Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
660
Views
0
Helpful
0
Replies

Easy VPN Client not working after upgrading router IOS to v15.3(3)M2

Luis Alvarez
Level 1
Level 1

‎03-11-2014 05:40 PM

Hello.

We have an ISR 2901 with VPN tunnels and EZVPN clients that was working perfectly for the last 2 years. the problem that we are experiencing is that after we upgraded our router from v15.0(1)M4 to 15.3(3)M2 remote workers can no longer connect to our VPN through their VPN Clients, I mean, if they double click the VPN profile, after a few seconds nothing happens, no message, nothing.

This is the actual config.

crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
 lifetime 28800
!
crypto isakmp policy 2
 hash md5
 authentication pre-share
 group 2
!
crypto isakmp policy 10
 encr 3des
 hash md5
 authentication pre-share
 group 2
crypto isakmp key xxxx address x.x.x.x 
crypto isakmp key xxx address 0.0.0.0        
!
crypto isakmp client configuration group oscar
 key ****
 pool clientes
 acl 103
 netmask 255.255.255.0
!
crypto isakmp client configuration group DIRECCION
 key ****
 pool direccion
 acl 104
 netmask 255.255.255.0
!
crypto isakmp client configuration group VOIP
 key v01pcg1.T3lC0
 pool voip
 acl 105
 netmask 255.255.255.240
!
crypto isakmp client configuration group TELCO
 key ****
 pool telco
 acl 106
 netmask 255.255.255.0
crypto isakmp profile VPNclient
   match identity group oscar
   client authentication list EZVPN
   isakmp authorization list EZVPN
   client configuration address respond
crypto isakmp profile DIRECCION
   match identity group DIRECCION
   client authentication list EZVPN
   isakmp authorization list EZVPN
   client configuration address respond
crypto isakmp profile VOIP
   match identity group VOIP
   client authentication list EZVPN
   isakmp authorization list EZVPN
   client configuration address respond
crypto isakmp profile TELCO
   match identity group TELCO
   client authentication list EZVPN
   isakmp authorization list EZVPN
   client configuration address respond
!
!
crypto ipsec transform-set DES-MD5 esp-des esp-md5-hmac 
 mode tunnel
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
 mode tunnel
crypto ipsec transform-set IPHONE esp-3des esp-sha-hmac 
 mode tunnel
crypto ipsec transform-set local esp-3des esp-md5-hmac 
 mode tunnel
crypto ipsec transform-set HSBC ah-sha-hmac esp-3des esp-sha-hmac 
 mode tunnel
!
crypto ipsec profile GRE-tunnel
 set security-association lifetime seconds 86400
 set transform-set ESP-3DES-SHA 
!
crypto ipsec profile VPNclient
 set transform-set ESP-3DES-SHA 
 set isakmp-profile VPNclient
!
!
!
crypto dynamic-map dynmap 10
 set transform-set IPHONE 
 set isakmp-profile VPNclient
crypto dynamic-map dynmap 20
 set transform-set ESP-3DES-SHA 
 set isakmp-profile DIRECCION
crypto dynamic-map dynmap 30
 set transform-set ESP-3DES-SHA 
 set isakmp-profile VOIP
crypto dynamic-map dynmap 40
 set transform-set ESP-3DES-SHA 
 set isakmp-profile TELCO
 reverse-route
!
!
crypto map dynmap 1 ipsec-isakmp dynamic dynmap 

 

interface GigabitEthernet0/1

crypto map dynmap.

 

