cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Get the latest Cisco news in this December issue of the Cisco Small Business Monthly Newsletter

1497
Views
2
Helpful
3
Replies
Beginner

Issue with IPSec VPN ISA500 & connection Issues (multiple devices)

I have a Cisco ISA500 that we use for connecting with IPSEC VPN from a couple apple products (MacBook Pro & iPad). We can get it to work randomly once in a while but it for the most part fails negotiating. Anyone have any suggestions on what I can do to make this work? 

I did testing on my Linux box and this failed when I had default settings configured. I had to change the NAT Traversal to CISCO UDP on the Linux box for the connection to work.

014-04-03 20:54:13 - Warning - IPsec VPN: msg="groupname"[48] XXX.XXX.XXX.XXX #59: Quick mode retry fail, please Check if local IKE/Transform/PFS are the same as remote site; (pluto)
2014-04-03 20:54:13 - Warning - IPsec VPN: msg="groupname"[48] XXX.XXX.XXX.XXX #59: max number of retransmissions (2) reached STATE_AGGR_R1; (pluto)
2014-04-03 20:53:30 - Warning - IPsec VPN: msg="groupname"[47] XXX.XXX.XXX.XXX #58: Quick mode retry fail, please Check if local IKE/Transform/PFS are the same as remote site; (pluto)
2014-04-03 20:53:30 - Warning - IPsec VPN: msg="groupname"[47] XXX.XXX.XXX.XXX #58: max number of retransmissions (2) reached STATE_AGGR_R1; (pluto)
2014-04-03 20:53:03 - Warning - IPsec VPN: msg="groupname"[48] XXX.XXX.XXX.XXX #59: STATE_AGGR_R1: sent AR1, expecting AI2; (pluto)
2014-04-03 20:53:03 - Warning - IPsec VPN: msg="groupname"[48] XXX.XXX.XXX.XXX #59: OAKLEY_KEY_LENGTH attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute.  Attribute OAKLEY_KEY_LENGTH; (pluto)
2014-04-03 20:53:03 - Warning - IPsec VPN: msg="groupname"[48] XXX.XXX.XXX.XXX #59: OAKLEY_KEY_LENGTH attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute.  Attribute OAKLEY_KEY_LENGTH; (pluto)
2014-04-03 20:53:03 - Warning - IPsec VPN: msg="groupname"[48] XXX.XXX.XXX.XXX #59: OAKLEY_KEY_LENGTH attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute.  Attribute OAKLEY_KEY_LENGTH; (pluto)
2014-04-03 20:53:03 - Warning - IPsec VPN: msg="groupname"[48] XXX.XXX.XXX.XXX #59: OAKLEY_KEY_LENGTH attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute.  Attribute OAKLEY_KEY_LENGTH; (pluto)
2014-04-03 20:53:03 - Warning - IPsec VPN: msg="groupname"[48] XXX.XXX.XXX.XXX #59: OAKLEY_KEY_LENGTH attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute.  Attribute OAKLEY_KEY_LENGTH; (pluto)
2014-04-03 20:53:03 - Warning - IPsec VPN: msg="groupname"[48] XXX.XXX.XXX.XXX #59: OAKLEY_KEY_LENGTH attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute.  Attribute OAKLEY_KEY_LENGTH; (pluto)
2014-04-03 20:53:03 - Warning - IPsec VPN: msg="groupname"[48] XXX.XXX.XXX.XXX #59: OAKLEY_KEY_LENGTH attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute.  Attribute OAKLEY_KEY_LENGTH; (pluto)
2014-04-03 20:53:03 - Warning - IPsec VPN: msg="groupname"[48] XXX.XXX.XXX.XXX #59: OAKLEY_KEY_LENGTH attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute.  Attribute OAKLEY_KEY_LENGTH; (pluto)
2014-04-03 20:53:03 - Warning - IPsec VPN: msg="groupname"[48] XXX.XXX.XXX.XXX #59: OAKLEY_KEY_LENGTH attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute.  Attribute OAKLEY_KEY_LENGTH; (pluto)
