Comprar o Renovar
Comprar o Renovar
custom.ribbon_feed
cancelar
Activar sugerencias
La sugerencia automática le ayuda a obtener, de forma rápida, resultados precisos de su búsqueda al sugerirle posibles coincidencias mientras escribe.
Mostrando los resultados de 
Buscar en lugar de 
Quiere decir: 
cancel
Iniciar una conversación
1886
Visitas
10
ÚTIL
9
Respuestas

VPN Error

Ir a solución
Ramón Garcia
Level 1
Level 1

el ‎02-27-2020 12:15 AM

Buenos días.

Antes de nada. no soy experto en seguridad.

Os expongo mi problema.

sobre esta topografíavpn.PNG.

y teniendo esta configuración en el ASA.

: Hardware:   ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cor                                                                             es)
: Written by enable_15 at 20:23:47.099 CEST Wed Feb 26 2020
: Call-home enabled from prompt by enable_15 at 15:15:38 UTC Feb 24 2020
!
ASA Version 9.8(2)
!
hostname ASA
enable password $sha512$5000$UENVzfNpjxLbFAqD2HEL7w==$HU0kSXgCcShB3nQQUcoKhQ== p                                                                             bkdf2
names
ip local pool vpn_pool 192.168.100.101-192.168.100.121 mask 255.255.255.0

!
interface GigabitEthernet1/1
 nameif outside
 security-level 0
 ip address dhcp setroute
!
interface GigabitEthernet1/2
 bridge-group 1
 nameif inside_1
 security-level 100
!
interface GigabitEthernet1/3
 bridge-group 1
 nameif inside_2
 security-level 100
!
interface GigabitEthernet1/4
 bridge-group 1
 nameif inside_3
 security-level 100
!
interface GigabitEthernet1/5
 bridge-group 1
 nameif inside_4
 security-level 100
!
interface GigabitEthernet1/6
 bridge-group 1
 nameif inside_5
 security-level 100
!
interface GigabitEthernet1/7
 bridge-group 1
 nameif inside_6
 security-level 100
!
interface GigabitEthernet1/8
 bridge-group 1
 nameif inside_7
 security-level 100
!
interface Management1/1
 management-only
 no nameif
 no security-level
 no ip address
!
interface BVI1
 nameif inside
 security-level 100
 ip address 192.168.100.1 255.255.255.0
!
ftp mode passive
clock timezone CEST 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
same-security-traffic permit inter-interface
object network obj_any1
 subnet 0.0.0.0 0.0.0.0
object network obj_any2
 subnet 0.0.0.0 0.0.0.0
object network obj_any3
 subnet 0.0.0.0 0.0.0.0
object network obj_any4
 subnet 0.0.0.0 0.0.0.0
object network obj_any5
 subnet 0.0.0.0 0.0.0.0
object network obj_any6
 subnet 0.0.0.0 0.0.0.0
object network obj_any7
 subnet 0.0.0.0 0.0.0.0
object network NETWORK_OBJ_192.168.100.96_27
 subnet 192.168.100.96 255.255.255.224
object network L2TP-Pool
 subnet 192.168.100.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside_1 1500
mtu inside_2 1500
mtu inside_3 1500
mtu inside_4 1500
mtu inside_5 1500
mtu inside_6 1500
mtu inside_7 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-782.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
arp rate-limit 16384
nat (outside,outside) source static any any destination static NETWORK_OBJ_192.168.100.96_27 NETWORK_OBJ_192.168.100.96_27 no-proxy-arp route-lookup
nat (inside_1,outside) source static any any destination static L2TP-Pool L2TP-Pool no-proxy-arp route-lookup

