Firewall konfig + DYNDNS wie geht das?

Achtung !!!!!!!!!!!!!
Verfügbare Informationen zu "Firewall konfig + DYNDNS wie geht das?"

  • Qualität des Beitrags: 0 Sterne
  • Beteiligte Poster: niko83 - crisirius
  • Forum: Achtung !!!!!!!!!!!!!
  • Forenbeschreibung: Umzug auf www.cisco-forum.net !!!!!
  • aus dem Unterforum: C1700 Reihe
  • Antworten: 15
  • Forum gestartet am: Mittwoch 02.02.2005
  • Sprache: deutsch
  • Link zum Originaltopic: Firewall konfig + DYNDNS wie geht das?
  • Letzte Antwort: vor 18 Jahren, 7 Monaten, 8 Tagen, 18 Stunden, 32 Minuten
  • Alle Beiträge und Antworten zu "Firewall konfig + DYNDNS wie geht das?"

    Re: Firewall konfig + DYNDNS wie geht das?

    niko83 - 09.08.2005, 15:06

    Firewall konfig + DYNDNS wie geht das?
    Hallo,

    ich habe einen Cisco 1720 mit WIC 1ENET und c1700-k9o3sy7-mz.123-13.bin drauf!
    Der DSL Zugang funktioniert einwandfrei, ebenso DHCP!

    Jetzt habe ich aber noch folgende 2 Probleme:
    1. Ich würde gerne bei jeder Einwahl meinen Dyndns Account updaten! geht das mit dem Cisco?

    2. Ist der Router noch total offen, d.h. es werden keine Anfragen abgewiesen! Ich hätte aber gerne das alle Portsanfragen abgewiesen werden! Wie gehts das?

    Danke für eure Hilfe!

    Gruß

    Niko



    Re: Firewall konfig + DYNDNS wie geht das?

    crisirius - 10.08.2005, 08:54


    Hi Niko,

    willkommen erst mal auf dem Board.

    So jetzt zu deinen Fragen:

    1. mit dem 1720 ist eine dyndns auktualisierung nicht möglich
    2. kurze Frage meiner Seits alle Ports???

    Schreibe dir heute abend noch mal eine Konfig. Die die bestimmt weiterhilft.

    Grüße

    Crisirius
    8)



    Re: Firewall konfig + DYNDNS wie geht das?

    niko83 - 10.08.2005, 12:23


    Hi

    1. hmmm ;-(

    2. ja, wenn ich die befehle aber kenn kann ich ja auch hingehen und sie mir individuell anpassen!

    Gruß

    Niko



    Re: Firewall konfig + DYNDNS wie geht das?

    crisirius - 10.08.2005, 21:12


    HI Niko,

    du solltest folgende Befehle dafür benutzen:

    access-list 101

    und

    ip access-group 101
    um diese accesslist an das interface zu binden.

    Grüße

    Crisirius



    Re: Firewall konfig + DYNDNS wie geht das?

    niko83 - 11.08.2005, 09:35


    hallo,

    ich habs jetzt mal ausprobiert, aber so 100%ig funzt es noch nicht

    was geht ist: 0-1056;1080;5000,8080 sind von außen blocked

    allerdings würde ich gerne von innen rauspingen können, von außen soll der ping aber geblockt werden! - das geht bisher noch nicht!

    Code: access-list 1 permit 192.168.0.0 0.0.0.255
    access-list 101 deny   tcp any any range 0 1056
    access-list 101 deny   tcp any any eq 1080
    access-list 101 deny   tcp any any eq 5000
    access-list 101 deny   tcp any any eq 8080
    access-list 101 permit icmp 192.168.0.0 0.0.0.255 any
    access-list 101 deny   icmp any any
    access-list 101 permit ip any any
    dialer-list 2 protocol ip permit

    was muss ich denn sonst noch blocken?

    Gruß



    Re: Firewall konfig + DYNDNS wie geht das?

    crisirius - 11.08.2005, 18:48


    Hi Niko,

    wenn du das icmp von außen nicht erlauben willst, dann soltest du mit:

    echo-reply

    arbeiten und dieses auf die access-list in auf den externen interface legen.

    Dann sollte ein ping nach drausen funktionieren und ein ping auf deinen Router nicht.

    Grüße

    Crisirius
    :roll:



    Re: Firewall konfig + DYNDNS wie geht das?

    crisirius - 11.08.2005, 21:26


    Wenn du noch Fragen zu ACL hast schau mal hier rein:

    http://www.joseph-klein.de/Verschiedene%20Konfigurationsmodi/access-listen.html

    Grüße

    Crisirius
    :)



    Re: Firewall konfig + DYNDNS wie geht das?

    crisirius - 12.08.2005, 09:47


    Hi Niko,

    muss mich bei den dyndns etwas berichtigen:

    ab der IOS Version 12.4 ist das auch für die 1700 möglich.

    Grüße

    Crisirius
    :oops:



    Re: Firewall konfig + DYNDNS wie geht das?

    niko83 - 15.08.2005, 07:37


    danke! funktioniert jetzt alles wunderbar!

    Dyndns geht ab 12.4! Hab leider nur 12.3!
    Image ist ja nur über supportvertrag zu bekommen!

    weist jemand was sowas kostet?

    Gruß



    Re: Firewall konfig + DYNDNS wie geht das?

    niko83 - 15.08.2005, 10:39


    was ich jetzt auch noch gerne machen würde:

    Man soll sich über VPN in das Netzwerk einwählen können!

    Frage: Brauch man einen separaten Radius Server oder geht es auch ohne?

    hat jemand eventuell noch ein paar tips oder ein sample config woran ich mich schonmal orientieren könnte?

    danke!



    Re: Firewall konfig + DYNDNS wie geht das?

    crisirius - 15.08.2005, 20:33


    Hi niko,

    hier mal eine 1750 VPN Server Config

    hostname Easy-VPN-Test
    !
    !
    username xyz privilege 15 password 0 xyz
    memory-size iomem 15
    ip subnet-zero
    !
    !
    !
    ip audit notify log
    ip audit po max-events 100
    !
    !
    crypto isakmp policy 1
    encr 3des
    authentication pre-share
    group 2
    crypto isakmp client configuration address-pool local dynpool
    !
    crypto isakmp client configuration group Easy-VPN-group
    key password
    dns 10.10.10.1
    wins 10.10.10.5
    domain intern.lan.local
    pool dynpool
    !
    !
    crypto ipsec transform-set transform-1 esp-3des esp-sha-hmac
    !
    crypto dynamic-map dynmap 1
    set transform-set transform-1
    reverse-route
    !
    !
    crypto map dynmap isakmp authorization list Easy-VPN-group
    crypto map dynmap client configuration address respond
    crypto map dynmap 1 ipsec-isakmp dynamic dynmap
    !
    !
    !
    !
    interface Loopback1
    ip address 192.168.12.1 255.255.255.0
    !
    interface BRI0
    no ip address
    shutdown
    !
    interface FastEthernet0
    ip address 10.10.10.1 255.255.255.0
    speed auto
    crypto map dynmap
    !
    ip local pool dynpool 192.168.12.10 192.168.12.20
    ip classless
    no ip http server

    Sonnst schau mal bei cisco.com vorbei da haben sie auch gute Config schon vorbereitet.

