Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations biv343 on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Failing to Configure L2tp/IPSEC PSK Remote Access Gateway on Cisco

Status
Not open for further replies.
drvelia

drvelia

Technical User
Jan 28, 2009
1
ZW
Please help. I am failing to connect using L2tp but with PPtp i am getting thru to my private lan. The error i get is the 'remote computer did not respond.

The following is my router debug output showing IKE Phase 1 and 2 , IPSEC sa then it just dies

----------------------------------
1d19h: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 1 against priority 1 policy
1d19h: ISAKMP: encryption 3DES-CBC
1d19h: ISAKMP: hash SHA
1d19h: ISAKMP: unknown DH group 14
1d19h: ISAKMP: auth pre-share
1d19h: ISAKMP: life type in seconds
1d19h: ISAKMP: life duration (VPI) of 0x0 0x0 0x70 0x80
1d19h: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
1d19h: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
1d19h: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 2 against priority 1 policy
1d19h: ISAKMP: encryption 3DES-CBC
1d19h: ISAKMP: hash SHA
1d19h: ISAKMP: default group 2
1d19h: ISAKMP: auth pre-share
1d19h: ISAKMP: life type in seconds
1d19h: ISAKMP: life duration (VPI) of 0x0 0x0 0x70 0x80
1d19h: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
1d19h: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
1d19h: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 3 against priority 1 policy
1d19h: ISAKMP: encryption 3DES-CBC
1d19h: ISAKMP: hash MD5
1d19h: ISAKMP: default group 2
1d19h: ISAKMP: auth pre-share
1d19h: ISAKMP: life type in seconds
1d19h: ISAKMP: life duration (VPI) of 0x0 0x0 0x70 0x80
1d19h: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
1d19h: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
1d19h: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 4 against priority 1 policy
1d19h: ISAKMP: encryption DES-CBC
1d19h: ISAKMP: hash SHA
1d19h: ISAKMP: default group 1
1d19h: ISAKMP: auth pre-share
1d19h: ISAKMP: life type in seconds
1d19h: ISAKMP: life duration (VPI) of 0x0 0x0 0x70 0x80
1d19h: ISAKMP:(0:0:N/A:0):Hash algorithm offered does not match policy!
1d19h: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
1d19h: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 5 against priority 1 policy
1d19h: ISAKMP: encryption DES-CBC
1d19h: ISAKMP: hash MD5
1d19h: ISAKMP: default group 1
1d19h: ISAKMP: auth pre-share
1d19h: ISAKMP: life type in seconds
1d19h: ISAKMP: life duration (VPI) of 0x0 0x0 0x70 0x80
1d19h: ISAKMP:(0:0:N/A:0):atts are acceptable. Next payload is 0
1d19h: ISAKMP:(0:1:HW:2): processing vendor id payload
1d19h: ISAKMP:(0:1:HW:2): vendor ID seems Unity/DPD but major 228 mismatch
1d19h: ISAKMP:(0:1:HW:2): processing vendor id payload
1d19h: ISAKMP:(0:1:HW:2): vendor ID seems Unity/DPD but major 194 mismatch
1d19h: ISAKMP:(0:1:HW:2): processing vendor id payload
1d19h: ISAKMP:(0:1:HW:2): vendor ID seems Unity/DPD but major 123 mismatch
1d19h: ISAKMP:(0:1:HW:2): vendor ID is NAT-T v2
1d19h: ISAKMP:(0:1:HW:2): processing vendor id payload
1d19h: ISAKMP:(0:1:HW:2): vendor ID seems Unity/DPD but major 184 mismatch
1d19h: ISAKMP:(0:1:HW:2):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
1d19h: ISAKMP:(0:1:HW:2):Old State = IKE_R_MM1 New State = IKE_R_MM1

