el 02-27-2020 12:15 AM
Buenos días.
Antes de nada. no soy experto en seguridad.
Os expongo mi problema.
sobre esta topografía.
y teniendo esta configuración en el ASA.
: Hardware: ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cor es) : Written by enable_15 at 20:23:47.099 CEST Wed Feb 26 2020 : Call-home enabled from prompt by enable_15 at 15:15:38 UTC Feb 24 2020 ! ASA Version 9.8(2) ! hostname ASA enable password $sha512$5000$UENVzfNpjxLbFAqD2HEL7w==$HU0kSXgCcShB3nQQUcoKhQ== p bkdf2 names ip local pool vpn_pool 192.168.100.101-192.168.100.121 mask 255.255.255.0 ! interface GigabitEthernet1/1 nameif outside security-level 0 ip address dhcp setroute ! interface GigabitEthernet1/2 bridge-group 1 nameif inside_1 security-level 100 ! interface GigabitEthernet1/3 bridge-group 1 nameif inside_2 security-level 100 ! interface GigabitEthernet1/4 bridge-group 1 nameif inside_3 security-level 100 ! interface GigabitEthernet1/5 bridge-group 1 nameif inside_4 security-level 100 ! interface GigabitEthernet1/6 bridge-group 1 nameif inside_5 security-level 100 ! interface GigabitEthernet1/7 bridge-group 1 nameif inside_6 security-level 100 ! interface GigabitEthernet1/8 bridge-group 1 nameif inside_7 security-level 100 ! interface Management1/1 management-only no nameif no security-level no ip address ! interface BVI1 nameif inside security-level 100 ip address 192.168.100.1 255.255.255.0 ! ftp mode passive clock timezone CEST 1 clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00 same-security-traffic permit inter-interface object network obj_any1 subnet 0.0.0.0 0.0.0.0 object network obj_any2 subnet 0.0.0.0 0.0.0.0 object network obj_any3 subnet 0.0.0.0 0.0.0.0 object network obj_any4 subnet 0.0.0.0 0.0.0.0 object network obj_any5 subnet 0.0.0.0 0.0.0.0 object network obj_any6 subnet 0.0.0.0 0.0.0.0 object network obj_any7 subnet 0.0.0.0 0.0.0.0 object network NETWORK_OBJ_192.168.100.96_27 subnet 192.168.100.96 255.255.255.224 object network L2TP-Pool subnet 192.168.100.0 255.255.255.0 pager lines 24 logging enable logging asdm informational mtu outside 1500 mtu inside_1 1500 mtu inside_2 1500 mtu inside_3 1500 mtu inside_4 1500 mtu inside_5 1500 mtu inside_6 1500 mtu inside_7 1500 icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-782.bin no asdm history enable arp timeout 14400 no arp permit-nonconnected arp rate-limit 16384 nat (outside,outside) source static any any destination static NETWORK_OBJ_192.168.100.96_27 NETWORK_OBJ_192.168.100.96_27 no-proxy-arp route-lookup nat (inside_1,outside) source static any any destination static L2TP-Pool L2TP-Pool no-proxy-arp route-lookup ! object network obj_any1 nat (inside_1,outside) dynamic interface object network obj_any2 nat (inside_2,outside) dynamic interface object network obj_any3 nat (inside_3,outside) dynamic interface object network obj_any4 nat (inside_4,outside) dynamic interface object network obj_any5 nat (inside_5,outside) dynamic interface object network obj_any6 nat (inside_6,outside) dynamic interface object network obj_any7 nat (inside_7,outside) dynamic interface timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 timeout conn-holddown 0:00:15 timeout igp stale-route 0:01:10 user-identity default-domain LOCAL aaa authentication ssh console LOCAL aaa authentication login-history http server enable http 192.168.1.0 255.255.255.0 inside_1 http 192.168.1.0 255.255.255.0 inside_2 http 192.168.1.0 255.255.255.0 inside_3 http 192.168.1.0 255.255.255.0 inside_4 http 192.168.1.0 255.255.255.0 inside_5 http 192.168.1.0 