and this is what i got after debbuging isakmp

62752: Mar 11 18:08:09.416 GMT-6: ISAKMP:(0): retransmitting phase 1 AG_INIT_EXCH...
062753: Mar 11 18:08:09.416 GMT-6: ISAKMP (0): incrementing error counter on sa, attempt 5 of 5: retransmit phase 1
062754: Mar 11 18:08:09.416 GMT-6: ISAKMP:(0): retransmitting phase 1 AG_INIT_EXCH
062755: Mar 11 18:08:09.416 GMT-6: ISAKMP:(0): sending packet to 192.168.8.3 my_port 500 peer_port 56741 (R) AG_INIT_EXCH
062756: Mar 11 18:08:09.416 GMT-6: ISAKMP:(0):Sending an IKE IPv4 Packet.
062757: Mar 11 18:08:09.492 GMT-6: %SEC-6-IPACCESSLOGP: list 120 denied udp 17.173.254.222(16384) -> 187.188.148.87(1352), 1 packet  
062758: Mar 11 18:08:10.036 GMT-6: ISAKMP:(0):purging SA., sa=3B1D1340, delme=3B1D1340
062759: Mar 11 18:08:11.728 GMT-6: ISAKMP:(0):purging SA., sa=24EC398C, delme=24EC398C
062760: Mar 11 18:08:13.872 GMT-6: ISAKMP (0): received packet from 192.168.8.3 dport 500 sport 56744 Global (N) NEW SA
062761: Mar 11 18:08:13.872 GMT-6: ISAKMP: Created a peer struct for 192.168.8.3, peer port 56744
062762: Mar 11 18:08:13.872 GMT-6: ISAKMP: New peer created peer = 0x2309206C peer_handle = 0x80000093
062763: Mar 11 18:08:13.872 GMT-6: ISAKMP: Locking peer struct 0x2309206C, refcount 1 for crypto_isakmp_process_block
062764: Mar 11 18:08:13.872 GMT-6: ISAKMP: local port 500, remote port 56744
062765: Mar 11 18:08:13.872 GMT-6: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 24EC398C
062766: Mar 11 18:08:13.872 GMT-6: ISAKMP:(0): processing SA payload. message ID = 0
062767: Mar 11 18:08:13.872 GMT-6: ISAKMP:(0): processing ID payload. message ID = 0
062768: Mar 11 18:08:13.872 GMT-6: ISAKMP (0): ID payload 
        next-payload : 13
        type         : 11 
        group id     : TELCO 
        protocol     : 17 
        port         : 500 
        length       : 13
062769: Mar 11 18:08:13.872 GMT-6: ISAKMP:(0):: peer matches TELCO profile
062770: Mar 11 18:08:13.872 GMT-6: ISAKMP:(0):Setting client config settings 3B41C0DC
062771: Mar 11 18:08:13.872 GMT-6: ISAKMP:(0):(Re)Setting client xauth list  and state
062772: Mar 11 18:08:13.872 GMT-6: ISAKMP/xauth: initializing AAA request
062773: Mar 11 18:08:13.872 GMT-6: ISAKMP:(0): processing vendor id payload
062774: Mar 11 18:08:13.872 GMT-6: ISAKMP:(0): vendor ID seems Unity/DPD but major 215 mismatch
062775: Mar 11 18:08:13.872 GMT-6: ISAKMP:(0): vendor ID is XAUTH
062776: Mar 11 18:08:13.872 GMT-6: ISAKMP:(0): processing vendor id payload
062777: Mar 11 18:08:13.872 GMT-6: ISAKMP:(0): vendor ID is DPD
062778: Mar 11 18:08:13.872 GMT-6: ISAKMP:(0): processing vendor id payload
062779: Mar 11 18:08:13.872 GMT-6: ISAKMP:(0): processing IKE frag vendor id payload
062780: Mar 11 18:08:13.872 GMT-6: ISAKMP:(0):Support for IKE Fragmentation not enabled
062781: Mar 11 18:08:13.872 GMT-6: ISAKMP:(0): processing vendor id payload
062782: Mar 11 18:08:13.872 GMT-6: ISAKMP:(0): vendor ID seems Unity/DPD but major 123 mismatch
062783: Mar 11 18:08:13.872 GMT-6: ISAKMP:(0): vendor ID is NAT-T v2
062784: Mar 11 18:08:13.872 GMT-6: ISAKMP:(0): processing vendor id payload
062785: Mar 11 18:08:13.872 GMT-6: ISAKMP:(0): vendor ID is Unity
062786: Mar 11 18:08:13.872 GMT-6: ISAKMP:(0): Authentication by xauth preshared
062787: Mar 11 18:08:13.872 GMT-6: ISAKMP:(0): IKE->PKI Get configured TrustPoints state (R) AG_NO_STATE (peer 192.168.8.3)
062788: Mar 11 18:08:13.872 GMT-6: ISAKMP:(0): PKI->IKE Got configured TrustPoints state (R) AG_NO_STATE (peer 192.168.8.3)
062789: Mar 11 18:08:13.872 GMT-6: ISAKMP:(0):Checking ISAKMP transform 1 against priority 1 policy