1d19h: ISAKMP:(0:1:HW:2): constructed NAT-T vendor-02 ID
1d19h: ISAKMP:(0:1:HW:2): sending packet to 192.168.0.96 my_port 500 peer_port 5
00 (R) MM_SA_SETUP
1d19h: ISAKMP:(0:1:HW:2):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
1d19h: ISAKMP:(0:1:HW:2):Old State = IKE_R_MM1 New State = IKE_R_MM2

1d19h: ISAKMP (0:268435457): received packet from 192.168.0.96 dport 500 sport 5
00 Global (R) MM_SA_SETUP
1d19h: ISAKMP:(0:1:HW:2):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
1d19h: ISAKMP:(0:1:HW:2):Old State = IKE_R_MM2 New State = IKE_R_MM3

1d19h: ISAKMP:(0:1:HW:2): processing KE payload. message ID = 0
1d19h: ISAKMP:(0:1:HW:2): processing NONCE payload. message ID = 0
1d19h: ISAKMP: Looking for a matching key for 192.168.0.96 in default : success
1d19h: ISAKMP:(0:1:HW:2):found peer pre-shared key matching 192.168.0.96
1d19h: ISAKMP:(0:1:HW:2):SKEYID state generated
1d19h: ISAKMP:received payload type 17
1d19h: ISAKMP:received payload type 17
1d19h: ISAKMP:(0:1:HW:2):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
1d19h: ISAKMP:(0:1:HW:2):Old State = IKE_R_MM3 New State = IKE_R_MM3

1d19h: ISAKMP:(0:1:HW:2): sending packet to 192.168.0.96 my_port 500 peer_port 5
00 (R) MM_KEY_EXCH
1d19h: ISAKMP:(0:1:HW:2):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
1d19h: ISAKMP:(0:1:HW:2):Old State = IKE_R_MM3 New State = IKE_R_MM4

1d19h: ISAKMP (0:268435457): received packet from 192.168.0.96 dport 500 sport 5
00 Global (R) MM_KEY_EXCH
1d19h: ISAKMP:(0:1:HW:2):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
1d19h: ISAKMP:(0:1:HW:2):Old State = IKE_R_MM4 New State = IKE_R_MM5

1d19h: ISAKMP:(0:1:HW:2): processing ID payload. message ID = 0
1d19h: ISAKMP (0:268435457): ID payload
next-payload : 8
type : 1
address : 192.168.0.96
protocol : 0
port : 0
length : 12
1d19h: ISAKMP:(0:1:HW:2):: peer matches *none* of the profiles
1d19h: ISAKMP:(0:1:HW:2): processing HASH payload. message ID = 0
1d19h: ISAKMP:(0:1:HW:2):SA authentication status:
authenticated
1d19h: ISAKMP:(0:1:HW:2):SA has been authenticated with 192.168.0.96
1d19h: ISAKMP: Trying to insert a peer 196.27.108.49/192.168.0.96/500/, and ins
erted successfully.
1d19h: ISAKMP:(0:1:HW:2):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
1d19h: ISAKMP:(0:1:HW:2):Old State = IKE_R_MM5 New State = IKE_R_MM5

1d19h: ISAKMP:(0:1:HW:2):SA is doing pre-shared key authentication using id type
ID_IPV4_ADDR
1d19h: ISAKMP (0:268435457): ID payload
next-payload : 8
type : 1
address : 196.27.108.49
protocol : 17
port : 500
length : 12
1d19h: ISAKMP:(0:1:HW:2):Total payload length: 12
1d19h: ISAKMP:(0:1:HW:2): sending packet to 192.168.0.96 my_port 500 peer_port 5
00 (R) MM_KEY_EXCH
1d19h: ISAKMP:(0:1:HW:2):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
1d19h: ISAKMP:(0:1:HW:2):Old State = IKE_R_MM5 New State = IKE_P1_COMPLETE

1d19h: ISAKMP:(0:1:HW:2):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
1d19h: ISAKMP:(0:1:HW:2):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLET
E