255.255.255.0 inside_6 http 192.168.1.0 255.255.255.0 inside_7 http 192.168.100.0 255.255.255.0 inside_1 no snmp-server location no snmp-server contact service sw-reset-button crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport crypto ipsec ikev1 transform-set TRANS-ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set TRANS-ESP-3DES-SHA mode transport crypto ipsec security-association pmtu-aging infinite crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1 crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-192-SHA ESP-AES-256-SHA ESP-3DES-SHA ESP-DES-SHA ESP-AES-128-SHA-TRANS ESP-AES-192-SHA-TRANS ESP-AES-256-SHA-TRANS ESP-3DES-SHA-TRANS ESP-DES-SHA-TRANS crypto dynamic-map outside_dyn_map 10 set ikev1 transform-set TRANS-ESP-3DES-SHA crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map crypto map outside_map interface outside crypto ca trustpoint _SmartCallHome_ServerCA no validation-usage crl configure crypto ca trustpool policy crypto ca certificate chain _SmartCallHome_ServerCA certificate ca 513fb9743870b73440418d30930699ff 30820538 30820420 a0030201 02021051 3fb97438 70b73440 418d3093 0699ff30 0d06092a 864886f7 0d01010b 05003081 ca310b30 09060355 04061302 55533117 30150603 55040a13 0e566572 69536967 6e2c2049 6e632e31 1f301d06 0355040b 13165665 72695369 676e2054 72757374 204e6574 776f726b 313a3038 06035504 0b133128 63292032 30303620 56657269 5369676e 2c20496e 632e202d 20466f72 20617574 686f7269 7a656420 75736520 6f6e6c79 31453043 06035504 03133c56 65726953 69676e20 436c6173 73203320 5075626c 69632050 72696d61 72792043 65727469 66696361 74696f6e 20417574 686f7269 7479202d 20473530 1e170d31 33313033 31303030 3030305a 170d3233 31303330 32333539 35395a30 7e310b30 09060355 04061302 5553311d 301b0603 55040a13 1453796d 616e7465 6320436f 72706f72 6174696f 6e311f30 1d060355 040b1316 53796d61 6e746563 20547275 7374204e 6574776f 726b312f 302d0603 55040313 2653796d 616e7465 6320436c 61737320 33205365 63757265 20536572 76657220 4341202d 20473430 82012230 0d06092a 864886f7 0d010101 05000382 010f0030 82010a02 82010100 b2d805ca 1c742db5 175639c5 4a520996 e84bd80c f1689f9a 422862c3 a530537e 5511825b 037a0d2f e17904c9 b4967719 81019459 f9bcf77a 9927822d b783dd5a 277fb203 7a9c5325 e9481f46 4fc89d29 f8be7956 f6f7fdd9 3a68da8b 4b823341 12c3c83c ccd6967a 84211a22 04032717 8b1c6861 930f0e51 80331db4 b5ceeb7e d062acee b37b0174 ef6935eb cad53da9 ee9798ca 8daa440e 25994a15 96a4ce6d 02541f2a 6a26e206 3a6348ac b44cd175 9350ff13 2fd6dae1 c618f59f c9255df3 003ade26 4db42909 cd0f3d23 6f164a81 16fbf283 10c3b8d6 d855323d f1bd0fbd 8c52954a 16977a52 2163752f 16f9c466 bef5b509 d8ff2700 cd447c6f 4b3fb0f7 02030100 01a38201 63308201 5f301206 03551d13 0101ff04 08300601 01ff0201 00303006 03551d1f 04293027 3025a023 a021861f 68747470 3a2f2f73 312e7379 6d63622e 636f6d2f 70636133 2d67352e 63726c30 0e060355 1d0f0101 ff040403 02010630 2f06082b 06010505 07010104 23302130 1f06082b 06010505 07300186 13687474 703a2f2f 73322e73 796d6362 2e636f6d 306b0603 551d2004 64306230 60060a60 86480186 f8450107 36305230 2606082b 06010505 07020116 1a687474 703a2f2f 7777772e 73796d61 7574682e 636f6d2f 63707330 2806082b 06010505 07020230 1c1a1a68 7474703a 2f2f7777 772e7379 6d617574 682e636f 6d2f7270 61302906 03551d11 04223020 a41e301c 311a3018 06035504 03131153 796d616e 74656350 4b492d31 2d353334 301d0603 551d0e04 1604145f 60cf6190 55df8443 148a602a b2f57af4 4318ef30 1f060355 1d230418 30168014 7fd365a7 c2ddecbb f03009f3 4339fa02 af333133 300d0609 2a864886 f70d0101 0b050003 82010100 5e945649 dd8e2d65 f5c13651 b603e3da 9e7319f2 1f59ab58 