2014-04-03 20:53:03 - Warning - IPsec VPN: msg="groupname"[48] XXX.XXX.XXX.XXX #59: OAKLEY_KEY_LENGTH attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute.  Attribute OAKLEY_KEY_LENGTH; (pluto)
2014-04-03 20:53:03 - Warning - IPsec VPN: msg="groupname"[48] XXX.XXX.XXX.XXX #59: OAKLEY_KEY_LENGTH attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute.  Attribute OAKLEY_KEY_LENGTH; (pluto)
2014-04-03 20:53:03 - Warning - IPsec VPN: msg="groupname"[48] XXX.XXX.XXX.XXX #59: OAKLEY_KEY_LENGTH attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute.  Attribute OAKLEY_KEY_LENGTH; (pluto)
2014-04-03 20:53:03 - Warning - IPsec VPN: msg=packet from XXX.XXX.XXX.XXX:43810: received Vendor ID payload [Dead Peer Detection]; (pluto)
2014-04-03 20:53:03 - Warning - IPsec VPN: msg=packet from XXX.XXX.XXX.XXX:43810: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]; (pluto)
2014-04-03 20:53:03 - Warning - IPsec VPN: msg=packet from XXX.XXX.XXX.XXX:43810: ignoring unknown Vendor ID payload [16f6ca16e4a4066d83821a0f0aeaa862]; (pluto)
2014-04-03 20:53:03 - Warning - IPsec VPN: msg=packet from XXX.XXX.XXX.XXX:43810: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109; (pluto)
2014-04-03 20:53:03 - Warning - IPsec VPN: msg=packet from XXX.XXX.XXX.XXX:43810: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109; (pluto)
2014-04-03 20:53:03 - Warning - IPsec VPN: msg=packet from XXX.XXX.XXX.XXX:43810: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109; (pluto)
2014-04-03 20:53:03 - Warning - IPsec VPN: msg=packet from XXX.XXX.XXX.XXX:43810: received Vendor ID payload [RFC 3947] method set to=109 ; (pluto)
2014-04-03 20:53:03 - Warning - IPsec VPN: msg=packet from XXX.XXX.XXX.XXX:43810: received Vendor ID payload [Cisco-Unity]; (pluto)
2014-04-03 20:53:03 - Warning - IPsec VPN: msg=packet from XXX.XXX.XXX.XXX:43810: received Vendor ID payload [XAUTH]; (pluto)
2014-04-03 20:52:20 - Warning - IPsec VPN: msg="groupname"[47] XXX.XXX.XXX.XXX #58: STATE_AGGR_R1: sent AR1, expecting AI2; (pluto)
2014-04-03 20:52:20 - Warning - IPsec VPN: msg="groupname"[47] XXX.XXX.XXX.XXX #58: OAKLEY_KEY_LENGTH attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute.  Attribute OAKLEY_KEY_LENGTH; (pluto)
2014-04-03 20:52:20 - Warning - IPsec VPN: msg="groupname"[47] XXX.XXX.XXX.XXX #58: OAKLEY_KEY_LENGTH attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute.  Attribute OAKLEY_KEY_LENGTH; (pluto)
2014-04-03 20:52:20 - Warning - IPsec VPN: msg="groupname"[47] XXX.XXX.XXX.XXX #58: OAKLEY_KEY_LENGTH attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute.  Attribute OAKLEY_KEY_LENGTH; (pluto)
2014-04-03 20:52:20 - Warning - IPsec VPN: msg="groupname"[47] XXX.XXX.XXX.XXX #58: OAKLEY_KEY_LENGTH attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute.  Attribute OAKLEY_KEY_LENGTH; (pluto)
2014-04-03 20:52:20 - Warning - IPsec VPN: msg="groupname"[47] XXX.XXX.XXX.XXX #58: OAKLEY_KEY_LENGTH attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute.  Attribute OAKLEY_KEY_LENGTH; (pluto)
2014-04-03 20:52:20 - Warning - IPsec VPN: msg="groupname"[47] XXX.XXX.XXX.XXX #58: OAKLEY_KEY_LENGTH attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute.  Attribute OAKLEY_KEY_LENGTH; (pluto)
2014-04-03 20:52:20 - Warning - IPsec VPN: msg="groupname"[47] XXX.XXX.XXX.XXX #58: OAKLEY_KEY_LENGTH attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute.  Attribute OAKLEY_KEY_LENGTH; (pluto)
