On Wed, Mar 26, 2014 at 11:32 PM, Nathan Stone <[email protected]> wrote: > I was finally able to get back and grab some logs from both the ASA and the > Shrew Client. I sanitized the External IP and the VPN Group information > otherwise everything is intact. I am not sure exactly what I am looking for > or how to discipher everything. Would anyone else be willing to spend a few > minutes looking this over and seeing if anything jumps out at you? > > > Logs from the ASA when ShrewSoft client tries to connect (reads from bottom > to top). Same results with Windows 7 and 8. > 4|Mar 26 2014|14:23:39|113019|Group = , Username = , IP = 0.0.0.0, Session > disconnected. Session Type: , Duration: 0h:00m:32s, Bytes xmt: 0, Bytes rcv: > 0, Reason: Unknown > 4|Mar 26 2014|14:23:39|713903|Group = XXXXXXXX, Username = back, IP = > 173.164.82.61, Error: Unable to remove PeerTblEntry > 3|Mar 26 2014|14:23:39|713902|Group = XXXXXXXX, Username = back, IP = > 173.164.82.61, Removing peer from peer table failed, no match! > 6|Mar 26 2014|14:23:07|713228|Group = XXXXXXXX, Username = back, IP = > 173.164.82.61, Assigned private IP address 192.168.168.5 to remote user > 6|Mar 26 2014|14:23:07|713184|Group = XXXXXXXX, Username = back, IP = > 173.164.82.61, Client Type: WinNT Client Application Version: 4.8.01.0300 > 5|Mar 26 2014|14:23:07|713130|Group = XXXXXXXX, Username = back, IP = > 173.164.82.61, Received unsupported transaction mode attribute: 5 > > > > Windows 7 using Cisco VPN client. Connects fine. > 5|Mar 26 2014|14:35:43|713120|Group = XXXXXXXX, Username = Back, IP = > 173.164.82.61, PHASE 2 COMPLETED (msgid=ccf3064a) > 6|Mar 26 2014|14:35:43|602303|IPSEC: An inbound remote access SA (SPI= > 0x07ABBAA7) between outside-interface and 173.164.82.61 (user= back) has been > created. > 5|Mar 26 2014|14:35:43|713049|Group = XXXXXXXX, Username = Back, IP = > 173.164.82.61, Security negotiation complete for User (back) Responder, > Inbound SPI = 0x07abbaa7, Outbound SPI = 0xd76b1221 > 6|Mar 26 2014|14:35:43|602303|IPSEC: An outbound remote access SA (SPI= > 0xD76B1221) between outside-interface and 173.164.82.61 (user= back) has been > created. > 5|Mar 26 2014|14:35:43|713075|Group = XXXXXXXX, Username = Back, IP = > 173.164.82.61, Overriding Initiator's IPSec rekeying duration from 2147483 to > 28800 seconds > 5|Mar 26 2014|14:35:43|713119|Group = XXXXXXXX, Username = Back, IP = > 173.164.82.61, PHASE 1 COMPLETED > 6|Mar 26 2014|14:35:43|713228|Group = XXXXXXXX, Username = Back, IP = > 173.164.82.61, Assigned private IP address 192.168.168.5 to remote user > 6|Mar 26 2014|14:35:43|713184|Group = XXXXXXXX, Username = Back, IP = > 173.164.82.61, Client Type: WinNT Client Application Version: 5.0.07.0440 > 5|Mar 26 2014|14:35:43|713130|Group = XXXXXXXX, Username = Back, IP = > 173.164.82.61, Received unsupported transaction mode attribute: 5 > > > Logs from ShrewSoft VPN Trace - IKE Service (Level output = Errors) > 10 May 2012 > 14/03/26 15:02:18 !! : unable to connect to pfkey interface > 14/03/26 15:02:24 !! : invalid private netmask, defaulting to 255.255.255.0 > 14/03/26 15:02:32 !! : config packet ignored ( config already mature ) > 14/03/26 15:02:40 !! : config packet ignored ( config already mature ) > 14/03/26 