062790: Mar 11 18:08:13.872 GMT-6: ISAKMP:      encryption AES-CBC
062791: Mar 11 18:08:13.872 GMT-6: ISAKMP:      hash SHA
062792: Mar 11 18:08:13.872 GMT-6: ISAKMP:      default group 2
062793: Mar 11 18:08:13.872 GMT-6: ISAKMP:      auth XAUTHInitPreShared
062794: Mar 11 18:08:13.872 GMT-6: ISAKMP:      life type in seconds
062795: Mar 11 18:08:13.872 GMT-6: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B 
062796: Mar 11 18:08:13.872 GMT-6: ISAKMP:      keylength of 256
062797: Mar 11 18:08:13.872 GMT-6: ISAKMP:(0):Encryption algorithm offered does not match policy!
062798: Mar 11 18:08:13.872 GMT-6: ISAKMP:(0):atts are not acceptable. Next payload is 3
062799: Mar 11 18:08:13.872 GMT-6: ISAKMP:(0):Checking ISAKMP transform 2 against priority 1 policy
062800: Mar 11 18:08:13.876 GMT-6: ISAKMP:      encryption AES-CBC
062801: Mar 11 18:08:13.876 GMT-6: ISAKMP:      hash MD5
062802: Mar 11 18:08:13.876 GMT-6: ISAKMP:      default group 2
062803: Mar 11 18:08:13.876 GMT-6: ISAKMP:      auth XAUTHInitPreShared
062804: Mar 11 18:08:13.876 GMT-6: ISAKMP:      life type in seconds
062805: Mar 11 18:08:13.876 GMT-6: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B 
062806: Mar 11 18:08:13.876 GMT-6: ISAKMP:      keylength of 256
062807: Mar 11 18:08:13.876 GMT-6: ISAKMP:(0):Encryption algorithm offered does not match policy!
062808: Mar 11 18:08:13.876 GMT-6: ISAKMP:(0):atts are not acceptable. Next payload is 3
062809: Mar 11 18:08:13.876 GMT-6: ISAKMP:(0):Checking ISAKMP transform 3 against priority 1 policy
062810: Mar 11 18:08:13.876 GMT-6: ISAKMP:      encryption AES-CBC
062811: Mar 11 18:08:13.876 GMT-6: ISAKMP:      hash SHA
062812: Mar 11 18:08:13.876 GMT-6: ISAKMP:      default group 2
062813: Mar 11 18:08:13.876 GMT-6: ISAKMP:      auth pre-share
062814: Mar 11 18:08:13.876 GMT-6: ISAKMP:      life type in seconds
062815: Mar 11 18:08:13.876 GMT-6: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B 
062816: Mar 11 18:08:13.876 GMT-6: ISAKMP:      keylength of 256
062817: Mar 11 18:08:13.876 GMT-6: ISAKMP:(0):Encryption algorithm offered does not match policy!
062818: Mar 11 18:08:13.876 GMT-6: ISAKMP:(0):atts are not acceptable. Next payload is 3
062819: Mar 11 18:08:13.876 GMT-6: ISAKMP:(0):Checking ISAKMP transform 4 against priority 1 policy
062820: Mar 11 18:08:13.876 GMT-6: ISAKMP:      encryption AES-CBC
062821: Mar 11 18:08:13.876 GMT-6: ISAKMP:      hash MD5
062822: Mar 11 18:08:13.876 GMT-6: ISAKMP:      default group 2
062823: Mar 11 18:08:13.876 GMT-6: ISAKMP:      auth pre-share
062824: Mar 11 18:08:13.876 GMT-6: ISAKMP:      life type in seconds
062825: Mar 11 18:08:13.876 GMT-6: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B 
062826: Mar 11 18:08:13.876 GMT-6: ISAKMP:      keylength of 256
062827: Mar 11 18:08:13.876 GMT-6: ISAKMP:(0):Encryption algorithm offered does not match policy!
062828: Mar 11 18:08:13.876 GMT-6: ISAKMP:(0):atts are not acceptable. Next payload is 3
062829: Mar 11 18:08:13.876 GMT-6: ISAKMP:(0):Checking ISAKMP transform 5 against priority 1 policy
062830: Mar 11 18:08:13.876 GMT-6: ISAKMP:      encryption AES-CBC
062831: Mar 11 18:08:13.876 GMT-6: ISAKMP:      hash SHA
062832: Mar 11 18:08:13.876 GMT-6: ISAKMP:      default group 2
062833: Mar 11 18:08:13.876 GMT-6: ISAKMP:      auth XAUTHInitPreShared
062834: Mar 11 18:08:13.876 GMT-6: ISAKMP:      life type in seconds
062835: Mar 11 18:08:13.876 GMT-6: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B 
062836: Mar 11 18:08:13.876 GMT-6: ISAKMP:      keylength of 128
