cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
632
Views
5
Helpful
2
Replies

Cisco IPSEC with MAC os native VPN client on Cisco ASA

Mustafafarhat
Level 1
Level 1

Hello!
I'm wondering if someone succeeded in setting up Cisco IPSEC vpn on MAC native VPN client (not Anyconnect) I've tried very hard with no results, please find the connection debug below

Any suggestions?

 

Thank you very much

 

vpn# Jun 15 12:33:52 [IKEv1]IKE Receiver: Packet received on 194.47.64.20:500 from 213.102.79.7:500
Jun 15 12:33:52 [IKEv1]IP = 213.102.79.7, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 765
Jun 15 12:33:52 [IKEv1 DEBUG]IP = 213.102.79.7, processing SA payload
Jun 15 12:33:52 [IKEv1 DEBUG]IP = 213.102.79.7, processing ke payload
Jun 15 12:33:52 [IKEv1 DEBUG]IP = 213.102.79.7, processing ISA_KE payload
Jun 15 12:33:52 [IKEv1 DEBUG]IP = 213.102.79.7, processing nonce payload
Jun 15 12:33:52 [IKEv1 DEBUG]IP = 213.102.79.7, processing ID payload
Jun 15 12:33:52 [IKEv1 DEBUG]IP = 213.102.79.7, processing VID payload
Jun 15 12:33:52 [IKEv1 DEBUG]IP = 213.102.79.7, Received Fragmentation VID
Jun 15 12:33:52 [IKEv1 DEBUG]IP = 213.102.79.7, IKE Peer included IKE fragmentation capability flags: Main Mode: True Aggressive Mode: False
Jun 15 12:33:52 [IKEv1 DEBUG]IP = 213.102.79.7, processing VID payload
Jun 15 12:33:52 [IKEv1 DEBUG]IP = 213.102.79.7, Received NAT-Traversal RFC VID
Jun 15 12:33:52 [IKEv1 DEBUG]IP = 213.102.79.7, processing VID payload
Jun 15 12:33:52 [IKEv1 DEBUG]IP = 213.102.79.7, processing VID payload
Jun 15 12:33:52 [IKEv1 DEBUG]IP = 213.102.79.7, processing VID payload
Jun 15 12:33:52 [IKEv1 DEBUG]IP = 213.102.79.7, processing VID payload
Jun 15 12:33:52 [IKEv1 DEBUG]IP = 213.102.79.7, processing VID payload
Jun 15 12:33:52 [IKEv1 DEBUG]IP = 213.102.79.7, processing VID payload
Jun 15 12:33:52 [IKEv1 DEBUG]IP = 213.102.79.7, processing VID payload
Jun 15 12:33:52 [IKEv1 DEBUG]IP = 213.102.79.7, Received NAT-Traversal ver 03 VID
Jun 15 12:33:52 [IKEv1 DEBUG]IP = 213.102.79.7, processing VID payload
Jun 15 12:33:52 [IKEv1 DEBUG]IP = 213.102.79.7, processing VID payload
Jun 15 12:33:52 [IKEv1 DEBUG]IP = 213.102.79.7, Received NAT-Traversal ver 02 VID
Jun 15 12:33:52 [IKEv1 DEBUG]IP = 213.102.79.7, processing VID payload
Jun 15 12:33:52 [IKEv1 DEBUG]IP = 213.102.79.7, Received xauth V6 VID
Jun 15 12:33:52 [IKEv1 DEBUG]IP = 213.102.79.7, processing VID payload
Jun 15 12:33:52 [IKEv1 DEBUG]IP = 213.102.79.7, Received Cisco Unity client VID
Jun 15 12:33:52 [IKEv1 DEBUG]IP = 213.102.79.7, processing VID payload
Jun 15 12:33:52 [IKEv1 DEBUG]IP = 213.102.79.7, Received DPD VID
Jun 15 12:33:52 [IKEv1]IP = 213.102.79.7, Connection landed on tunnel_group mac-group
Jun 15 12:33:52 [IKEv1 DEBUG]Group = mac-group, IP = 213.102.79.7, processing IKE SA payload
Jun 15 12:33:52 [IKEv1]Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Group 14 Cfg'd: Group 2
Jun 15 12:33:52 [IKEv1]Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Group 14 Cfg'd: Group 2
Jun 15 12:33:52 [IKEv1]Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Group 14 Cfg'd: Group 2
Jun 15 12:33:52 [IKEv1]Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Group 14 Cfg'd: Group 2
Jun 15 12:33:52 [IKEv1]Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Group 14 Cfg'd: Group 2
