Verfügbare Informationen zu "Firewall konfig + DYNDNS wie geht das?"
Qualität des Beitrags: Beteiligte Poster: niko83 - crisirius Forum: Achtung !!!!!!!!!!!!! Forenbeschreibung: Umzug auf www.cisco-forum.net !!!!! aus dem Unterforum: C1700 Reihe Antworten: 15 Forum gestartet am: Mittwoch 02.02.2005 Sprache: deutsch Link zum Originaltopic: Firewall konfig + DYNDNS wie geht das? Letzte Antwort: vor 18 Jahren, 7 Monaten, 8 Tagen, 18 Stunden, 32 Minuten
Alle Beiträge und Antworten zu "Firewall konfig + DYNDNS wie geht das?"
Re: Firewall konfig + DYNDNS wie geht das?
niko83 - 09.08.2005, 15:06Firewall konfig + DYNDNS wie geht das?
Hallo,
ich habe einen Cisco 1720 mit WIC 1ENET und c1700-k9o3sy7-mz.123-13.bin drauf!
Der DSL Zugang funktioniert einwandfrei, ebenso DHCP!
Jetzt habe ich aber noch folgende 2 Probleme:
1. Ich würde gerne bei jeder Einwahl meinen Dyndns Account updaten! geht das mit dem Cisco?
2. Ist der Router noch total offen, d.h. es werden keine Anfragen abgewiesen! Ich hätte aber gerne das alle Portsanfragen abgewiesen werden! Wie gehts das?
Danke für eure Hilfe!
Gruß
Niko
Re: Firewall konfig + DYNDNS wie geht das?
crisirius - 10.08.2005, 08:54
Hi Niko,
willkommen erst mal auf dem Board.
So jetzt zu deinen Fragen:
1. mit dem 1720 ist eine dyndns auktualisierung nicht möglich
2. kurze Frage meiner Seits alle Ports???
Schreibe dir heute abend noch mal eine Konfig. Die die bestimmt weiterhilft.
Grüße
Crisirius
8)
Re: Firewall konfig + DYNDNS wie geht das?
niko83 - 10.08.2005, 12:23
Hi
1. hmmm ;-(
2. ja, wenn ich die befehle aber kenn kann ich ja auch hingehen und sie mir individuell anpassen!
Gruß
Niko
Re: Firewall konfig + DYNDNS wie geht das?
crisirius - 10.08.2005, 21:12
HI Niko,
du solltest folgende Befehle dafür benutzen:
access-list 101
und
ip access-group 101
um diese accesslist an das interface zu binden.
Grüße
Crisirius
Re: Firewall konfig + DYNDNS wie geht das?
niko83 - 11.08.2005, 09:35
hallo,
ich habs jetzt mal ausprobiert, aber so 100%ig funzt es noch nicht
was geht ist: 0-1056;1080;5000,8080 sind von außen blocked
allerdings würde ich gerne von innen rauspingen können, von außen soll der ping aber geblockt werden! - das geht bisher noch nicht!
Code: access-list 1 permit 192.168.0.0 0.0.0.255
access-list 101 deny tcp any any range 0 1056
access-list 101 deny tcp any any eq 1080
access-list 101 deny tcp any any eq 5000
access-list 101 deny tcp any any eq 8080
access-list 101 permit icmp 192.168.0.0 0.0.0.255 any
access-list 101 deny icmp any any
access-list 101 permit ip any any
dialer-list 2 protocol ip permit
was muss ich denn sonst noch blocken?
Gruß
Re: Firewall konfig + DYNDNS wie geht das?
crisirius - 11.08.2005, 18:48
Hi Niko,
wenn du das icmp von außen nicht erlauben willst, dann soltest du mit:
echo-reply
arbeiten und dieses auf die access-list in auf den externen interface legen.
Dann sollte ein ping nach drausen funktionieren und ein ping auf deinen Router nicht.
Grüße
Crisirius
:roll:
Re: Firewall konfig + DYNDNS wie geht das?
crisirius - 11.08.2005, 21:26
Wenn du noch Fragen zu ACL hast schau mal hier rein:
http://www.joseph-klein.de/Verschiedene%20Konfigurationsmodi/access-listen.html
Grüße
Crisirius
:)
Re: Firewall konfig + DYNDNS wie geht das?
crisirius - 12.08.2005, 09:47
Hi Niko,
muss mich bei den dyndns etwas berichtigen:
ab der IOS Version 12.4 ist das auch für die 1700 möglich.
Grüße
Crisirius
:oops:
Re: Firewall konfig + DYNDNS wie geht das?
niko83 - 15.08.2005, 07:37
danke! funktioniert jetzt alles wunderbar!
Dyndns geht ab 12.4! Hab leider nur 12.3!
Image ist ja nur über supportvertrag zu bekommen!
weist jemand was sowas kostet?
Gruß
Re: Firewall konfig + DYNDNS wie geht das?
niko83 - 15.08.2005, 10:39
was ich jetzt auch noch gerne machen würde:
Man soll sich über VPN in das Netzwerk einwählen können!
Frage: Brauch man einen separaten Radius Server oder geht es auch ohne?
hat jemand eventuell noch ein paar tips oder ein sample config woran ich mich schonmal orientieren könnte?
danke!
Re: Firewall konfig + DYNDNS wie geht das?
crisirius - 15.08.2005, 20:33
Hi niko,
hier mal eine 1750 VPN Server Config
hostname Easy-VPN-Test
!
!
username xyz privilege 15 password 0 xyz
memory-size iomem 15
ip subnet-zero
!
!
!
ip audit notify log
ip audit po max-events 100
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration address-pool local dynpool
!
crypto isakmp client configuration group Easy-VPN-group
key password
dns 10.10.10.1
wins 10.10.10.5
domain intern.lan.local
pool dynpool
!
!
crypto ipsec transform-set transform-1 esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 1
set transform-set transform-1
reverse-route
!
!
crypto map dynmap isakmp authorization list Easy-VPN-group
crypto map dynmap client configuration address respond
crypto map dynmap 1 ipsec-isakmp dynamic dynmap
!
!
!
!
interface Loopback1
ip address 192.168.12.1 255.255.255.0
!
interface BRI0
no ip address
shutdown
!
interface FastEthernet0
ip address 10.10.10.1 255.255.255.0
speed auto
crypto map dynmap
!
ip local pool dynpool 192.168.12.10 192.168.12.20
ip classless
no ip http server
Sonnst schau mal bei cisco.com vorbei da haben sie auch gute Config schon vorbereitet.