062837: Mar 11 18:08:13.876 GMT-6: ISAKMP:(0):Encryption algorithm offered does not match policy!
062838: Mar 11 18:08:13.876 GMT-6: ISAKMP:(0):atts are not acceptable. Next payload is 3
062839: Mar 11 18:08:13.876 GMT-6: ISAKMP:(0):Checking ISAKMP transform 6 against priority 1 policy
062840: Mar 11 18:08:13.876 GMT-6: ISAKMP:      encryption AES-CBC
062841: Mar 11 18:08:13.876 GMT-6: ISAKMP:      hash MD5
062842: Mar 11 18:08:13.876 GMT-6: ISAKMP:      default group 2
062843: Mar 11 18:08:13.876 GMT-6: ISAKMP:      auth XAUTHInitPreShared
062844: Mar 11 18:08:13.876 GMT-6: ISAKMP:      life type in seconds
062845: Mar 11 18:08:13.876 GMT-6: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B 
062846: Mar 11 18:08:13.876 GMT-6: ISAKMP:      keylength of 128
062847: Mar 11 18:08:13.876 GMT-6: ISAKMP:(0):Encryption algorithm offered does not match policy!
062848: Mar 11 18:08:13.876 GMT-6: ISAKMP:(0):atts are not acceptable. Next payload is 3
062849: Mar 11 18:08:13.876 GMT-6: ISAKMP:(0):Checking ISAKMP transform 7 against priority 1 policy
062850: Mar 11 18:08:13.876 GMT-6: ISAKMP:      encryption AES-CBC
062851: Mar 11 18:08:13.876 GMT-6: ISAKMP:      hash SHA
062852: Mar 11 18:08:13.876 GMT-6: ISAKMP:      default group 2
062853: Mar 11 18:08:13.876 GMT-6: ISAKMP:      auth pre-share
062854: Mar 11 18:08:13.876 GMT-6: ISAKMP:      life type in seconds
062855: Mar 11 18:08:13.876 GMT-6: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B 
062856: Mar 11 18:08:13.876 GMT-6: ISAKMP:      keylength of 128
062857: Mar 11 18:08:13.876 GMT-6: ISAKMP:(0):Encryption algorithm offered does not match policy!
062858: Mar 11 18:08:13.876 GMT-6: ISAKMP:(0):atts are not acceptable. Next payload is 3
062859: Mar 11 18:08:13.876 GMT-6: ISAKMP:(0):Checking ISAKMP transform 8 against priority 1 policy
062860: Mar 11 18:08:13.876 GMT-6: ISAKMP:      encryption AES-CBC
062861: Mar 11 18:08:13.876 GMT-6: ISAKMP:      hash MD5
062862: Mar 11 18:08:13.876 GMT-6: ISAKMP:      default group 2
062863: Mar 11 18:08:13.876 GMT-6: ISAKMP:      auth pre-share
062864: Mar 11 18:08:13.876 GMT-6: ISAKMP:      life type in seconds
062865: Mar 11 18:08:13.876 GMT-6: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B 
062866: Mar 11 18:08:13.876 GMT-6: ISAKMP:      keylength of 128
062867: Mar 11 18:08:13.876 GMT-6: ISAKMP:(0):Encryption algorithm offered does not match policy!
062868: Mar 11 18:08:13.876 GMT-6: ISAKMP:(0):atts are not acceptable. Next payload is 3
062869: Mar 11 18:08:13.876 GMT-6: ISAKMP:(0):Checking ISAKMP transform 9 against priority 1 policy
062870: Mar 11 18:08:13.876 GMT-6: ISAKMP:      encryption 3DES-CBC
062871: Mar 11 18:08:13.876 GMT-6: ISAKMP:      hash SHA
062872: Mar 11 18:08:13.876 GMT-6: ISAKMP:      default group 2
062873: Mar 11 18:08:13.876 GMT-6: ISAKMP:      auth XAUTHInitPreShared
062874: Mar 11 18:08:13.876 GMT-6: ISAKMP:      life type in seconds
062875: Mar 11 18:08:13.876 GMT-6: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B 
062876: Mar 11 18:08:13.876 GMT-6: ISAKMP:(0):atts are acceptable. Next payload is 3
062877: Mar 11 18:08:13.876 GMT-6: ISAKMP:(0):Acceptable atts:actual life: 28800
062878: Mar 11 18:08:13.876 GMT-6: ISAKMP:(0):Acceptable atts:life: 0
062879: Mar 11 18:08:13.876 GMT-6: ISAKMP:(0):Fill atts in sa vpi_length:4
062880: Mar 11 18:08:13.876 GMT-6: ISAKMP:(0):Fill atts in sa life_in_seconds:2147483
062881: Mar 11 18:08:13.876 GMT-6: ISAKMP:(0):Returning Actual lifetime: 28800
062882: Mar 11 18:08:13.876 GMT-6: ISAKMP:(0)::Started lifetime timer: 28800.