15:02:48 !! : config packet ignored ( config already mature ) > > > Logs from ShrewSoft VPN Trace - IKE Service (Level output = Informational) > 14/03/26 15:23:18 ## : IKE Daemon, ver 2.2.2 > 14/03/26 15:23:18 ## : Copyright 2013 Shrew Soft Inc. > 14/03/26 15:23:18 ## : This product linked OpenSSL 1.0.1c 10 May 2012 > 14/03/26 15:23:18 ii : opened 'C:\Program Files\ShrewSoft\VPN > Client\debug\iked.log' > 14/03/26 15:23:18 ii : rebuilding vnet device list ... > 14/03/26 15:23:18 ii : device ROOT\VNET\0000 disabled > 14/03/26 15:23:18 ii : network process thread begin ... > 14/03/26 15:23:18 ii : pfkey process thread begin ... > 14/03/26 15:23:18 ii : ipc server process thread begin ... > 14/03/26 15:23:25 ii : ipc client process thread begin ... > 14/03/26 15:23:25 <A : peer config add message > 14/03/26 15:23:25 <A : proposal config message > 14/03/26 15:23:25 <A : proposal config message > 14/03/26 15:23:25 <A : client config message > 14/03/26 15:23:25 <A : xauth username message > 14/03/26 15:23:25 <A : xauth password message > 14/03/26 15:23:25 <A : local id 'XXXXXX' message > 14/03/26 15:23:25 <A : preshared key message > 14/03/26 15:23:25 <A : peer tunnel enable message > 14/03/26 15:23:25 ii : local supports XAUTH > 14/03/26 15:23:25 ii : local supports nat-t ( draft v00 ) > 14/03/26 15:23:25 ii : local supports nat-t ( draft v01 ) > 14/03/26 15:23:25 ii : local supports nat-t ( draft v02 ) > 14/03/26 15:23:25 ii : local supports nat-t ( draft v03 ) > 14/03/26 15:23:25 ii : local supports nat-t ( rfc ) > 14/03/26 15:23:25 ii : local supports DPDv1 > 14/03/26 15:23:25 ii : local is SHREW SOFT compatible > 14/03/26 15:23:25 ii : local is NETSCREEN compatible > 14/03/26 15:23:25 ii : local is SIDEWINDER compatible > 14/03/26 15:23:25 ii : local is CISCO UNITY compatible > 14/03/26 15:23:25 >= : cookies ed576b33c000da7e:0000000000000000 > 14/03/26 15:23:25 >= : message 00000000 > 14/03/26 15:23:25 ii : processing phase1 packet ( 440 bytes ) > 14/03/26 15:23:25 =< : cookies ed576b33c000da7e:bdb0dc6b4f35101c > 14/03/26 15:23:25 =< : message 00000000 > 14/03/26 15:23:25 ii : matched isakmp proposal #1 transform #14 > 14/03/26 15:23:25 ii : - transform = ike > 14/03/26 15:23:25 ii : - cipher type = 3des > 14/03/26 15:23:25 ii : - key length = default > 14/03/26 15:23:25 ii : - hash type = sha1 > 14/03/26 15:23:25 ii : - dh group = group2 ( modp-1024 ) > 14/03/26 15:23:25 ii : - auth type = xauth-initiator-psk > 14/03/26 15:23:25 ii : - life seconds = 86400 > 14/03/26 15:23:25 ii : - life kbytes = 0 > 14/03/26 15:23:25 ii : phase1 id target is any > 14/03/26 15:23:25 ii : phase1 id match > 14/03/26 15:23:25 ii : received = ipv4-host 1.2.3.4 > 14/03/26 15:23:25 ii : peer is CISCO UNITY compatible > 14/03/26 15:23:25 ii : peer supports XAUTH > 14/03/26 15:23:25 ii : peer supports DPDv1 > 14/03/26 15:23:25 ii : peer supports nat-t ( draft v02 ) > 14/03/26 15:23:25 ii : nat discovery - local address is translated > 14/03/26 15:23:25 ii : switching to src nat-t udp port 4500 > 14/03/26 15:23:25 ii : switching to dst nat-t udp port 4500 > 14/03/26 15:23:25 >= : cookies ed576b33c000da7e:bdb0dc6b4f35101c > 14/03/26 15:23:25 >= : message 00000000 > 14/03/26 15:23:25 ii : phase1 sa established > 14/03/26 