Grüße
Crisirius
8)
Re: Firewall konfig + DYNDNS wie geht das?
niko83 - 16.08.2005, 08:26
wo ist denn jetzt mein post von gestern hin?
Re: Firewall konfig + DYNDNS wie geht das?
niko83 - 16.08.2005, 08:27
dann muss ich nachher nochmal posten!
aber ich bekomm einfach keinen VPN Connect hin in zusammenhang mit pppoe einwahl
Re: Firewall konfig + DYNDNS wie geht das?
crisirius - 16.08.2005, 18:15
Hi Niko
Ich brauchte mal ein bischen mehr Input :-)
Was hast du vor wo willst du hin.
Bis Später
Crisirius
Re: Firewall konfig + DYNDNS wie geht das?
niko83 - 19.08.2005, 07:56
Hallo,
sorry, hat die letzen 2 Tage keine Zeit zum Testen!
hier nochmal die aktuelle config & ein iskmp debug (Client-IP habe ich auf 555.555.555.555) geändert
version 12.3
service timestamps debug uptime
service timestamps log datetime
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable password 7 020700560208
!
memory-size iomem 15
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
aaa new-model
!
!
aaa authentication login userauthen local
aaa authentication ppp dialins local
aaa authorization network groupauthor local
aaa session-id common
ip subnet-zero
!
!
ip name-server 217.237.149.161
ip dhcp excluded-address 192.168.0.0 192.168.0.99
!
ip dhcp pool default
network 192.168.0.0 255.255.255.0
dns-server 217.237.149.161
default-router 192.168.0.1
!
ip cef
ip audit po max-events 100
vpdn enable
vpdn ip udp ignore checksum
!
vpdn-group pppoe
request-dialin
protocol pppoe
!
no ftp-server write-enable
!
!
username cisco password 0 cisco
!
!
!
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group 3000client
key cisco123
dns 192.168.0.1
pool ippool
!
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 10
set transform-set myset
!
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
!
!
interface BRI0
no ip address
shutdown
!
interface Ethernet0
description Verbindung zum DSL Modem
no ip address
half-duplex
pppoe enable
pppoe-client dial-pool-number 1
!
interface FastEthernet0
description Verbindung zum LAN
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip tcp adjust-mss 1452
speed auto
!
interface Dialer0
description PPPoE Einwahl
ip address negotiated
ip access-group 101 in
ip mtu 1492
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 2
keepalive 600
ppp authentication pap callin
ppp pap sent-username xxxxxx password 7 xxxxxx
crypto map clientmap
!
ip local pool ippool 192.168.0.200 192.168.0.250
ip nat inside source list 1 interface Dialer0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
no ip http secure-server
!
!
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 101 deny tcp any any eq telnet
access-list 101 deny icmp any any
access-list 101 permit ip any any
access-list 102 permit ip any any
dialer-list 2 protocol ip permit
!
!
line con 0
line aux 0
line vty 0 4
password 7 11081D081E1C
line vty 5 15
password 7 11081D081E1C
!
end
und hier der debug:
00:45:50: ISAKMP (0:0): received packet from 555.555.555.555 dport 500 sport 63913 Global (N) NEW SA
00:45:50: ISAKMP: Created a peer struct for 555.555.555.555, peer port 63913
00:45:50: ISAKMP: Locking peer struct 0x8183B724, IKE refcount 1 for crypto_ikmp_config_initialize_sa
00:45:50: ISAKMP (0:0): Setting client config settings 8183B7A0
00:45:50: ISAKMP (0:0): (Re)Setting client xauth list and state
00:45:50: ISAKMP: local port 500, remote port 63913
00:45:50: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 818403B4
00:45:50: ISAKMP (0:4): processing SA payload. message ID = 0
00:45:50: ISAKMP (0:4): processing ID payload. message ID = 0
00:45:50: ISAKMP (0:4): ID payload
next-payload : 13
type : 11
group id : cisco
protocol : 17
port : 500
length : 13
00:45:50: ISAKMP (0:4): peer matches *none* of the profiles
00:45:50: ISAKMP (0:4): processing vendor id payload
00:45:50: ISAKMP (0:4): vendor ID seems Unity/DPD but major 215 mismatch
00:45:50: ISAKMP (0:4): vendor ID is XAUTH
00:45:50: ISAKMP (0:4): processing vendor id payload
00:45:50: ISAKMP (0:4): vendor ID is DPD
00:45:50: ISAKMP (0:4): processing vendor id payload
00:45:50: ISAKMP (0:4): vendor ID is Unity
00:45:50: ISAKMP (0:4) Authentication by xauth preshared
00:45:50: ISAKMP (0:4): Checking ISAKMP transform 1 against priority 3 policy
00:45:50: ISAKMP: encryption AES-CBC
00:45:50: ISAKMP: hash SHA
00:45:50: ISAKMP: default group 2
00:45:50: ISAKMP: auth XAUTHInitPreShared
00:45:50: ISAKMP: life type in seconds
00:45:50: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
00:45:50: ISAKMP: keylength of 256
00:45:50: ISAKMP (0:4): Encryption algorithm offered does not match policy!
00:45:50: ISAKMP (0:4): atts are not acceptable. Next payload is 3
00:45:50: ISAKMP (0:4): Checking ISAKMP transform 2 against priority 3 policy
00:45:50: ISAKMP: encryption AES-CBC
00:45:50: ISAKMP: hash MD5
00:45:50: ISAKMP: default group 2
00:45:50: ISAKMP: auth XAUTHInitPreShared
00:45:50: ISAKMP: life type in seconds
00:45:50: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
00:45:50: ISAKMP: keylength of 256
00:45:50: ISAKMP (0:4): Encryption algorithm offered does not match policy!
00:45:50: ISAKMP (0:4): atts are not acceptable. Next payload is 3
00:45:50: ISAKMP (0:4): Checking ISAKMP transform 3 against priority 3 policy
00:45:50: ISAKMP: encryption AES-CBC
00:45:50: ISAKMP: hash SHA
00:45:50: ISAKMP: default group 2
00:45:50: ISAKMP: auth pre-share
00:45:50: ISAKMP: life type in seconds
00:45:50: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
00:45:50: ISAKMP: keylength of 256
00:45:50: ISAKMP (0:4): Encryption algorithm offered does not match policy!
00:45:50: ISAKMP (0:4): atts are not acceptable. Next payload is 3
00:45:50: ISAKMP (0:4): Checking ISAKMP transform 4 against priority 3 policy
00:45:50: ISAKMP: encryption AES-CBC
00:45:50: ISAKMP: hash MD5
00:45:50: ISAKMP: default group 2
00:45:50: ISAKMP: auth pre-share
00:45:50: ISAKMP: life type in seconds
00:45:50: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
00:45:50: ISAKMP: keylength of 256
00:45:50: ISAKMP (0:4): Encryption algorithm offered does not match policy!
