet: from x.x.x.x[500]
to y.y.y.y[500] (100 bytes)
Jul 16 00:05:54 charon: 05[ENC] <con2000|673> generating ID_PROT request 0 [ ID
HASH N(INITIAL_CONTACT) ]
Jul 16 00:05:54 charon: 05[ENC] <con2000|673> received unknown vendor ID:
1f:07:f7:0e:aa:65:14:d3:b0:fa:96:54:2a:50:01:00
Jul 16 00:05:54 charon: 05[ENC] <con2000|673> received unknown vendor ID:
11:84:28:cb:63:c1:36:01:1c:b0:82:fb:98:db:9d:aa
Jul 16 00:05:54 charon: 05[IKE] <con2000|673> received XAuth vendor ID
Jul 16 00:05:54 charon: 05[IKE] <con2000|673> received Cisco Unity vendor ID
Jul 16 00:05:54 charon: 05[ENC] <con2000|673> parsed ID_PROT response 0 [ KE No
V V V V NAT-D NAT-D ]
Jul 16 00:05:54 charon: 05[NET] <con2000|673> received packet: from
y.y.y.y[500] to x.x.x.x[500] (304 bytes)
Jul 16 00:05:54 charon: 05[NET] <con2000|673> sending packet: from x.x.x.x[500]
to y.y.y.y[500] (244 bytes)
Jul 16 00:05:54 charon: 05[ENC] <con2000|673> generating ID_PROT request 0 [ KE
No NAT-D NAT-D ]
Jul 16 00:05:54 charon: 05[IKE] <con2000|673> received FRAGMENTATION vendor ID
Jul 16 00:05:54 charon: 05[IKE] <con2000|673> received NAT-T (RFC 3947) vendor
ID
Jul 16 00:05:54 charon: 05[ENC] <con2000|673> parsed ID_PROT response 0 [ SA V
V ]
Jul 16 00:05:54 charon: 05[NET] <con2000|673> received packet: from
y.y.y.y[500] to x.x.x.x[500] (128 bytes)
Jul 16 00:05:54 charon: 11[NET] <con2000|673> sending packet: from x.x.x.x[500]
to y.y.y.y[500] (200 bytes)
Jul 16 00:05:54 charon: 11[ENC] <con2000|673> generating ID_PROT request 0 [ SA
V V V V V V ]
Jul 16 00:05:54 charon: 11[IKE] <con2000|673> initiating Main Mode IKE_SA
con2000[673] to y.y.y.y
Jul 16 00:05:54 charon: 09[KNL] creating acquire job for policy x.x.x.x/32|/0
=== y.y.y.y/32|/0 with reqid {20}
Jul 16 00:05:53 charon: 11[IKE] <con2000|672> deleting IKE_SA con2000[672]
between x.x.x.x[x.x.x.x]...y.y.y.y[y.y.y.y]
Jul 16 00:05:53 charon: 11[IKE] <con2000|672> received DELETE for IKE_SA
con2000[672]
Jul 16 00:05:53 charon: 11[ENC] <con2000|672> parsed INFORMATIONAL_V1 request
3572694564 [ HASH D ]
Jul 16 00:05:53 charon: 11[NET] <con2000|672> received packet: from
y.y.y.y[500] to x.x.x.x[500] (84 bytes)
Jul 16 00:05:53 charon: 09[IKE] <con2000|672> received NO_PROPOSAL_CHOSEN error
notify
Jul 16 00:05:53 charon: 09[ENC] <con2000|672> parsed INFORMATIONAL_V1 request
4230419079 [ HASH N(NO_PROP) ]
Jul 16 00:05:53 charon: 09[NET] <con2000|672> received packet: from
y.y.y.y[500] to x.x.x.x[500] (84 bytes)
Jul 16 00:05:53 charon: 09[NET] <con2000|672> sending packet: from x.x.x.x[500]
to y.y.y.y[500] (396 bytes)
Jul 16 00:05:53 charon: 09[ENC] <con2000|672> generating QUICK_MODE request
1039796497 [ HASH SA No KE ID ID ]
Jul 16 00:05:53 charon: 09[IKE] <con2000|672> maximum IKE_SA lifetime 85885s
Jul 16 00:05:53 charon: 09[IKE] <con2000|672> scheduling reauthentication in
85345s
Jul 16 00:05:53 charon: 09[IKE] <con2000|672> IKE_SA con2000[672] established
between x.x.x.x[x.x.x.x]...y.y.y.y[y.y.y.y]
Jul 16 00:05:53 charon: 09[IKE] <con2000|672> received DPD vendor ID
Jul 16 00:05:53 charon: 09[ENC] <con2000|672> parsed ID_PROT response 0 [ ID
HASH V ]
Jul 16 00:05:53 charon: 09[NET] <con2000|672> received packet: from