2014-04-03 20:52:20 - Warning - IPsec VPN: msg="groupname"[47] XXX.XXX.XXX.XXX #58: OAKLEY_KEY_LENGTH attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute.  Attribute OAKLEY_KEY_LENGTH; (pluto)
2014-04-03 20:52:20 - Warning - IPsec VPN: msg="groupname"[47] XXX.XXX.XXX.XXX #58: OAKLEY_KEY_LENGTH attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute.  Attribute OAKLEY_KEY_LENGTH; (pluto)
2014-04-03 20:52:20 - Warning - IPsec VPN: msg="groupname"[47] XXX.XXX.XXX.XXX #58: OAKLEY_KEY_LENGTH attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute.  Attribute OAKLEY_KEY_LENGTH; (pluto)
2014-04-03 20:52:20 - Warning - IPsec VPN: msg="groupname"[47] XXX.XXX.XXX.XXX #58: OAKLEY_KEY_LENGTH attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute.  Attribute OAKLEY_KEY_LENGTH; (pluto)
2014-04-03 20:52:20 - Warning - IPsec VPN: msg="groupname"[47] XXX.XXX.XXX.XXX #58: OAKLEY_KEY_LENGTH attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute.  Attribute OAKLEY_KEY_LENGTH; (pluto)
2014-04-03 20:52:20 - Warning - IPsec VPN: msg=packet from XXX.XXX.XXX.XXX:58320: received Vendor ID payload [Dead Peer Detection]; (pluto)
2014-04-03 20:52:20 - Warning - IPsec VPN: msg=packet from XXX.XXX.XXX.XXX:58320: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]; (pluto)
2014-04-03 20:52:20 - Warning - IPsec VPN: msg=packet from XXX.XXX.XXX.XXX:58320: ignoring unknown Vendor ID payload [16f6ca16e4a4066d83821a0f0aeaa862]; (pluto)
2014-04-03 20:52:20 - Warning - IPsec VPN: msg=packet from XXX.XXX.XXX.XXX:58320: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109; (pluto)
2014-04-03 20:52:20 - Warning - IPsec VPN: msg=packet from XXX.XXX.XXX.XXX:58320: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109; (pluto)
2014-04-03 20:52:20 - Warning - IPsec VPN: msg=packet from XXX.XXX.XXX.XXX:58320: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109; (pluto)
2014-04-03 20:52:20 - Warning - IPsec VPN: msg=packet from XXX.XXX.XXX.XXX:58320: received Vendor ID payload [RFC 3947] method set to=109 ; (pluto)
2014-04-03 20:52:20 - Warning - IPsec VPN: msg=packet from XXX.XXX.XXX.XXX:58320: received Vendor ID payload [Cisco-Unity]; (pluto)
2014-04-03 20:52:20 - Warning - IPsec VPN: msg=packet from XXX.XXX.XXX.XXX:58320: received Vendor ID payload [XAUTH]; (pluto)

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Hi Rich,What firmware version

Hi Rich,

What firmware version were you using before you upgraded?  Did you upgrade to 1.2.19 and now it's working?

Thanks,

Brandon

View solution in original post

3 REPLIES 3
Contributor

I'd rather use anyconnect

I'd rather use anyconnect which is also available for Mac

Michael Please rate all helpful posts
Beginner

This doesn't work on the

This doesn't work on the iPads because it says you need to have the mobile client or something like that. Also anyconnect on the Mac is vulnerable to the heart bleed issue. After updating to the newest firmware, I haven't had a complaint yet but I don't know why this would fix this specific issue since the release notes didn't say anything about vpn that I saw.
Highlighted
Cisco Employee

Hi Rich,What firmware version

Hi Rich,

What firmware version were you using before you upgraded?  Did you upgrade to 1.2.19 and now it's working?

Thanks,

Brandon

View solution in original post