00:45:50: ISAKMP (0:4): atts are not acceptable. Next payload is 3
00:45:50: ISAKMP (0:4): Checking ISAKMP transform 5 against priority 3 policy
00:45:50: ISAKMP: encryption AES-CBC
00:45:50: ISAKMP: hash SHA
00:45:50: ISAKMP: default group 2
00:45:50: ISAKMP: auth XAUTHInitPreShared
00:45:50: ISAKMP: life type in seconds
00:45:50: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
00:45:50: ISAKMP: keylength of 128
00:45:50: ISAKMP (0:4): Encryption algorithm offered does not match policy!
00:45:50: ISAKMP (0:4): atts are not acceptable. Next payload is 3
00:45:50: ISAKMP (0:4): Checking ISAKMP transform 6 against priority 3 policy
00:45:50: ISAKMP: encryption AES-CBC
00:45:50: ISAKMP: hash MD5
00:45:50: ISAKMP: default group 2
00:45:50: ISAKMP: auth XAUTHInitPreShared
00:45:50: ISAKMP: life type in seconds
00:45:50: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
00:45:50: ISAKMP: keylength of 128
00:45:50: ISAKMP (0:4): Encryption algorithm offered does not match policy!
00:45:50: ISAKMP (0:4): atts are not acceptable. Next payload is 3
00:45:50: ISAKMP (0:4): Checking ISAKMP transform 7 against priority 3 policy
00:45:50: ISAKMP: encryption AES-CBC
00:45:50: ISAKMP: hash SHA
00:45:50: ISAKMP: default group 2
00:45:50: ISAKMP: auth pre-share
00:45:50: ISAKMP: life type in seconds
00:45:50: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
00:45:50: ISAKMP: keylength of 128
00:45:50: ISAKMP (0:4): Encryption algorithm offered does not match policy!
00:45:50: ISAKMP (0:4): atts are not acceptable. Next payload is 3
00:45:50: ISAKMP (0:4): Checking ISAKMP transform 8 against priority 3 policy
00:45:50: ISAKMP: encryption AES-CBC
00:45:50: ISAKMP: hash MD5
00:45:50: ISAKMP: default group 2
00:45:50: ISAKMP: auth pre-share
00:45:50: ISAKMP: life type in seconds
00:45:50: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
00:45:50: ISAKMP: keylength of 128
00:45:50: ISAKMP (0:4): Encryption algorithm offered does not match policy!
00:45:50: ISAKMP (0:4): atts are not acceptable. Next payload is 3
00:45:50: ISAKMP (0:4): Checking ISAKMP transform 9 against priority 3 policy
00:45:50: ISAKMP: encryption 3DES-CBC
00:45:50: ISAKMP: hash SHA
00:45:50: ISAKMP: default group 2
00:45:50: ISAKMP: auth XAUTHInitPreShared
00:45:50: ISAKMP: life type in seconds
00:45:50: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
00:45:50: ISAKMP (0:4): atts are acceptable. Next payload is 3
00:45:50: ISAKMP (0:4): processing KE payload. message ID = 0
00:45:50: ISAKMP (0:4): processing NONCE payload. message ID = 0
00:45:50: ISAKMP (0:4): Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH
00:45:50: ISAKMP (0:4): Old State = IKE_READY New State = IKE_R_AM_AAA_AWAIT
00:45:50: ISAKMP: got callback 1
00:45:50: ISAKMP (0:4): incrementing error counter on sa: construct_fail_ag_init
00:45:55: ISAKMP (0:4): received packet from 555.555.555.555 dport 500 sport 63913 Global (R) AG_NO_STATE
00:45:55: ISAKMP (0:4): phase 1 packet is a duplicate of a previous packet.
00:45:55: ISAKMP (0:4): retransmitting due to retransmit phase 1
00:45:55: ISAKMP (0:4): retransmitting phase 1 AG_NO_STATE...
00:45:56: ISAKMP (0:4): retransmitting phase 1 AG_NO_STATE...
00:45:56: ISAKMP (0:4): incrementing error counter on sa: retransmit phase 1
00:45:56: ISAKMP (0:4): retransmitting phase 1 AG_NO_STATE
00:45:56: ISAKMP (0:4): sending packet to 555.555.555.555 my_port 500 peer_port 63913 (R) AG_NO_STATE
00:46:00: ISAKMP (0:4): received packet from 555.555.555.555 dport 500 sport 63913 Global (R) AG_NO_STATE
00:46:00: ISAKMP (0:4): phase 1 packet is a duplicate of a previous packet.
00:46:00: ISAKMP (0:4): retransmitting due to retransmit phase 1
00:46:00: ISAKMP (0:4): retransmitting phase 1 AG_NO_STATE...
00:46:01: ISAKMP (0:4): retransmitting phase 1 AG_NO_STATE...
00:46:01: ISAKMP (0:4): incrementing error counter on sa: retransmit phase 1
00:46:01: ISAKMP (0:4): no outgoing phase 1 packet to retransmit. AG_NO_STATE
00:46:02: ISAKMP (0:2): purging SA., sa=8183E224, delme=8183E224
00:46:05: ISAKMP (0:4): received packet from 555.555.555.555 dport 500 sport 63913 Global (R) AG_NO_STATE
00:46:05: ISAKMP (0:4): phase 1 packet is a duplicate of a previous packet.
00:46:05: ISAKMP (0:4): retransmitting due to retransmit phase 1
00:46:05: ISAKMP (0:4): retransmitting phase 1 AG_NO_STATE...
00:46:06: ISAKMP (0:4): retransmitting phase 1 AG_NO_STATE...
00:46:06: ISAKMP (0:4): incrementing error counter on sa: retransmit phase 1
00:46:06: ISAKMP (0:4): no outgoing phase 1 packet to retransmit. AG_NO_STATE
00:46:41: ISAKMP: quick mode timer expired.
00:46:41: ISAKMP (0:3): peer does not do paranoid keepalives.