y.y.y.y[500] to x.x.x.x[500] (84 bytes)
Jul 16 00:05:53 charon: 09[NET] <con2000|672> sending packet: from x.x.x.x[500]
to y.y.y.y[500] (100 bytes)
Jul 16 00:05:53 charon: 09[ENC] <con2000|672> generating ID_PROT request 0 [ ID
HASH N(INITIAL_CONTACT) ]
Jul 16 00:05:53 charon: 09[ENC] <con2000|672> received unknown vendor ID:
1f:07:f7:0e:aa:65:14:d3:b0:fa:96:54:2a:50:01:00
Jul 16 00:05:53 charon: 09[ENC] <con2000|672> received unknown vendor ID:
6c:3e:73:55:de:28:43:20:be:13:23:da:35:92:c6:5a
Jul 16 00:05:53 charon: 09[IKE] <con2000|672> received XAuth vendor ID
Jul 16 00:05:53 charon: 09[IKE] <con2000|672> received Cisco Unity vendor ID
Jul 16 00:05:53 charon: 09[ENC] <con2000|672> parsed ID_PROT response 0 [ KE No
V V V V NAT-D NAT-D ]
Jul 16 00:05:53 charon: 09[NET] <con2000|672> received packet: from
y.y.y.y[500] to x.x.x.x[500] (304 bytes)
Jul 16 00:05:53 charon: 09[NET] <con2000|672> sending packet: from x.x.x.x[500]
to y.y.y.y[500] (244 bytes)
Jul 16 00:05:53 charon: 09[ENC] <con2000|672> generating ID_PROT request 0 [ KE
No NAT-D NAT-D ]
Jul 16 00:05:53 charon: 09[IKE] <con2000|672> received FRAGMENTATION vendor ID
Jul 16 00:05:53 charon: 09[IKE] <con2000|672> received NAT-T (RFC 3947) vendor
ID
Jul 16 00:05:53 charon: 09[ENC] <con2000|672> parsed ID_PROT response 0 [ SA V
V ]
Jul 16 00:05:53 charon: 09[NET] <con2000|672> received packet: from
y.y.y.y[500] to x.x.x.x[500] (128 bytes)
Jul 16 00:05:53 charon: 08[NET] <con2000|671> sending packet: from x.x.x.x[500]
to y.y.y.y[500] (200 bytes)
Jul 16 00:05:53 charon: 08[ENC] <con2000|671> generating ID_PROT request 0 [ SA
V V V V V V ]
Jul 16 00:05:53 charon: 08[IKE] <con2000|671> initiating Main Mode IKE_SA
con2000[672] to y.y.y.y
Jul 16 00:05:53 charon: 08[IKE] <con2000|671> deleting IKE_SA con2000[671]
between x.x.x.x[x.x.x.x]...y.y.y.y[y.y.y.y]
Jul 16 00:05:53 charon: 08[IKE] <con2000|671> received DELETE for IKE_SA
con2000[671]
Jul 16 00:05:53 charon: 08[ENC] <con2000|671> parsed INFORMATIONAL_V1 request
877344761 [ HASH D ]
Jul 16 00:05:53 charon: 08[NET] <con2000|671> received packet: from
y.y.y.y[500] to x.x.x.x[500] (84 bytes)
Jul 16 00:05:53 charon: 08[NET] <con2000|671> sending packet: from x.x.x.x[500]
to y.y.y.y[500] (396 bytes)
Jul 16 00:05:53 charon: 08[ENC] <con2000|671> generating QUICK_MODE request
3061253677 [ HASH SA No KE ID ID ]
Jul 16 00:05:53 charon: 08[IKE] <con2000|671> received NO_PROPOSAL_CHOSEN error
notify
Jul 16 00:05:53 charon: 08[ENC] <con2000|671> parsed INFORMATIONAL_V1 request
1071528904 [ HASH N(NO_PROP) ]
Jul 16 00:05:53 charon: 08[NET] <con2000|671> received packet: from
y.y.y.y[500] to x.x.x.x[500] (84 bytes)
Jul 16 00:05:53 charon: 08[NET] <con2000|671> sending packet: from x.x.x.x[500]
to y.y.y.y[500] (396 bytes)
Jul 16 00:05:53 charon: 08[ENC] <con2000|671> generating QUICK_MODE request
4166058011 [ HASH SA No KE ID ID ]
Jul 16 00:05:53 charon: 08[IKE] <con2000|671> maximum IKE_SA lifetime 86387s
Jul 16 00:05:53 charon: 08[IKE] <con2000|671> scheduling reauthentication in
85847s
Jul 16 00:05:53 charon: 08[IKE] <con2000|671> IKE_SA con2000[671] established
between x.x.x.x[x.x.x.x]...y.y.y.y[y.y.y.y]