1d19h: ISAKMP (0:268435457): received packet from 192.168.0.96 dport 500 sport 5
00 Global (R) QM_IDLE
1d19h: ISAKMP: set new node 2106257097 to QM_IDLE
1d19h: ISAKMP:(0:1:HW:2): processing HASH payload. message ID = 2106257097
1d19h: ISAKMP:(0:1:HW:2): processing SA payload. message ID = 2106257097
1d19h: ISAKMP:(0:1:HW:2):Checking IPSec proposal 1
1d19h: ISAKMP: transform 1, ESP_3DES
1d19h: ISAKMP: attributes in transform:
1d19h: ISAKMP: SA life type in seconds
1d19h: ISAKMP: SA life duration (VPI) of 0x0 0x0 0xE 0x10
1d19h: ISAKMP: SA life type in kilobytes
1d19h: ISAKMP: SA life duration (VPI) of 0x0 0x3 0xD0 0x90
1d19h: ISAKMP: encaps is 2 (Transport)
1d19h: ISAKMP: authenticator is HMAC-MD5
1d19h: ISAKMP:(0:1:HW:2):atts are acceptable.
1d19h: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= 196.27.108.49, remote= 192.168.0.96,
local_proxy= 196.27.108.49/255.255.255.255/17/1701 (type=1),
remote_proxy= 192.168.0.96/255.255.255.255/17/1701 (type=1),
protocol= ESP, transform= esp-3des esp-md5-hmac (Transport),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4
1d19h: Crypto mapdb : proxy_match
src addr : 196.27.108.49
dst addr : 192.168.0.96
protocol : 17
src port : 1701
dst port : 1701
1d19h: IPSEC(validate_transform_proposal): transform proposal not supported for
identity:
{esp-3des esp-md5-hmac }
1d19h: ISAKMP:(0:1:HW:2): IPSec policy invalidated proposal
1d19h: ISAKMP:(0:1:HW:2):Checking IPSec proposal 2
1d19h: ISAKMP: transform 1, AH_SHA
1d19h: ISAKMP: attributes in transform:
1d19h: ISAKMP: SA life type in seconds
1d19h: ISAKMP: SA life duration (VPI) of 0x0 0x0 0xE 0x10
1d19h: ISAKMP: SA life type in kilobytes
1d19h: ISAKMP: SA life duration (VPI) of 0x0 0x3 0xD0 0x90
1d19h: ISAKMP: encaps is 2 (Transport)
1d19h: ISAKMP: authenticator is HMAC-SHA
1d19h: ISAKMP:(0:1:HW:2):atts are acceptable.
1d19h: ISAKMP:(0:1:HW:2):Checking IPSec proposal 2
1d19h: ISAKMP: transform 1, ESP_3DES
1d19h: ISAKMP: attributes in transform:
1d19h: ISAKMP: SA life type in seconds
1d19h: ISAKMP: SA life duration (VPI) of 0x0 0x0 0xE 0x10
1d19h: ISAKMP: SA life type in kilobytes
1d19h: ISAKMP: SA life duration (VPI) of 0x0 0x3 0xD0 0x90
1d19h: ISAKMP: encaps is 2 (Transport)
1d19h: ISAKMP:(0:1:HW:2):atts are acceptable.
1d19h: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= 196.27.108.49, remote= 192.168.0.96,
local_proxy= 196.27.108.49/255.255.255.255/17/1701 (type=1),
remote_proxy= 192.168.0.96/255.255.255.255/17/1701 (type=1),
protocol= AH, transform= ah-sha-hmac (Transport),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4
1d19h: IPSEC(validate_proposal_request): proposal part #2,
(key eng. msg.) INBOUND local= 196.27.108.49, remote= 192.168.0.96,
local_proxy= 196.27.108.49/255.255.255.255/17/1701 (type=1),
remote_proxy= 192.168.0.96/255.255.255.255/17/1701 (type=1),
protocol= ESP, transform= esp-3des (Transport),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4
1d19h: Crypto mapdb : proxy_match
src addr : 196.27.108.49
dst addr : 192.168.0.96
protocol : 17
src port : 1701
dst port : 1701
1d19h: IPSEC(validate_transform_proposal): transform proposal not supported for
identity:
{ah-sha-hmac esp-3des }
1d19h: ISAKMP:(0:1:HW:2): IPSec policy invalidated proposal
1d19h: ISAKMP:(0:1:HW:2):Checking IPSec proposal 3
1d19h: ISAKMP: transform 1, AH_MD5
1d19h: ISAKMP: attributes in transform:
1d19h: ISAKMP: SA life type in seconds