062883: Mar 11 18:08:13.876 GMT-6: ISAKMP:(0): processing KE payload. message ID = 0
062884: Mar 11 18:08:13.908 GMT-6: ISAKMP:(0): processing NONCE payload. message ID = 0
062885: Mar 11 18:08:13.912 GMT-6: ISAKMP:(0): vendor ID is NAT-T v2
062886: Mar 11 18:08:13.912 GMT-6: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH
062887: Mar 11 18:08:13.912 GMT-6: ISAKMP:(0):Old State = IKE_READY  New State = IKE_R_AM_AAA_AWAIT 

062888: Mar 11 18:08:13.912 GMT-6: ISAKMP:(0): constructed NAT-T vendor-02 ID
062889: Mar 11 18:08:13.912 GMT-6: ISAKMP:(0):SA is doing pre-shared key authentication plus XAUTH using id type ID_IPV4_ADDR
062890: Mar 11 18:08:13.912 GMT-6: ISAKMP (0): ID payload 
        next-payload : 10
        type         : 1 
        address      : 187.188.148.87 
        protocol     : 0 
        port         : 0 
        length       : 12
062891: Mar 11 18:08:13.912 GMT-6: ISAKMP:(0):Total payload length: 12
062892: Mar 11 18:08:13.912 GMT-6: ISAKMP:(0): sending packet to 192.168.8.3 my_port 500 peer_port 56744 (R) AG_INIT_EXCH
062893: Mar 11 18:08:13.912 GMT-6: ISAKMP:(0):Sending an IKE IPv4 Packet.
062894: Mar 11 18:08:13.912 GMT-6: ISAKMP:(0):Input = IKE_MESG_FROM_AAA, PRESHARED_KEY_REPLY
062895: Mar 11 18:08:13.912 GMT-6: ISAKMP:(0):Old State = IKE_R_AM_AAA_AWAIT  New State = IKE_R_AM2 