00:46:41: ISAKMP (0:3): deleting SA reason "QM_TIMER expired" state (R) AG_NO_STATE (peer 555.555.555.555) input queue 0
00:46:41: ISAKMP (0:3): deleting SA reason "QM_TIMER expired" state (R) AG_NO_STATE (peer 555.555.555.555) input queue 0
00:46:41: ISAKMP: Unlocking IKE struct 0x8183A30C for isadb_mark_sa_deleted(), count 0
00:46:41: ISAKMP: Deleting peer node by peer_reap for 555.555.555.555: 8183A30C
00:46:41: ISAKMP (0:3): Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
00:46:41: ISAKMP (0:3): Old State = IKE_R_AM_AAA_AWAIT New State = IKE_DEST_SA
00:47:16: ISAKMP (0:0): received packet from 555.555.555.555 dport 500 sport 63913 Global (N) NEW SA
00:47:16: ISAKMP: Created a peer struct for 555.555.555.555, peer port 63913
00:47:16: ISAKMP: Locking peer struct 0x8183A770, IKE refcount 1 for crypto_ikmp_config_initialize_sa
00:47:16: ISAKMP (0:0): Setting client config settings 8183FC84
00:47:16: ISAKMP (0:0): (Re)Setting client xauth list and state
00:47:16: ISAKMP: local port 500, remote port 63913
00:47:16: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 8183E224
00:47:16: ISAKMP (0:5): processing SA payload. message ID = 0
00:47:16: ISAKMP (0:5): processing ID payload. message ID = 0
00:47:16: ISAKMP (0:5): ID payload
next-payload : 13
type : 11
group id : cisco
protocol : 17
port : 500
length : 13
00:47:16: ISAKMP (0:5): peer matches *none* of the profiles
00:47:16: ISAKMP (0:5): processing vendor id payload
00:47:16: ISAKMP (0:5): vendor ID seems Unity/DPD but major 215 mismatch
00:47:16: ISAKMP (0:5): vendor ID is XAUTH
00:47:16: ISAKMP (0:5): processing vendor id payload
00:47:16: ISAKMP (0:5): vendor ID is DPD
00:47:16: ISAKMP (0:5): processing vendor id payload
00:47:16: ISAKMP (0:5): vendor ID seems Unity/DPD but major 123 mismatch
00:47:16: ISAKMP (0:5): vendor ID is NAT-T v2
00:47:16: ISAKMP (0:5): processing vendor id payload
00:47:16: ISAKMP (0:5): vendor ID seems Unity/DPD but major 194 mismatch
00:47:16: ISAKMP (0:5): processing vendor id payload
00:47:16: ISAKMP (0:5): vendor ID is Unity
00:47:16: ISAKMP (0:5) Authentication by xauth preshared
00:47:16: ISAKMP (0:5): Checking ISAKMP transform 1 against priority 3 policy
00:47:16: ISAKMP: encryption AES-CBC
00:47:16: ISAKMP: hash SHA
00:47:16: ISAKMP: default group 2
00:47:16: ISAKMP: auth XAUTHInitPreShared
00:47:16: ISAKMP: life type in seconds
00:47:16: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
00:47:16: ISAKMP: keylength of 256
00:47:16: ISAKMP (0:5): Encryption algorithm offered does not match policy!
00:47:16: ISAKMP (0:5): atts are not acceptable. Next payload is 3
00:47:16: ISAKMP (0:5): Checking ISAKMP transform 2 against priority 3 policy
00:47:16: ISAKMP: encryption AES-CBC
00:47:16: ISAKMP: hash MD5
00:47:16: ISAKMP: default group 2
00:47:16: ISAKMP: auth XAUTHInitPreShared
00:47:16: ISAKMP: life type in seconds
00:47:16: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
00:47:16: ISAKMP: keylength of 256
00:47:16: ISAKMP (0:5): Encryption algorithm offered does not match policy!
00:47:16: ISAKMP (0:5): atts are not acceptable. Next payload is 3
00:47:16: ISAKMP (0:5): Checking ISAKMP transform 3 against priority 3 policy
00:47:16: ISAKMP: encryption AES-CBC
00:47:16: ISAKMP: hash SHA
00:47:16: ISAKMP: default group 2
00:47:16: ISAKMP: auth pre-share
00:47:16: ISAKMP: life type in seconds
00:47:16: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
00:47:16: ISAKMP: keylength of 256
00:47:16: ISAKMP (0:5): Encryption algorithm offered does not match policy!
00:47:16: ISAKMP (0:5): atts are not acceptable. Next payload is 3
00:47:16: ISAKMP (0:5): Checking ISAKMP transform 4 against priority 3 policy
00:47:16: ISAKMP: encryption AES-CBC
00:47:16: ISAKMP: hash MD5
00:47:16: ISAKMP: default group 2
00:47:16: ISAKMP: auth pre-share
00:47:16: ISAKMP: life type in seconds
00:47:16: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
00:47:16: ISAKMP: keylength of 256
00:47:16: ISAKMP (0:5): Encryption algorithm offered does not match policy!
00:47:16: ISAKMP (0:5): atts are not acceptable. Next payload is 3
00:47:16: ISAKMP (0:5): Checking ISAKMP transform 5 against priority 3 policy
00:47:16: ISAKMP: encryption AES-CBC
00:47:16: ISAKMP: hash SHA
00:47:16: ISAKMP: default group 2
00:47:16: ISAKMP: auth XAUTHInitPreShared
00:47:16: ISAKMP: life type in seconds
00:47:16: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
00:47:16: ISAKMP: keylength of 128
00:47:16: ISAKMP (0:5): Encryption algorithm offered does not match policy!
00:47:16: ISAKMP (0:5): atts are not acceptable. Next payload is 3
00:47:16: ISAKMP (0:5): Checking ISAKMP transform 6 against priority 3 policy
00:47:16: ISAKMP: encryption AES-CBC
00:47:16: ISAKMP: hash MD5
00:47:16: ISAKMP: default group 2
00:47:16: ISAKMP: auth XAUTHInitPreShared
00:47:16: ISAKMP: life type in seconds
00:47:16: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
00:47:16: ISAKMP: keylength of 128
00:47:16: ISAKMP (0:5): Encryption algorithm offered does not match policy!
00:47:16: ISAKMP (0:5): atts are not acceptable. Next payload is 3
00:47:16: ISAKMP (0:5): Checking ISAKMP transform 7 against priority 3 policy
00:47:16: ISAKMP: encryption AES-CBC
00:47:16: ISAKMP: hash SHA
00:47:16: ISAKMP: default group 2
00:47:16: ISAKMP: auth pre-share
00:47:16: ISAKMP: life type in seconds
00:47:16: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
00:47:16: ISAKMP: keylength of 128
00:47:16: ISAKMP (0:5): Encryption algorithm offered does not match policy!