15:23:25 ii : 1.2.3.4:4500 <-> 192.168.246.115:4500 > 14/03/26 15:23:25 ii : ed576b33c000da7e:bdb0dc6b4f35101c > 14/03/26 15:23:25 ii : sending peer INITIAL-CONTACT notification > 14/03/26 15:23:25 ii : - 192.168.246.115:4500 -> 1.2.3.4:4500 > 14/03/26 15:23:25 ii : - isakmp spi = ed576b33c000da7e:bdb0dc6b4f35101c > 14/03/26 15:23:25 ii : - data size 0 > 14/03/26 15:23:25 >= : cookies ed576b33c000da7e:bdb0dc6b4f35101c > 14/03/26 15:23:25 >= : message 09fa64cc > 14/03/26 15:23:25 ii : processing config packet ( 76 bytes ) > 14/03/26 15:23:25 =< : cookies ed576b33c000da7e:bdb0dc6b4f35101c > 14/03/26 15:23:25 =< : message a15d44a7 > 14/03/26 15:23:25 ii : - xauth authentication type > 14/03/26 15:23:25 ii : - xauth username > 14/03/26 15:23:25 ii : - xauth password > 14/03/26 15:23:25 ii : received basic xauth request - > 14/03/26 15:23:25 ii : - standard xauth username > 14/03/26 15:23:25 ii : - standard xauth password > 14/03/26 15:23:25 ii : sending xauth response for back > 14/03/26 15:23:25 >= : cookies ed576b33c000da7e:bdb0dc6b4f35101c > 14/03/26 15:23:25 >= : message a15d44a7 > 14/03/26 15:23:25 ii : processing config packet ( 68 bytes ) > 14/03/26 15:23:25 =< : cookies ed576b33c000da7e:bdb0dc6b4f35101c > 14/03/26 15:23:25 =< : message a8ef0bbf > 14/03/26 15:23:25 ii : received xauth result - > 14/03/26 15:23:25 ii : user back authentication succeeded > 14/03/26 15:23:25 ii : sending xauth acknowledge > 14/03/26 15:23:25 >= : cookies ed576b33c000da7e:bdb0dc6b4f35101c > 14/03/26 15:23:25 >= : message a8ef0bbf > 14/03/26 15:23:25 ii : building config attribute list > 14/03/26 15:23:25 ii : sending config pull request > 14/03/26 15:23:25 >= : cookies ed576b33c000da7e:bdb0dc6b4f35101c > 14/03/26 15:23:25 >= : message 9fc87ac5 > 14/03/26 15:23:25 ii : processing config packet ( 220 bytes ) > 14/03/26 15:23:25 =< : cookies ed576b33c000da7e:bdb0dc6b4f35101c > 14/03/26 15:23:25 =< : message 9fc87ac5 > 14/03/26 15:23:25 ii : received config pull response > 14/03/26 15:23:25 !! : invalid private netmask, defaulting to 255.255.255.0 > 14/03/26 15:23:25 ii : adapter ROOT\VNET\0000 unavailable, retrying ... > 14/03/26 15:23:26 ii : creating NONE INBOUND policy ANY:1.2.3.4:* -> > ANY:192.168.246.115:* > 14/03/26 15:23:26 ii : creating NONE OUTBOUND policy ANY:192.168.246.115:* -> > ANY:1.2.3.4:* > 14/03/26 15:23:26 ii : created NONE policy route for 1.2.3.4/32 > 14/03/26 15:23:26 ii : creating NONE INBOUND policy ANY:192.168.246.1:* -> > ANY:192.168.168.5:* > 14/03/26 15:23:26 ii : creating NONE OUTBOUND policy ANY:192.168.168.5:* -> > ANY:192.168.246.1:* > 14/03/26 15:23:26 ii : creating IPSEC INBOUND policy ANY:10.0.0.0/8:* -> > ANY:192.168.168.5:* > 14/03/26 15:23:26 ii : creating IPSEC OUTBOUND policy ANY:192.168.168.5:* -> > ANY:10.0.0.0/8:* > 14/03/26 15:23:26 ii : created IPSEC policy route for 10.0.0.0/8 > 14/03/26 15:23:26 >= : cookies ed576b33c000da7e:bdb0dc6b4f35101c > 14/03/26 15:23:26 >= : message 0c659a3f > 14/03/26 15:23:26 ii : split DNS is disabled > 14/03/26 15:23:29 >= : cookies ed576b33c000da7e:bdb0dc6b4f35101c > 14/03/26 15:23:29 >= : message 2a54a656 > 14/03/26 15:23:31 -> : resend 1 phase2 packet(s) [0/2] 192.168.246.115:4500 > -> 1.2.3.4:4500 > 14/03/26 15:23:33 ii : processing