062896: Mar 11 18:08:14.088 GMT-6: ISAKMP (0): received packet from 192.168.8.3 dport 500 sport 56744 Global (R) AG_INIT_EXCH
062897: Mar 11 18:08:14.088 GMT-6: %CRYPTO-6-IKMP_NOT_ENCRYPTED: IKE packet from 192.168.8.3 was not encrypted and it should've been.
062898: Mar 11 18:08:14.092 GMT-6: ISAKMP (0): incrementing error counter on sa, attempt 1 of 5: reset_retransmission
062899: Mar 11 18:08:14.092 GMT-6: ISAKMP (0): received packet from 192.168.8.3 dport 500 sport 56744 Global (R) AG_INIT_EXCH
062900: Mar 11 18:08:14.092 GMT-6: %CRYPTO-6-IKMP_NOT_ENCRYPTED: IKE packet from 192.168.8.3 was not encrypted and it should've been.
062901: Mar 11 18:08:14.092 GMT-6: ISAKMP (0): incrementing error counter on sa, attempt 2 of 5: reset_retransmission
062902: Mar 11 18:08:14.172 GMT-6: %SRE_SM-6-STATE_CHANGE: ISM0/0 changing state from SERVICE_MODULE_STATE_STDY to SERVICE_MODULE_STATE_WREG
062903: Mar 11 18:08:14.184 GMT-6: %SRE_SM-6-STATE_CHANGE: ISM0/0 changing state from SERVICE_MODULE_STATE_WREG to SERVICE_MODULE_STATE_STDY
062904: Mar 11 18:08:14.996 GMT-6: ISAKMP:(0):purging SA., sa=24F6EEAC, delme=24F6EEAC
062905: Mar 11 18:08:15.092 GMT-6: ISAKMP:(0): retransmitting phase 1 AG_INIT_EXCH...
062906: Mar 11 18:08:15.092 GMT-6: ISAKMP (0): incrementing error counter on sa, attempt 3 of 5: retransmit phase 1
062907: Mar 11 18:08:15.092 GMT-6: ISAKMP:(0): retransmitting phase 1 AG_INIT_EXCH
062908: Mar 11 18:08:15.092 GMT-6: ISAKMP:(0): sending packet to 192.168.8.3 my_port 500 peer_port 56744 (R) AG_INIT_EXCH
062909: Mar 11 18:08:15.092 GMT-6: ISAKMP:(0):Sending an IKE IPv4 Packet.
062910: Mar 11 18:08:19.424 GMT-6: ISAKMP:(0): retransmitting phase 1 AG_INIT_EXCH...
062911: Mar 11 18:08:19.424 GMT-6: ISAKMP:(0):peer does not do paranoid keepalives.

062912: Mar 11 18:08:19.424 GMT-6: ISAKMP:(0):deleting SA reason "Death by retransmission P1" state (R) AG_INIT_EXCH (peer 192.168.8.3)
062913: Mar 11 18:08:19.424 GMT-6: ISAKMP:(0):deleting SA reason "Death by retransmission P1" state (R) AG_INIT_EXCH (peer 192.168.8.3) 
062914: Mar 11 18:08:19.424 GMT-6: ISAKMP: Unlocking peer struct 0x3D877D40 for isadb_mark_sa_deleted(), count 0
062915: Mar 11 18:08:19.424 GMT-6: ISAKMP: Deleting peer node by peer_reap for 192.168.8.3: 3D877D40
062916: Mar 11 18:08:19.428 GMT-6: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
062917: Mar 11 18:08:19.428 GMT-6: ISAKMP:(0):Old State = IKE_R_AM2  New State = IKE_DEST_SA 