7e6c2605 2cfa81d7 5c231722 2c3793f7 86ec85e6 b0a3fd1f e232a845 6fe1d9fb b9afd270 a0324265 bf84fe16 2a8f3fc5 a6d6a393 7d43e974 21913528 f463e92e edf7f55c 7f4b9ab5 20e90abd e045100c 14949a5d a5e34b91 e8249b46 4065f422 72cd99f8 8811f5f3 7fe63382 e6a8c57e fed008e2 25580871 68e6cda2 e614de4e 52242dfd e5791353 e75e2f2d 4d1b6d40 15522bf7 87897812 816ed94d aa2d78d4 c22c3d08 5f87919e 1f0eb0de 30526486 89aa9d66 9c0e760c 80f274d8 2af8b83a ced7d60f 11be6bab 14f5bd41 a0226389 f1ba0f6f 2963662d 3fac8c72 c5fbc7e4 d40ff23b 4f8c29c7 quit crypto ikev1 enable outside crypto ikev1 policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto ikev1 policy 20 authentication rsa-sig encryption aes-256 hash sha group 2 lifetime 86400 crypto ikev1 policy 40 authentication pre-share encryption aes-192 hash sha group 2 lifetime 86400 crypto ikev1 policy 50 authentication rsa-sig encryption aes-192 hash sha group 2 lifetime 86400 crypto ikev1 policy 70 authentication pre-share encryption aes hash sha group 2 lifetime 86400 crypto ikev1 policy 80 authentication rsa-sig encryption aes hash sha group 2 lifetime 86400 crypto ikev1 policy 110 authentication rsa-sig encryption 3des hash sha group 2 lifetime 86400 crypto ikev1 policy 130 authentication pre-share encryption des hash sha group 2 lifetime 86400 crypto ikev1 policy 140 authentication rsa-sig encryption des hash sha group 2 lifetime 86400 telnet timeout 5 ssh stricthostkeycheck ssh 192.168.100.0 255.255.255.0 inside_1 ssh timeout 5 ssh version 2 ssh key-exchange group dh-group1-sha1 console timeout 0 dhcpd dns 8.8.8.8 8.8.4.4 dhcpd auto_config outside ! dhcpd address 192.168.100.5-192.168.100.100 inside dhcpd enable inside ! threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept group-policy DefaultRAGroup internal group-policy DefaultRAGroup attributes dns-server value 8.8.8.8 8.8.4.4 vpn-tunnel-protocol l2tp-ipsec group-policy L2TP-VPN internal group-policy L2TP-VPN attributes vpn-tunnel-protocol l2tp-ipsec default-domain value cisco.com group-policy VPN internal group-policy VPN attributes dns-server value 8.8.8.8 4.4.4.2 vpn-tunnel-protocol l2tp-ipsec default-domain value cisco.com dynamic-access-policy-record DfltAccessPolicy username test password DLaUiAX3l78qgoB5c7iVNw== nt-encrypted privilege 0 username test attributes vpn-group-policy DefaultRAGroup username Administrador password $sha512$5000$kDjmb2tQvEuU3OO+4WjpoA==$W7ODVBZ2CsyUMQjUUX8jEQ== pbkdf2 privilege 15 tunnel-group DefaultRAGroup general-attributes address-pool vpn_pool address-pool vpnconet default-group-policy VPN tunnel-group DefaultRAGroup ipsec-attributes ikev1 pre-shared-key ***** tunnel-group DefaultRAGroup ppp-attributes no authentication chap authentication ms-chap-v2 ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 no tcp-inspection policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options ! service-policy global_policy global prompt hostname context call-home reporting anonymous password encryption aes Cryptochecksum:116f79df753eceefee4d50942d35d634
El ASA en un principio esta pensado para gestionar las VPN de acceso al servidor.
La configuracion de la VPN esta optenida de link.
Desde el Host A (Win10) se genera la conexión VPN sin problema.
pero al intentar realizar la conexion desde el Host B (win10) Obtengo.
"Error en el intento de conexión L2PT porque el nivel de seguridad encontró un error de proceso durante la negociaciones iniciales con el equipo remoto"
el RouterISP es de la compañia ORANGE España. con fibra simétrica de 500Gb
a traves del ASDM he obtenido.