config packet ( 220 bytes ) > 14/03/26 15:23:33 !! : config packet ignored ( config already mature ) > 14/03/26 15:23:34 -> : resend 1 phase2 packet(s) [0/2] 192.168.246.115:4500 > -> 1.2.3.4:4500 > 14/03/26 15:23:36 -> : resend 1 phase2 packet(s) [1/2] 192.168.246.115:4500 > -> 1.2.3.4:4500 > 14/03/26 15:23:39 -> : resend 1 phase2 packet(s) [1/2] 192.168.246.115:4500 > -> 1.2.3.4:4500 > 14/03/26 15:23:40 ii : sending peer DPDV1-R-U-THERE notification > 14/03/26 15:23:40 ii : - 192.168.246.115:4500 -> 1.2.3.4:4500 > 14/03/26 15:23:40 ii : - isakmp spi = ed576b33c000da7e:bdb0dc6b4f35101c > 14/03/26 15:23:40 ii : - data size 4 > 14/03/26 15:23:40 >= : cookies ed576b33c000da7e:bdb0dc6b4f35101c > 14/03/26 15:23:40 >= : message 1064e267 > 14/03/26 15:23:41 ii : processing config packet ( 220 bytes ) > 14/03/26 15:23:41 !! : config packet ignored ( config already mature ) > 14/03/26 15:23:41 -> : resend 1 phase2 packet(s) [2/2] 192.168.246.115:4500 > -> 1.2.3.4:4500 > 14/03/26 15:23:44 -> : resend 1 phase2 packet(s) [2/2] 192.168.246.115:4500 > -> 1.2.3.4:4500 > 14/03/26 15:23:46 >= : cookies ed576b33c000da7e:bdb0dc6b4f35101c > 14/03/26 15:23:46 >= : message 7d536ba4 > 14/03/26 15:23:46 ii : resend limit exceeded for phase2 exchange > 14/03/26 15:23:46 ii : phase2 removal before expire time > 14/03/26 15:23:49 ii : processing config packet ( 220 bytes ) > 14/03/26 15:23:49 !! : config packet ignored ( config already mature ) > 14/03/26 15:23:49 ii : resend limit exceeded for phase2 exchange > 14/03/26 15:23:49 ii : phase2 removal before expire time > 14/03/26 15:23:51 -> : resend 1 phase2 packet(s) [0/2] 192.168.246.115:4500 > -> 1.2.3.4:4500 > 14/03/26 15:23:55 ii : sending peer DPDV1-R-U-THERE notification > 14/03/26 15:23:55 ii : - 192.168.246.115:4500 -> 1.2.3.4:4500 > 14/03/26 15:23:55 ii : - isakmp spi = ed576b33c000da7e:bdb0dc6b4f35101c > 14/03/26 15:23:55 ii : - data size 4 > 14/03/26 15:23:55 >= : cookies ed576b33c000da7e:bdb0dc6b4f35101c > 14/03/26 15:23:55 >= : message 344d9b88 > 14/03/26 15:23:56 -> : resend 1 phase2 packet(s) [1/2] 192.168.246.115:4500 > -> 1.2.3.4:4500 > 14/03/26 15:23:57 ii : processing informational packet ( 84 bytes ) > 14/03/26 15:23:57 =< : cookies ed576b33c000da7e:bdb0dc6b4f35101c > 14/03/26 15:23:57 =< : message ebc92a2c > 14/03/26 15:23:57 ii : received peer DELETE message > 14/03/26 15:23:57 ii : - 1.2.3.4:4500 -> 192.168.246.115:4500 > 14/03/26 15:23:57 ii : - isakmp spi = ed576b33c000da7e:bdb0dc6b4f35101c > 14/03/26 15:23:57 ii : cleanup, marked phase1 > ed576b33c000da7e:bdb0dc6b4f35101c for removal > 14/03/26 15:23:57 ii : phase1 removal before expire time > 14/03/26 15:23:57 ii : removing IPSEC INBOUND policy ANY:10.0.0.0/8:* -> > ANY:192.168.168.5:* > 14/03/26 15:23:57 ii : removing IPSEC OUTBOUND policy ANY:192.168.168.5:* -> > ANY:10.0.0.0/8:* > 14/03/26 15:23:57 ii : removed IPSEC policy route for ANY:10.0.0.0/8:* > 14/03/26 15:23:57 ii : removing NONE INBOUND policy ANY:192.168.246.1:* -> > ANY:192.168.168.5:* > 14/03/26 15:23:57 ii : removing NONE OUTBOUND policy ANY:192.168.168.5:* -> > ANY:192.168.246.1:* > 14/03/26 15:23:57 ii : removing NONE INBOUND policy ANY:1.2.3.4:* -> > ANY:192.168.246.115:* > 14/03/26 15:23:57 ii : removing NONE OUTBOUND policy ANY:192.168.246.115:* -> > ANY:1.2.3.4:* > 14/03/26 15:23:57 ii : removed NONE policy route for ANY:1.2.3.4:* > 14/03/26 15:23:57 DB : removing tunnel config references > 14/03/26 15:23:57 DB : removing tunnel phase2 references > 14/03/26 15:23:57 ii : phase2 removal before expire time > 14/03/26 15:23:57 DB : removing tunnel phase1 references > 14/03/26 15:23:57 DB : removing all peer tunnel references > 14/03/26 15:23:57 ii : ipc client process thread exit ... > >