1d19h: ISAKMP: SA life duration (VPI) of 0x0 0x0 0xE 0x10
1d19h: ISAKMP: SA life type in kilobytes
1d19h: ISAKMP: SA life duration (VPI) of 0x0 0x3 0xD0 0x90
1d19h: ISAKMP: encaps is 2 (Transport)
1d19h: ISAKMP: authenticator is HMAC-MD5
1d19h: ISAKMP:(0:1:HW:2):atts are acceptable.
1d19h: ISAKMP:(0:1:HW:2):Checking IPSec proposal 3
1d19h: ISAKMP: transform 1, ESP_3DES
1d19h: ISAKMP: attributes in transform:
1d19h: ISAKMP: SA life type in seconds
1d19h: ISAKMP: SA life duration (VPI) of 0x0 0x0 0xE 0x10
1d19h: ISAKMP: SA life type in kilobytes
1d19h: ISAKMP: SA life duration (VPI) of 0x0 0x3 0xD0 0x90
1d19h: ISAKMP: encaps is 2 (Transport)
1d19h: ISAKMP:(0:1:HW:2):atts are acceptable.
1d19h: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= 196.27.108.49, remote= 192.168.0.96,
local_proxy= 196.27.108.49/255.255.255.255/17/1701 (type=1),
remote_proxy= 192.168.0.96/255.255.255.255/17/1701 (type=1),
protocol= AH, transform= ah-md5-hmac (Transport),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4
1d19h: IPSEC(validate_proposal_request): proposal part #2,
(key eng. msg.) INBOUND local= 196.27.108.49, remote= 192.168.0.96,
local_proxy= 196.27.108.49/255.255.255.255/17/1701 (type=1),
remote_proxy= 192.168.0.96/255.255.255.255/17/1701 (type=1),
protocol= ESP, transform= esp-3des (Transport),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4
1d19h: Crypto mapdb : proxy_match
src addr : 196.27.108.49
dst addr : 192.168.0.96
protocol : 17
src port : 1701
dst port : 1701
1d19h: IPSEC(validate_transform_proposal): transform proposal not supported for
identity:
{ah-md5-hmac esp-3des }
1d19h: ISAKMP:(0:1:HW:2): IPSec policy invalidated proposal
1d19h: ISAKMP:(0:1:HW:2):Checking IPSec proposal 4
1d19h: ISAKMP: transform 1, AH_SHA
1d19h: ISAKMP: attributes in transform:
1d19h: ISAKMP: SA life type in seconds
1d19h: ISAKMP: SA life duration (VPI) of 0x0 0x0 0xE 0x10
1d19h: ISAKMP: SA life type in kilobytes
1d19h: ISAKMP: SA life duration (VPI) of 0x0 0x3 0xD0 0x90
1d19h: ISAKMP: encaps is 2 (Transport)
1d19h: ISAKMP: authenticator is HMAC-SHA
1d19h: ISAKMP:(0:1:HW:2):atts are acceptable.
1d19h: ISAKMP:(0:1:HW:2):Checking IPSec proposal 4
1d19h: ISAKMP: transform 1, ESP_3DES
1d19h: ISAKMP: attributes in transform:
1d19h: ISAKMP: SA life type in seconds
1d19h: ISAKMP: SA life duration (VPI) of 0x0 0x0 0xE 0x10
1d19h: ISAKMP: SA life type in kilobytes
1d19h: ISAKMP: SA life duration (VPI) of 0x0 0x3 0xD0 0x90
1d19h: ISAKMP: encaps is 2 (Transport)
1d19h: ISAKMP: authenticator is HMAC-SHA
1d19h: ISAKMP:(0:1:HW:2):atts are acceptable.
1d19h: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= 196.27.108.49, remote= 192.168.0.96,
local_proxy= 196.27.108.49/255.255.255.255/17/1701 (type=1),
remote_proxy= 192.168.0.96/255.255.255.255/17/1701 (type=1),
protocol= AH, transform= ah-sha-hmac (Transport),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4
1d19h: IPSEC(validate_proposal_request): proposal part #2,
(key eng. msg.) INBOUND local= 196.27.108.49, remote= 192.168.0.96,
local_proxy= 196.27.108.49/255.255.255.255/17/1701 (type=1),
remote_proxy= 192.168.0.96/255.255.255.255/17/1701 (type=1),
protocol= ESP, transform= esp-3des esp-sha-hmac (Transport),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4
1d19h: Crypto mapdb : proxy_match
src addr : 196.27.108.49
dst addr : 192.168.0.96
protocol : 17
src port : 1701
dst port : 1701