Jul 16 00:05:53 charon: 08[IKE] <con2000|671> received DPD vendor ID
Jul 16 00:05:53 charon: 08[ENC] <con2000|671> parsed ID_PROT response 0 [ ID
HASH V ]
Jul 16 00:05:53 charon: 08[NET] <con2000|671> received packet: from
y.y.y.y[500] to x.x.x.x[500] (84 bytes)
Jul 16 00:05:53 charon: 08[NET] <con2000|671> sending packet: from x.x.x.x[500]
to y.y.y.y[500] (100 bytes)
Jul 16 00:05:53 charon: 08[ENC] <con2000|671> generating ID_PROT request 0 [ ID
HASH N(INITIAL_CONTACT) ]
Jul 16 00:05:53 charon: 08[ENC] <con2000|671> received unknown vendor ID:
1f:07:f7:0e:aa:65:14:d3:b0:fa:96:54:2a:50:01:00
Jul 16 00:05:53 charon: 08[ENC] <con2000|671> received unknown vendor ID:
d7:fa:f0:cf:5c:f4:7a:12:81:d0:bb:1a:be:48:22:00
Jul 16 00:05:53 charon: 08[IKE] <con2000|671> received XAuth vendor ID
Jul 16 00:05:53 charon: 08[IKE] <con2000|671> received Cisco Unity vendor ID
Jul 16 00:05:53 charon: 08[ENC] <con2000|671> parsed ID_PROT response 0 [ KE No
V V V V NAT-D NAT-D ]
Jul 16 00:05:53 charon: 08[NET] <con2000|671> received packet: from
y.y.y.y[500] to x.x.x.x[500] (304 bytes)
Jul 16 00:05:53 charon: 10[NET] <con2000|671> sending packet: from x.x.x.x[500]
to y.y.y.y[500] (244 bytes)
Jul 16 00:05:53 charon: 10[ENC] <con2000|671> generating ID_PROT request 0 [ KE
No NAT-D NAT-D ]
Jul 16 00:05:53 charon: 10[IKE] <con2000|671> received FRAGMENTATION vendor ID
Jul 16 00:05:53 charon: 10[IKE] <con2000|671> received NAT-T (RFC 3947) vendor
ID
Jul 16 00:05:53 charon: 10[ENC] <con2000|671> parsed ID_PROT response 0 [ SA V
V ]
Jul 16 00:05:53 charon: 10[NET] <con2000|671> received packet: from
y.y.y.y[500] to x.x.x.x[500] (128 bytes)
Jul 16 00:05:53 charon: 15[CFG] received stroke: initiate 'con2000'
Jul 16 00:05:53 charon: 10[CFG] no IKE_SA named 'con2001' found
Jul 16 00:05:53 charon: 10[CFG] received stroke: terminate 'con2001'
Jul 16 00:05:53 charon: 15[NET] <con2000|671> sending packet: from x.x.x.x[500]
to y.y.y.y[500] (200 bytes)
Jul 16 00:05:53 charon: 15[ENC] <con2000|671> generating ID_PROT request 0 [ SA
V V V V V V ]
Jul 16 00:05:53 charon: 15[IKE] <con2000|671> initiating Main Mode IKE_SA
con2000[671] to y.y.y.y
Jul 16 00:05:53 charon: 11[CFG] received stroke: initiate 'con2001'
Jul 16 00:05:53 charon: 15[CFG] no IKE_SA named 'con2000' found
Jul 16 00:05:53 charon: 15[CFG] received stroke: terminate 'con2000'
Marc R. Meshurle, Jr.
Sr. Engineer
KatoTech
(Division of Bullets & Bytes, Inc.)
Exton, PA. 19341
610-280-3566
________________________________________
From: List <[email protected]> on behalf of Chris Buechler
<[email protected]>
Sent: Friday, July 15, 2016 14:29
To: pfSense Support and Discussion Mailing List
Subject: Re: [pfSense] PFS 2.3.1-RELEASE-p5 and Cisco 5520 IPSEC
On Fri, Jul 15, 2016 at 11:32 AM, Marc R. Meshurle Jr.
<[email protected]> wrote:
> I'm having an issue connecting to a Cisco ASA5520 with IPSEC. The vendor with
> the Cisco states that Phase 1 is good, but dropping out on Phase 2. We've
> matched the Phase 2 proposals up and it still fails on the Phase 2 side. I've
> tried every combination of SA protocols and none stay connected.
>
> Any thoughts?
>
What do your IPsec logs show?
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