    Grüße

    Crisirius
    8)



    Re: Firewall konfig + DYNDNS wie geht das?

    niko83 - 16.08.2005, 08:26


    wo ist denn jetzt mein post von gestern hin?



    Re: Firewall konfig + DYNDNS wie geht das?

    niko83 - 16.08.2005, 08:27


    dann muss ich nachher nochmal posten!

    aber ich bekomm einfach keinen VPN Connect hin in zusammenhang mit pppoe einwahl



    Re: Firewall konfig + DYNDNS wie geht das?

    crisirius - 16.08.2005, 18:15


    Hi Niko

    Ich brauchte mal ein bischen mehr Input :-)


    Was hast du vor wo willst du hin.

    Bis Später

    Crisirius



    Re: Firewall konfig + DYNDNS wie geht das?

    niko83 - 19.08.2005, 07:56


    Hallo,

    sorry, hat die letzen 2 Tage keine Zeit zum Testen!
    hier nochmal die aktuelle config & ein iskmp debug (Client-IP habe ich auf 555.555.555.555) geändert


    version 12.3
    service timestamps debug uptime
    service timestamps log datetime
    no service password-encryption
    !
    hostname Router
    !
    boot-start-marker
    boot-end-marker
    !
    enable password 7 020700560208
    !
    memory-size iomem 15
    mmi polling-interval 60
    no mmi auto-configure
    no mmi pvc
    mmi snmp-timeout 180
    aaa new-model
    !
    !
    aaa authentication login userauthen local
    aaa authentication ppp dialins local
    aaa authorization network groupauthor local
    aaa session-id common
    ip subnet-zero
    !
    !
    ip name-server 217.237.149.161
    ip dhcp excluded-address 192.168.0.0 192.168.0.99
    !
    ip dhcp pool default
    network 192.168.0.0 255.255.255.0
    dns-server 217.237.149.161
    default-router 192.168.0.1
    !
    ip cef
    ip audit po max-events 100
    vpdn enable
    vpdn ip udp ignore checksum
    !
    vpdn-group pppoe
    request-dialin
    protocol pppoe
    !
    no ftp-server write-enable
    !
    !
    username cisco password 0 cisco
    !
    !
    !
    crypto isakmp policy 3
    encr 3des
    authentication pre-share
    group 2
    !
    crypto isakmp client configuration group 3000client
    key cisco123
    dns 192.168.0.1
    pool ippool
    !
    !
    crypto ipsec transform-set myset esp-3des esp-sha-hmac
    !
    crypto dynamic-map dynmap 10
    set transform-set myset
    !
    !
    crypto map clientmap client authentication list userauthen
    crypto map clientmap isakmp authorization list groupauthor
    crypto map clientmap client configuration address respond
    crypto map clientmap 10 ipsec-isakmp dynamic dynmap
    !
    !
    !
    interface BRI0
    no ip address
    shutdown
    !
    interface Ethernet0
    description Verbindung zum DSL Modem
    no ip address
    half-duplex
    pppoe enable
    pppoe-client dial-pool-number 1
    !
    interface FastEthernet0
    description Verbindung zum LAN
    ip address 192.168.0.1 255.255.255.0
    ip nat inside
    ip tcp adjust-mss 1452
    speed auto
    !
    interface Dialer0
    description PPPoE Einwahl
    ip address negotiated
    ip access-group 101 in
    ip mtu 1492
    ip nat outside
    encapsulation ppp
    dialer pool 1
    dialer-group 2
    keepalive 600
    ppp authentication pap callin
    ppp pap sent-username xxxxxx password 7 xxxxxx
    crypto map clientmap
    !
    ip local pool ippool 192.168.0.200 192.168.0.250
    ip nat inside source list 1 interface Dialer0 overload
    ip classless
    ip route 0.0.0.0 0.0.0.0 Dialer0
    no ip http server
    no ip http secure-server
    !
    !
    access-list 1 permit 192.168.0.0 0.0.0.255
    access-list 101 deny tcp any any eq telnet
    access-list 101 deny icmp any any
    access-list 101 permit ip any any
    access-list 102 permit ip any any
    dialer-list 2 protocol ip permit
    !
    !
    line con 0
    line aux 0
    line vty 0 4
    password 7 11081D081E1C
    line vty 5 15
    password 7 11081D081E1C
    !
    end



    und hier der debug:



