Galera, Estou com dificuldades para fechar uma VPN L2L com um Cisco ASA, a empresa do outro lado diz que as configs estão ok da parte dele, não sei mais o que fazer, alguém pode ajudar?
Já procurei sobre este erro NO-PROPOSAL-CHOSEN, mas não ajudou muito. Log após desabilitar o NAT-T: Oct 22 19:49:56racoon: *[ULTRA]*: INFO: ISAKMP-SA deleted 189.38.253.92[500]-177.67.61.249[500] spi:a89a260a3be94d4c:1c54135ec7b931e5Oct 22 19:49:56racoon: *[ULTRA]*: INFO: ISAKMP-SA expired 189.38.253.92[500]-177.67.61.249[500] spi:a89a260a3be94d4c:1c54135ec7b931e5Oct 22 19:49:56racoon: *[ULTRA]*: [177.67.61.249] ERROR: error message: ''.Oct 22 19:49:56racoon: *[ULTRA]*: [177.67.61.249] ERROR: notification NO-PROPOSAL-CHOSEN received in informational exchange.Oct 22 19:49:56 racoon: *[ULTRA]*: INFO: initiate new phase 2 negotiation: 189.38.253.92[500]<=>177.67.61.249[500]Oct 22 19:49:55racoon: *[ULTRA]*: INFO: ISAKMP-SA established 189.38.253.92[500]-177.67.61.249[500] spi:a89a260a3be94d4c:1c54135ec7b931e5Oct 22 19:49:55racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txtOct 22 19:49:55racoon: INFO: received Vendor ID: CISCO-UNITYOct 22 19:49:55racoon: INFO: received broken Microsoft ID: FRAGMENTATIONOct 22 19:49:55racoon: INFO: begin Identity Protection mode.Oct 22 19:49:55racoon: *[ULTRA]*: INFO: initiate new phase 1 negotiation: 189.38.253.92[500]<=>177.67.61.249[500]Oct 22 19:49:55 racoon: *[ULTRA]*: INFO: IPsec-SA request for 177.67.61.249 queued due to no phase1 found. Log com o NAT-T Habilitado: Oct 22 19:56:24racoon: *[ULTRA]*: INFO: KA remove: 189.38.253.92[4500]->177.67.61.249[4500]Oct 22 19:56:24racoon: *[ULTRA]*: INFO: ISAKMP-SA deleted 189.38.253.92[4500]-177.67.61.249[4500] spi:499b069dd9304961:d23888b8d62d2786Oct 22 19:56:24racoon: *[ULTRA]*: INFO: ISAKMP-SA expired 189.38.253.92[4500]-177.67.61.249[4500] spi:499b069dd9304961:d23888b8d62d2786Oct 22 19:56:24racoon: *[ULTRA]*: [177.67.61.249] ERROR: error message: 'Y z'.Oct 22 19:56:24racoon: *[ULTRA]*: [177.67.61.249] ERROR: notification NO-PROPOSAL-CHOSEN received in informational exchange.Oct 22 19:56:24racoon: INFO: NAT detected -> UDP encapsulation (ENC_MODE 1->3).Oct 22 19:56:24racoon: *[ULTRA]*: INFO: initiate new phase 2 negotiation: 189.38.253.92[4500]<=>177.67.61.249[4500]Oct 22 19:56:23racoon: *[ULTRA]*: INFO: ISAKMP-SA established 189.38.253.92[4500]-177.67.61.249[4500] spi:499b069dd9304961:d23888b8d62d2786Oct 22 19:56:23racoon: WARNING: port 4500 expected, but 0Oct 22 19:56:23racoon: *[ULTRA]*: INFO: KA list add: 189.38.253.92[4500]->177.67.61.249[4500]Oct 22 19:56:23racoon: INFO: NAT detected: MEOct 22 19:56:23racoon: INFO: NAT-D payload #1 verifiedOct 22 19:56:23racoon: *[ULTRA]*: [177.67.61.249] INFO: Hashing 177.67.61.249[500] with algo #2Oct 22 19:56:23racoon: INFO: NAT-D payload #0 doesn't matchOct 22 19:56:23racoon: *[Self]*: [189.38.253.92] INFO: Hashing 189.38.253.92[500] with algo #2Oct 22 19:56:23racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txtOct 22 19:56:23racoon: INFO: received Vendor ID: CISCO-UNITYOct 22 19:56:23racoon: INFO: Adding remote and local NAT-D payloads.Oct 22 19:56:23racoon: *[Self]*: [189.38.253.92] INFO: Hashing 189.38.253.92[500] with algo #2Oct 22 19:56:23racoon: *[ULTRA] *: [177.67.61.249] INFO: Hashing 177.67.61.249[500] with algo #2Oct 22 19:56:23racoon: *[ULTRA]*: [177.67.61.249] INFO: Selected NAT-T version: RFC 3947Oct 22 19:56:23racoon: INFO: received broken Microsoft ID: FRAGMENTATIONOct 22 19:56:23racoon: INFO: received Vendor ID: RFC 3947Oct 22 19:56:23racoon: INFO: begin Identity Protection mode.Oct 22 19:56:23 racoon: *[ULTRA]*: INFO: initiate new phase 1 negotiation: 189.38.253.92[500]<=>177.67.61.249[500]Oct 22 19:56:23racoon: *[ULTRA]*: INFO: IPsec-SA request for 177.67.61.249 queued due to no phase1 found.Oct 22 19:56:22racoon: INFO: unsupported PF_KEY message REGISTEROct 22 19:56:22racoon: ERROR: such policy already exists. anyway replace it: 192.168.254.0/24[0] 192.168.56.8/29[0] proto=any dir=outOct 22 19:56:22racoon: ERROR: such policy already exists. anyway replace it: 192.168.56.8/29[0] 192.168.254.0/24[0] proto=any dir=inOct 22 19:56:22racoon: ERROR: no iph2 found: ESP 177.67.61.249[500]->189.38.253.92[500] spi=263611198(0xfb6633e)Oct 22 19:56:22racoon: INFO: unsupported PF_KEY message REGISTER -- Atenciosamente,**** ** ** *Diego Riera***** [email protected]**** 55 (11) 8218-9285
_______________________________________________ Pfsense-pt mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/pfsense-pt