1d19h: IPSEC(validate_transform_proposal): transform proposal not supported for
identity:
{ah-sha-hmac esp-3des esp-sha-hmac }
1d19h: ISAKMP:(0:1:HW:2): IPSec policy invalidated proposal
1d19h: ISAKMP:(0:1:HW:2):Checking IPSec proposal 5
1d19h: ISAKMP: transform 1, AH_MD5
1d19h: ISAKMP: attributes in transform:
1d19h: ISAKMP: SA life type in seconds
1d19h: ISAKMP: SA life duration (VPI) of 0x0 0x0 0xE 0x10
1d19h: ISAKMP: SA life type in kilobytes
1d19h: ISAKMP: SA life duration (VPI) of 0x0 0x3 0xD0 0x90
1d19h: ISAKMP: encaps is 2 (Transport)
1d19h: ISAKMP: authenticator is HMAC-MD5
1d19h: ISAKMP:(0:1:HW:2):atts are acceptable.
1d19h: ISAKMP:(0:1:HW:2):Checking IPSec proposal 5
1d19h: ISAKMP: transform 1, ESP_3DES
1d19h: ISAKMP: attributes in transform:
1d19h: ISAKMP: SA life type in seconds
1d19h: ISAKMP: SA life duration (VPI) of 0x0 0x0 0xE 0x10
1d19h: ISAKMP: SA life type in kilobytes
1d19h: ISAKMP: SA life duration (VPI) of 0x0 0x3 0xD0 0x90
1d19h: ISAKMP: encaps is 2 (Transport)
1d19h: ISAKMP: authenticator is HMAC-MD5
1d19h: ISAKMP:(0:1:HW:2):atts are acceptable.
1d19h: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= 196.27.108.49, remote= 192.168.0.96,
local_proxy= 196.27.108.49/255.255.255.255/17/1701 (type=1),
remote_proxy= 192.168.0.96/255.255.255.255/17/1701 (type=1),
protocol= AH, transform= ah-md5-hmac (Transport),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4
1d19h: IPSEC(validate_proposal_request): proposal part #2,
(key eng. msg.) INBOUND local= 196.27.108.49, remote= 192.168.0.96,
local_proxy= 196.27.108.49/255.255.255.255/17/1701 (type=1),
remote_proxy= 192.168.0.96/255.255.255.255/17/1701 (type=1),
protocol= ESP, transform= esp-3des esp-md5-hmac (Transport),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4
1d19h: Crypto mapdb : proxy_match
src addr : 196.27.108.49
dst addr : 192.168.0.96
protocol : 17
src port : 1701
dst port : 1701
1d19h: IPSEC(validate_transform_proposal): transform proposal not supported for
identity:
{ah-md5-hmac esp-3des esp-md5-hmac }
1d19h: ISAKMP:(0:1:HW:2): IPSec policy invalidated proposal
1d19h: ISAKMP:(0:1:HW:2):Checking IPSec proposal 6
1d19h: ISAKMP: transform 1, ESP_DES
1d19h: ISAKMP: attributes in transform:
1d19h: ISAKMP: SA life type in seconds
1d19h: ISAKMP: SA life duration (VPI) of 0x0 0x0 0xE 0x10
1d19h: ISAKMP: SA life type in kilobytes
1d19h: ISAKMP: SA life duration (VPI) of 0x0 0x3 0xD0 0x90
1d19h: ISAKMP: encaps is 2 (Transport)
1d19h: ISAKMP: authenticator is HMAC-MD5
1d19h: ISAKMP:(0:1:HW:2):atts are acceptable.
1d19h: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= 196.27.108.49, remote= 192.168.0.96,
local_proxy= 196.27.108.49/255.255.255.255/17/1701 (type=1),
remote_proxy= 192.168.0.96/255.255.255.255/17/1701 (type=1),
protocol= ESP, transform= esp-des esp-md5-hmac (Transport),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4
1d19h: Crypto mapdb : proxy_match
src addr : 196.27.108.49
dst addr : 192.168.0.96
protocol : 17
src port : 1701
dst port : 1701
1d19h: ISAKMP:(0:1:HW:2): processing NONCE payload. message ID = 2106257097
1d19h: ISAKMP:(0:1:HW:2): processing ID payload. message ID = 2106257097
1d19h: ISAKMP:(0:1:HW:2): processing ID payload. message ID = 2106257097
1d19h: ISAKMP:(0:1:HW:2): asking for 1 spis from ipsec
1d19h: ISAKMP:(0:1:HW:2):Node 2106257097, Input = IKE_MESG_FROM_PEER, IKE_QM_EXC
H
1d19h: ISAKMP:(0:1:HW:2):Old State = IKE_QM_READY New State = IKE_QM_SPI_STARVE