!
object network obj_any1
 nat (inside_1,outside) dynamic interface
object network obj_any2
 nat (inside_2,outside) dynamic interface
object network obj_any3
 nat (inside_3,outside) dynamic interface
object network obj_any4
 nat (inside_4,outside) dynamic interface
object network obj_any5
 nat (inside_5,outside) dynamic interface
object network obj_any6
 nat (inside_6,outside) dynamic interface
object network obj_any7
 nat (inside_7,outside) dynamic interface
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
timeout conn-holddown 0:00:15
timeout igp stale-route 0:01:10
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication login-history
http server enable
http 192.168.1.0 255.255.255.0 inside_1
http 192.168.1.0 255.255.255.0 inside_2
http 192.168.1.0 255.255.255.0 inside_3
http 192.168.1.0 255.255.255.0 inside_4
http 192.168.1.0 255.255.255.0 inside_5
http 192.168.1.0 255.255.255.0 inside_6
http 192.168.1.0 255.255.255.0 inside_7
http 192.168.100.0 255.255.255.0 inside_1
no snmp-server location
no snmp-server contact
service sw-reset-button
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set TRANS-ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set TRANS-ESP-3DES-SHA mode transport
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-192-SHA ESP-AES-256-SHA ESP-3DES-SHA ESP-DES-SHA ESP-AES-128-SHA-TRANS ESP-AES-192-SHA-TRANS ESP-AES-256-SHA-TRANS ESP-3DES-SHA-TRANS ESP-DES-SHA-TRANS
crypto dynamic-map outside_dyn_map 10 set ikev1 transform-set TRANS-ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto ca trustpoint _SmartCallHome_ServerCA
 no validation-usage
 crl configure
crypto ca trustpool policy
crypto ca certificate chain _SmartCallHome_ServerCA
 certificate ca 513fb9743870b73440418d30930699ff
    30820538 30820420 a0030201 02021051 3fb97438 70b73440 418d3093 0699ff30
    0d06092a 864886f7 0d01010b 05003081 ca310b30 09060355 04061302 55533117
    30150603 55040a13 0e566572 69536967 6e2c2049 6e632e31 1f301d06 0355040b
    13165665 72695369 676e2054 72757374 204e6574 776f726b 313a3038 06035504
    0b133128 63292032 30303620 56657269 5369676e 2c20496e 632e202d 20466f72
    20617574 686f7269 7a656420 75736520 6f6e6c79 31453043 06035504 03133c56
    65726953 69676e20 436c6173 73203320 5075626c 69632050 72696d61 72792043
    65727469 66696361 74696f6e 20417574 686f7269 7479202d 20473530 1e170d31
    33313033 31303030 3030305a 170d3233 31303330 32333539 35395a30 7e310b30
    09060355 04061302 5553311d 301b0603 55040a13 1453796d 616e7465 6320436f
    72706f72 6174696f 6e311f30 1d060355 040b1316 53796d61 6e746563 20547275
    7374204e 6574776f 726b312f 302d0603 55040313 2653796d 616e7465 6320436c
    61737320 33205365 63757265 20536572 76657220 4341202d 20473430 82012230
    0d06092a 864886f7 0d010101 05000382 010f0030 82010a02 82010100 b2d805ca
    1c742db5 175639c5 4a520996 e84bd80c f1689f9a 422862c3 a530537e 5511825b
    037a0d2f e17904c9 b4967719 81019459 f9bcf77a 9927822d b783dd5a 277fb203
    7a9c5325 e9481f46 4fc89d29 f8be7956 f6f7fdd9 3a68da8b 4b823341 12c3c83c
    ccd6967a 84211a22 04032717 8b1c6861 930f0e51 80331db4 b5ceeb7e d062acee
    b37b0174 ef6935eb cad53da9 ee9798ca 8daa440e 25994a15 96a4ce6d 02541f2a
    6a26e206 3a6348ac b44cd175 9350ff13 2fd6dae1 c618f59f c9255df3 003ade26
    4db42909 cd0f3d23 6f164a81 16fbf283 10c3b8d6 d855323d f1bd0fbd 8c52954a
    16977a52 2163752f 16f9c466 bef5b509 d8ff2700 cd447c6f 4b3fb0f7 02030100
    01a38201 63308201 5f301206 03551d13 0101ff04 08300601 01ff0201 00303006
    03551d1f 04293027 3025a023 a021861f 68747470 3a2f2f73 312e7379 6d63622e
    636f6d2f 70636133 2d67352e 63726c30 0e060355 1d0f0101 ff040403 02010630
    2f06082b 06010505 07010104 23302130 1f06082b 06010505 07300186 13687474
    703a2f2f 73322e73 796d6362 2e636f6d 306b0603 551d2004 64306230 60060a60
    86480186 f8450107 36305230 2606082b 06010505 07020116 1a687474 703a2f2f
    7777772e 73796d61 7574682e 636f6d2f 63707330 2806082b 06010505 07020230
    1c1a1a68 7474703a 2f2f7777 772e7379 6d617574 682e636f 6d2f7270 61302906
    03551d11 04223020 a41e301c 311a3018 06035504 03131153 796d616e 74656350
    4b492d31 2d353334 301d0603 551d0e04 1604145f 60cf6190 55df8443 148a602a
    b2f57af4 4318ef30 1f060355 1d230418 30168014 7fd365a7 c2ddecbb f03009f3
    4339fa02 af333133 300d0609 2a864886 f70d0101 0b050003 82010100 5e945649
    dd8e2d65 f5c13651 b603e3da 9e7319f2 1f59ab58 7e6c2605 2cfa81d7 5c231722
    2c3793f7 86ec85e6 b0a3fd1f e232a845 6fe1d9fb b9afd270 a0324265 bf84fe16
    2a8f3fc5 a6d6a393 7d43e974 21913528 f463e92e edf7f55c 7f4b9ab5 20e90abd
    e045100c 14949a5d a5e34b91 e8249b46 4065f422 72cd99f8 8811f5f3 7fe63382
    e6a8c57e fed008e2 25580871 68e6cda2 e614de4e 52242dfd e5791353 e75e2f2d
    4d1b6d40 15522bf7 87897812 816ed94d aa2d78d4 c22c3d08 5f87919e 1f0eb0de
    30526486 89aa9d66 9c0e760c 80f274d8 2af8b83a ced7d60f 11be6bab 14f5bd41
    a0226389 f1ba0f6f 2963662d 3fac8c72 c5fbc7e4 d40ff23b 4f8c29c7
  quit
crypto ikev1 enable outside
crypto ikev1 policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 20
 authentication rsa-sig
 encryption aes-256
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 40
 authentication pre-share
 encryption aes-192
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 50
 authentication rsa-sig
 encryption aes-192
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 70
 authentication pre-share
 encryption aes
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 80
 authentication rsa-sig
 encryption aes
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 110
 authentication rsa-sig
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 130
 authentication pre-share
 encryption des
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 140
 authentication rsa-sig
 encryption des
 hash sha
 group 2
 lifetime 86400
telnet timeout 5
ssh stricthostkeycheck
ssh 192.168.100.0 255.255.255.0 inside_1
ssh timeout 5
ssh version 2
ssh key-exchange group dh-group1-sha1
console timeout 0

dhcpd dns 8.8.8.8 8.8.4.4
dhcpd auto_config outside
!
dhcpd address 192.168.100.5-192.168.100.100 inside
dhcpd enable inside
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
 dns-server value 8.8.8.8 8.8.4.4
 vpn-tunnel-protocol l2tp-ipsec
group-policy L2TP-VPN internal
group-policy L2TP-VPN attributes
 vpn-tunnel-protocol l2tp-ipsec
 default-domain value cisco.com
group-policy VPN internal
group-policy VPN attributes
 dns-server value 8.8.8.8 4.4.4.2
 vpn-tunnel-protocol l2tp-ipsec
 default-domain value cisco.com
dynamic-access-policy-record DfltAccessPolicy
username test password DLaUiAX3l78qgoB5c7iVNw== nt-encrypted privilege 0
username test attributes
 vpn-group-policy DefaultRAGroup
username Administrador password $sha512$5000$kDjmb2tQvEuU3OO+4WjpoA==$W7ODVBZ2CsyUMQjUUX8jEQ== pbkdf2 privilege 15
tunnel-group DefaultRAGroup general-attributes
 address-pool vpn_pool
 address-pool vpnconet
 default-group-policy VPN
tunnel-group DefaultRAGroup ipsec-attributes
 ikev1 pre-shared-key *****
tunnel-group DefaultRAGroup ppp-attributes
 no authentication chap
 authentication ms-chap-v2
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
  no tcp-inspection
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect ip-options
!
service-policy global_policy global
prompt hostname context
call-home reporting anonymous
password encryption aes
Cryptochecksum:116f79df753eceefee4d50942d35d634

El ASA en un principio esta pensado para gestionar las VPN de acceso al servidor.

La configuracion de la VPN esta optenida de link.

Desde el Host A (Win10) se genera la conexión VPN sin problema.

pero al intentar realizar la conexion desde el Host B (win10) Obtengo.

"Error en el intento de conexión L2PT porque el nivel de seguridad encontró un error de proceso durante la negociaciones iniciales con el equipo remoto"

 

el RouterISP es de la compañia ORANGE España. con fibra simétrica de 500Gb

a traves del ASDM he obtenido.

5|Feb 26 2020|20:53:14|713120|||||Group = DefaultRAGroup, IP = 90.xxx.xxx.xxx, PHASE 2 COMPLETED (msgid=00000001)
5|Feb 26 2020|20:53:14|713049|||||Group = DefaultRAGroup, IP = 90.xxx.xxx.xxx, Security negotiation complete for User ()  Responder, Inbound SPI = 0x80c9c1b7, Outbound SPI = 0xd6bdfa30
3|Feb 26 2020|20:53:13|713122|||||IP = 90.xxx.xxx.xxx, Keep-alives configured on but peer does not support keep-alives (type = None)
5|Feb 26 2020|20:53:13|713119|||||Group = DefaultRAGroup, IP = 90.xxx.xxx.xxx, PHASE 1 COMPLETED
4|Feb 26 2020|20:53:13|113019|||||Group = DefaultRAGroup, Username = , IP = 90.xxx.xxx.xxx, Session disconnected. Session Type: IPsecOverNatT, Duration: 0h:00m:18s, Bytes xmt: 0, Bytes rcv: 0, Reason: User Requested
5|Feb 26 2020|20:53:13|713259|||||Group = DefaultRAGroup, IP = 90.xxx.xxx.xxx, Session is being torn down. Reason: User Requested
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2

no se si alguien me podria aco

 

 

Etiquetas:
0 Útil
1 SOLUCIÓN ACEPTADA

Soluciones aceptadas

Ir a solución
Ramón Garcia
Level 1
Level 1
En respuesta a Ramón Garcia

el ‎03-02-2020 12:28 AM

Buenos días señores.

al final después de muchas vueltas el problema era de windows.

 

Configuración Firewall.

    configuracion IPSec. 

       Predeterminados IPSec.

          Intercambio de claves ---> personalizar.Captura3.PNG

          Protección de datos. ---> personalizar.Captura4.PNG

 

mas añadir en registro.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent]
"AssumeUDPEncapsulationContextOnSendRule"=dword:00000002

 

reiniciamos y funciona correctamente.

Un saludo y gracias a todos por la colaboración.

 

espero que sea útil.

Ver la solución en mensaje original publicado

9 RESPUESTAS 9

Ir a solución
Julio E. Moisa
VIP
VIP

el ‎02-27-2020 03:26 AM

Hola

La falla indica la fase 2 y el grupo HD 2, estas utilizando los mismos parametros en el host b? Talvez haria falta agregar un Hash MD5. Usas el usuario test?

 

Fase 1

 

crypto ikev1 policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 20
 authentication rsa-sig
 encryption aes-256
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 40
 authentication pre-share
 encryption aes-192
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 50
 authentication rsa-sig
 encryption aes-192
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 70
 authentication pre-share
 encryption aes
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 80
 authentication rsa-sig
 encryption aes
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 110
 authentication rsa-sig
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 130
 authentication pre-share
 encryption des
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 140
 authentication rsa-sig
 encryption des
 hash sha
 group 2

 




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Útil

Ir a solución
Ramón Garcia
Level 1
Level 1
En respuesta a Julio E. Moisa

el ‎02-27-2020 09:43 AM

Buenas tardes.

"estas utilizando los mismos parámetros en el host b?". 

Si. de echo es el mismo pc. lo único que hago es desconectar de la wifi de casa y conectar a una del móvil. modificando la ip de conexión de la local a la externa.

"Tal vez haría falta agregar un Hash MD5. Usas el usuario test?".

he probado a sustituir el Hash sha por Hash md5. y me ha dejado de conectar en local.

 

por otro lado he echo unas capturas del Log Buffer (Notifications) tanto en la conexión local como en externa.

 

Conexión Local (Host A)

4|Feb 27 2020|17:58:20|403102|||||PPP virtual interface 1 rcvd pkt with invalid protocol: 8057, reason: unsupported protocol
5|Feb 27 2020|17:58:20|737003|||||IPAA: Session=0x09208000, DHCP configured, no viable servers found for tunnel-group 'DefaultRAGroup'
5|Feb 27 2020|17:58:19|713120|||||Group = DefaultRAGroup, IP = 192.168.1.72, PHASE 2 COMPLETED (msgid=00000001)
5|Feb 27 2020|17:58:19|713049|||||Group = DefaultRAGroup, IP = 192.168.1.72, Security negotiation complete for User ()  Responder, Inbound SPI = 0xfa90e5f0, Outbound SPI = 0xd0fbffe2
3|Feb 27 2020|17:58:19|713122|||||IP = 192.168.1.72, Keep-alives configured on but peer does not support keep-alives (type = None)
5|Feb 27 2020|17:58:19|713119|||||Group = DefaultRAGroup, IP = 192.168.1.72, PHASE 1 COMPLETED
5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2

  Conexión Externa (Host B)

4|Feb 27 2020|18:14:50|113019|||||Group = DefaultRAGroup, Username = , IP = 85.xxx.xxx.xxx, Session disconnected. Session Type: IKEv1, Duration: 0h:00m:06s, Bytes xmt: 0, Bytes rcv: 0, Reason: User Requested
5|Feb 27 2020|18:14:50|713259|||||Group = DefaultRAGroup, IP = 85.xxx.xxx.xxx, Session is being torn down. Reason: User Requested
5|Feb 27 2020|18:14:50|713050|||||Group = DefaultRAGroup, IP = 85.xxx.xxx.xxx, Connection terminated for peer .  Reason: Peer Terminate  Remote Proxy 0.0.0.0, Local Proxy 0.0.0.0
5|Feb 27 2020|18:14:50|713050|||||Group = DefaultRAGroup, IP = 85.xxx.xxx.xxx, Connection terminated for peer .  Reason: Peer Terminate  Remote Proxy 85.xxx.xxx.xxx, Local Proxy 192.168.1.145
5|Feb 27 2020|18:14:44|713120|||||Group = DefaultRAGroup, IP = 85.xxx.xxx.xxx, PHASE 2 COMPLETED (msgid=00000001)
5|Feb 27 2020|18:14:44|713049|||||Group = DefaultRAGroup, IP = 85.xxx.xxx.xxx, Security negotiation complete for User ()  Responder, Inbound SPI = 0x23be24ac, Outbound SPI = 0xf0bc1e0a
3|Feb 27 2020|18:14:43|713122|||||IP = 85.xxx.xxx.xxx, Keep-alives configured on but peer does not support keep-alives (type = None)
5|Feb 27 2020|18:14:43|713119|||||Group = DefaultRAGroup, IP = 85.xxx.xxx.xxx, PHASE 1 COMPLETED
4|Feb 27 2020|18:14:43|113019|||||Group = DefaultRAGroup, Username = , IP = 85.xxx.xxx.xxx, Session disconnected. Session Type: IPsecOverNatT, Duration: 0h:00m:22s, Bytes xmt: 0, Bytes rcv: 0, Reason: User Requested
5|Feb 27 2020|18:14:43|713259|||||Group = DefaultRAGroup, IP = 85.xxx.xxx.xxx, Session is being torn down. Reason: User Requested
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2
5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure:  Mismatched attribute types for class Group Description:  Rcv'd: Unknown  Cfg'd: Group 2

Muchas gracias por vuestra ayuda.

 

 

 

0 Útil

Ir a solución
Julio E. Moisa
VIP
VIP
En respuesta a Ramón Garcia

el ‎02-27-2020 10:29 AM

Dejame compartirte la configuracion que puedes utilizar y que veo que esta asociado a la politica default. 




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Útil

Ir a solución
Ramón Garcia
Level 1
Level 1
En respuesta a Julio E. Moisa

el ‎02-27-2020 11:20 AM

Te lo agradecería mucho. 

en este tipo de configuraciones estoy un poco perdido.

0 Útil

Ir a solución
Edson A. Hernandez
Spotlight
Spotlight

el ‎02-27-2020 08:12 AM

La fase 1 no se establece porque no estan usando los mismo parametros en las politicas de ISAKMP.

 

1. Solicita a ORANGE que parametros estan utilizando para la fase 1.

2. Compara los parametros que te proporcionen con las que tiene configurados en el ASA.

Por ejemplo:

crypto ikev1 policy XXXX
 authentication rsa-sig
 encryption aes
 hash sha
 group 2

3. si no encuentras ninguna politica "crypto ikev1 policy" que coincida con los parametros proporcionados por tu proveedor entodes debes crear una nueva para que la VPN se pueda establecer.

 

 

Ir a solución
Ramón Garcia
Level 1
Level 1
En respuesta a Edson A. Hernandez

el ‎03-01-2020 06:58 AM

Buenas tardes.

 

He modificado la configuracion de esta manera.

 

ASA# show configuration
: Saved

:
: Serial Number: JAD2337153T
: Hardware:   ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores)
: Written by enable_15 at 13:33:12.209 UTC Sun Mar 1 2020
: Call-home enabled from prompt by enable_15 at 15:15:38 UTC Feb 24 2020
!
ASA Version 9.8(2)
!
hostname ASA
enable password $sha512$5000$UENVzfNpjxLbFAqD2HEL7w==$HU0kSXgCcShB3nQQUcoKhQ== pbkdf2
names
ip local pool Address-pool 192.168.100.101-192.168.100.121 mask 255.255.255.0
!
interface GigabitEthernet1/1
 nameif outside
 security-level 0
 ip address dhcp setroute
!
interface GigabitEthernet1/2
 bridge-group 1
 nameif inside_1
 security-level 100
!
interface GigabitEthernet1/3
 bridge-group 1
 nameif inside_2
 security-level 100
!
interface GigabitEthernet1/4
 bridge-group 1
 nameif inside_3
 security-level 100
!
interface GigabitEthernet1/5
 bridge-group 1
 nameif inside_4
 security-level 100
!
interface GigabitEthernet1/6
 bridge-group 1
 nameif inside_5
 security-level 100
!
interface GigabitEthernet1/7
 bridge-group 1
 nameif inside_6
 security-level 100
!
interface GigabitEthernet1/8
 bridge-group 1
 nameif inside_7
 security-level 100
!
interface Management1/1
 management-only
 no nameif
 no security-level
 no ip address
!
interface BVI1
 nameif inside
 security-level 100
 ip address 192.168.100.1 255.255.255.0
!
ftp mode passive
same-security-traffic permit inter-interface
object network obj_any1
 subnet 0.0.0.0 0.0.0.0
object network obj_any2
 subnet 0.0.0.0 0.0.0.0
object network obj_any3
 subnet 0.0.0.0 0.0.0.0
object network obj_any4
 subnet 0.0.0.0 0.0.0.0
object network obj_any5
 subnet 0.0.0.0 0.0.0.0
object network obj_any6
 subnet 0.0.0.0 0.0.0.0
object network obj_any7
 subnet 0.0.0.0 0.0.0.0
object network L2TP-Pool
 subnet 192.168.100.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside_1 1500
mtu inside_2 1500
mtu inside_3 1500
mtu inside_4 1500
mtu inside_5 1500
mtu inside_6 1500
mtu inside_7 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-782.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
arp rate-limit 16384
nat (inside_1,outside) source static any any destination static L2TP-Pool L2TP-Pool no-proxy-arp route-lookup
!
object network obj_any1
 nat (inside_1,outside) dynamic interface
object network obj_any2
 nat (inside_2,outside) dynamic interface
object network obj_any3
 nat (inside_3,outside) dynamic interface
object network obj_any4
 nat (inside_4,outside) dynamic interface
object network obj_any5
 nat (inside_5,outside) dynamic interface
object network obj_any6
 nat (inside_6,outside) dynamic interface
object network obj_any7
 nat (inside_7,outside) dynamic interface
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
timeout conn-holddown 0:00:15
timeout igp stale-route 0:01:10
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication login-history
http server enable
http 192.168.1.0 255.255.255.0 inside_1
http 192.168.1.0 255.255.255.0 inside_2
http 192.168.1.0 255.255.255.0 inside_3
http 192.168.1.0 255.255.255.0 inside_4
http 192.168.1.0 255.255.255.0 inside_5
http 192.168.1.0 255.255.255.0 inside_6
http 192.168.1.0 255.255.255.0 inside_7
http 192.168.100.0 255.255.255.0 inside_1
no snmp-server location
no snmp-server contact
service sw-reset-button
crypto ipsec ikev1 transform-set TRANS-ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set TRANS-ESP-3DES-SHA mode transport
crypto ipsec ikev1 transform-set TRANSFORM esp-aes esp-sha-hmac
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map outside_dyn_map 10 set ikev1 transform-set TRANS-ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto ca trustpoint _SmartCallHome_ServerCA
 no validation-usage
 crl configure
crypto ca trustpool policy
crypto ca certificate chain _SmartCallHome_ServerCA
 certificate ca 513fb9743870b73440418d30930699ff
    30820538 30820420 a0030201 02021051 3fb97438 70b73440 418d3093 0699ff30
    0d06092a 864886f7 0d01010b 05003081 ca310b30 09060355 04061302 55533117
    30150603 55040a13 0e566572 69536967 6e2c2049 6e632e31 1f301d06 0355040b
    13165665 72695369 676e2054 72757374 204e6574 776f726b 313a3038 06035504
    0b133128 63292032 30303620 56657269 5369676e 2c20496e 632e202d 20466f72
    20617574 686f7269 7a656420 75736520 6f6e6c79 31453043 06035504 03133c56
    65726953 69676e20 436c6173 73203320 5075626c 69632050 72696d61 72792043
    65727469 66696361 74696f6e 20417574 686f7269 7479202d 20473530 1e170d31
    33313033 31303030 3030305a 170d3233 31303330 32333539 35395a30 7e310b30
    09060355 04061302 5553311d 301b0603 55040a13 1453796d 616e7465 6320436f
    72706f72 6174696f 6e311f30 1d060355 040b1316 53796d61 6e746563 20547275
    7374204e 6574776f 726b312f 302d0603 55040313 2653796d 616e7465 6320436c
    61737320 33205365 63757265 20536572 76657220 4341202d 20473430 82012230
    0d06092a 864886f7 0d010101 05000382 010f0030 82010a02 82010100 b2d805ca
    1c742db5 175639c5 4a520996 e84bd80c f1689f9a 422862c3 a530537e 5511825b
    037a0d2f e17904c9 b4967719 81019459 f9bcf77a 9927822d b783dd5a 277fb203
    7a9c5325 e9481f46 4fc89d29 f8be7956 f6f7fdd9 3a68da8b 4b823341 12c3c83c
    ccd6967a 84211a22 04032717 8b1c6861 930f0e51 80331db4 b5ceeb7e d062acee
    b37b0174 ef6935eb cad53da9 ee9798ca 8daa440e 25994a15 96a4ce6d 02541f2a
    6a26e206 3a6348ac b44cd175 9350ff13 2fd6dae1 c618f59f c9255df3 003ade26
    4db42909 cd0f3d23 6f164a81 16fbf283 10c3b8d6 d855323d f1bd0fbd 8c52954a
    16977a52 2163752f 16f9c466 bef5b509 d8ff2700 cd447c6f 4b3fb0f7 02030100
    01a38201 63308201 5f301206 03551d13 0101ff04 08300601 01ff0201 00303006
    03551d1f 04293027 3025a023 a021861f 68747470 3a2f2f73 312e7379 6d63622e
    636f6d2f 70636133 2d67352e 63726c30 0e060355 1d0f0101 ff040403 02010630
    2f06082b 06010505 07010104 23302130 1f06082b 06010505 07300186 13687474
    703a2f2f 73322e73 796d6362 2e636f6d 306b0603 551d2004 64306230 60060a60
    86480186 f8450107 36305230 2606082b 06010505 07020116 1a687474 703a2f2f
    7777772e 73796d61 7574682e 636f6d2f 63707330 2806082b 06010505 07020230
    1c1a1a68 7474703a 2f2f7777 772e7379 6d617574 682e636f 6d2f7270 61302906
    03551d11 04223020 a41e301c 311a3018 06035504 03131153 796d616e 74656350
    4b492d31 2d353334 301d0603 551d0e04 1604145f 60cf6190 55df8443 148a602a
    b2f57af4 4318ef30 1f060355 1d230418 30168014 7fd365a7 c2ddecbb f03009f3
    4339fa02 af333133 300d0609 2a864886 f70d0101 0b050003 82010100 5e945649
    dd8e2d65 f5c13651 b603e3da 9e7319f2 1f59ab58 7e6c2605 2cfa81d7 5c231722
    2c3793f7 86ec85e6 b0a3fd1f e232a845 6fe1d9fb b9afd270 a0324265 bf84fe16
    2a8f3fc5 a6d6a393 7d43e974 21913528 f463e92e edf7f55c 7f4b9ab5 20e90abd
    e045100c 14949a5d a5e34b91 e8249b46 4065f422 72cd99f8 8811f5f3 7fe63382
    e6a8c57e fed008e2 25580871 68e6cda2 e614de4e 52242dfd e5791353 e75e2f2d
    4d1b6d40 15522bf7 87897812 816ed94d aa2d78d4 c22c3d08 5f87919e 1f0eb0de
    30526486 89aa9d66 9c0e760c 80f274d8 2af8b83a ced7d60f 11be6bab 14f5bd41
    a0226389 f1ba0f6f 2963662d 3fac8c72 c5fbc7e4 d40ff23b 4f8c29c7
  quit
crypto ikev1 enable outside
crypto ikev1 policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 11
 authentication pre-share
 encryption 3des
 hash md5
 group 2
 lifetime 86400
crypto ikev1 policy 20
 authentication rsa-sig
 encryption aes-256
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 21
 authentication rsa-sig
 encryption aes-256
 hash md5
 group 2
 lifetime 86400
crypto ikev1 policy 40
 authentication pre-share
 encryption aes-192
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 41
 authentication pre-share
 encryption aes-192
 hash md5
 group 2
 lifetime 86400
crypto ikev1 policy 50
 authentication rsa-sig
 encryption aes-192
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 51
 authentication rsa-sig
 encryption aes-192
 hash md5
 group 2
 lifetime 86400
crypto ikev1 policy 70
 authentication pre-share
 encryption aes
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 71
 authentication pre-share
 encryption aes
 hash md5
 group 2
 lifetime 86400
crypto ikev1 policy 80
 authentication rsa-sig
 encryption aes
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 81
 authentication rsa-sig
 encryption aes
 hash md5
 group 2
 lifetime 86400
crypto ikev1 policy 110
 authentication rsa-sig
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 111
 authentication rsa-sig
 encryption 3des
 hash md5
 group 2
 lifetime 86400
crypto ikev1 policy 130
 authentication pre-share
 encryption des
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 131
 authentication pre-share
 encryption des
 hash md5
 group 2
 lifetime 86400
crypto ikev1 policy 140
 authentication rsa-sig
 encryption des
 hash sha
 group 2
 lifetime 86400
client-update enable
telnet timeout 5
ssh stricthostkeycheck
ssh 192.168.100.0 255.255.255.0 inside_1
ssh timeout 5
ssh version 2
ssh key-exchange group dh-group1-sha1
console timeout 5

dhcpd dns 8.8.8.8 8.8.4.4
dhcpd auto_config outside
!
dhcpd address 192.168.100.5-192.168.100.100 inside
dhcpd enable inside
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
group-policy VPN internal
group-policy VPN attributes
 dns-server value 8.8.8.8 4.4.4.2
 vpn-tunnel-protocol l2tp-ipsec
 default-domain value cisco.com
dynamic-access-policy-record DfltAccessPolicy
username test password DLaUiAX3l78qgoB5c7iVNw== nt-encrypted
username ramon password $sha512$5000$kDjmb2tQvEuU3OO+4WjpoA==$W7ODVBZ2CsyUMQjUUX8jEQ== pbkdf2 privilege 15
tunnel-group DefaultRAGroup general-attributes
 address-pool Address-pool
 default-group-policy VPN
tunnel-group DefaultRAGroup ipsec-attributes
 ikev1 pre-shared-key *****
tunnel-group DefaultRAGroup ppp-attributes
 no authentication chap
 authentication ms-chap-v2
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
  no tcp-inspection
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect ip-options
!
service-policy global_policy global
prompt hostname context
call-home reporting anonymous
password encryption aes
Cryptochecksum:8ca998d1554b5b8a06aca7b6d9c0d204

añadiendo el md5.

lo mas curioso del tema es que al realizar la conexión a través del teléfono Android.

L2TP/IPSec PSK.

Direccion del ervidor xxx.xxx.xxx.xxx

L2TP secret: (no se usa)

identificador de IPsec: (no se usa)

Nombre usuario test

contraseña ****

la conexión se realiza nin ningún problema.

 

Pero cuando esta conexión se intenta realizar desde windows. no es posible realizar la conexión.

 

alguna sugerencia.

 

0 Útil

Ir a solución
Ramón Garcia
Level 1
Level 1
En respuesta a Ramón Garcia

el ‎03-01-2020 10:33 AM

Tras realizar un debug IKEv1
he obtenido.
Crypto Map: match on dynamic map outside_dyn_map seq 10
Rule Lookup for local 192.168.1.145 to remote 92.xxx.xxx.24
Crypto Map: match on dynamic map outside_dyn_map seq 10
Rule Lookup for local 192.168.1.145 to remote 92.xxx.xxx.24
Crypto Map: match on dynamic map outside_dyn_map seq 10
Rule Lookup for local 192.168.1.145 to remote 92.xxx.xxx.24
Crypto Map: match on dynamic map outside_dyn_map seq 10
Mar 01 18:28:38 [IKEv1]Group = DefaultRAGroup, IP = 92.xxx.xxx.24, QM FSM error (P2 struct &0x00007f57801b84e0, mess id 0x3)!
Mar 01 18:28:38 [IKEv1]Group = DefaultRAGroup, IP = 92.xxx.xxx.24, Removing peer from correlator table failed, no match!
Mar 01 18:28:39 [IKEv1]Group = DefaultRAGroup, IP = 92.xxx.xxx.24, QM FSM error (P2 struct &0x00007f57801b84e0, mess id 0x3)!
Mar 01 18:28:39 [IKEv1]Group = DefaultRAGroup, IP = 92.xxx.xxx.24, Removing peer from correlator table failed, no match!
Mar 01 18:28:40 [IKEv1]Group = DefaultRAGroup, IP = 92.xxx.xxx.24, QM FSM error (P2 struct &0x00007f57801b84e0, mess id 0x3)!
Mar 01 18:28:40 [IKEv1]Group = DefaultRAGroup, IP = 92.xxx.xxx.24, Removing peer from correlator table failed, no match!
Mar 01 18:28:41 [IKEv1]Group = DefaultRAGroup, IP = 92.xxx.xxx.24, Session is being torn down. Reason: User Requested
Rule Lookup for local 192.168.1.145 to remote 92.xxx.xxx.24
Crypto Map: match on dynamic map outside_dyn_map seq 10
Rule Lookup for local 192.168.1.145 to remote 92.xxx.xxx.24
Crypto Map: match on dynamic map outside_dyn_map seq 10
Rule Lookup for local 192.168.1.145 to remote 92.xxx.xxx.24
Crypto Map: match on dynamic map outside_dyn_map seq 10
Rule Lookup for local 192.168.1.145 to remote 92.xxx.xxx.24
Crypto Map: match on dynamic map outside_dyn_map seq 10
Mar 01 18:28:50 [IKEv1]Group = DefaultRAGroup, IP = 92.xxx.xxx.24, QM FSM error (P2 struct &0x00007f57804aad10, mess id 0x3)!
Mar 01 18:28:50 [IKEv1]Group = DefaultRAGroup, IP = 92.xxx.xxx.24, Removing peer from correlator table failed, no match!
Mar 01 18:28:51 [IKEv1]Group = DefaultRAGroup, IP = 92.xxx.xxx.24, QM FSM error (P2 struct &0x00007f57804aad10, mess id 0x3)!
Mar 01 18:28:51 [IKEv1]Group = DefaultRAGroup, IP = 92.xxx.xxx.24, Removing peer from correlator table failed, no match!
Mar 01 18:28:52 [IKEv1]Group = DefaultRAGroup, IP = 92.xxx.xxx.24, QM FSM error (P2 struct &0x00007f57804aad10, mess id 0x3)!
Mar 01 18:28:52 [IKEv1]Group = DefaultRAGroup, IP = 92.xxx.xxx.24, Removing peer from correlator table failed, no match!
Mar 01 18:28:53 [IKEv1]Group = DefaultRAGroup, IP = 92.xxx.xxx.24, Session is being torn down. Reason: User Requested
Rule Lookup for local 192.168.1.145 to remote 92.xxx.xxx.24
Crypto Map: match on dynamic map outside_dyn_map seq 10
Rule Lookup for local 192.168.1.145 to remote 92.xxx.xxx.24
Crypto Map: match on dynamic map outside_dyn_map seq 10
Rule Lookup for local 192.168.1.145 to remote 92.xxx.xxx.24
Crypto Map: match on dynamic map outside_dyn_map seq 10
Rule Lookup for local 192.168.1.145 to remote 92.xxx.xxx.24
Crypto Map: match on dynamic map outside_dyn_map seq 10
Mar 01 18:29:10 [IKEv1]Group = DefaultRAGroup, IP = 92.xxx.xxx.24, Session is being torn down. Reason: User Requested
0 Útil

Ir a solución
Ramón Garcia
Level 1
Level 1
En respuesta a Ramón Garcia

el ‎03-02-2020 12:28 AM

Buenos días señores.

al final después de muchas vueltas el problema era de windows.

 

Configuración Firewall.

    configuracion IPSec. 

       Predeterminados IPSec.

          Intercambio de claves ---> personalizar.Captura3.PNG

          Protección de datos. ---> personalizar.Captura4.PNG

 

mas añadir en registro.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent]
"AssumeUDPEncapsulationContextOnSendRule"=dword:00000002

 

reiniciamos y funciona correctamente.

Un saludo y gracias a todos por la colaboración.

 

espero que sea útil.

Ir a solución
Hilda Arteaga
Cisco Employee
Cisco Employee
En respuesta a Ramón Garcia

el ‎03-02-2020 12:19 PM

Hola @Ramón Garcia 

Gracias por comaprtir con la comunidad más de la situación y la solución a este problema, estamos seguros la información será de utilidad para mcuhos con problemas similares. 

0 Útil

Navegue y encuentre contenido personalizado de la comunidad

Documentos de Seguridad Videos de Seguridad Otros Eventos de Seguridad
Customers Also Viewed These Support Documents