00:47:16: ISAKMP (0:5): atts are not acceptable. Next payload is 3
00:47:16: ISAKMP (0:5): Checking ISAKMP transform 8 against priority 3 policy
00:47:16: ISAKMP: encryption AES-CBC
00:47:16: ISAKMP: hash MD5
00:47:16: ISAKMP: default group 2
00:47:16: ISAKMP: auth pre-share
00:47:16: ISAKMP: life type in seconds
00:47:16: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
00:47:16: ISAKMP: keylength of 128
00:47:16: ISAKMP (0:5): Encryption algorithm offered does not match policy!
00:47:16: ISAKMP (0:5): atts are not acceptable. Next payload is 3
00:47:16: ISAKMP (0:5): Checking ISAKMP transform 9 against priority 3 policy
00:47:16: ISAKMP: encryption 3DES-CBC
00:47:16: ISAKMP: hash SHA
00:47:16: ISAKMP: default group 2
00:47:16: ISAKMP: auth XAUTHInitPreShared
00:47:16: ISAKMP: life type in seconds
00:47:16: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
00:47:16: ISAKMP (0:5): atts are acceptable. Next payload is 3
00:47:16: ISAKMP (0:5): processing KE payload. message ID = 0
00:47:16: ISAKMP (0:5): processing NONCE payload. message ID = 0
00:47:16: ISAKMP (0:5): vendor ID is NAT-T v2
00:47:16: ISAKMP (0:5): Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH
00:47:16: ISAKMP (0:5): Old State = IKE_READY New State = IKE_R_AM_AAA_AWAIT
00:47:16: ISAKMP: got callback 1
00:47:16: ISAKMP (0:5): incrementing error counter on sa: construct_fail_ag_init
00:47:21: ISAKMP (0:5): received packet from 555.555.555.555 dport 500 sport 63913 Global (R) AG_NO_STATE
00:47:21: ISAKMP (0:5): phase 1 packet is a duplicate of a previous packet.
00:47:21: ISAKMP (0:5): retransmitting due to retransmit phase 1
00:47:21: ISAKMP (0:5): retransmitting phase 1 AG_NO_STATE...
00:47:22: ISAKMP (0:5): retransmitting phase 1 AG_NO_STATE...
00:47:22: ISAKMP (0:5): incrementing error counter on sa: retransmit phase 1
00:47:22: ISAKMP (0:5): retransmitting phase 1 AG_NO_STATE
00:47:22: ISAKMP (0:5): sending packet to 555.555.555.555 my_port 500 peer_port 63913 (R) AG_NO_STATE
00:47:26: ISAKMP (0:5): received packet from 555.555.555.555 dport 500 sport 63913 Global (R) AG_NO_STATE
00:47:26: ISAKMP (0:5): phase 1 packet is a duplicate of a previous packet.
00:47:26: ISAKMP (0:5): retransmitting due to retransmit phase 1
00:47:26: ISAKMP (0:5): retransmitting phase 1 AG_NO_STATE...
00:47:27: ISAKMP (0:5): retransmitting phase 1 AG_NO_STATE...
00:47:27: ISAKMP (0:5): incrementing error counter on sa: retransmit phase 1
00:47:27: ISAKMP (0:5): no outgoing phase 1 packet to retransmit. AG_NO_STATE
00:47:31: ISAKMP (0:5): received packet from 555.555.555.555 dport 500 sport 63913 Global (R) AG_NO_STATE
00:47:31: ISAKMP (0:5): phase 1 packet is a duplicate of a previous packet.
00:47:31: ISAKMP (0:5): retransmitting due to retransmit phase 1
00:47:31: ISAKMP (0:5): retransmitting phase 1 AG_NO_STATE...
00:47:32: ISAKMP (0:5): retransmitting phase 1 AG_NO_STATE...
00:47:32: ISAKMP (0:5): incrementing error counter on sa: retransmit phase 1
00:47:32: ISAKMP (0:5): no outgoing phase 1 packet to retransmit. AG_NO_STATE
00:47:41: ISAKMP (0:3): purging SA., sa=8183F040, delme=8183F040
00:48:24: ISAKMP (0:0): received packet from 555.555.555.555 dport 500 sport 63913 Global (N) NEW SA
00:48:24: ISAKMP: Created a peer struct for 555.555.555.555, peer port 63913
00:48:24: ISAKMP: Locking peer struct 0x8208E44C, IKE refcount 1 for crypto_ikmp_config_initialize_sa
00:48:24: ISAKMP (0:0): Setting client config settings 8183C328
00:48:24: ISAKMP (0:0): (Re)Setting client xauth list and state
00:48:24: ISAKMP: local port 500, remote port 63913
00:48:24: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 81841620
00:48:24: ISAKMP (0:6): processing SA payload. message ID = 0
00:48:24: ISAKMP (0:6): processing ID payload. message ID = 0
00:48:24: ISAKMP (0:6): ID payload
next-payload : 13
type : 11
group id : cisco
protocol : 17
port : 500
length : 13
00:48:24: ISAKMP (0:6): peer matches *none* of the profiles
00:48:24: ISAKMP (0:6): processing vendor id payload
00:48:24: ISAKMP (0:6): vendor ID seems Unity/DPD but major 215 mismatch
00:48:24: ISAKMP (0:6): vendor ID is XAUTH
00:48:24: ISAKMP (0:6): processing vendor id payload
00:48:24: ISAKMP (0:6): vendor ID is DPD
00:48:24: ISAKMP (0:6): processing vendor id payload
00:48:24: ISAKMP (0:6): vendor ID seems Unity/DPD but major 123 mismatch
00:48:24: ISAKMP (0:6): vendor ID is NAT-T v2
00:48:24: ISAKMP (0:6): processing vendor id payload
00:48:24: ISAKMP (0:6): vendor ID seems Unity/DPD but major 194 mismatch
00:48:24: ISAKMP (0:6): processing vendor id payload
00:48:24: ISAKMP (0:6): vendor ID is Unity
00:48:24: ISAKMP (0:6) Authentication by xauth preshared
00:48:24: ISAKMP (0:6): Checking ISAKMP transform 1 against priority 3 policy
00:48:24: ISAKMP: encryption AES-CBC
00:48:24: ISAKMP: hash SHA
00:48:24: ISAKMP: default group 2
00:48:24: ISAKMP: auth XAUTHInitPreShared
00:48:24: ISAKMP: life type in seconds
00:48:24: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
00:48:24: ISAKMP: keylength of 256
00:48:24: ISAKMP (0:6): Encryption algorithm offered does not match policy!
00:48:24: ISAKMP (0:6): atts are not acceptable. Next payload is 3
00:48:24: ISAKMP (0:6): Checking ISAKMP transform 2 against priority 3 policy
00:48:24: ISAKMP: encryption AES-CBC
00:48:24: ISAKMP: hash MD5
00:48:24: ISAKMP: default group 2
00:48:24: ISAKMP: auth XAUTHInitPreShared
00:48:24: ISAKMP: life type in seconds
00:48:24: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
00:48:24: ISAKMP: keylength of 256
00:48:24: ISAKMP (0:6): Encryption algorithm offered does not match policy!
00:48:24: ISAKMP (0:6): atts are not acceptable. Next payload is 3
00:48:24: ISAKMP (0:6): Checking ISAKMP transform 3 against priority 3 policy
00:48:24: ISAKMP: encryption AES-CBC
00:48:24: ISAKMP: hash SHA
00:48:24: ISAKMP: default group 2
00:48:24: ISAKMP: auth pre-share
00:48:24: ISAKMP: life type in seconds
00:48:24: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
00:48:24: ISAKMP: keylength of 256
00:48:24: ISAKMP (0:6): Encryption algorithm offered does not match policy!
00:48:24: ISAKMP (0:6): atts are not acceptable. Next payload is 3
00:48:24: ISAKMP (0:6): Checking ISAKMP transform 4 against priority 3 policy
00:48:24: ISAKMP: encryption AES-CBC
00:48:24: ISAKMP: hash MD5
00:48:24: ISAKMP: default group 2
00:48:24: ISAKMP: auth pre-share
00:48:24: ISAKMP: life type in seconds
00:48:24: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
00:48:24: ISAKMP: keylength of 256
00:48:24: ISAKMP (0:6): Encryption algorithm offered does not match policy!
00:48:24: ISAKMP (0:6): atts are not acceptable. Next payload is 3
00:48:24: ISAKMP (0:6): Checking ISAKMP transform 5 against priority 3 policy
00:48:24: ISAKMP: encryption AES-CBC
00:48:24: ISAKMP: hash SHA
00:48:24: ISAKMP: default group 2
00:48:24: ISAKMP: auth XAUTHInitPreShared
00:48:24: ISAKMP: life type in seconds
00:48:24: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
00:48:24: ISAKMP: keylength of 128
00:48:24: ISAKMP (0:6): Encryption algorithm offered does not match policy!
00:48:24: ISAKMP (0:6): atts are not acceptable. Next payload is 3
00:48:24: ISAKMP (0:6): Checking ISAKMP transform 6 against priority 3 policy
00:48:24: ISAKMP: encryption AES-CBC
00:48:24: ISAKMP: hash MD5
00:48:24: ISAKMP: default group 2
00:48:24: ISAKMP: auth XAUTHInitPreShared
00:48:24: ISAKMP: life type in seconds
00:48:24: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
00:48:24: ISAKMP: keylength of 128
00:48:24: ISAKMP (0:6): Encryption algorithm offered does not match policy!
00:48:24: ISAKMP (0:6): atts are not acceptable. Next payload is 3
00:48:24: ISAKMP (0:6): Checking ISAKMP transform 7 against priority 3 policy
00:48:24: ISAKMP: encryption AES-CBC
00:48:24: ISAKMP: hash SHA
00:48:24: ISAKMP: default group 2
00:48:24: ISAKMP: auth pre-share
00:48:24: ISAKMP: life type in seconds
00:48:24: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
00:48:24: ISAKMP: keylength of 128
00:48:24: ISAKMP (0:6): Encryption algorithm offered does not match policy!
00:48:24: ISAKMP (0:6): atts are not acceptable. Next payload is 3
00:48:24: ISAKMP (0:6): Checking ISAKMP transform 8 against priority 3 policy
00:48:24: ISAKMP: encryption AES-CBC
00:48:24: ISAKMP: hash MD5
00:48:24: ISAKMP: default group 2
00:48:24: ISAKMP: auth pre-share
00:48:24: ISAKMP: life type in seconds
00:48:24: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
00:48:24: ISAKMP: keylength of 128
00:48:24: ISAKMP (0:6): Encryption algorithm offered does not match policy!
00:48:24: ISAKMP (0:6): atts are not acceptable. Next payload is 3
00:48:24: ISAKMP (0:6): Checking ISAKMP transform 9 against priority 3 policy
00:48:24: ISAKMP: encryption 3DES-CBC
00:48:24: ISAKMP: hash SHA
00:48:24: ISAKMP: default group 2
00:48:24: ISAKMP: auth XAUTHInitPreShared
00:48:24: ISAKMP: life type in seconds
00:48:24: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
00:48:24: ISAKMP (0:6): atts are acceptable. Next payload is 3
00:48:24: ISAKMP (0:6): processing KE payload. message ID = 0
00:48:24: ISAKMP (0:6): processing NONCE payload. message ID = 0
00:48:24: ISAKMP (0:6): vendor ID is NAT-T v2
00:48:24: ISAKMP (0:6): Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH
00:48:24: ISAKMP (0:6): Old State = IKE_READY New State = IKE_R_AM_AAA_AWAIT
00:48:24: ISAKMP: got callback 1
00:48:24: ISAKMP (0:6): incrementing error counter on sa: construct_fail_ag_init
00:48:29: ISAKMP (0:6): received packet from 555.555.555.555 dport 500 sport 63913 Global (R) AG_NO_STATE
00:48:29: ISAKMP (0:6): phase 1 packet is a duplicate of a previous packet.
00:48:29: ISAKMP (0:6): retransmitting due to retransmit phase 1
00:48:29: ISAKMP (0:6): retransmitting phase 1 AG_NO_STATE...
00:48:29: ISAKMP (0:6): retransmitting phase 1 AG_NO_STATE...
00:48:29: ISAKMP (0:6): incrementing error counter on sa: retransmit phase 1
00:48:29: ISAKMP (0:6): retransmitting phase 1 AG_NO_STATE
00:48:29: ISAKMP (0:6): sending packet to 555.555.555.555 my_port 500 peer_port 63913 (R) AG_NO_STATE
00:48:34: ISAKMP (0:6): received packet from 555.555.555.555 dport 500 sport 63913 Global (R) AG_NO_STATE
00:48:34: ISAKMP (0:6): phase 1 packet is a duplicate of a previous packet.
00:48:34: ISAKMP (0:6): retransmitting due to retransmit phase 1
00:48:34: ISAKMP (0:6): retransmitting phase 1 AG_NO_STATE...
00:48:34: ISAKMP (0:6): retransmitting phase 1 AG_NO_STATE...