5|Feb 26 2020|20:53:14|713120|||||Group = DefaultRAGroup, IP = 90.xxx.xxx.xxx, PHASE 2 COMPLETED (msgid=00000001) 5|Feb 26 2020|20:53:14|713049|||||Group = DefaultRAGroup, IP = 90.xxx.xxx.xxx, Security negotiation complete for User () Responder, Inbound SPI = 0x80c9c1b7, Outbound SPI = 0xd6bdfa30 3|Feb 26 2020|20:53:13|713122|||||IP = 90.xxx.xxx.xxx, Keep-alives configured on but peer does not support keep-alives (type = None) 5|Feb 26 2020|20:53:13|713119|||||Group = DefaultRAGroup, IP = 90.xxx.xxx.xxx, PHASE 1 COMPLETED 4|Feb 26 2020|20:53:13|113019|||||Group = DefaultRAGroup, Username = , IP = 90.xxx.xxx.xxx, Session disconnected. Session Type: IPsecOverNatT, Duration: 0h:00m:18s, Bytes xmt: 0, Bytes rcv: 0, Reason: User Requested 5|Feb 26 2020|20:53:13|713259|||||Group = DefaultRAGroup, IP = 90.xxx.xxx.xxx, Session is being torn down. Reason: User Requested 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 26 2020|20:53:13|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2
no se si alguien me podria aco
¡Resuelto! Ir a solución.
el 03-02-2020 12:28 AM
Buenos días señores.
al final después de muchas vueltas el problema era de windows.
Configuración Firewall.
configuracion IPSec.
Predeterminados IPSec.
Intercambio de claves ---> personalizar.
Protección de datos. ---> personalizar.
mas añadir en registro.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent]
"AssumeUDPEncapsulationContextOnSendRule"=dword:00000002
reiniciamos y funciona correctamente.
Un saludo y gracias a todos por la colaboración.
espero que sea útil.
el 02-27-2020 03:26 AM
Hola
La falla indica la fase 2 y el grupo HD 2, estas utilizando los mismos parametros en el host b? Talvez haria falta agregar un Hash MD5. Usas el usuario test?
Fase 1
crypto ikev1 policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto ikev1 policy 20 authentication rsa-sig encryption aes-256 hash sha group 2 lifetime 86400 crypto ikev1 policy 40 authentication pre-share encryption aes-192 hash sha group 2 lifetime 86400 crypto ikev1 policy 50 authentication rsa-sig encryption aes-192 hash sha group 2 lifetime 86400 crypto ikev1 policy 70 authentication pre-share encryption aes hash sha group 2 lifetime 86400 crypto ikev1 policy 80 authentication rsa-sig encryption aes hash sha group 2 lifetime 86400 crypto ikev1 policy 110 authentication rsa-sig encryption 3des hash sha group 2 lifetime 86400 crypto ikev1 policy 130 authentication pre-share encryption des hash sha group 2 lifetime 86400 crypto ikev1 policy 140 authentication rsa-sig encryption des hash sha group 2
el 02-27-2020 09:43 AM
Buenas tardes.
"estas utilizando los mismos parámetros en el host b?".
Si. de echo es el mismo pc. lo único que hago es desconectar de la wifi de casa y conectar a una del móvil. modificando la ip de conexión de la local a la externa.
"Tal vez haría falta agregar un Hash MD5. Usas el usuario test?".
he probado a sustituir el Hash sha por Hash md5. y me ha dejado de conectar en local.
por otro lado he echo unas capturas del Log Buffer (Notifications) tanto en la conexión local como en externa.