Hi, Thanks for the log, There is Cisco VPN client and Shrew VPN on the same machine ? You use the lasted VPN release ? Do you have try other setting for Policy Generation Level ? Regards, > Nathan Stone | Enots IT Solutions | www.enots.com | 541.933.5010 > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of Alexis La Goutte > Sent: Friday, March 21, 2014 6:47 AM > Subject: Re: [vpn-help] Can't connect to Cisco ASA that worked fine yesterday > > Hi Nathan, > > You need to check the log of Gateway, there is a reason of session > terminated by gateway. (check also Shrew Log). > > Regards, > > > On Thu, Mar 20, 2014 at 9:59 PM, Nathan Stone <[email protected]> wrote: >> I have an issue with Shrewsoft that seems to have happened over night. >> Connecting to a Cisco ASA 5510. Was working yesterday and now today it >> connects, but after 33 seconds I get the message "session terminated by >> gateway" >> >> I am running Windows 8.1, have a remote staff person that uses this all day >> long and it is doing the same for her. She has Windows 8. As a test I >> installed the client on a Windows 7 32bit install and I get the same >> behavior. From a different Windows 7 computer, with the Cisco client I can >> connect just fine. >> >> I checked Windows updates and nothing has been installed. >> >> Logged in to the ASA. Nothing has changed in months and the last time it was >> rebooted was almost 200 days ago. I rebooted it anyway to see if that would >> help, but it doesn't. >> >> I have another client with a Cisco ASA 5505 and I can still connect to their >> IPSec VPN. So it is something with this particular firewall and ShrewSoft >> combination. I created another VPN on this firewall and it is doing the same >> thing. >> >> Here is what shows in the ShrewSoft VPN Connect tab >> >> config loaded for site 'OSM' >> attached to key daemon ... >> peer configured >> iskamp proposal configured >> esp proposal configured >> client configured >> local id configured >> remote id configured >> pre-shared key configured >> bringing up tunnel ... >> network device configured >> tunnel enabled >> session terminated by gateway >> tunnel disabled >> detached from key daemon >> >> >> If I switch to the Network tab, under Security Associations it shows Failed >> - 2. >> >> I am at a loss, anyone have any ideas at all? >> >> Nathan >> >> _______________________________________________ >> vpn-help mailing list >> [email protected] >> https://lists.shrew.net/mailman/listinfo/vpn-help > > _______________________________________________ > vpn-help mailing list > [email protected] > https://lists.shrew.net/mailman/listinfo/vpn-help _______________________________________________ vpn-help mailing list [email protected] https://lists.shrew.net/mailman/listinfo/vpn-help