    00:45:50: ISAKMP (0:0): received packet from 555.555.555.555 dport 500 sport 63913 Global (N) NEW SA
    00:45:50: ISAKMP: Created a peer struct for 555.555.555.555, peer port 63913
    00:45:50: ISAKMP: Locking peer struct 0x8183B724, IKE refcount 1 for crypto_ikmp_config_initialize_sa
    00:45:50: ISAKMP (0:0): Setting client config settings 8183B7A0
    00:45:50: ISAKMP (0:0): (Re)Setting client xauth list and state
    00:45:50: ISAKMP: local port 500, remote port 63913
    00:45:50: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 818403B4
    00:45:50: ISAKMP (0:4): processing SA payload. message ID = 0
    00:45:50: ISAKMP (0:4): processing ID payload. message ID = 0
    00:45:50: ISAKMP (0:4): ID payload
    next-payload : 13
    type : 11
    group id : cisco
    protocol : 17
    port : 500
    length : 13
    00:45:50: ISAKMP (0:4): peer matches *none* of the profiles
    00:45:50: ISAKMP (0:4): processing vendor id payload
    00:45:50: ISAKMP (0:4): vendor ID seems Unity/DPD but major 215 mismatch
    00:45:50: ISAKMP (0:4): vendor ID is XAUTH
    00:45:50: ISAKMP (0:4): processing vendor id payload
    00:45:50: ISAKMP (0:4): vendor ID is DPD
    00:45:50: ISAKMP (0:4): processing vendor id payload
    00:45:50: ISAKMP (0:4): vendor ID is Unity
    00:45:50: ISAKMP (0:4) Authentication by xauth preshared
    00:45:50: ISAKMP (0:4): Checking ISAKMP transform 1 against priority 3 policy
    00:45:50: ISAKMP: encryption AES-CBC
    00:45:50: ISAKMP: hash SHA
    00:45:50: ISAKMP: default group 2
    00:45:50: ISAKMP: auth XAUTHInitPreShared
    00:45:50: ISAKMP: life type in seconds
    00:45:50: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
    00:45:50: ISAKMP: keylength of 256
    00:45:50: ISAKMP (0:4): Encryption algorithm offered does not match policy!
    00:45:50: ISAKMP (0:4): atts are not acceptable. Next payload is 3
    00:45:50: ISAKMP (0:4): Checking ISAKMP transform 2 against priority 3 policy
    00:45:50: ISAKMP: encryption AES-CBC
    00:45:50: ISAKMP: hash MD5
    00:45:50: ISAKMP: default group 2
    00:45:50: ISAKMP: auth XAUTHInitPreShared
    00:45:50: ISAKMP: life type in seconds
    00:45:50: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
    00:45:50: ISAKMP: keylength of 256
    00:45:50: ISAKMP (0:4): Encryption algorithm offered does not match policy!
    00:45:50: ISAKMP (0:4): atts are not acceptable. Next payload is 3
    00:45:50: ISAKMP (0:4): Checking ISAKMP transform 3 against priority 3 policy
    00:45:50: ISAKMP: encryption AES-CBC
    00:45:50: ISAKMP: hash SHA
    00:45:50: ISAKMP: default group 2
    00:45:50: ISAKMP: auth pre-share
    00:45:50: ISAKMP: life type in seconds
    00:45:50: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
    00:45:50: ISAKMP: keylength of 256
    00:45:50: ISAKMP (0:4): Encryption algorithm offered does not match policy!
    00:45:50: ISAKMP (0:4): atts are not acceptable. Next payload is 3
    00:45:50: ISAKMP (0:4): Checking ISAKMP transform 4 against priority 3 policy
    00:45:50: ISAKMP: encryption AES-CBC
    00:45:50: ISAKMP: hash MD5
    00:45:50: ISAKMP: default group 2
    00:45:50: ISAKMP: auth pre-share
    00:45:50: ISAKMP: life type in seconds
    00:45:50: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
    00:45:50: ISAKMP: keylength of 256
    00:45:50: ISAKMP (0:4): Encryption algorithm offered does not match policy!
    00:45:50: ISAKMP (0:4): atts are not acceptable. Next payload is 3
    00:45:50: ISAKMP (0:4): Checking ISAKMP transform 5 against priority 3 policy
    00:45:50: ISAKMP: encryption AES-CBC
    00:45:50: ISAKMP: hash SHA
    00:45:50: ISAKMP: default group 2
    00:45:50: ISAKMP: auth XAUTHInitPreShared
    00:45:50: ISAKMP: life type in seconds
    00:45:50: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
    00:45:50: ISAKMP: keylength of 128
    00:45:50: ISAKMP (0:4): Encryption algorithm offered does not match policy!
    00:45:50: ISAKMP (0:4): atts are not acceptable. Next payload is 3
    00:45:50: ISAKMP (0:4): Checking ISAKMP transform 6 against priority 3 policy
    00:45:50: ISAKMP: encryption AES-CBC
    00:45:50: ISAKMP: hash MD5
    00:45:50: ISAKMP: default group 2
    00:45:50: ISAKMP: auth XAUTHInitPreShared
    00:45:50: ISAKMP: life type in seconds
    00:45:50: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
    00:45:50: ISAKMP: keylength of 128
    00:45:50: ISAKMP (0:4): Encryption algorithm offered does not match policy!
    00:45:50: ISAKMP (0:4): atts are not acceptable. Next payload is 3
    00:45:50: ISAKMP (0:4): Checking ISAKMP transform 7 against priority 3 policy
    00:45:50: ISAKMP: encryption AES-CBC
    00:45:50: ISAKMP: hash SHA
    00:45:50: ISAKMP: default group 2
    00:45:50: ISAKMP: auth pre-share
    00:45:50: ISAKMP: life type in seconds
    00:45:50: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
    00:45:50: ISAKMP: keylength of 128
    00:45:50: ISAKMP (0:4): Encryption algorithm offered does not match policy!
    00:45:50: ISAKMP (0:4): atts are not acceptable. Next payload is 3
    00:45:50: ISAKMP (0:4): Checking ISAKMP transform 8 against priority 3 policy
    00:45:50: ISAKMP: encryption AES-CBC
    00:45:50: ISAKMP: hash MD5
    00:45:50: ISAKMP: default group 2
    00:45:50: ISAKMP: auth pre-share
    00:45:50: ISAKMP: life type in seconds
    00:45:50: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
    00:45:50: ISAKMP: keylength of 128
    00:45:50: ISAKMP (0:4): Encryption algorithm offered does not match policy!
    00:45:50: ISAKMP (0:4): atts are not acceptable. Next payload is 3
    00:45:50: ISAKMP (0:4): Checking ISAKMP transform 9 against priority 3 policy
    00:45:50: ISAKMP: encryption 3DES-CBC
    00:45:50: ISAKMP: hash SHA
    00:45:50: ISAKMP: default group 2
    00:45:50: ISAKMP: auth XAUTHInitPreShared
    00:45:50: ISAKMP: life type in seconds
    00:45:50: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
    00:45:50: ISAKMP (0:4): atts are acceptable. Next payload is 3
    00:45:50: ISAKMP (0:4): processing KE payload. message ID = 0
    00:45:50: ISAKMP (0:4): processing NONCE payload. message ID = 0
    00:45:50: ISAKMP (0:4): Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH
    00:45:50: ISAKMP (0:4): Old State = IKE_READY New State = IKE_R_AM_AAA_AWAIT

    00:45:50: ISAKMP: got callback 1
    00:45:50: ISAKMP (0:4): incrementing error counter on sa: construct_fail_ag_init
    00:45:55: ISAKMP (0:4): received packet from 555.555.555.555 dport 500 sport 63913 Global (R) AG_NO_STATE
    00:45:55: ISAKMP (0:4): phase 1 packet is a duplicate of a previous packet.
    00:45:55: ISAKMP (0:4): retransmitting due to retransmit phase 1
    00:45:55: ISAKMP (0:4): retransmitting phase 1 AG_NO_STATE...
    00:45:56: ISAKMP (0:4): retransmitting phase 1 AG_NO_STATE...
    00:45:56: ISAKMP (0:4): incrementing error counter on sa: retransmit phase 1
    00:45:56: ISAKMP (0:4): retransmitting phase 1 AG_NO_STATE
    00:45:56: ISAKMP (0:4): sending packet to 555.555.555.555 my_port 500 peer_port 63913 (R) AG_NO_STATE
    00:46:00: ISAKMP (0:4): received packet from 555.555.555.555 dport 500 sport 63913 Global (R) AG_NO_STATE
    00:46:00: ISAKMP (0:4): phase 1 packet is a duplicate of a previous packet.
    00:46:00: ISAKMP (0:4): retransmitting due to retransmit phase 1
    00:46:00: ISAKMP (0:4): retransmitting phase 1 AG_NO_STATE...
    00:46:01: ISAKMP (0:4): retransmitting phase 1 AG_NO_STATE...
    00:46:01: ISAKMP (0:4): incrementing error counter on sa: retransmit phase 1
    00:46:01: ISAKMP (0:4): no outgoing phase 1 packet to retransmit. AG_NO_STATE
    00:46:02: ISAKMP (0:2): purging SA., sa=8183E224, delme=8183E224
    00:46:05: ISAKMP (0:4): received packet from 555.555.555.555 dport 500 sport 63913 Global (R) AG_NO_STATE
    00:46:05: ISAKMP (0:4): phase 1 packet is a duplicate of a previous packet.
    00:46:05: ISAKMP (0:4): retransmitting due to retransmit phase 1
    00:46:05: ISAKMP (0:4): retransmitting phase 1 AG_NO_STATE...
    00:46:06: ISAKMP (0:4): retransmitting phase 1 AG_NO_STATE...
    00:46:06: ISAKMP (0:4): incrementing error counter on sa: retransmit phase 1
    00:46:06: ISAKMP (0:4): no outgoing phase 1 packet to retransmit. AG_NO_STATE
    00:46:41: ISAKMP: quick mode timer expired.
    00:46:41: ISAKMP (0:3): peer does not do paranoid keepalives.

    00:46:41: ISAKMP (0:3): deleting SA reason "QM_TIMER expired" state (R) AG_NO_STATE (peer 555.555.555.555) input queue 0
    00:46:41: ISAKMP (0:3): deleting SA reason "QM_TIMER expired" state (R) AG_NO_STATE (peer 555.555.555.555) input queue 0
    00:46:41: ISAKMP: Unlocking IKE struct 0x8183A30C for isadb_mark_sa_deleted(), count 0
    00:46:41: ISAKMP: Deleting peer node by peer_reap for 555.555.555.555: 8183A30C
    00:46:41: ISAKMP (0:3): Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
    00:46:41: ISAKMP (0:3): Old State = IKE_R_AM_AAA_AWAIT New State = IKE_DEST_SA

    00:47:16: ISAKMP (0:0): received packet from 555.555.555.555 dport 500 sport 63913 Global (N) NEW SA
    00:47:16: ISAKMP: Created a peer struct for 555.555.555.555, peer port 63913
    00:47:16: ISAKMP: Locking peer struct 0x8183A770, IKE refcount 1 for crypto_ikmp_config_initialize_sa
    00:47:16: ISAKMP (0:0): Setting client config settings 8183FC84
    00:47:16: ISAKMP (0:0): (Re)Setting client xauth list and state
    00:47:16: ISAKMP: local port 500, remote port 63913
    00:47:16: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 8183E224
    00:47:16: ISAKMP (0:5): processing SA payload. message ID = 0
    00:47:16: ISAKMP (0:5): processing ID payload. message ID = 0
    00:47:16: ISAKMP (0:5): ID payload
    next-payload : 13
    type : 11
    group id : cisco
    protocol : 17
    port : 500
    length : 13
    00:47:16: ISAKMP (0:5): peer matches *none* of the profiles
    00:47:16: ISAKMP (0:5): processing vendor id payload
    00:47:16: ISAKMP (0:5): vendor ID seems Unity/DPD but major 215 mismatch
    00:47:16: ISAKMP (0:5): vendor ID is XAUTH
    00:47:16: ISAKMP (0:5): processing vendor id payload
    00:47:16: ISAKMP (0:5): vendor ID is DPD
    00:47:16: ISAKMP (0:5): processing vendor id payload
    00:47:16: ISAKMP (0:5): vendor ID seems Unity/DPD but major 123 mismatch
    00:47:16: ISAKMP (0:5): vendor ID is NAT-T v2
    00:47:16: ISAKMP (0:5): processing vendor id payload
    00:47:16: ISAKMP (0:5): vendor ID seems Unity/DPD but major 194 mismatch
    00:47:16: ISAKMP (0:5): processing vendor id payload
    00:47:16: ISAKMP (0:5): vendor ID is Unity
    00:47:16: ISAKMP (0:5) Authentication by xauth preshared
    00:47:16: ISAKMP (0:5): Checking ISAKMP transform 1 against priority 3 policy
    00:47:16: ISAKMP: encryption AES-CBC
    00:47:16: ISAKMP: hash SHA
    00:47:16: ISAKMP: default group 2
    00:47:16: ISAKMP: auth XAUTHInitPreShared
    00:47:16: ISAKMP: life type in seconds
    00:47:16: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
    00:47:16: ISAKMP: keylength of 256
    00:47:16: ISAKMP (0:5): Encryption algorithm offered does not match policy!
    00:47:16: ISAKMP (0:5): atts are not acceptable. Next payload is 3
    00:47:16: ISAKMP (0:5): Checking ISAKMP transform 2 against priority 3 policy
    00:47:16: ISAKMP: encryption AES-CBC
    00:47:16: ISAKMP: hash MD5
    00:47:16: ISAKMP: default group 2
    00:47:16: ISAKMP: auth XAUTHInitPreShared
    00:47:16: ISAKMP: life type in seconds
    00:47:16: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
    00:47:16: ISAKMP: keylength of 256
    00:47:16: ISAKMP (0:5): Encryption algorithm offered does not match policy!
    00:47:16: ISAKMP (0:5): atts are not acceptable. Next payload is 3
    00:47:16: ISAKMP (0:5): Checking ISAKMP transform 3 against priority 3 policy
    00:47:16: ISAKMP: encryption AES-CBC
    00:47:16: ISAKMP: hash SHA
    00:47:16: ISAKMP: default group 2
    00:47:16: ISAKMP: auth pre-share
    00:47:16: ISAKMP: life type in seconds
    00:47:16: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
    00:47:16: ISAKMP: keylength of 256
    00:47:16: ISAKMP (0:5): Encryption algorithm offered does not match policy!
    00:47:16: ISAKMP (0:5): atts are not acceptable. Next payload is 3
    00:47:16: ISAKMP (0:5): Checking ISAKMP transform 4 against priority 3 policy
    00:47:16: ISAKMP: encryption AES-CBC
    00:47:16: ISAKMP: hash MD5
    00:47:16: ISAKMP: default group 2
    00:47:16: ISAKMP: auth pre-share
    00:47:16: ISAKMP: life type in seconds
    00:47:16: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
    00:47:16: ISAKMP: keylength of 256
    00:47:16: ISAKMP (0:5): Encryption algorithm offered does not match policy!
    00:47:16: ISAKMP (0:5): atts are not acceptable. Next payload is 3
    00:47:16: ISAKMP (0:5): Checking ISAKMP transform 5 against priority 3 policy
    00:47:16: ISAKMP: encryption AES-CBC
    00:47:16: ISAKMP: hash SHA
    00:47:16: ISAKMP: default group 2
    00:47:16: ISAKMP: auth XAUTHInitPreShared
    00:47:16: ISAKMP: life type in seconds
    00:47:16: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
    00:47:16: ISAKMP: keylength of 128
    00:47:16: ISAKMP (0:5): Encryption algorithm offered does not match policy!
    00:47:16: ISAKMP (0:5): atts are not acceptable. Next payload is 3
    00:47:16: ISAKMP (0:5): Checking ISAKMP transform 6 against priority 3 policy
    00:47:16: ISAKMP: encryption AES-CBC
    00:47:16: ISAKMP: hash MD5
    00:47:16: ISAKMP: default group 2
    00:47:16: ISAKMP: auth XAUTHInitPreShared
    00:47:16: ISAKMP: life type in seconds
    00:47:16: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
    00:47:16: ISAKMP: keylength of 128
    00:47:16: ISAKMP (0:5): Encryption algorithm offered does not match policy!
    00:47:16: ISAKMP (0:5): atts are not acceptable. Next payload is 3
    00:47:16: ISAKMP (0:5): Checking ISAKMP transform 7 against priority 3 policy
    00:47:16: ISAKMP: encryption AES-CBC
    00:47:16: ISAKMP: hash SHA
    00:47:16: ISAKMP: default group 2
    00:47:16: ISAKMP: auth pre-share
    00:47:16: ISAKMP: life type in seconds
    00:47:16: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
    00:47:16: ISAKMP: keylength of 128
    00:47:16: ISAKMP (0:5): Encryption algorithm offered does not match policy!
    00:47:16: ISAKMP (0:5): atts are not acceptable. Next payload is 3
    00:47:16: ISAKMP (0:5): Checking ISAKMP transform 8 against priority 3 policy
    00:47:16: ISAKMP: encryption AES-CBC
    00:47:16: ISAKMP: hash MD5
    00:47:16: ISAKMP: default group 2
    00:47:16: ISAKMP: auth pre-share
    00:47:16: ISAKMP: life type in seconds
    00:47:16: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
    00:47:16: ISAKMP: keylength of 128
    00:47:16: ISAKMP (0:5): Encryption algorithm offered does not match policy!
    00:47:16: ISAKMP (0:5): atts are not acceptable. Next payload is 3
    00:47:16: ISAKMP (0:5): Checking ISAKMP transform 9 against priority 3 policy
    00:47:16: ISAKMP: encryption 3DES-CBC
    00:47:16: ISAKMP: hash SHA
    00:47:16: ISAKMP: default group 2
    00:47:16: ISAKMP: auth XAUTHInitPreShared
    00:47:16: ISAKMP: life type in seconds
    00:47:16: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
    00:47:16: ISAKMP (0:5): atts are acceptable. Next payload is 3
    00:47:16: ISAKMP (0:5): processing KE payload. message ID = 0
    00:47:16: ISAKMP (0:5): processing NONCE payload. message ID = 0
    00:47:16: ISAKMP (0:5): vendor ID is NAT-T v2
    00:47:16: ISAKMP (0:5): Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH
    00:47:16: ISAKMP (0:5): Old State = IKE_READY New State = IKE_R_AM_AAA_AWAIT

    00:47:16: ISAKMP: got callback 1
    00:47:16: ISAKMP (0:5): incrementing error counter on sa: construct_fail_ag_init
    00:47:21: ISAKMP (0:5): received packet from 555.555.555.555 dport 500 sport 63913 Global (R) AG_NO_STATE
    00:47:21: ISAKMP (0:5): phase 1 packet is a duplicate of a previous packet.
    00:47:21: ISAKMP (0:5): retransmitting due to retransmit phase 1
    00:47:21: ISAKMP (0:5): retransmitting phase 1 AG_NO_STATE...
    00:47:22: ISAKMP (0:5): retransmitting phase 1 AG_NO_STATE...
    00:47:22: ISAKMP (0:5): incrementing error counter on sa: retransmit phase 1
    00:47:22: ISAKMP (0:5): retransmitting phase 1 AG_NO_STATE
    00:47:22: ISAKMP (0:5): sending packet to 555.555.555.555 my_port 500 peer_port 63913 (R) AG_NO_STATE
    00:47:26: ISAKMP (0:5): received packet from 555.555.555.555 dport 500 sport 63913 Global (R) AG_NO_STATE
    00:47:26: ISAKMP (0:5): phase 1 packet is a duplicate of a previous packet.
    00:47:26: ISAKMP (0:5): retransmitting due to retransmit phase 1
    00:47:26: ISAKMP (0:5): retransmitting phase 1 AG_NO_STATE...
    00:47:27: ISAKMP (0:5): retransmitting phase 1 AG_NO_STATE...
    00:47:27: ISAKMP (0:5): incrementing error counter on sa: retransmit phase 1
    00:47:27: ISAKMP (0:5): no outgoing phase 1 packet to retransmit. AG_NO_STATE
    00:47:31: ISAKMP (0:5): received packet from 555.555.555.555 dport 500 sport 63913 Global (R) AG_NO_STATE
    00:47:31: ISAKMP (0:5): phase 1 packet is a duplicate of a previous packet.
    00:47:31: ISAKMP (0:5): retransmitting due to retransmit phase 1
    00:47:31: ISAKMP (0:5): retransmitting phase 1 AG_NO_STATE...
    00:47:32: ISAKMP (0:5): retransmitting phase 1 AG_NO_STATE...
    00:47:32: ISAKMP (0:5): incrementing error counter on sa: retransmit phase 1
    00:47:32: ISAKMP (0:5): no outgoing phase 1 packet to retransmit. AG_NO_STATE
    00:47:41: ISAKMP (0:3): purging SA., sa=8183F040, delme=8183F040
    00:48:24: ISAKMP (0:0): received packet from 555.555.555.555 dport 500 sport 63913 Global (N) NEW SA
    00:48:24: ISAKMP: Created a peer struct for 555.555.555.555, peer port 63913
    00:48:24: ISAKMP: Locking peer struct 0x8208E44C, IKE refcount 1 for crypto_ikmp_config_initialize_sa
    00:48:24: ISAKMP (0:0): Setting client config settings 8183C328
    00:48:24: ISAKMP (0:0): (Re)Setting client xauth list and state
    00:48:24: ISAKMP: local port 500, remote port 63913
    00:48:24: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 81841620
    00:48:24: ISAKMP (0:6): processing SA payload. message ID = 0
    00:48:24: ISAKMP (0:6): processing ID payload. message ID = 0
    00:48:24: ISAKMP (0:6): ID payload
    next-payload : 13
    type : 11
    group id : cisco
    protocol : 17
    port : 500
    length : 13
    00:48:24: ISAKMP (0:6): peer matches *none* of the profiles
    00:48:24: ISAKMP (0:6): processing vendor id payload
    00:48:24: ISAKMP (0:6): vendor ID seems Unity/DPD but major 215 mismatch
    00:48:24: ISAKMP (0:6): vendor ID is XAUTH
    00:48:24: ISAKMP (0:6): processing vendor id payload
    00:48:24: ISAKMP (0:6): vendor ID is DPD
    00:48:24: ISAKMP (0:6): processing vendor id payload
    00:48:24: ISAKMP (0:6): vendor ID seems Unity/DPD but major 123 mismatch
    00:48:24: ISAKMP (0:6): vendor ID is NAT-T v2
    00:48:24: ISAKMP (0:6): processing vendor id payload
    00:48:24: ISAKMP (0:6): vendor ID seems Unity/DPD but major 194 mismatch
    00:48:24: ISAKMP (0:6): processing vendor id payload
    00:48:24: ISAKMP (0:6): vendor ID is Unity
    00:48:24: ISAKMP (0:6) Authentication by xauth preshared
    00:48:24: ISAKMP (0:6): Checking ISAKMP transform 1 against priority 3 policy
    00:48:24: ISAKMP: encryption AES-CBC
    00:48:24: ISAKMP: hash SHA
    00:48:24: ISAKMP: default group 2
    00:48:24: ISAKMP: auth XAUTHInitPreShared
    00:48:24: ISAKMP: life type in seconds
    00:48:24: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
    00:48:24: ISAKMP: keylength of 256
    00:48:24: ISAKMP (0:6): Encryption algorithm offered does not match policy!
    00:48:24: ISAKMP (0:6): atts are not acceptable. Next payload is 3
    00:48:24: ISAKMP (0:6): Checking ISAKMP transform 2 against priority 3 policy
    00:48:24: ISAKMP: encryption AES-CBC
    00:48:24: ISAKMP: hash MD5
    00:48:24: ISAKMP: default group 2
    00:48:24: ISAKMP: auth XAUTHInitPreShared
    00:48:24: ISAKMP: life type in seconds
    00:48:24: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
    00:48:24: ISAKMP: keylength of 256
    00:48:24: ISAKMP (0:6): Encryption algorithm offered does not match policy!
    00:48:24: ISAKMP (0:6): atts are not acceptable. Next payload is 3
    00:48:24: ISAKMP (0:6): Checking ISAKMP transform 3 against priority 3 policy
    00:48:24: ISAKMP: encryption AES-CBC
    00:48:24: ISAKMP: hash SHA
    00:48:24: ISAKMP: default group 2
    00:48:24: ISAKMP: auth pre-share
    00:48:24: ISAKMP: life type in seconds
    00:48:24: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
    00:48:24: ISAKMP: keylength of 256
    00:48:24: ISAKMP (0:6): Encryption algorithm offered does not match policy!
    00:48:24: ISAKMP (0:6): atts are not acceptable. Next payload is 3
    00:48:24: ISAKMP (0:6): Checking ISAKMP transform 4 against priority 3 policy
    00:48:24: ISAKMP: encryption AES-CBC
    00:48:24: ISAKMP: hash MD5
    00:48:24: ISAKMP: default group 2
    00:48:24: ISAKMP: auth pre-share
    00:48:24: ISAKMP: life type in seconds
    00:48:24: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
    00:48:24: ISAKMP: keylength of 256
    00:48:24: ISAKMP (0:6): Encryption algorithm offered does not match policy!
    00:48:24: ISAKMP (0:6): atts are not acceptable. Next payload is 3
    00:48:24: ISAKMP (0:6): Checking ISAKMP transform 5 against priority 3 policy
    00:48:24: ISAKMP: encryption AES-CBC
    00:48:24: ISAKMP: hash SHA
    00:48:24: ISAKMP: default group 2
    00:48:24: ISAKMP: auth XAUTHInitPreShared
    00:48:24: ISAKMP: life type in seconds
    00:48:24: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
    00:48:24: ISAKMP: keylength of 128
    00:48:24: ISAKMP (0:6): Encryption algorithm offered does not match policy!
    00:48:24: ISAKMP (0:6): atts are not acceptable. Next payload is 3
    00:48:24: ISAKMP (0:6): Checking ISAKMP transform 6 against priority 3 policy
    00:48:24: ISAKMP: encryption AES-CBC
    00:48:24: ISAKMP: hash MD5
    00:48:24: ISAKMP: default group 2
    00:48:24: ISAKMP: auth XAUTHInitPreShared
    00:48:24: ISAKMP: life type in seconds
    00:48:24: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
    00:48:24: ISAKMP: keylength of 128
    00:48:24: ISAKMP (0:6): Encryption algorithm offered does not match policy!
    00:48:24: ISAKMP (0:6): atts are not acceptable. Next payload is 3
    00:48:24: ISAKMP (0:6): Checking ISAKMP transform 7 against priority 3 policy
    00:48:24: ISAKMP: encryption AES-CBC
    00:48:24: ISAKMP: hash SHA
    00:48:24: ISAKMP: default group 2
    00:48:24: ISAKMP: auth pre-share
    00:48:24: ISAKMP: life type in seconds
    00:48:24: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
    00:48:24: ISAKMP: keylength of 128
    00:48:24: ISAKMP (0:6): Encryption algorithm offered does not match policy!
    00:48:24: ISAKMP (0:6): atts are not acceptable. Next payload is 3
    00:48:24: ISAKMP (0:6): Checking ISAKMP transform 8 against priority 3 policy
    00:48:24: ISAKMP: encryption AES-CBC
    00:48:24: ISAKMP: hash MD5
    00:48:24: ISAKMP: default group 2
    00:48:24: ISAKMP: auth pre-share
    00:48:24: ISAKMP: life type in seconds
    00:48:24: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
    00:48:24: ISAKMP: keylength of 128
    00:48:24: ISAKMP (0:6): Encryption algorithm offered does not match policy!
    00:48:24: ISAKMP (0:6): atts are not acceptable. Next payload is 3
    00:48:24: ISAKMP (0:6): Checking ISAKMP transform 9 against priority 3 policy
    00:48:24: ISAKMP: encryption 3DES-CBC
    00:48:24: ISAKMP: hash SHA
    00:48:24: ISAKMP: default group 2
    00:48:24: ISAKMP: auth XAUTHInitPreShared
    00:48:24: ISAKMP: life type in seconds
    00:48:24: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
    00:48:24: ISAKMP (0:6): atts are acceptable. Next payload is 3
    00:48:24: ISAKMP (0:6): processing KE payload. message ID = 0
    00:48:24: ISAKMP (0:6): processing NONCE payload. message ID = 0
    00:48:24: ISAKMP (0:6): vendor ID is NAT-T v2
    00:48:24: ISAKMP (0:6): Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH
    00:48:24: ISAKMP (0:6): Old State = IKE_READY New State = IKE_R_AM_AAA_AWAIT

    00:48:24: ISAKMP: got callback 1
    00:48:24: ISAKMP (0:6): incrementing error counter on sa: construct_fail_ag_init
    00:48:29: ISAKMP (0:6): received packet from 555.555.555.555 dport 500 sport 63913 Global (R) AG_NO_STATE
    00:48:29: ISAKMP (0:6): phase 1 packet is a duplicate of a previous packet.
    00:48:29: ISAKMP (0:6): retransmitting due to retransmit phase 1
    00:48:29: ISAKMP (0:6): retransmitting phase 1 AG_NO_STATE...
    00:48:29: ISAKMP (0:6): retransmitting phase 1 AG_NO_STATE...
    00:48:29: ISAKMP (0:6): incrementing error counter on sa: retransmit phase 1
    00:48:29: ISAKMP (0:6): retransmitting phase 1 AG_NO_STATE
    00:48:29: ISAKMP (0:6): sending packet to 555.555.555.555 my_port 500 peer_port 63913 (R) AG_NO_STATE
    00:48:34: ISAKMP (0:6): received packet from 555.555.555.555 dport 500 sport 63913 Global (R) AG_NO_STATE
    00:48:34: ISAKMP (0:6): phase 1 packet is a duplicate of a previous packet.
    00:48:34: ISAKMP (0:6): retransmitting due to retransmit phase 1
    00:48:34: ISAKMP (0:6): retransmitting phase 1 AG_NO_STATE...
    00:48:34: ISAKMP (0:6): retransmitting phase 1 AG_NO_STATE...
    00:48:34: ISAKMP (0:6): incrementing error counter on sa: retransmit phase 1
    00:48:34: ISAKMP (0:6): no outgoing phase 1 packet to retransmit. AG_NO_STATE
    00:48:39: ISAKMP (0:6): received packet from 555.555.555.555 dport 500 sport 63913 Global (R) AG_NO_STATE
    00:48:39: ISAKMP (0:6): phase 1 packet is a duplicate of a previous packet.
    00:48:39: ISAKMP (0:6): retransmitting due to retransmit phase 1
    00:48:39: ISAKMP (0:6): retransmitting phase 1 AG_NO_STATE...
    00:48:39: ISAKMP (0:6): retransmitting phase 1 AG_NO_STATE...
    00:48:39: ISAKMP (0:6): incrementing error counter on sa: retransmit phase 1
    00:48:39: ISAKMP (0:6): no outgoing phase 1 packet to retransmit. AG_NO_STATE
    Router#
    Router#
    00:49:15: ISAKMP: quick mode timer expired.
    00:49:15: ISAKMP (0:4): peer does not do paranoid keepalives.

    00:49:15: ISAKMP (0:4): deleting SA reason "QM_TIMER expired" state (R) AG_NO_STATE (peer 555.555.555.555) input queue 0
    00:49:15: ISAKMP (0:4): deleting SA reason "QM_TIMER expired" state (R) AG_NO_STATE (peer 555.555.555.555) input queue 0
    00:49:15: ISAKMP: Unlocking IKE struct 0x8183B724 for isadb_mark_sa_deleted(), count 0
    00:49:15: ISAKMP: Deleting peer node by peer_reap for 555.555.555.555: 8183B724
    00:49:15: ISAKMP (0:4): Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
    00:49:15: ISAKMP (0:4): Old State = IKE_R_AM_AAA_AWAIT New State = IKE_DEST_SA

    00:49:16: ISAKMP (0:0): received packet from 555.555.555.555 dport 500 sport 63913 Global (N) NEW SA
    00:49:16: ISAKMP: Created a peer struct for 555.555.555.555, peer port 63913
    00:49:16: ISAKMP: Locking peer struct 0x8208EF30, IKE refcount 1 for crypto_ikmp_config_initialize_sa
    00:49:16: ISAKMP (0:0): Setting client config settings 818401DC
    00:49:16: ISAKMP (0:0): (Re)Setting client xauth list and state
    00:49:16: ISAKMP: local port 500, remote port 63913
    00:49:16: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 8183EC40
    00:49:16: ISAKMP (0:7): processing SA payload. message ID = 0
    00:49:16: ISAKMP (0:7): processing ID payload. message ID = 0
    00:49:16: ISAKMP (0:7): ID payload
    next-payload : 13
    type : 11
    group id : cisco
    protocol : 17
    port : 500
    length : 13
    00:49:16: ISAKMP (0:7): peer matches *none* of the profiles
    00:49:16: ISAKMP (0:7): processing vendor id payload
    00:49:16: ISAKMP (0:7): vendor ID seems Unity/DPD but major 215 mismatch
    00:49:16: ISAKMP (0:7): vendor ID is XAUTH
    00:49:16: ISAKMP (0:7): processing vendor id payload
    00:49:16: ISAKMP (0:7): vendor ID is DPD
    00:49:16: ISAKMP (0:7): processing vendor id payload
    00:49:16: ISAKMP (0:7): vendor ID seems Unity/DPD but major 123 mismatch
    00:49:16: ISAKMP (0:7): vendor ID is NAT-T v2
    00:49:16: ISAKMP (0:7): processing vendor id payload
    00:49:16: ISAKMP (0:7): vendor ID seems Unity/DPD but major 194 mismatch
    00:49:16: ISAKMP (0:7): processing vendor id payload
    00:49:16: ISAKMP (0:7): vendor ID is Unity
    00:49:16: ISAKMP (0:7) Authentication by xauth preshared
    00:49:16: ISAKMP (0:7): Checking ISAKMP transform 1 against priority 3 policy
    00:49:16: ISAKMP: encryption AES-CBC
    00:49:16: ISAKMP: hash SHA
    00:49:16: ISAKMP: default group 2
    00:49:16: ISAKMP: auth XAUTHInitPreShared
    00:49:16: ISAKMP: life type in seconds
    00:49:16: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
    00:49:16: ISAKMP: keylength of 256
    00:49:16: ISAKMP (0:7): Encryption algorithm offered does not match policy!
    00:49:16: ISAKMP (0:7): atts are not acceptable. Next payload is 3
    00:49:16: ISAKMP (0:7): Checking ISAKMP transform 2 against priority 3 policy
    00:49:16: ISAKMP: encryption AES-CBC
    00:49:16: ISAKMP: hash MD5
    00:49:16: ISAKMP: default group 2
    00:49:16: ISAKMP: auth XAUTHInitPreShared
    00:49:16: ISAKMP: life type in seconds
    00:49:16: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
    00:49:16: ISAKMP: keylength of 256
    00:49:16: ISAKMP (0:7): Encryption algorithm offered does not match policy!
    00:49:16: ISAKMP (0:7): atts are not acceptable. Next payload is 3
    00:49:16: ISAKMP (0:7): Checking ISAKMP transform 3 against priority 3 policy
    00:49:16: ISAKMP: encryption AES-CBC
    00:49:16: ISAKMP: hash SHA
    00:49:16: ISAKMP: default group 2
    00:49:16: ISAKMP: auth pre-share
    00:49:16: ISAKMP: life type in seconds
    00:49:16: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
    00:49:16: ISAKMP: keylength of 256
    00:49:16: ISAKMP (0:7): Encryption algorithm offered does not match policy!
    00:49:16: ISAKMP (0:7): atts are not acceptable. Next payload is 3
    00:49:16: ISAKMP (0:7): Checking ISAKMP transform 4 against priority 3 policy
    00:49:16: ISAKMP: encryption AES-CBC
    00:49:16: ISAKMP: hash MD5
    00:49:16: ISAKMP: default group 2
    00:49:16: ISAKMP: auth pre-share
    00:49:16: ISAKMP: life type in seconds
    00:49:16: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
    00:49:16: ISAKMP: keylength of 256
    00:49:16: ISAKMP (0:7): Encryption algorithm offered does not match policy!
    00:49:16: ISAKMP (0:7): atts are not acceptable. Next payload is 3
    00:49:16: ISAKMP (0:7): Checking ISAKMP transform 5 against priority 3 policy
    00:49:16: ISAKMP: encryption AES-CBC
    00:49:16: ISAKMP: hash SHA
    00:49:16: ISAKMP: default group 2
    00:49:16: ISAKMP: auth XAUTHInitPreShared
    00:49:16: ISAKMP: life type in seconds
    00:49:16: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
    00:49:16: ISAKMP: keylength of 128
    00:49:16: ISAKMP (0:7): Encryption algorithm offered does not match policy!
    00:49:16: ISAKMP (0:7): atts are not acceptable. Next payload is 3
    00:49:16: ISAKMP (0:7): Checking ISAKMP transform 6 against priority 3 policy
    00:49:16: ISAKMP: encryption AES-CBC
    00:49:16: ISAKMP: hash MD5
    00:49:16: ISAKMP: default group 2
    00:49:16: ISAKMP: auth XAUTHInitPreShared
    00:49:16: ISAKMP: life type in seconds
    00:49:16: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
    00:49:16: ISAKMP: keylength of 128
    00:49:16: ISAKMP (0:7): Encryption algorithm offered does not match policy!
    00:49:16: ISAKMP (0:7): atts are not acceptable. Next payload is 3
    00:49:16: ISAKMP (0:7): Checking ISAKMP transform 7 against priority 3 policy
    00:49:16: ISAKMP: encryption AES-CBC
    00:49:16: ISAKMP: hash SHA
    00:49:16: ISAKMP: default group 2
    00:49:16: ISAKMP: auth pre-share
    00:49:16: ISAKMP: life type in seconds
    00:49:16: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
    00:49:16: ISAKMP: keylength of 128
    00:49:16: ISAKMP (0:7): Encryption algorithm offered does not match policy!
    00:49:16: ISAKMP (0:7): atts are not acceptable. Next payload is 3
    00:49:16: ISAKMP (0:7): Checking ISAKMP transform 8 against priority 3 policy
    00:49:16: ISAKMP: encryption AES-CBC
    00:49:16: ISAKMP: hash MD5
    00:49:16: ISAKMP: default group 2
    00:49:16: ISAKMP: auth pre-share
    00:49:16: ISAKMP: life type in seconds
    00:49:16: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
    00:49:16: ISAKMP: keylength of 128
    00:49:16: ISAKMP (0:7): Encryption algorithm offered does not match policy!
    00:49:16: ISAKMP (0:7): atts are not acceptable. Next payload is 3
    00:49:16: ISAKMP (0:7): Checking ISAKMP transform 9 against priority 3 policy
    00:49:16: ISAKMP: encryption 3DES-CBC
    00:49:16: ISAKMP: hash SHA
    00:49:16: ISAKMP: default group 2
    00:49:16: ISAKMP: auth XAUTHInitPreShared
    00:49:16: ISAKMP: life type in seconds
    00:49:16: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
    00:49:16: ISAKMP (0:7): atts are acceptable. Next payload is 3
    00:49:17: ISAKMP (0:7): processing KE payload. message ID = 0
    00:49:17: ISAKMP (0:7): processing NONCE payload. message ID = 0
    00:49:17: ISAKMP (0:7): vendor ID is NAT-T v2
    00:49:17: ISAKMP (0:7): Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH
    00:49:17: ISAKMP (0:7): Old State = IKE_READY New State = IKE_R_AM_AAA_AWAIT

    00:49:17: ISAKMP: got callback 1
    00:49:17: ISAKMP (0:7): incrementing error counter on sa: construct_fail_ag_init
    00:49:21: ISAKMP (0:7): received packet from 555.555.555.555 dport 500 sport 63913 Global (R) AG_NO_STATE
    00:49:21: ISAKMP (0:7): phase 1 packet is a duplicate of a previous packet.
    00:49:21: ISAKMP (0:7): retransmitting due to retransmit phase 1
    00:49:21: ISAKMP (0:7): retransmitting phase 1 AG_NO_STATE...
    00:49:22: ISAKMP (0:7): retransmitting phase 1 AG_NO_STATE...
    00:49:22: ISAKMP (0:7): incrementing error counter on sa: retransmit phase 1
    00:49:22: ISAKMP (0:7): retransmitting phase 1 AG_NO_STATE
    00:49:22: ISAKMP (0:7): sending packet to 555.555.555.555 my_port 500 peer_port 63913 (R) AG_NO_STATE
    00:49:26: ISAKMP (0:7): received packet from 555.555.555.555 dport 500 sport 63913 Global (R) AG_NO_STATE
    00:49:26: ISAKMP (0:7): phase 1 packet is a duplicate of a previous packet.
    00:49:26: ISAKMP (0:7): retransmitting due to retransmit phase 1
    00:49:26: ISAKMP (0:7): retransmitting phase 1 AG_NO_STATE...
    00:49:27: ISAKMP (0:7): retransmitting phase 1 AG_NO_STATE...
    00:49:27: ISAKMP (0:7): incrementing error counter on sa: retransmit phase 1
    00:49:27: ISAKMP (0:7): no outgoing phase 1 packet to retransmit. AG_NO_STATE
    00:49:31: ISAKMP (0:7): received packet from 555.555.555.555 dport 500 sport 63913 Global (R) AG_NO_STATE
    00:49:31: ISAKMP (0:7): phase 1 packet is a duplicate of a previous packet.
    00:49:31: ISAKMP (0:7): retransmitting due to retransmit phase 1
    00:49:31: ISAKMP (0:7): retransmitting phase 1 AG_NO_STATE...
    00:49:32: ISAKMP (0:7): retransmitting phase 1 AG_NO_STATE...
    00:49:32: ISAKMP (0:7): incrementing error counter on sa: retransmit phase 1
    00:49:32: ISAKMP (0:7): no outgoing phase 1 packet to retransmit. AG_NO_STATE



    Ich verwenden den Cisco VPN Client 4.6.04.0043

    Vielen Dank für deine Hilfe!

    Gruß

    Niko



    Mit folgendem Code, können Sie den Beitrag ganz bequem auf ihrer Homepage verlinken



    Weitere Beiträge aus dem Forum Achtung !!!!!!!!!!!!!



    Ähnliche Beiträge wie "Firewall konfig + DYNDNS wie geht das?"

    bin dabei wenns kla geht ! - Dj One Shotz (Sonntag 18.03.2007)
    so geht es nicht weiter - my-key (Mittwoch 19.09.2007)
    SUCHE JEMAND FÜR DONNERSTAG ZUR GANG BANG PARTY - nike88 (Montag 06.12.2010)
    Wie geht`s euch heute? - Jen (Freitag 22.09.2006)
    was geht in de ferien? - Drummergod mio (Freitag 04.08.2006)
    forum geht wieder - SvanSick (Sonntag 24.12.2006)
    Los geht's.... - ChRiStIaN (Dienstag 10.04.2007)
    Sehr geehrte Damen und Herren, - Alf (Mittwoch 30.04.2008)
    jetzt geht es los - martina (Sonntag 22.01.2006)
    Stop loss, warum geht der nicht näher? - moneymagnet (Mittwoch 25.05.2005)