Conexión Local (Host A)
4|Feb 27 2020|17:58:20|403102|||||PPP virtual interface 1 rcvd pkt with invalid protocol: 8057, reason: unsupported protocol 5|Feb 27 2020|17:58:20|737003|||||IPAA: Session=0x09208000, DHCP configured, no viable servers found for tunnel-group 'DefaultRAGroup' 5|Feb 27 2020|17:58:19|713120|||||Group = DefaultRAGroup, IP = 192.168.1.72, PHASE 2 COMPLETED (msgid=00000001) 5|Feb 27 2020|17:58:19|713049|||||Group = DefaultRAGroup, IP = 192.168.1.72, Security negotiation complete for User () Responder, Inbound SPI = 0xfa90e5f0, Outbound SPI = 0xd0fbffe2 3|Feb 27 2020|17:58:19|713122|||||IP = 192.168.1.72, Keep-alives configured on but peer does not support keep-alives (type = None) 5|Feb 27 2020|17:58:19|713119|||||Group = DefaultRAGroup, IP = 192.168.1.72, PHASE 1 COMPLETED 5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|17:58:19|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2
Conexión Externa (Host B)
4|Feb 27 2020|18:14:50|113019|||||Group = DefaultRAGroup, Username = , IP = 85.xxx.xxx.xxx, Session disconnected. Session Type: IKEv1, Duration: 0h:00m:06s, Bytes xmt: 0, Bytes rcv: 0, Reason: User Requested 5|Feb 27 2020|18:14:50|713259|||||Group = DefaultRAGroup, IP = 85.xxx.xxx.xxx, Session is being torn down. Reason: User Requested 5|Feb 27 2020|18:14:50|713050|||||Group = DefaultRAGroup, IP = 85.xxx.xxx.xxx, Connection terminated for peer . Reason: Peer Terminate Remote Proxy 0.0.0.0, Local Proxy 0.0.0.0 5|Feb 27 2020|18:14:50|713050|||||Group = DefaultRAGroup, IP = 85.xxx.xxx.xxx, Connection terminated for peer . Reason: Peer Terminate Remote Proxy 85.xxx.xxx.xxx, Local Proxy 192.168.1.145 5|Feb 27 2020|18:14:44|713120|||||Group = DefaultRAGroup, IP = 85.xxx.xxx.xxx, PHASE 2 COMPLETED (msgid=00000001) 5|Feb 27 2020|18:14:44|713049|||||Group = DefaultRAGroup, IP = 85.xxx.xxx.xxx, Security negotiation complete for User () Responder, Inbound SPI = 0x23be24ac, Outbound SPI = 0xf0bc1e0a 3|Feb 27 2020|18:14:43|713122|||||IP = 85.xxx.xxx.xxx, Keep-alives configured on but peer does not support keep-alives (type = None) 5|Feb 27 2020|18:14:43|713119|||||Group = DefaultRAGroup, IP = 85.xxx.xxx.xxx, PHASE 1 COMPLETED 4|Feb 27 2020|18:14:43|113019|||||Group = DefaultRAGroup, Username = , IP = 85.xxx.xxx.xxx, Session disconnected. Session Type: IPsecOverNatT, Duration: 0h:00m:22s, Bytes xmt: 0, Bytes rcv: 0, Reason: User Requested 5|Feb 27 2020|18:14:43|713259|||||Group = DefaultRAGroup, IP = 85.xxx.xxx.xxx, Session is being torn down. Reason: User Requested 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2 5|Feb 27 2020|18:14:43|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2
Muchas gracias por vuestra ayuda.
el 02-27-2020 10:29 AM
Dejame compartirte la configuracion que puedes utilizar y que veo que esta asociado a la politica default.
el 02-27-2020 11:20 AM
Te lo agradecería mucho.
en este tipo de configuraciones estoy un poco perdido.
el 02-27-2020 08:12 AM
La fase 1 no se establece porque no estan usando los mismo parametros en las politicas de ISAKMP.
1. Solicita a ORANGE que parametros estan utilizando para la fase 1.
2. Compara los parametros que te proporcionen con las que tiene configurados en el ASA.
Por ejemplo:
crypto ikev1 policy XXXX authentication rsa-sig encryption aes hash sha group 2
3. si no encuentras ninguna politica "crypto ikev1 policy" que coincida con los parametros proporcionados por tu proveedor entodes debes crear una nueva para que la VPN se pueda establecer.
el 03-01-2020 06:58 AM
Buenas tardes.
He modificado la configuracion de esta manera.