1d19h: IPSEC(key_engine): got a queue event with 1 kei messages
1d19h: IPSEC(spi_response): getting spi 392073052 for SA
from 196.27.108.49 to 192.168.0.96 for prot 3
1d19h: ISAKMP: received ke message (2/1)
1d19h: IPSec: Flow_switching Allocated flow for flow_id 268435457
1d19h: IPSec: Flow_switching Allocated flow for flow_id 268435458
1d19h: %CRYPTO-5-SESSION_STATUS: Crypto tunnel is UP . Peer 192.168.0.96:500
Id: 192.168.0.96
1d19h: ISAKMP: Locking peer struct 0x82D01E90, IPSEC refcount 1 for for stuff_ke

1d19h: ISAKMP:(0:1:HW:2): Creating IPSec SAs
1d19h: inbound SA from 192.168.0.96 to 196.27.108.49 (f/i) 0/ 0
(proxy 192.168.0.96 to 196.27.108.49)
1d19h: has spi 0x175E8F5C and conn_id 200 and flags 4
1d19h: lifetime of 3600 seconds
1d19h: lifetime of 250000 kilobytes
1d19h: has client flags 0x0
1d19h: outbound SA from 196.27.108.49 to 192.168.0.96 (f/i) 0/0
(proxy 196.27.108.49 to 192.168.0.96)
1d19h: has spi -559381573 and conn_id 201 and flags C
1d19h: lifetime of 3600 seconds
1d19h: lifetime of 250000 kilobytes
1d19h: has client flags 0x0
1d19h: IPSEC(key_engine): got a queue event with 2 kei messages
1d19h: IPSEC(initialize_sas): ,
(key eng. msg.) INBOUND local= 196.27.108.49, remote= 192.168.0.96,
local_proxy= 196.27.108.49/0.0.0.0/17/1701 (type=1),
remote_proxy= 192.168.0.96/0.0.0.0/17/1701 (type=1),
protocol= ESP, transform= esp-des esp-md5-hmac (Transport),
lifedur= 3600s and 250000kb,
spi= 0x175E8F5C(392073052), conn_id= 268435656, keysize= 0, flags= 0x4
1d19h: IPSEC(initialize_sas): ,
(key eng. msg.) OUTBOUND local= 196.27.108.49, remote= 192.168.0.96,
local_proxy= 196.27.108.49/0.0.0.0/17/1701 (type=1),
remote_proxy= 192.168.0.96/0.0.0.0/17/1701 (type=1),
protocol= ESP, transform= esp-des esp-md5-hmac (Transport),
lifedur= 3600s and 250000kb,
spi= 0xDEA883BB(3735585723), conn_id= 268435657, keysize= 0, flags= 0xC
1d19h: Crypto mapdb : proxy_match
src addr : 196.27.108.49
dst addr : 192.168.0.96
protocol : 17
src port : 1701
dst port : 1701
1d19h: IPSEC(crypto_ipsec_sa_find_ident_head): reconnecting with the same proxie
s and 192.168.0.96
1d19h: IPSEC(policy_db_add_ident): src 196.27.108.49, dest 192.168.0.96, dest_po
rt 1701