00:48:34: ISAKMP (0:6): incrementing error counter on sa: retransmit phase 1
00:48:34: ISAKMP (0:6): no outgoing phase 1 packet to retransmit. AG_NO_STATE
00:48:39: ISAKMP (0:6): received packet from 555.555.555.555 dport 500 sport 63913 Global (R) AG_NO_STATE
00:48:39: ISAKMP (0:6): phase 1 packet is a duplicate of a previous packet.
00:48:39: ISAKMP (0:6): retransmitting due to retransmit phase 1
00:48:39: ISAKMP (0:6): retransmitting phase 1 AG_NO_STATE...
00:48:39: ISAKMP (0:6): retransmitting phase 1 AG_NO_STATE...
00:48:39: ISAKMP (0:6): incrementing error counter on sa: retransmit phase 1
00:48:39: ISAKMP (0:6): no outgoing phase 1 packet to retransmit. AG_NO_STATE
Router#
Router#
00:49:15: ISAKMP: quick mode timer expired.
00:49:15: ISAKMP (0:4): peer does not do paranoid keepalives.
00:49:15: ISAKMP (0:4): deleting SA reason "QM_TIMER expired" state (R) AG_NO_STATE (peer 555.555.555.555) input queue 0
00:49:15: ISAKMP (0:4): deleting SA reason "QM_TIMER expired" state (R) AG_NO_STATE (peer 555.555.555.555) input queue 0
00:49:15: ISAKMP: Unlocking IKE struct 0x8183B724 for isadb_mark_sa_deleted(), count 0
00:49:15: ISAKMP: Deleting peer node by peer_reap for 555.555.555.555: 8183B724
00:49:15: ISAKMP (0:4): Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
00:49:15: ISAKMP (0:4): Old State = IKE_R_AM_AAA_AWAIT New State = IKE_DEST_SA
00:49:16: ISAKMP (0:0): received packet from 555.555.555.555 dport 500 sport 63913 Global (N) NEW SA
00:49:16: ISAKMP: Created a peer struct for 555.555.555.555, peer port 63913
00:49:16: ISAKMP: Locking peer struct 0x8208EF30, IKE refcount 1 for crypto_ikmp_config_initialize_sa
00:49:16: ISAKMP (0:0): Setting client config settings 818401DC
00:49:16: ISAKMP (0:0): (Re)Setting client xauth list and state
00:49:16: ISAKMP: local port 500, remote port 63913
00:49:16: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 8183EC40
00:49:16: ISAKMP (0:7): processing SA payload. message ID = 0
00:49:16: ISAKMP (0:7): processing ID payload. message ID = 0
00:49:16: ISAKMP (0:7): ID payload
next-payload : 13
type : 11
group id : cisco
protocol : 17
port : 500
length : 13
00:49:16: ISAKMP (0:7): peer matches *none* of the profiles
00:49:16: ISAKMP (0:7): processing vendor id payload
00:49:16: ISAKMP (0:7): vendor ID seems Unity/DPD but major 215 mismatch
00:49:16: ISAKMP (0:7): vendor ID is XAUTH
00:49:16: ISAKMP (0:7): processing vendor id payload
00:49:16: ISAKMP (0:7): vendor ID is DPD
00:49:16: ISAKMP (0:7): processing vendor id payload
00:49:16: ISAKMP (0:7): vendor ID seems Unity/DPD but major 123 mismatch
00:49:16: ISAKMP (0:7): vendor ID is NAT-T v2
00:49:16: ISAKMP (0:7): processing vendor id payload
00:49:16: ISAKMP (0:7): vendor ID seems Unity/DPD but major 194 mismatch
00:49:16: ISAKMP (0:7): processing vendor id payload
00:49:16: ISAKMP (0:7): vendor ID is Unity
00:49:16: ISAKMP (0:7) Authentication by xauth preshared
00:49:16: ISAKMP (0:7): Checking ISAKMP transform 1 against priority 3 policy
00:49:16: ISAKMP: encryption AES-CBC
00:49:16: ISAKMP: hash SHA
00:49:16: ISAKMP: default group 2
00:49:16: ISAKMP: auth XAUTHInitPreShared
00:49:16: ISAKMP: life type in seconds
00:49:16: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
00:49:16: ISAKMP: keylength of 256
00:49:16: ISAKMP (0:7): Encryption algorithm offered does not match policy!
00:49:16: ISAKMP (0:7): atts are not acceptable. Next payload is 3
00:49:16: ISAKMP (0:7): Checking ISAKMP transform 2 against priority 3 policy
00:49:16: ISAKMP: encryption AES-CBC
00:49:16: ISAKMP: hash MD5
00:49:16: ISAKMP: default group 2
00:49:16: ISAKMP: auth XAUTHInitPreShared
00:49:16: ISAKMP: life type in seconds
00:49:16: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
00:49:16: ISAKMP: keylength of 256
00:49:16: ISAKMP (0:7): Encryption algorithm offered does not match policy!
00:49:16: ISAKMP (0:7): atts are not acceptable. Next payload is 3
00:49:16: ISAKMP (0:7): Checking ISAKMP transform 3 against priority 3 policy
00:49:16: ISAKMP: encryption AES-CBC
00:49:16: ISAKMP: hash SHA
00:49:16: ISAKMP: default group 2
00:49:16: ISAKMP: auth pre-share
00:49:16: ISAKMP: life type in seconds
00:49:16: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
00:49:16: ISAKMP: keylength of 256
00:49:16: ISAKMP (0:7): Encryption algorithm offered does not match policy!
00:49:16: ISAKMP (0:7): atts are not acceptable. Next payload is 3
00:49:16: ISAKMP (0:7): Checking ISAKMP transform 4 against priority 3 policy
00:49:16: ISAKMP: encryption AES-CBC
00:49:16: ISAKMP: hash MD5
00:49:16: ISAKMP: default group 2
00:49:16: ISAKMP: auth pre-share
00:49:16: ISAKMP: life type in seconds
00:49:16: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
00:49:16: ISAKMP: keylength of 256
00:49:16: ISAKMP (0:7): Encryption algorithm offered does not match policy!
00:49:16: ISAKMP (0:7): atts are not acceptable. Next payload is 3
00:49:16: ISAKMP (0:7): Checking ISAKMP transform 5 against priority 3 policy
00:49:16: ISAKMP: encryption AES-CBC
00:49:16: ISAKMP: hash SHA
00:49:16: ISAKMP: default group 2
00:49:16: ISAKMP: auth XAUTHInitPreShared
00:49:16: ISAKMP: life type in seconds
00:49:16: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
00:49:16: ISAKMP: keylength of 128
00:49:16: ISAKMP (0:7): Encryption algorithm offered does not match policy!
00:49:16: ISAKMP (0:7): atts are not acceptable. Next payload is 3
00:49:16: ISAKMP (0:7): Checking ISAKMP transform 6 against priority 3 policy
00:49:16: ISAKMP: encryption AES-CBC
00:49:16: ISAKMP: hash MD5
00:49:16: ISAKMP: default group 2
00:49:16: ISAKMP: auth XAUTHInitPreShared
00:49:16: ISAKMP: life type in seconds
00:49:16: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
00:49:16: ISAKMP: keylength of 128
00:49:16: ISAKMP (0:7): Encryption algorithm offered does not match policy!
00:49:16: ISAKMP (0:7): atts are not acceptable. Next payload is 3
00:49:16: ISAKMP (0:7): Checking ISAKMP transform 7 against priority 3 policy
00:49:16: ISAKMP: encryption AES-CBC
00:49:16: ISAKMP: hash SHA
00:49:16: ISAKMP: default group 2
00:49:16: ISAKMP: auth pre-share
00:49:16: ISAKMP: life type in seconds
00:49:16: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
00:49:16: ISAKMP: keylength of 128
00:49:16: ISAKMP (0:7): Encryption algorithm offered does not match policy!
00:49:16: ISAKMP (0:7): atts are not acceptable. Next payload is 3
00:49:16: ISAKMP (0:7): Checking ISAKMP transform 8 against priority 3 policy
00:49:16: ISAKMP: encryption AES-CBC
00:49:16: ISAKMP: hash MD5
00:49:16: ISAKMP: default group 2
00:49:16: ISAKMP: auth pre-share
00:49:16: ISAKMP: life type in seconds
00:49:16: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
00:49:16: ISAKMP: keylength of 128
00:49:16: ISAKMP (0:7): Encryption algorithm offered does not match policy!
00:49:16: ISAKMP (0:7): atts are not acceptable. Next payload is 3
00:49:16: ISAKMP (0:7): Checking ISAKMP transform 9 against priority 3 policy
00:49:16: ISAKMP: encryption 3DES-CBC
00:49:16: ISAKMP: hash SHA
00:49:16: ISAKMP: default group 2
00:49:16: ISAKMP: auth XAUTHInitPreShared
00:49:16: ISAKMP: life type in seconds
00:49:16: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
00:49:16: ISAKMP (0:7): atts are acceptable. Next payload is 3
00:49:17: ISAKMP (0:7): processing KE payload. message ID = 0
00:49:17: ISAKMP (0:7): processing NONCE payload. message ID = 0
00:49:17: ISAKMP (0:7): vendor ID is NAT-T v2
00:49:17: ISAKMP (0:7): Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH
00:49:17: ISAKMP (0:7): Old State = IKE_READY New State = IKE_R_AM_AAA_AWAIT
00:49:17: ISAKMP: got callback 1
00:49:17: ISAKMP (0:7): incrementing error counter on sa: construct_fail_ag_init
00:49:21: ISAKMP (0:7): received packet from 555.555.555.555 dport 500 sport 63913 Global (R) AG_NO_STATE
00:49:21: ISAKMP (0:7): phase 1 packet is a duplicate of a previous packet.
00:49:21: ISAKMP (0:7): retransmitting due to retransmit phase 1
00:49:21: ISAKMP (0:7): retransmitting phase 1 AG_NO_STATE...
00:49:22: ISAKMP (0:7): retransmitting phase 1 AG_NO_STATE...
00:49:22: ISAKMP (0:7): incrementing error counter on sa: retransmit phase 1
00:49:22: ISAKMP (0:7): retransmitting phase 1 AG_NO_STATE
00:49:22: ISAKMP (0:7): sending packet to 555.555.555.555 my_port 500 peer_port 63913 (R) AG_NO_STATE
00:49:26: ISAKMP (0:7): received packet from 555.555.555.555 dport 500 sport 63913 Global (R) AG_NO_STATE
00:49:26: ISAKMP (0:7): phase 1 packet is a duplicate of a previous packet.
00:49:26: ISAKMP (0:7): retransmitting due to retransmit phase 1
00:49:26: ISAKMP (0:7): retransmitting phase 1 AG_NO_STATE...
00:49:27: ISAKMP (0:7): retransmitting phase 1 AG_NO_STATE...
00:49:27: ISAKMP (0:7): incrementing error counter on sa: retransmit phase 1
00:49:27: ISAKMP (0:7): no outgoing phase 1 packet to retransmit. AG_NO_STATE
00:49:31: ISAKMP (0:7): received packet from 555.555.555.555 dport 500 sport 63913 Global (R) AG_NO_STATE
00:49:31: ISAKMP (0:7): phase 1 packet is a duplicate of a previous packet.
00:49:31: ISAKMP (0:7): retransmitting due to retransmit phase 1
00:49:31: ISAKMP (0:7): retransmitting phase 1 AG_NO_STATE...
00:49:32: ISAKMP (0:7): retransmitting phase 1 AG_NO_STATE...
00:49:32: ISAKMP (0:7): incrementing error counter on sa: retransmit phase 1
00:49:32: ISAKMP (0:7): no outgoing phase 1 packet to retransmit. AG_NO_STATE
Ich verwenden den Cisco VPN Client 4.6.04.0043
Vielen Dank für deine Hilfe!
Gruß
Niko
Mit folgendem Code, können Sie den Beitrag ganz bequem auf ihrer Homepage verlinken
Weitere Beiträge aus dem Forum Achtung !!!!!!!!!!!!!
Ähnliche Beiträge wie "Firewall konfig + DYNDNS wie geht das?"
bin dabei wenns kla geht ! - Dj One Shotz (Sonntag 18.03.2007)
so geht es nicht weiter - my-key (Mittwoch 19.09.2007)
SUCHE JEMAND FÜR DONNERSTAG ZUR GANG BANG PARTY - nike88 (Montag 06.12.2010)
Wie geht`s euch heute? - Jen (Freitag 22.09.2006)
was geht in de ferien? - Drummergod mio (Freitag 04.08.2006)
forum geht wieder - SvanSick (Sonntag 24.12.2006)
Los geht's.... - ChRiStIaN (Dienstag 10.04.2007)
Sehr geehrte Damen und Herren, - Alf (Mittwoch 30.04.2008)
jetzt geht es los - martina (Sonntag 22.01.2006)
Stop loss, warum geht der nicht näher? - moneymagnet (Mittwoch 25.05.2005)