ASA# show configuration : Saved : : Serial Number: JAD2337153T : Hardware: ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores) : Written by enable_15 at 13:33:12.209 UTC Sun Mar 1 2020 : Call-home enabled from prompt by enable_15 at 15:15:38 UTC Feb 24 2020 ! ASA Version 9.8(2) ! hostname ASA enable password $sha512$5000$UENVzfNpjxLbFAqD2HEL7w==$HU0kSXgCcShB3nQQUcoKhQ== pbkdf2 names ip local pool Address-pool 192.168.100.101-192.168.100.121 mask 255.255.255.0 ! interface GigabitEthernet1/1 nameif outside security-level 0 ip address dhcp setroute ! interface GigabitEthernet1/2 bridge-group 1 nameif inside_1 security-level 100 ! interface GigabitEthernet1/3 bridge-group 1 nameif inside_2 security-level 100 ! interface GigabitEthernet1/4 bridge-group 1 nameif inside_3 security-level 100 ! interface GigabitEthernet1/5 bridge-group 1 nameif inside_4 security-level 100 ! interface GigabitEthernet1/6 bridge-group 1 nameif inside_5 security-level 100 ! interface GigabitEthernet1/7 bridge-group 1 nameif inside_6 security-level 100 ! interface GigabitEthernet1/8 bridge-group 1 nameif inside_7 security-level 100 ! interface Management1/1 management-only no nameif no security-level no ip address ! interface BVI1 nameif inside security-level 100 ip address 192.168.100.1 255.255.255.0 ! ftp mode passive same-security-traffic permit inter-interface object network obj_any1 subnet 0.0.0.0 0.0.0.0 object network obj_any2 subnet 0.0.0.0 0.0.0.0 object network obj_any3 subnet 0.0.0.0 0.0.0.0 object network obj_any4 subnet 0.0.0.0 0.0.0.0 object network obj_any5 subnet 0.0.0.0 0.0.0.0 object network obj_any6 subnet 0.0.0.0 0.0.0.0 object network obj_any7 subnet 0.0.0.0 0.0.0.0 object network L2TP-Pool subnet 192.168.100.0 255.255.255.0 pager lines 24 logging enable logging asdm informational mtu outside 1500 mtu inside_1 1500 mtu inside_2 1500 mtu inside_3 1500 mtu inside_4 1500 mtu inside_5 1500 mtu inside_6 1500 mtu inside_7 1500 icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-782.bin no asdm history enable arp timeout 14400 no arp permit-nonconnected arp rate-limit 16384 nat (inside_1,outside) source static any any destination static L2TP-Pool L2TP-Pool no-proxy-arp route-lookup ! object network obj_any1 nat (inside_1,outside) dynamic interface object network obj_any2 nat (inside_2,outside) dynamic interface object network obj_any3 nat (inside_3,outside) dynamic interface object network obj_any4 nat (inside_4,outside) dynamic interface object network obj_any5 nat (inside_5,outside) dynamic interface object network obj_any6 nat (inside_6,outside) dynamic interface object network obj_any7 nat (inside_7,outside) dynamic interface timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 timeout conn-holddown 0:00:15 timeout igp stale-route 0:01:10 user-identity default-domain LOCAL aaa authentication ssh console LOCAL aaa authentication login-history http server enable http 192.168.1.0 255.255.255.0 inside_1 http 192.168.1.0 255.255.255.0 inside_2 http 192.168.1.0 255.255.255.0 inside_3 http 192.168.1.0 255.255.255.0 inside_4 http 192.168.1.0 255.255.255.0 inside_5 http 192.168.1.0 255.255.255.0 inside_6 http 192.168.1.0 255.255.255.0 inside_7 http 192.168.100.0 255.255.255.0 inside_1 no snmp-server location no snmp-server contact service sw-reset-button crypto ipsec ikev1 transform-set TRANS-ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set TRANS-ESP-3DES-SHA mode transport crypto ipsec ikev1 transform-set TRANSFORM esp-aes esp-sha-hmac crypto ipsec security-association pmtu-aging infinite crypto dynamic-map outside_dyn_map 10 set ikev1 transform-set TRANS-ESP-3DES-SHA crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map crypto map outside_map interface outside crypto ca trustpoint _SmartCallHome_ServerCA