1d19h: IPSEC(create_sa): sa created,
(sa) sa_dest= 196.27.108.49, sa_prot= 50,
sa_spi= 0x175E8F5C(392073052),
sa_trans= esp-des esp-md5-hmac , sa_conn_id= 268435656
1d19h: IPSEC(create_sa): sa created,
(sa) sa_dest= 192.168.0.96, sa_prot= 50,
sa_spi= 0xDEA883BB(3735585723),
sa_trans= esp-des esp-md5-hmac , sa_conn_id= 268435657
1d19h: ISAKMP:(0:1:HW:2): sending packet to 192.168.0.96 my_port 500 peer_port 5
00 (R) QM_IDLE
1d19h: ISAKMP:(0:1:HW:2):Node 2106257097, Input = IKE_MESG_FROM_IPSEC, IKE_SPI_R
EPLY
1d19h: ISAKMP:(0:1:HW:2):Old State = IKE_QM_SPI_STARVE New State = IKE_QM_R_QM2

1d19h: ISAKMP (0:268435457): received packet from 192.168.0.96 dport 500 sport 5
00 Global (R) QM_IDLE
1d19h: ISAKMP:(0:1:HW:2):deleting node 2106257097 error FALSE reason "QM done (a
wait)"
1d19h: ISAKMP:(0:1:HW:2):Node 2106257097, Input = IKE_MESG_FROM_PEER, IKE_QM_EXC
H
1d19h: ISAKMP:(0:1:HW:2):Old State = IKE_QM_R_QM2 New State = IKE_QM_PHASE2_COM
PLETE
1d19h: IPSEC(key_engine): got a queue event with 1 kei messages
1d19h: IPSEC(key_engine_enable_outbound): rec'd enable notify from ISAKMP
1d19h: IPSEC(key_engine_enable_outbound): enable SA with spi 3735585723/50 for 1
92.168.0.96
1d19h: ISAKMP: received ke message (3/1)
1d19h: ISAKMP: ignoring request to send delete notify (no ISAKMP sa) src 192.168
.0.254 dst 192.168.0.96 for SPI 0x0
1d19h: ISAKMP: received ke message (3/1)
1d19h: ISAKMP: ignoring request to send delete notify (no ISAKMP sa) src 192.168
.0.254 dst 192.168.0.96 for SPI 0x0
1d19h: ISAKMP: received ke message (3/1)
1d19h: ISAKMP: ignoring request to send delete notify (no ISAKMP sa) src 192.168


Then this below is my router Cisco C1700 config

version 12.3
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Afdis_HeadOffice
!
boot-start-marker
boot-end-marker
!
no logging buffered
!
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
aaa new-model
!
!
aaa authentication ppp use-radius group radius
aaa authorization network default group radius
aaa session-id common
ip subnet-zero
!
!
no ip dhcp conflict logging
ip dhcp excluded-address 192.168.0.1 192.168.0.20
!
!
no ip domain lookup
ip domain name afdisgl
ip name-server 196.201.1.6
ip name-server 196.201.1.7
ip name-server 192.168.0.1
ip cef
ip ids po max-events 100
ip ssh version 2
vpdn enable
!
vpdn-group 1
! Default L2TP VPDN group
description VPN Dialin
accept-dialin
protocol l2tp
virtual-template 1
l2tp security crypto-profile l2tpprof
no l2tp tunnel authentication
!
vpdn-group 2
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
!
async-bootp dns-server 192.168.0.7
no ftp-server write-enable
!
!
crypto isakmp policy 1
hash md5
authentication pre-share
crypto isakmp key xxxxx address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set l2tptrans esp-des esp-md5-hmac
mode transport
!
!
crypto map l2tpmap 10 ipsec-isakmp profile l2tpprof
set transform-set l2tptrans
!
!
!
interface FastEthernet0
ip address 196.27.96.42 255.255.255.0 secondary
ip address 196.27.108.49 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map l2tpmap
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
shutdown
!
interface FastEthernet3
no ip address
shutdown
!
interface FastEthernet4
no ip address
shutdown
!
interface Virtual-Template1
ip unnumbered FastEthernet0
ip nat inside
ip virtual-reassembly
peer default ip address pool vpn
ppp encrypt mppe auto
ppp authentication ms-chap ms-chap-v2 callin use-radius
!
interface Vlan1
description Link to Afdis LAN
ip address 192.168.0.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Async1
no ip address
!
ip local pool vpn 192.168.0.11 192.168.0.14
ip classless
ip route 0.0.0.0 0.0.0.0 196.27.108.1
ip route 192.168.1.0 255.255.255.0 192.168.0.11
ip http server
ip http authentication local
no ip http secure-server
ip nat translation timeout 30
ip nat pool ssh 196.27.108.49 196.27.108.49 netmask 255.255.255.0
ip nat inside source list 1 interface FastEthernet0 overload
ip nat inside source static tcp 192.168.0.1 22 196.27.108.49 22 extendable
ip nat inside source static tcp 192.168.0.1 25 196.27.108.49 25 extendable
ip nat inside source static tcp 192.168.0.1 80 196.27.108.49 80 extendable
ip nat inside source static tcp 192.168.0.1 8080 196.27.108.49 8080 extendable
ip nat inside source static tcp 192.168.0.25 62070 196.27.108.49 62070 extendable
!
!
!
logging trap debugging
logging facility local5
logging 192.168.0.4
access-list 1 remark Permit NAT traffic from 192.168.254.0/24
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 2 permit 192.168.0.0 0.0.0.255
access-list 100 permit ip any any
!
radius-server host 192.168.0.4 auth-port 1645 acct-port 1646
radius-server key 7
radius-server vsa send authentication
!
control-plane
!
banner login 
*******************************************************************

AFDIS Authorised Personnel Only. Unauthorised Login Prohibited!!!!!

*******************************************************************
!
line con 0
password 7
speed 115200
flowcontrol hardware
line aux 0
end


 
Status
Not open for further replies.

Similar threads

B
  • Question
Cisco IP phone 7841 8851 unable to forward all to external number
Replies
0
Views
114
badwolf1686
B
pbxcomm
  • Locked
  • Question
CISCO VG450
Replies
1
Views
436
nt8d09
nt8d09
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
409
madwok
madwok
Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
434
Jared R
Jared R
Hayden09
  • Locked
  • Question
Cisco Sg-300 Flapping?
Replies
0
Views
378
Hayden09
Hayden09

Part and Inventory Search

Sponsor

Back
Top