Jun 15 12:33:52 [IKEv1 DEBUG]Group = mac-group, IP = 213.102.79.7, IKE SA Proposal # 1, Transform # 3 acceptable Matches global IKE entry # 3
Jun 15 12:33:52 [IKEv1 DEBUG]Group = mac-group, IP = 213.102.79.7, constructing ISAKMP SA payload
Jun 15 12:33:52 [IKEv1 DEBUG]Group = mac-group, IP = 213.102.79.7, constructing ke payload
Jun 15 12:33:52 [IKEv1 DEBUG]Group = mac-group, IP = 213.102.79.7, constructing nonce payload
Jun 15 12:33:52 [IKEv1 DEBUG]Group = mac-group, IP = 213.102.79.7, Generating keys for Responder...
Jun 15 12:33:52 [IKEv1 DEBUG]Group = mac-group, IP = 213.102.79.7, constructing ID payload
Jun 15 12:33:52 [IKEv1 DEBUG]Group = mac-group, IP = 213.102.79.7, constructing hash payload
Jun 15 12:33:52 [IKEv1 DEBUG]Group = mac-group, IP = 213.102.79.7, Computing hash for ISAKMP
Jun 15 12:33:52 [IKEv1 DEBUG]Group = mac-group, IP = 213.102.79.7, constructing Cisco Unity VID payload
Jun 15 12:33:52 [IKEv1 DEBUG]Group = mac-group, IP = 213.102.79.7, constructing xauth V6 VID payload
Jun 15 12:33:52 [IKEv1 DEBUG]Group = mac-group, IP = 213.102.79.7, constructing dpd vid payload
Jun 15 12:33:52 [IKEv1 DEBUG]Group = mac-group, IP = 213.102.79.7, constructing NAT-Traversal VID ver RFC payload
Jun 15 12:33:52 [IKEv1 DEBUG]Group = mac-group, IP = 213.102.79.7, constructing NAT-Discovery payload
Jun 15 12:33:52 [IKEv1 DEBUG]Group = mac-group, IP = 213.102.79.7, computing NAT Discovery hash
Jun 15 12:33:52 [IKEv1 DEBUG]Group = mac-group, IP = 213.102.79.7, constructing NAT-Discovery payload
Jun 15 12:33:52 [IKEv1 DEBUG]Group = mac-group, IP = 213.102.79.7, computing NAT Discovery hash
Jun 15 12:33:52 [IKEv1 DEBUG]Group = mac-group, IP = 213.102.79.7, constructing Fragmentation VID + extended capabilities payload
Jun 15 12:33:52 [IKEv1 DEBUG]Group = mac-group, IP = 213.102.79.7, constructing VID payload
Jun 15 12:33:52 [IKEv1 DEBUG]Group = mac-group, IP = 213.102.79.7, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
Jun 15 12:33:52 [IKEv1]IP = 213.102.79.7, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + HASH (8) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (20) + NAT-D (20) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 556
Jun 15 12:33:58 [IKEv1 DEBUG]Group = mac-group, IP = 213.102.79.7, IKE AM Responder FSM error history (struct &0x00007f38106575a0) <state>, <event>: AM_DONE, EV_ERROR-->AM_WAIT_MSG3, EV_PROB_AUTH_FAIL-->AM_WAIT_MSG3, EV_TIMEOUT-->AM_WAIT_MSG3, NullEvent-->AM_SND_MSG2, EV_CHECK_SPOOF-->AM_SND_MSG2, EV_CRYPTO_ACTIVE-->AM_SND_MSG2, EV_SND_MSG-->AM_SND_MSG2, EV_START_TMR
Jun 15 12:33:58 [IKEv1 DEBUG]Group = mac-group, IP = 213.102.79.7, IKE SA AM:fd1a23d6 terminating: flags 0x0100c001, refcnt 0, tuncnt 0
Jun 15 12:33:58 [IKEv1 DEBUG]Group = mac-group, IP = 213.102.79.7, sending delete/delete with reason message
Jun 15 12:33:58 [IKEv1 DEBUG]Group = mac-group, IP = 213.102.79.7, constructing blank hash payload
Jun 15 12:33:58 [IKEv1 DEBUG]Group = mac-group, IP = 213.102.79.7, constructing IKE delete payload
Jun 15 12:33:58 [IKEv1 DEBUG]Group = mac-group, IP = 213.102.79.7, constructing qm hash payload
Jun 15 12:33:58 [IKEv1]IP = 213.102.79.7, IKE_DECODE SENDING Message (msgid=7c7eaa5d) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 76

 

2 Replies 2

Sonflaa
Level 1
Level 1

Did you ever got this working?

Make new post it better 

MHM