no validation-usage crl configure crypto ca trustpool policy crypto ca certificate chain _SmartCallHome_ServerCA certificate ca 513fb9743870b73440418d30930699ff 30820538 30820420 a0030201 02021051 3fb97438 70b73440 418d3093 0699ff30 0d06092a 864886f7 0d01010b 05003081 ca310b30 09060355 04061302 55533117 30150603 55040a13 0e566572 69536967 6e2c2049 6e632e31 1f301d06 0355040b 13165665 72695369 676e2054 72757374 204e6574 776f726b 313a3038 06035504 0b133128 63292032 30303620 56657269 5369676e 2c20496e 632e202d 20466f72 20617574 686f7269 7a656420 75736520 6f6e6c79 31453043 06035504 03133c56 65726953 69676e20 436c6173 73203320 5075626c 69632050 72696d61 72792043 65727469 66696361 74696f6e 20417574 686f7269 7479202d 20473530 1e170d31 33313033 31303030 3030305a 170d3233 31303330 32333539 35395a30 7e310b30 09060355 04061302 5553311d 301b0603 55040a13 1453796d 616e7465 6320436f 72706f72 6174696f 6e311f30 1d060355 040b1316 53796d61 6e746563 20547275 7374204e 6574776f 726b312f 302d0603 55040313 2653796d 616e7465 6320436c 61737320 33205365 63757265 20536572 76657220 4341202d 20473430 82012230 0d06092a 864886f7 0d010101 05000382 010f0030 82010a02 82010100 b2d805ca 1c742db5 175639c5 4a520996 e84bd80c f1689f9a 422862c3 a530537e 5511825b 037a0d2f e17904c9 b4967719 81019459 f9bcf77a 9927822d b783dd5a 277fb203 7a9c5325 e9481f46 4fc89d29 f8be7956 f6f7fdd9 3a68da8b 4b823341 12c3c83c ccd6967a 84211a22 04032717 8b1c6861 930f0e51 80331db4 b5ceeb7e d062acee b37b0174 ef6935eb cad53da9 ee9798ca 8daa440e 25994a15 96a4ce6d 02541f2a 6a26e206 3a6348ac b44cd175 9350ff13 2fd6dae1 c618f59f c9255df3 003ade26 4db42909 cd0f3d23 6f164a81 16fbf283 10c3b8d6 d855323d f1bd0fbd 8c52954a 16977a52 2163752f 16f9c466 bef5b509 d8ff2700 cd447c6f 4b3fb0f7 02030100 01a38201 63308201 5f301206 03551d13 0101ff04 08300601 01ff0201 00303006 03551d1f 04293027 3025a023 a021861f 68747470 3a2f2f73 312e7379 6d63622e 636f6d2f 70636133 2d67352e 63726c30 0e060355 1d0f0101 ff040403 02010630 2f06082b 06010505 07010104 23302130 1f06082b 06010505 07300186 13687474 703a2f2f 73322e73 796d6362 2e636f6d 306b0603 551d2004 64306230 60060a60 86480186 f8450107 36305230 2606082b 06010505 07020116 1a687474 703a2f2f 7777772e 73796d61 7574682e 636f6d2f 63707330 2806082b 06010505 07020230 1c1a1a68 7474703a 2f2f7777 772e7379 6d617574 682e636f 6d2f7270 61302906 03551d11 04223020 a41e301c 311a3018 06035504 03131153 796d616e 74656350 4b492d31 2d353334 301d0603 551d0e04 1604145f 60cf6190 55df8443 148a602a b2f57af4 4318ef30 1f060355 1d230418 30168014 7fd365a7 c2ddecbb f03009f3 4339fa02 af333133 300d0609 2a864886 f70d0101 0b050003 82010100 5e945649 dd8e2d65 f5c13651 b603e3da 9e7319f2 1f59ab58 7e6c2605 2cfa81d7 5c231722 2c3793f7 86ec85e6 b0a3fd1f e232a845 6fe1d9fb b9afd270 a0324265 bf84fe16 2a8f3fc5 a6d6a393 7d43e974 21913528 f463e92e edf7f55c 7f4b9ab5 20e90abd e045100c 14949a5d a5e34b91 e8249b46 4065f422 72cd99f8 8811f5f3 7fe63382 e6a8c57e fed008e2 25580871 68e6cda2 e614de4e 52242dfd e5791353 e75e2f2d 4d1b6d40 15522bf7 87897812 816ed94d aa2d78d4 c22c3d08 5f87919e 1f0eb0de 30526486 89aa9d66 9c0e760c 80f274d8 2af8b83a ced7d60f 11be6bab 14f5bd41 a0226389 f1ba0f6f 2963662d 3fac8c72 c5fbc7e4 d40ff23b 4f8c29c7 quit crypto ikev1 enable outside crypto ikev1 policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto ikev1 policy 11 authentication pre-share encryption 3des hash md5 group 2 lifetime 86400 crypto ikev1 policy 20 authentication rsa-sig encryption aes-256 hash sha group 2 lifetime 86400 crypto ikev1 policy 21 authentication rsa-sig encryption aes-256 hash md5 group 2 lifetime 86400 crypto ikev1 policy 40 authentication pre-share encryption aes-192 hash sha group 2 lifetime 86400 crypto ikev1 policy 41 authentication pre-share encryption aes-192 hash md5 group 2 lifetime 86400 crypto ikev1 policy 50 authentication rsa-sig encryption aes-192 hash sha group 2 lifetime 86400 crypto ikev1 policy 51 authentication rsa-sig encryption aes-192 hash md5 group 2 lifetime 86400 crypto ikev1 policy 70 authentication pre-share encryption aes hash sha group 2 lifetime 86400 crypto ikev1 policy 71 authentication pre-share encryption aes hash md5 group 2 lifetime 86400 crypto ikev1 policy 80 authentication rsa-sig encryption aes hash sha group 2 lifetime 86400 crypto ikev1 policy 81 authentication rsa-sig encryption aes hash md5 group 2 lifetime 86400 crypto ikev1 policy 110 authentication rsa-sig encryption 3des hash sha group 2 lifetime 86400 crypto ikev1 policy 111 authentication rsa-sig encryption 3des hash md5 group 2 lifetime 86400 crypto ikev1 policy 130 authentication pre-share encryption des hash sha group 2 lifetime 86400 crypto ikev1 policy 131 authentication pre-share encryption des hash md5 group 2 lifetime 86400 crypto ikev1 policy 140 authentication rsa-sig encryption des hash sha group 2 lifetime 86400 client-update enable telnet timeout 5 ssh stricthostkeycheck ssh 192.168.100.0 255.255.255.0 inside_1 ssh timeout 5 ssh version 2 ssh key-exchange group dh-group1-sha1 console timeout 5 dhcpd dns 8.8.8.8 8.8.4.4 dhcpd auto_config outside ! dhcpd address 192.168.100.5-192.168.100.100 inside dhcpd enable inside ! threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept group-policy VPN internal group-policy VPN attributes dns-server value 8.8.8.8 4.4.4.2 vpn-tunnel-protocol l2tp-ipsec default-domain value cisco.com dynamic-access-policy-record DfltAccessPolicy username test password DLaUiAX3l78qgoB5c7iVNw== nt-encrypted username ramon password $sha512$5000$kDjmb2tQvEuU3OO+4WjpoA==$W7ODVBZ2CsyUMQjUUX8jEQ== pbkdf2 privilege 15 tunnel-group DefaultRAGroup general-attributes address-pool Address-pool default-group-policy VPN tunnel-group DefaultRAGroup ipsec-attributes ikev1 pre-shared-key ***** tunnel-group DefaultRAGroup ppp-attributes no authentication chap authentication ms-chap-v2 ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 no tcp-inspection policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options ! service-policy global_policy global prompt hostname context call-home reporting anonymous password encryption aes Cryptochecksum:8ca998d1554b5b8a06aca7b6d9c0d204
añadiendo el md5.
lo mas curioso del tema es que al realizar la conexión a través del teléfono Android.
L2TP/IPSec PSK.
Direccion del ervidor xxx.xxx.xxx.xxx
L2TP secret: (no se usa)
identificador de IPsec: (no se usa)
Nombre usuario test
contraseña ****
la conexión se realiza nin ningún problema.
Pero cuando esta conexión se intenta realizar desde windows. no es posible realizar la conexión.
alguna sugerencia.
el 03-01-2020 10:33 AM
el 03-02-2020 12:28 AM
Buenos días señores.
al final después de muchas vueltas el problema era de windows.
Configuración Firewall.
configuracion IPSec.
Predeterminados IPSec.
Intercambio de claves ---> personalizar.
Protección de datos. ---> personalizar.
mas añadir en registro.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent]
"AssumeUDPEncapsulationContextOnSendRule"=dword:00000002
reiniciamos y funciona correctamente.
Un saludo y gracias a todos por la colaboración.
espero que sea útil.
el 03-02-2020 12:19 PM
Hola @Ramón Garcia
Gracias por comaprtir con la comunidad más de la situación y la solución a este problema, estamos seguros la información será de utilidad para mcuhos con problemas similares.
Descubra y salve sus notas favoritas. Vuelva a encontrar las respuestas de los expertos, guías paso a paso, temas recientes y mucho más.
¿Es nuevo por aquí? Empiece con estos tips. Cómo usar la comunidad Guía para nuevos miembros
Navegue y encuentre contenido personalizado de la comunidad