062918: Mar 11 18:08:20.444 GMT-6: %SYS-2-MALLOCFAIL: Memory allocation of 65612 bytes failed from 0x332B01DC, alignment 128 
Pool: I/O  Free: 111376  Cause: Memory fragmentation 
Alternate Pool: None  Free: 0  Cause: No Alternate pool 
 -Process= "Pool Manager", ipl= 0, pid= 7
-Traceback= 3329C54Cz 332AA564z 3000D85Cz 332AE088z 332AE258z 33286090z 33286074z
062919: Mar 11 18:08:21.388 GMT-6: ISAKMP:(0):purging SA., sa=3B3C8280, delme=3B3C8280
062920: Mar 11 18:08:22.364 GMT-6: ISAKMP:(1041):purging node -1843083767
062921: Mar 11 18:08:24.432 GMT-6: ISAKMP:(0):purging SA., sa=3B186704, delme=3B186704
062922: Mar 11 18:08:25.092 GMT-6: ISAKMP:(0): retransmitting phase 1 AG_INIT_EXCH...
062923: Mar 11 18:08:25.092 GMT-6: ISAKMP (0): incrementing error counter on sa, attempt 4 of 5: retransmit phase 1
062924: Mar 11 18:08:25.092 GMT-6: ISAKMP:(0): retransmitting phase 1 AG_INIT_EXCH
062925: Mar 11 18:08:25.092 GMT-6: ISAKMP:(0): sending packet to 192.168.8.3 my_port 500 peer_port 56744 (R) AG_INIT_EXCH
062926: Mar 11 18:08:25.092 GMT-6: ISAKMP:(0):Sending an IKE IPv4 Packet.
062927: Mar 11 18:08:26.964 GMT-6: %SEC-6-IPACCESSLOGP: list 120 denied tcp 176.34.104.44(5223) -> 187.188.148.87(58151), 1 packet  
062928: Mar 11 18:08:27.252 GMT-6: ISAKMP:(0):purging SA., sa=3B1D33B0, delme=3B1D33B0
062929: Mar 11 18:08:32.592 GMT-6: ISAKMP (1041): received packet from 187.194.188.161 dport 500 sport 500 Global (R) QM_IDLE      
062930: Mar 11 18:08:32.592 GMT-6: ISAKMP: set new node -1037027540 to QM_IDLE      
062931: Mar 11 18:08:32.592 GMT-6: ISAKMP:(1041): processing HASH payload. message ID = 3257939756
062932: Mar 11 18:08:32.592 GMT-6: ISAKMP:(1041): processing SA payload. message ID = 3257939756
062933: Mar 11 18:08:32.592 GMT-6: ISAKMP:(1041):Checking IPSec proposal 1
062934: Mar 11 18:08:32.592 GMT-6: ISAKMP: transform 1, ESP_3DES
062935: Mar 11 18:08:32.592 GMT-6: ISAKMP:   attributes in transform:
062936: Mar 11 18:08:32.592 GMT-6: ISAKMP:      encaps is 2 (Transport)
062937: Mar 11 18:08:32.592 GMT-6: ISAKMP:      SA life type in seconds
062938: Mar 11 18:08:32.592 GMT-6: ISAKMP:      SA life duration (basic) of 3600
062939: Mar 11 18:08:32.592 GMT-6: ISAKMP:      SA life type in kilobytes
062940: Mar 11 18:08:32.592 GMT-6: ISAKMP:      SA life duration (VPI) of  0x0 0x46 0x50 0x0 
062941: Mar 11 18:08:32.592 GMT-6: ISAKMP:      authenticator is HMAC-MD5
062942: Mar 11 18:08:32.592 GMT-6: ISAKMP:(1041):atts are acceptable.
062943: Mar 11 18:08:32.592 GMT-6: ISAKMP:(1041): IPSec policy invalidated proposal with error 256
062944: Mar 11 18:08:32.596 GMT-6: ISAKMP:(1041): phase 2 SA policy not acceptable! (local 187.188.148.87 remote 187.194.188.161)
062945: Mar 11 18:08:32.596 GMT-6: ISAKMP: set new node -1744622281 to QM_IDLE      
062946: Mar 11 18:08:32.596 GMT-6: ISAKMP:(1041):Sending NOTIFY PROPOSAL_NOT_CHOSEN protocol 3
        spi 580813896, message ID = 2550345015
062947: Mar 11 18:08:32.596 GMT-6: ISAKMP:(1041): sending packet to 187.194.188.161 my_port 500 peer_port 500 (R) QM_IDLE      
062948: Mar 11 18:08:32.596 GMT-6: ISAKMP:(1041):Sending an IKE IPv4 Packet.
062949: Mar 11 18:08:32.596 GMT-6: ISAKMP:(1041):purging node -1744622281t
062950: Mar 11 18:08:32.596 GMT-6: ISAKMP:(1041):deleting node -1037027540 error TRUE reason "QM rejected"
062951: Mar 11 18:08:32.596 GMT-6: ISAKMP:(1041):Node 3257939756, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH
062952: Mar 11 18:08:32.596 GMT-6: ISAKMP:(1041):Old State = IKE_QM_READY  New State = IKE_QM_READYer no mon
062953: Mar 11 18:08:35.092 GMT-6: ISAKMP:(0): retransmitting phase 1 AG_INIT_EXCH...
062954: Mar 11 18:08:35.092 GMT-6: ISAKMP (0): incrementing error counter on sa, attempt 5 of 5: retransmit phase 1
062955: Mar 11 18:08:35.092 GMT-6: ISAKMP:(0): retransmitting phase 1 AG_INIT_EXCH
062956: Mar 11 18:08:35.092 GMT-6: ISAKMP:(0): sending packet to 192.168.8.3 my_port 500 peer_port 56744 (R) AG_INIT_EXCH
062957: Mar 11 18:08:35.092 GMT-6: ISAKMP:(0):Sending an IKE IPv4 Packet.

I hope you could help us.

 

Regards

Labels:
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents