Sorry, that answer alone on

knet40001 · ‎04-29-2015

I have a problem Cisco2821 + Cisco Vpn Client
Client can connect on the router, but after a few seconds, disconnection and get an error 433: (Reason Not Specified by Peer)

Config:

hostname test2

boot-start-marker
boot system flash:c2800nm-advsecurityk9-mz.151-4.M7.bin
boot-end-marker

logging buffered 52000
no logging console
enable secret 4 [spass]

aaa new-model

aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_9 local
aaa authorization network sdm_vpn_group_ml_9 local

aaa session-id common

clock timezone CET 1 0
clock summer-time CET recurring last Sun Mar 2:00 last Sun Oct 2:00

dot11 syslog
no ip subnet-zero
ip source-route

ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1 192.168.0.254

ip flow-cache timeout active 1
ip domain name domena.local
ip ips notify SDEE
ip address-pool dhcp-pool

multilink bundle-name authenticated

crypto pki server CiscoCA
database level names
lifetime certificate 1
lifetime ca-certificate 1
lifetime enrollment-request 2
crypto pki token default removal timeout 0

crypto pki trustpoint TP-self-signed-282370580
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-282370580
revocation-check none
rsakeypair TP-self-signed-282370580

crypto pki trustpoint EZVPN
enrollment url http://[]ip]:80
subject-name CN=CiscoCA OU=VPN
revocation-check crl

crypto pki trustpoint CiscoCA
query certificate
revocation-check crl
rsakeypair CiscoCA

crypto pki certificate chain TP-self-signed-282370580
certificate self-signed 01
quit
crypto pki certificate chain EZVPN
certificate 03
3082021D 34
quit
certificate ca 01
308201FD A9
quit
crypto pki certificate chain CiscoCA
certificate ca 01
308201FD 3 A9
quit

license udi pid CISCO2821 sn FCZ0
username admin privilege 15 secret 4 [pass]
username user secret 4 [pass]

redundancy

crypto isakmp policy 2
encr 3des
group 2
crypto isakmp identity dn
crypto isakmp keepalive 10

crypto isakmp client configuration group VPN
pool SDM_POOL
acl VPN_ACL
crypto isakmp profile PROFIL_IKE
ca trust-point EZVPN
match identity group VPN
client authentication list sdm_vpn_xauth_ml_9
isakmp authorization list sdm_vpn_group_ml_9
client configuration address respond

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto dynamic-map DYNAMIC_MAP 10
set security-association idle-time 1200
set transform-set ESP-3DES-SHA
set isakmp-profile PROFIL_IKE
reverse-route

crypto map CRYPTO 65535 ipsec-isakmp dynamic DYNAMIC_MAP
!
interface GigabitEthernet0/0
ip address [ip]
ip flow ingress
ip nat outside
ip virtual-reassembly in
crypto map CRYPTO

interface Vlan1
description LAN
ip address 192.168.0.1 255.255.255.0
ip flow ingress
ip nat inside
ip virtual-reassembly in

ip local pool SDM_POOL 192.168.0.200 192.168.0.210
ip forward-protocol nd
ip http server
no ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
ip route 0.0.0.0 0.0.0.0 [ip]

ip access-list extended VPN_ACL
permit ip host 192.168.0.10 192.168.0.0 0.0.0.255
permit ip host 192.168.0.20 192.168.0.0 0.0.0.255
permit ip host 192.168.0.30 192.168.0.0 0.0.0.255

logging trap debugging
no cdp run
snmp-server ifindex persist
!
control-plane
!
line con 0
line aux 0
line vty 0 4
transport input all
transport output telnet ssh

Logs:

:57.742: ISAKMP: auth RSA sig
003441: Apr 28 09:56:57.742: ISAKMP: life type in seconds
003442: Apr 28 09:56:57.742: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
003443: Apr 28 09:56:57.742: ISAKMP: keylength of 128
003444: Apr 28 09:56:57.742: ISAKMP:(0):Encryption algorithm offered does not match policy!
003445: Apr 28 09:56:57.742: ISAKMP:(0):atts are not acceptable. Next payload is 3
003446: Apr 28 09:56:57.742: ISAKMP:(0):Checking ISAKMP transform 13 against priority 2 policy
003447: Apr 28 09:56:57.742: ISAKMP: encryption AES-CBC
003448: Apr 28 09:56:57.742: ISAKMP: hash SHA
003449: Apr 28 09:56:57.742: ISAKMP: default group 2
003450: Apr 28 09:56:57.742: ISAKMP: auth XAUTHInitRSA
003451: Apr 28 09:56:57.742: ISAKMP: life type in seconds
003452: Apr 28 09:56:57.742: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
003453: Apr 28 09:56:57.742: ISAKMP: keylength of 128
003454: Apr 28 09:56:57.742: ISAKMP:(0):Encryption algorithm offered does not match policy!
003455: Apr 28 09:56:57.742: ISAKMP:(0):atts are not acceptable. Next payload is 3
[...]
003522: Apr 28 09:56:57.746: ISAKMP:(0):Checking ISAKMP transform 21 against priority 2 policy
003523: Apr 28 09:56:57.746: ISAKMP: encryption 3DES-CBC
003524: Apr 28 09:56:57.746: ISAKMP: hash SHA
003525: Apr 28 09:56:57.746: ISAKMP: default group 2
003526: Apr 28 09:56:57.746: ISAKMP: auth XAUTHInitRSA
003527: Apr 28 09:56:57.746: ISAKMP: life type in seconds
003528: Apr 28 09:56:57.746: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
003529: Apr 28 09:56:57.746: ISAKMP:(0):atts are acceptable. Next payload is 3
003530: Apr 28 09:56:57.746: ISAKMP:(0):Acceptable atts:actual life: 86400
003531: Apr 28 09:56:57.746: ISAKMP:(0):Acceptable atts:life: 0
003532: Apr 28 09:56:57.746: ISAKMP:(0):Fill atts in sa vpi_length:4
003533: Apr 28 09:56:57.746: ISAKMP:(0):Fill atts in sa life_in_seconds:2147483
003534: Apr 28 09:56:57.746: ISAKMP:(0): IKE->PKI Start PKI Session state (R) MM_NO_STATE (peer [IP-client])
003535: Apr 28 09:56:57.746: ISAKMP:(0): PKI->IKE Started PKI Session state (R) MM_NO_STATE (peer [IP-client])
003536: Apr 28 09:56:57.746: ISAKMP:(0):Returning Actual lifetime: 86400
003537: Apr 28 09:56:57.746: ISAKMP:(0)::Started lifetime timer: 86400.

003538: Apr 28 09:56:57.746: ISAKMP:(0): vendor ID is NAT-T v2
003539: Apr 28 09:56:57.746: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
003540: Apr 28 09:56:57.746: ISAKMP:(0):Old State = IKE_R_MM1 New State = IKE_R_MM1

003541: Apr 28 09:56:57.746: ISAKMP:(0): constructed NAT-T vendor-02 ID
003542: Apr 28 09:56:57.746: ISAKMP:(0): sending packet to [IP-client] my_port 500 peer_port 45177 (R) MM_SA_SETUP
003543: Apr 28 09:56:57.746: ISAKMP:(0):Sending an IKE IPv4 Packet.
003544: Apr 28 09:56:57.746: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
003545: Apr 28 09:56:57.746: ISAKMP:(0):Old State = IKE_R_MM1 New State = IKE_R_MM2

003546: Apr 28 09:56:57.758: ISAKMP (0): received packet from [IP-client] dport 500 sport 45177 Global (R) MM_SA_SETUP
003547: Apr 28 09:56:57.758: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
003548: Apr 28 09:56:57.758: ISAKMP:(0):Old State = IKE_R_MM2 New State = IKE_R_MM3

003549: Apr 28 09:56:57.758: ISAKMP:(0): processing KE payload. message ID = 0
003550: Apr 28 09:56:57.798: ISAKMP:(0): processing NONCE payload. message ID = 0
003551: Apr 28 09:56:57.798: ISAKMP:received payload type 20
003552: Apr 28 09:56:57.798: ISAKMP (1004): His hash no match - this node outside NAT
003553: Apr 28 09:56:57.798: ISAKMP:received payload type 20
003554: Apr 28 09:56:57.798: ISAKMP (1004): His hash no match - this node outside NAT
003555: Apr 28 09:56:57.798: ISAKMP:(1004):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
003556: Apr 28 09:56:57.802: ISAKMP:(1004):Old State = IKE_R_MM3 New State = IKE_R_MM3

003557: Apr 28 09:56:57.802: ISAKMP:(1004): IKE->PKI Get configured TrustPoints state (R) MM_KEY_EXCH (peer [IP-client])
003558: Apr 28 09:56:57.802: ISAKMP:(1004): PKI->IKE Got configured TrustPoints state (R) MM_KEY_EXCH (peer [IP-client])
003559: Apr 28 09:56:57.802: ISAKMP:(1004): IKE->PKI Get IssuerNames state (R) MM_KEY_EXCH (peer [IP-client])
003560: Apr 28 09:56:57.802: ISAKMP:(1004): PKI->IKE Got IssuerNames state (R) MM_KEY_EXCH (peer [IP-client])
003561: Apr 28 09:56:57.802: ISAKMP (1004): constructing CERT_REQ for issuer cn=CiscoCA
003562: Apr 28 09:56:57.802: ISAKMP:(1004): sending packet to [IP-client] my_port 500 peer_port 45177 (R) MM_KEY_EXCH
003563: Apr 28 09:56:57.802: ISAKMP:(1004):Sending an IKE IPv4 Packet.
003564: Apr 28 09:56:57.802: ISAKMP:(1004):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
003565: Apr 28 09:56:57.802: ISAKMP:(1004):Old State = IKE_R_MM3 New State = IKE_R_MM4

003566: Apr 28 09:56:57.846: ISAKMP (1004): received packet from [IP-client] dport 4500 sport 45180 Global (R) MM_KEY_EXCH
003567: Apr 28 09:56:57.850: ISAKMP:(1004):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
003568: Apr 28 09:56:57.850: ISAKMP:(1004):Old State = IKE_R_MM4 New State = IKE_R_MM5

003569: Apr 28 09:56:57.850: ISAKMP:(1004): processing ID payload. message ID = 0
003570: Apr 28 09:56:57.850: ISAKMP (1004): ID payload
next-payload : 6
type : 9
Dist. name : cn=CiscoCA,ou=VPN_Soft_User
protocol : 17
port : 0
length : 52
003571: Apr 28 09:56:57.850: ISAKMP:(0):: UNITY's identity group: OU = VPN_Soft_User
003572: Apr 28 09:56:57.850: ISAKMP:(0):: peer matches PROFIL_IKE profile
003573: Apr 28 09:56:57.850: ISAKMP:(1004):Setting client config settings 47E22574
003574: Apr 28 09:56:57.850: ISAKMP:(1004):(Re)Setting client xauth list and state
003575: Apr 28 09:56:57.850: ISAKMP/xauth: initializing AAA request
003576: Apr 28 09:56:57.850: ISAKMP:(1004): processing CERT payload. message ID = 0
003577: Apr 28 09:56:57.850: ISAKMP:(1004): processing a CT_X509_SIGNATURE cert
003578: Apr 28 09:56:57.850: ISAKMP:(1004): IKE->PKI Add peer's certificate state (R) MM_KEY_EXCH (peer [IP-client])
003579: Apr 28 09:56:57.854: ISAKMP:(1004): PKI->IKE Added peer's certificate state (R) MM_KEY_EXCH (peer [IP-client])
003580: Apr 28 09:56:57.854: ISAKMP:(1004): IKE->PKI Get PeerCertificateChain state (R) MM_KEY_EXCH (peer [IP-client])
003581: Apr 28 09:56:57.854: ISAKMP:(1004): PKI->IKE Got PeerCertificateChain state (R) MM_KEY_EXCH (peer [IP-client])
003582: Apr 28 09:56:57.854: ISAKMP:(1004): peer's pubkey is cached
003583: Apr 28 09:56:57.854: ISAKMP:(0): Creating CERT validation list: EZVPN,
003584: Apr 28 09:56:57.854: ISAKMP:(1004): IKE->PKI Validate certificate chain state (R) MM_KEY_EXCH (peer [IP-client])
003585: Apr 28 09:56:57.854: ISAKMP:(1004): PKI->IKE Validate certificate chain state (R) MM_KEY_EXCH (peer [IP-client])
003586: Apr 28 09:56:57.854: ISAKMP:(1004): OU = VPN_Soft_User
003587: Apr 28 09:56:57.854: ISAKMP:(1004):Profile has no keyring, aborting key search
003588: Apr 28 09:56:57.854: ISAKMP:(1004):(Re)Setting client xauth list sdm_vpn_xauth_ml_9 and state
003589: Apr 28 09:56:57.854: ISAKMP/xauth: initializing AAA request
003590: Apr 28 09:56:57.854: ISAKMP:(1004): processing CERT_REQ payload. message ID = 0
003591: Apr 28 09:56:57.854: ISAKMP:(1004): peer wants a CT_X509_SIGNATURE cert
003592: Apr 28 09:56:57.854: ISAKMP:(1004): peer wants cert issued by cn=CiscoCA
003593: Apr 28 09:56:57.854: ISAKMP: Examining profile list for trustpoint EZVPN
003594: Apr 28 09:56:57.854: ISAKMP: Found matching profile for EZVPN
003595: Apr 28 09:56:57.854: Choosing trustpoint EZVPN as issuer
003596: Apr 28 09:56:57.854: ISAKMP:(1004): processing SIG payload. message ID = 0
003597: Apr 28 09:56:57.870: ISAKMP:(1004): processing NOTIFY INITIAL_CONTACT protocol 1
spi 0, message ID = 0, sa = 0x48AF2A28
003598: Apr 28 09:56:57.870: ISAKMP:(1004):SA authentication status:
authenticated
003599: Apr 28 09:56:57.870: ISAKMP:(1004):SA has been authenticated with [IP-client]
003600: Apr 28 09:56:57.870: ISAKMP:(1004):Detected port floating to port = 45180
003601: Apr 28 09:56:57.870: ISAKMP: Trying to find existing peer [IP-router]/[IP-client]/45180/
003602: Apr 28 09:56:57.870: ISAKMP:(1004):SA authentication status:
authenticated
003603: Apr 28 09:56:57.870: ISAKMP:(1004): Process initial contact,
bring down existing phase 1 and 2 SA's with local [IP-router] remote [IP-client] remote port 45180
003604: Apr 28 09:56:57.870: ISAKMP:(1004):returning IP addr to the address pool
003605: Apr 28 09:56:57.870: ISAKMP: Trying to insert a peer [IP-router]/[IP-client]/45180/, and inserted successfully 48D14CD4.
003606: Apr 28 09:56:57.870: ISAKMP:(1004):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
003607: Apr 28 09:56:57.870: ISAKMP:(1004):Old State = IKE_R_MM5 New State = IKE_R_MM5

003608: Apr 28 09:56:57.870: ISAKMP:(1004): IKE->PKI Get self CertificateChain state (R) MM_KEY_EXCH (peer [IP-client])
003609: Apr 28 09:56:57.870: ISAKMP:(1004): PKI->IKE Got self CertificateChain state (R) MM_KEY_EXCH (peer [IP-client])
003610: Apr 28 09:56:57.870: ISAKMP:(1004): IKE->PKI Get SubjectName state (R) MM_KEY_EXCH (peer [IP-client])
003611: Apr 28 09:56:57.874: ISAKMP:(1004): PKI->IKE Got SubjectName state (R) MM_KEY_EXCH (peer [IP-client])
003612: Apr 28 09:56:57.874: ISAKMP:(1004): IKE->PKI Get self CertificateChain state (R) MM_KEY_EXCH (peer [IP-client])
003613: Apr 28 09:56:57.874: ISAKMP:(1004): PKI->IKE Got self CertificateChain IKE->PKI Get subject name attribute state (R) MM_KEY_EXCH (peer [IP-client])
003614: Apr 28 09:56:57.874: ISAKMP:(1004): PKI->IKE Got subject name attribute state (R) MM_KEY_EXCH (peer [IP-client])
003615: Apr 28 09:56:57.874: ISAKMP:(1004):SA is doing RSA signature authentication plus XAUTH using id type ID_DER_ASN1_DN
003616: Apr 28 09:56:57.874: ISAKMP (1004): ID payload
next-payload : 6
type : 9
Dist. name : hostname=test2.domena.local,cn=CiscoCA OU=VPN_Soft_User
protocol : 17
port : 0
length : 80
003617: Apr 28 09:56:57.874: ISAKMP:(1004):Total payload length: 80
003618: Apr 28 09:56:57.874: ISAKMP:(1004): IKE->PKI Get CertificateChain to be sent to peer state (R) MM_KEY_EXCH (peer [IP-client])
003619: Apr 28 09:56:57.874: ISAKMP:(1004): PKI->IKE Got CertificateChain to be sent to peer state (R) MM_KEY_EXCH (peer [IP-client])
003620: Apr 28 09:56:57.878: ISAKMP (1004): constructing CERT payload for hostname=test2.domena.local,cn=CiscoCA OU=VPN_Soft_User
003621: Apr 28 09:56:57.878: ISAKMP:(1004): using the EZVPN trustpoint's keypair to sign
003622: Apr 28 09:56:57.942: ISAKMP:(1004): sending packet to [IP-client] my_port 4500 peer_port 45180 (R) MM_KEY_EXCH
003623: Apr 28 09:56:57.942: ISAKMP:(1004):Sending an IKE IPv4 Packet.
003624: Apr 28 09:56:57.942: ISAKMP:(1004):Returning Actual lifetime: 86400
003625: Apr 28 09:56:57.942: ISAKMP: set new node -671883512 to CONF_XAUTH
003626: Apr 28 09:56:57.942: ISAKMP:(1004):Sending NOTIFY RESPONDER_LIFETIME protocol 1
spi 1201109376, message ID = 3623083784
003627: Apr 28 09:56:57.942: ISAKMP:(1004): sending packet to [IP-client] my_port 4500 peer_port 45180 (R) CONF_XAUTH
003628: Apr 28 09:56:57.942: ISAKMP:(1004):Sending an IKE IPv4 Packet.
003629: Apr 28 09:56:57.942: ISAKMP: Sending phase 1 responder lifetime 86400

003630: Apr 28 09:56:57.942: ISAKMP:(1004):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
003631: Apr 28 09:56:57.942: ISAKMP:(1004):Old State = IKE_R_MM5 New State = IKE_P1_COMPLETE

003632: Apr 28 09:56:57.942: ISAKMP:(1004):Need XAUTH
003633: Apr 28 09:56:57.942: ISAKMP: set new node -2091524048 to CONF_XAUTH
003634: Apr 28 09:56:57.942: ISAKMP/xauth: request attribute XAUTH_USER_NAME_V2
003635: Apr 28 09:56:57.942: ISAKMP/xauth: request attribute XAUTH_USER_PASSWORD_V2
003636: Apr 28 09:56:57.942: ISAKMP:(1004): initiating peer config to [IP-client]. ID = 2203443248
003637: Apr 28 09:56:57.942: ISAKMP:(1004): sending packet to [IP-client] my_port 4500 peer_port 45180 (R) CONF_XAUTH
003638: Apr 28 09:56:57.942: ISAKMP:(1004):Sending an IKE IPv4 Packet.
003639: Apr 28 09:56:57.942: ISAKMP:(1004):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
003640: Apr 28 09:56:57.942: ISAKMP:(1004):Old State = IKE_P1_COMPLETE New State = IKE_XAUTH_REQ_SENT
003641: Apr 28 09:56:59.890: ISAKMP:(1003):purging node 1078068616
003642: Apr 28 09:56:59.898: ISAKMP:(1003):purging node 357984103
003643: Apr 28 09:57:00.118: ISAKMP (1004): received packet from [IP-client] dport 4500 sport 45180 Global (R) CONF_XAUTH
003644: Apr 28 09:57:00.118: ISAKMP:(1004):processing transaction payload from [IP-client]. message ID = -2091524048
003645: Apr 28 09:57:00.118: ISAKMP: Config payload REPLY
003646: Apr 28 09:57:00.118: ISAKMP/xauth: reply attribute XAUTH_USER_NAME_V2
003647: Apr 28 09:57:00.118: ISAKMP/xauth: reply attribute XAUTH_USER_PASSWORD_V2
003648: Apr 28 09:57:00.118: ISAKMP:(1004):deleting node -2091524048 error FALSE reason "Done with xauth request/reply exchange003649: Apr 28 09:57:00.118: ISAKMP:(1004):Input = IKE_MESG_FROM_PEER, IKE_CFG_REPLY
003650: Apr 28 09:57:00.118: ISAKMP:(1004):Old State = IKE_XAUTH_REQ_SENT New State = IKE_XAUTH_AAA_CONT_LOGIN_AWAIT

003651: Apr 28 09:57:00.118: ISAKMP: set new node 278284536 to CONF_XAUTH
003652: Apr 28 09:57:00.118: ISAKMP:(1004): initiating peer config to [IP-client]. ID = 278284536
003653: Apr 28 09:57:00.118: ISAKMP:(1004): sending packet to [IP-client] my_port 4500 peer_port 45180 (R) CONF_XAUTH
003654: Apr 28 09:57:00.118: ISAKMP:(1004):Sending an IKE IPv4 Packet.
003655: Apr 28 09:57:00.118: ISAKMP:(1004):Input = IKE_MESG_FROM_AAA, IKE_AAA_CONT_LOGIN
003656: Apr 28 09:57:00.118: ISAKMP:(1004):Old State = IKE_XAUTH_AAA_CONT_LOGIN_AWAIT New State = IKE_XAUTH_SET_SENT

003657: Apr 28 09:57:00.126: ISAKMP (1004): received packet from [IP-client] dport 4500 sport 45180 Global (R) CONF_XAUTH
003658: Apr 28 09:57:00.126: ISAKMP:(1004):processing transaction payload from [IP-client]. message ID = 278284536
003659: Apr 28 09:57:00.126: ISAKMP: Config payload ACK
003660: Apr 28 09:57:00.126: ISAKMP:(1004): (blank) XAUTH ACK Processed
003661: Apr 28 09:57:00.126: ISAKMP:(1004):deleting node 278284536 error FALSE reason "Transaction mode done"
003662: Apr 28 09:57:00.126: ISAKMP:(1004):Talking to a Unity Client
003663: Apr 28 09:57:00.126: ISAKMP:(1004):Input = IKE_MESG_FROM_PEER, IKE_CFG_ACK
003664: Apr 28 09:57:00.126: ISAKMP:(1004):Old State = IKE_XAUTH_SET_SENT New State = IKE_P1_COMPLETE

003665: Apr 28 09:57:00.126: ISAKMP:(1004):IKE_DPD is enabled, initializing timers
003666: Apr 28 09:57:00.126: ISAKMP:(1004): IKE->PKI End PKI Session state (R) QM_IDLE (peer [IP-client])
003667: Apr 28 09:57:00.126: ISAKMP:(1004): PKI->IKE Ended PKI session state (R) QM_IDLE (peer [IP-client])
003668: Apr 28 09:57:00.126: ISAKMP:(1004):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
003669: Apr 28 09:57:00.126: ISAKMP:(1004):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE

003670: Apr 28 09:57:00.134: ISAKMP (1004): received packet from [IP-client] dport 4500 sport 45180 Global (R) QM_IDLE
003671: Apr 28 09:57:00.134: ISAKMP: set new node -520535932 to QM_IDLE
003672: Apr 28 09:57:00.134: ISAKMP:(1004):processing transaction payload from [IP-client]. message ID = -520535932
003673: Apr 28 09:57:00.134: ISAKMP: Config payload REQUEST
003674: Apr 28 09:57:00.134: ISAKMP:(1004):checking request:
003675: Apr 28 09:57:00.134: ISAKMP: IP4_ADDRESS
003676: Apr 28 09:57:00.134: ISAKMP: IP4_NETMASK
003677: Apr 28 09:57:00.134: ISAKMP: IP4_DNS
003678: Apr 28 09:57:00.134: ISAKMP: IP4_NBNS
003679: Apr 28 09:57:00.134: ISAKMP: ADDRESS_EXPIRY
003680: Apr 28 09:57:00.134: ISAKMP: MODECFG_BANNER
003681: Apr 28 09:57:00.134: ISAKMP: MODECFG_SAVEPWD
003682: Apr 28 09:57:00.134: ISAKMP: DEFAULT_DOMAIN
003683: Apr 28 09:57:00.134: ISAKMP: SPLIT_INCLUDE
003684: Apr 28 09:57:00.134: ISAKMP: SPLIT_DNS
003685: Apr 28 09:57:00.134: ISAKMP: PFS
003686: Apr 28 09:57:00.134: ISAKMP: MODECFG_BROWSER_PROXY
003687: Apr 28 09:57:00.134: ISAKMP: BACKUP_SERVER
003688: Apr 28 09:57:00.134: ISAKMP: MODECFG_SMARTCARD_REMOVAL_DISCONNECT
003689: Apr 28 09:57:00.134: ISAKMP: APPLICATION_VERSION
003690: Apr 28 09:57:00.134: ISAKMP: Client Version is : Cisco Systems VPN Client 5.0.07.0440:WinNTp
003691: Apr 28 09:57:00.134: ISAKMP: FW_RECORD
003692: Apr 28 09:57:00.134: ISAKMP: MODECFG_HOSTNAME
003693: Apr 28 09:57:00.134: ISAKMP: INCLUDE_LOCAL_LAN
003694: Apr 28 09:57:00.134: ISAKMP/author: Author request for group VPN_Soft_Usersuccessfully sent to AAA
003695: Apr 28 09:57:00.134: ISAKMP:(1004):Input = IKE_MESG_FROM_PEER, IKE_CFG_REQUEST
003696: Apr 28 09:57:00.134: ISAKMP:(1004):Old State = IKE_P1_COMPLETE New State = IKE_CONFIG_AUTHOR_AAA_AWAIT

003697: Apr 28 09:57:00.134: ISAKMP:(1004):attributes sent in message:
003698: Apr 28 09:57:00.134: Address: 0.2.0.0
003699: Apr 28 09:57:00.138: ISAKMP:(1004):allocating address 192.168.0.223
003700: Apr 28 09:57:00.138: ISAKMP: Sending private address: 192.168.0.223
003701: Apr 28 09:57:00.138: ISAKMP: Sending subnet mask: 255.255.255.0
003702: Apr 28 09:57:00.138: ISAKMP: Sending ADDRESS_EXPIRY seconds left to use the address: 86397
003703: Apr 28 09:57:00.138: ISAKMP: Sending save password reply value 0
003705: Apr 28 09:57:00.138: ISAKMP: Sending split include name VPN_Soft_ACL network 192.168.0.10 mask 255.255.255.255 protocol 0, src port 0, dst port 0

003706: Apr 28 09:57:00.138: ISAKMP: Sending split include name VPN_Soft_ACL network 192.168.0.20 mask 255.255.255.255 protocol 0, src port 0, dst port 0

003707: Apr 28 09:57:00.138: ISAKMP: Sending split include name VPN_Soft_ACL network 192.168.0.30 mask 255.255.255.255 protocol 0, src port 0, dst port 0

003713: Apr 28 09:57:00.138: ISAKMP: Sending smartcard_removal_disconnect reply
value 0
003714: Apr 28 09:57:00.138: ISAKMP: Sending APPLICATION_VERSION string: Cisco IOS Software, 2800 Software (C2800NM-ADVSECURITYK9-M), Version 15.1(4)M7, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Mon 16-Sep-13 00:31 by prod_rel_team
003715: Apr 28 09:57:00.138: ISAKMP (1004): Unknown Attr: MODECFG_HOSTNAME (0x700A)
003716: Apr 28 09:57:00.138: ISAKMP:(1004): responding to peer config from [IP-client]. ID = 3774431364
003717: Apr 28 09:57:00.138: ISAKMP: Marking node 3774431364 for late deletion
003718: Apr 28 09:57:00.138: ISAKMP:(1004): sending packet to [IP-client] my_port 4500 peer_port 45180 (R) CONF_ADDR
003719: Apr 28 09:57:00.138: ISAKMP:(1004):Sending an IKE IPv4 Packet.
003720: Apr 28 09:57:00.138: ISAKMP:(1004):Talking to a Unity Client
003721: Apr 28 09:57:00.138: ISAKMP:(1004):Input = IKE_MESG_FROM_AAA, IKE_AAA_GROUP_ATTR
003722: Apr 28 09:57:00.138: ISAKMP:(1004):Old State = IKE_CONFIG_AUTHOR_AAA_AWAIT New State = IKE_P1_COMPLETE

003723: Apr 28 09:57:00.138: ISAKMP:FSM error - Message from AAA grp/user.

003724: Apr 28 09:57:00.142: ISAKMP:(1004):IKE_DPD is enabled, initializing timers
003725: Apr 28 09:57:00.142: ISAKMP:(1004):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
003726: Apr 28 09:57:00.142: ISAKMP:(1004):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE

003727: Apr 28 09:57:00.150: ISAKMP (1004): received packet from [IP-client] dport 4500 sport 45180 Global (R) QM_IDLE
003728: Apr 28 09:57:00.150: ISAKMP: set new node 1822881572 to QM_IDLE
003729: Apr 28 09:57:00.154: ISAKMP:(1004): processing HASH payload. message ID = 1822881572
003730: Apr 28 09:57:00.154: ISAKMP:(1004): processing SA payload. message ID = 1822881572
003731: Apr 28 09:57:00.154: ISAKMP:(1004):Checking IPSec proposal 1
003732: Apr 28 09:57:00.154: ISAKMP: transform 1, ESP_AES
003733: Apr 28 09:57:00.154: ISAKMP: attributes in transform:
003734: Apr 28 09:57:00.154: ISAKMP: authenticator is HMAC-MD5
003735: Apr 28 09:57:00.154: ISAKMP: key length is 256
003736: Apr 28 09:57:00.154: ISAKMP: encaps is 61443 (Tunnel-UDP)
003737: Apr 28 09:57:00.154: ISAKMP: SA life type in seconds
003738: Apr 28 09:57:00.154: ISAKMP: SA life duration (VPI) of 0x0 0x20 0xC4 0x9B
003739: Apr 28 09:57:00.154: ISAKMP:(1004):atts are acceptable.
003740: Apr 28 09:57:00.154: ISAKMP:(1004):Checking IPSec proposal 1
003741: Apr 28 09:57:00.154: ISAKMP:(1004):transform 1, IPPCP LZS
003742: Apr 28 09:57:00.154: ISAKMP: attributes in transform:
003743: Apr 28 09:57:00.154: ISAKMP: encaps is 61443 (Tunnel-UDP)
003744: Apr 28 09:57:00.154: ISAKMP: SA life type in seconds
003745: Apr 28 09:57:00.154: ISAKMP: SA life duration (VPI) of 0x0 0x20 0xC4 0x9B
003746: Apr 28 09:57:00.154: ISAKMP:(1004):atts are acceptable.
003747: Apr 28 09:57:00.154: ISAKMP:(1004): IPSec policy invalidated proposal with error 256
003748: Apr 28 09:57:00.154: ISAKMP:(1004):Checking IPSec proposal 2
003749: Apr 28 09:57:00.154: ISAKMP: transform 1, ESP_AES
003750: Apr 28 09:57:00.154: ISAKMP: attributes in transform:
003751: Apr 28 09:57:00.154: ISAKMP: authenticator is HMAC-SHA
003752: Apr 28 09:57:00.154: ISAKMP: key length is 256
003753: Apr 28 09:57:00.154: ISAKMP: encaps is 61443 (Tunnel-UDP)
003754: Apr 28 09:57:00.154: ISAKMP: SA life type in seconds
003755: Apr 28 09:57:00.154: ISAKMP: SA life duration (VPI) of 0x0 0x20 0xC4 0x9B
003756: Apr 28 09:57:00.154: ISAKMP:(1004):atts are acceptable.
[...]
003839: Apr 28 09:57:00.158: ISAKMP:(1004):Checking IPSec proposal 9
003840: Apr 28 09:57:00.158: ISAKMP: transform 1, ESP_3DES
003841: Apr 28 09:57:00.158: ISAKMP: attributes in transform:
003842: Apr 28 09:57:00.158: ISAKMP: authenticator is HMAC-MD5
003843: Apr 28 09:57:00.158: ISAKMP: encaps is 61443 (Tunnel-UDP)
003844: Apr 28 09:57:00.158: ISAKMP: SA life type in seconds
003845: Apr 28 09:57:00.158: ISAKMP: SA life duration (VPI) of 0x0 0x20 0xC4 0x9B
003846: Apr 28 09:57:00.158: ISAKMP:(1004):atts are acceptable.
003847: Apr 28 09:57:00.158: ISAKMP:(1004):Checking IPSec proposal 9
003848: Apr 28 09:57:00.158: ISAKMP:(1004):transform 1, IPPCP LZS
003849: Apr 28 09:57:00.158: ISAKMP: attributes in transform:
003850: Apr 28 09:57:00.158: ISAKMP: encaps is 61443 (Tunnel-UDP)
003851: Apr 28 09:57:00.158: ISAKMP: SA life type in seconds
003852: Apr 28 09:57:00.158: ISAKMP: SA life duration (VPI) of 0x0 0x20 0xC4 0x9B
003853: Apr 28 09:57:00.158: ISAKMP:(1004):atts are acceptable.
003854: Apr 28 09:57:00.158: ISAKMP:(1004): IPSec policy invalidated proposal with error 256
003855: Apr 28 09:57:00.158: ISAKMP:(1004):Checking IPSec proposal 10
003856: Apr 28 09:57:00.162: ISAKMP: transform 1, ESP_3DES
003857: Apr 28 09:57:00.162: ISAKMP: attributes in transform:
003858: Apr 28 09:57:00.162: ISAKMP: authenticator is HMAC-SHA
003859: Apr 28 09:57:00.162: ISAKMP: encaps is 61443 (Tunnel-UDP)
003860: Apr 28 09:57:00.162: ISAKMP: SA life type in seconds
003861: Apr 28 09:57:00.162: ISAKMP: SA life duration (VPI) of 0x0 0x20 0xC4 0x9B
003862: Apr 28 09:57:00.162: ISAKMP:(1004):atts are acceptable.
003863: Apr 28 09:57:00.162: ISAKMP:(1004):Checking IPSec proposal 10
003864: Apr 28 09:57:00.162: ISAKMP:(1004):transform 1, IPPCP LZS
003865: Apr 28 09:57:00.162: ISAKMP: attributes in transform:
003866: Apr 28 09:57:00.162: ISAKMP: encaps is 61443 (Tunnel-UDP)
003867: Apr 28 09:57:00.162: ISAKMP: SA life type in seconds
003868: Apr 28 09:57:00.162: ISAKMP: SA life duration (VPI) of 0x0 0x20 0xC4 0x9B
003869: Apr 28 09:57:00.162: ISAKMP:(1004):atts are acceptable.
003870: Apr 28 09:57:00.162: ISAKMP:(1004): IPSec policy invalidated proposal with error 256
003871: Apr 28 09:57:00.162: ISAKMP:(1004):Checking IPSec proposal 11
003872: Apr 28 09:57:00.162: ISAKMP: transform 1, ESP_3DES
003873: Apr 28 09:57:00.162: ISAKMP: attributes in transform:
003874: Apr 28 09:57:00.162: ISAKMP: authenticator is HMAC-MD5
003875: Apr 28 09:57:00.162: ISAKMP: encaps is 61443 (Tunnel-UDP)
003876: Apr 28 09:57:00.162: ISAKMP: SA life type in seconds
003877: Apr 28 09:57:00.162: ISAKMP: SA life duration (VPI) of 0x0 0x20 0xC4 0x9B
003878: Apr 28 09:57:00.162: ISAKMP:(1004):atts are acceptable.
003879: Apr 28 09:57:00.162: ISAKMP:(1004): IPSec policy invalidated proposal with error 256
003880: Apr 28 09:57:00.162: ISAKMP:(1004):Checking IPSec proposal 12
003881: Apr 28 09:57:00.162: ISAKMP: transform 1, ESP_3DES
003882: Apr 28 09:57:00.162: ISAKMP: attributes in transform:
003883: Apr 28 09:57:00.162: ISAKMP: authenticator is HMAC-SHA
003884: Apr 28 09:57:00.162: ISAKMP: encaps is 61443 (Tunnel-UDP)
003885: Apr 28 09:57:00.162: ISAKMP: SA life type in seconds
003886: Apr 28 09:57:00.162: ISAKMP: SA life duration (VPI) of 0x0 0x20 0xC4 0x9B
003887: Apr 28 09:57:00.162: ISAKMP:(1004):atts are acceptable.
003888: Apr 28 09:57:00.162: ISAKMP:(1004): processing NONCE payload. message ID = 1822881572
003889: Apr 28 09:57:00.162: ISAKMP:(1004): processing ID payload. message ID = 1822881572
003890: Apr 28 09:57:00.162: ISAKMP:(1004): processing ID payload. message ID = 1822881572
003891: Apr 28 09:57:00.162: ISAKMP:(1004):QM Responder gets spi
003892: Apr 28 09:57:00.162: ISAKMP:(1004):Node 1822881572, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH
003893: Apr 28 09:57:00.162: ISAKMP:(1004):Old State = IKE_QM_READY New State = IKE_QM_SPI_STARVE
003894: Apr 28 09:57:00.162: ISAKMP:(1004):deleting node -520535932 error FALSE reason "No Error"
003895: Apr 28 09:57:00.162: ISAKMP:(1004): Creating IPSec SAs
003896: Apr 28 09:57:00.162: inbound SA from [IP-client] to [IP-router] (f/i) 0/ 0
(proxy 192.168.0.223 to 0.0.0.0)
003897: Apr 28 09:57:00.162: has spi 0xA684DC76 and conn_id 0
003898: Apr 28 09:57:00.162: lifetime of 2147483 seconds
003899: Apr 28 09:57:00.162: outbound SA from [IP-router] to [IP-client] (f/i) 0/0
(proxy 0.0.0.0 to 192.168.0.223)
003900: Apr 28 09:57:00.162: has spi 0xCABB4957 and conn_id 0
003901: Apr 28 09:57:00.162: lifetime of 2147483 seconds
003902: Apr 28 09:57:00.166: ISAKMP:(1004): sending packet to [IP-client] my_port 4500 peer_port 45180 (R) QM_IDLE
003903: Apr 28 09:57:00.166: ISAKMP:(1004):Sending an IKE IPv4 Packet.
003904: Apr 28 09:57:00.166: ISAKMP:(1004):Node 1822881572, Input = IKE_MESG_INTERNAL, IKE_GOT_SPI
003905: Apr 28 09:57:00.166: ISAKMP:(1004):Old State = IKE_QM_SPI_STARVE New State = IKE_QM_R_QM2
003906: Apr 28 09:57:00.170: ISAKMP (1004): received packet from [IP-client] dport 4500 sport 45180 Global (R) QM_IDLE
003907: Apr 28 09:57:00.170: ISAKMP:(1004):deleting node 1822881572 error FALSE reason "QM done (await)"
003908: Apr 28 09:57:00.170: ISAKMP:(1004):Node 1822881572, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH
003909: Apr 28 09:57:00.170: ISAKMP:(1004):Old State = IKE_QM_R_QM2 New State = IKE_QM_PHASE2_COMPLETE
003910: Apr 28 09:57:02.942: ISAKMP:(1004): retransmitting phase 2 QM_IDLE -671883512 ...
003911: Apr 28 09:57:02.942: ISAKMP (1004): incrementing error counter on node, attempt 1 of 5: retransmit phase 2
003912: Apr 28 09:57:02.942: ISAKMP (1004): incrementing error counter on sa, attempt 1 of 5: retransmit phase 2
003913: Apr 28 09:57:02.942: ISAKMP:(1004): retransmitting phase 2 -671883512 QM_IDLE
003914: Apr 28 09:57:02.942: ISAKMP:(1004): sending packet to [IP-client] my_port 4500 peer_port 45180 (R) QM_IDLE
003915: Apr 28 09:57:02.942: ISAKMP:(1004):Sending an IKE IPv4 Packet.
003916: Apr 28 09:57:09.898: ISAKMP:(1003):purging SA., sa=47E21B58, delme=47E21B58
003917: Apr 28 09:57:09.898: ISAKMP:(1003):purging node -474075933
003918: Apr 28 09:57:09.898: ISAKMP:(1003):purging node -1070239682
003919: Apr 28 09:57:09.898: ISAKMP:(1003):purging node -2059470720
003920: Apr 28 09:57:10.438: ISAKMP (1004): received packet from [IP-client] dport 4500 sport 45180 Global (R) QM_IDLE
003921: Apr 28 09:57:10.438: ISAKMP: set new node -397863734 to QM_IDLE
003922: Apr 28 09:57:10.438: ISAKMP:(1004): processing HASH payload. message ID = 3897103562
003923: Apr 28 09:57:10.438: ISAKMP:(1004): processing NOTIFY DPD/R_U_THERE protocol 1
spi 0, message ID = 3897103562, sa = 0x48AF2A28
003924: Apr 28 09:57:10.438: ISAKMP:(1004):deleting node -397863734 error FALSE reason "Informational (in) state 1"
003925: Apr 28 09:57:10.438: ISAKMP:(1004):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
003926: Apr 28 09:57:10.438: ISAKMP:(1004):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE

003927: Apr 28 09:57:10.438: ISAKMP:(1004):DPD/R_U_THERE received from peer [IP-client], sequence 0x1110708
003928: Apr 28 09:57:10.438: ISAKMP: set new node 531059587 to QM_IDLE
003929: Apr 28 09:57:10.438: ISAKMP:(1004):Sending NOTIFY DPD/R_U_THERE_ACK protocol 1
spi 1201109384, message ID = 531059587
003930: Apr 28 09:57:10.438: ISAKMP:(1004): seq. no 0x1110708
003931: Apr 28 09:57:10.438: ISAKMP:(1004): sending packet to [IP-client] my_port 4500 peer_port 45180 (R) QM_IDLE
003932: Apr 28 09:57:10.438: ISAKMP:(1004):Sending an IKE IPv4 Packet.
003933: Apr 28 09:57:10.438: ISAKMP:(1004):purging node 531059587
003934: Apr 28 09:57:10.438: ISAKMP:(1004):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALIVE
003935: Apr 28 09:57:10.438: ISAKMP:(1004):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE

003936: Apr 28 09:57:12.942: ISAKMP:(1004): retransmitting phase 2 QM_IDLE -671883512 ...
003937: Apr 28 09:57:12.942: ISAKMP (1004): incrementing error counter on node, attempt 2 of 5: retransmit phase 2
003938: Apr 28 09:57:12.942: ISAKMP (1004): incrementing error counter on sa, attempt 2 of 5: retransmit phase 2
003939: Apr 28 09:57:12.942: ISAKMP:(1004): retransmitting phase 2 -671883512 QM_IDLE
003940: Apr 28 09:57:12.942: ISAKMP:(1004): sending packet to [IP-client] my_port 4500 peer_port 45180 (R) QM_IDLE
003941: Apr 28 09:57:12.942: ISAKMP:(1004):Sending an IKE IPv4 Packet.
003942: Apr 28 09:57:20.574: ISAKMP (1004): received packet from [IP-client] dport 4500 sport 45180 Global (R) QM_IDLE
003943: Apr 28 09:57:20.574: ISAKMP: set new node 949428875 to QM_IDLE
003944: Apr 28 09:57:20.574: ISAKMP:(1004): processing HASH payload. message ID = 949428875
003945: Apr 28 09:57:20.574: ISAKMP:(1004): processing NOTIFY DPD/R_U_THERE protocol 1
spi 0, message ID = 949428875, sa = 0x48AF2A28
003946: Apr 28 09:57:20.574: ISAKMP:(1004):deleting node 949428875 error FALSE reason "Informational (in) state 1"
003947: Apr 28 09:57:20.574: ISAKMP:(1004):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
003948: Apr 28 09:57:20.574: ISAKMP:(1004):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE

003949: Apr 28 09:57:20.574: ISAKMP:(1004):DPD/R_U_THERE received from peer [IP-client], sequence 0x1110709
003950: Apr 28 09:57:20.574: ISAKMP: set new node 2125691700 to QM_IDLE
003951: Apr 28 09:57:20.574: ISAKMP:(1004):Sending NOTIFY DPD/R_U_THERE_ACK protocol 1
spi 1201109384, message ID = 2125691700
003952: Apr 28 09:57:20.574: ISAKMP:(1004): seq. no 0x1110709
003953: Apr 28 09:57:20.574: ISAKMP:(1004): sending packet to [IP-client] my_port 4500 peer_port 45180 (R) QM_IDLE
003954: Apr 28 09:57:20.578: ISAKMP:(1004):Sending an IKE IPv4 Packet.
003955: Apr 28 09:57:20.578: ISAKMP:(1004):purging node 2125691700
003956: Apr 28 09:57:20.578: ISAKMP:(1004):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALIVE
003957: Apr 28 09:57:20.578: ISAKMP:(1004):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE

003958: Apr 28 09:57:22.942: ISAKMP:(1004): retransmitting phase 2 QM_IDLE -671883512 ...
003959: Apr 28 09:57:22.942: ISAKMP (1004): incrementing error counter on node, attempt 3 of 5: retransmit phase 2
003960: Apr 28 09:57:22.942: ISAKMP (1004): incrementing error counter on sa, attempt 3 of 5: retransmit phase 2
003961: Apr 28 09:57:22.942: ISAKMP:(1004): retransmitting phase 2 -671883512 QM_IDLE
003962: Apr 28 09:57:22.942: ISAKMP:(1004): sending packet to [IP-client] my_port 4500 peer_port 45180 (R) QM_IDLE
003963: Apr 28 09:57:22.942: ISAKMP:(1004):Sending an IKE IPv4 Packet.
003964: Apr 28 09:57:30.758: ISAKMP (1004): received packet from [IP-client] dport 4500 sport 45180 Global (R) QM_IDLE
003965: Apr 28 09:57:30.758: ISAKMP: set new node -1450052665 to QM_IDLE
003966: Apr 28 09:57:30.758: ISAKMP:(1004): processing HASH payload. message ID = 2844914631
003967: Apr 28 09:57:30.758: ISAKMP:(1004): processing NOTIFY DPD/R_U_THERE protocol 1
spi 0, message ID = 2844914631, sa = 0x48AF2A28
003968: Apr 28 09:57:30.758: ISAKMP:(1004):deleting node -1450052665 error FALSE reason "Informational (in) state 1"
003969: Apr 28 09:57:30.758: ISAKMP:(1004):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
003970: Apr 28 09:57:30.758: ISAKMP:(1004):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE

003971: Apr 28 09:57:30.758: ISAKMP:(1004):DPD/R_U_THERE received from peer [IP-client], sequence 0x111070A
003972: Apr 28 09:57:30.758: ISAKMP: set new node 1710331817 to QM_IDLE
003973: Apr 28 09:57:30.758: ISAKMP:(1004):Sending NOTIFY DPD/R_U_THERE_ACK protocol 1
spi 1201109384, message ID = 1710331817
003974: Apr 28 09:57:30.758: ISAKMP:(1004): seq. no 0x111070A
003975: Apr 28 09:57:30.758: ISAKMP:(1004): sending packet to [IP-client] my_port 4500 peer_port 45180 (R) QM_IDLE
003976: Apr 28 09:57:30.762: ISAKMP:(1004):Sending an IKE IPv4 Packet.
003977: Apr 28 09:57:30.762: ISAKMP:(1004):purging node 1710331817
003978: Apr 28 09:57:30.762: ISAKMP:(1004):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALIVE
003979: Apr 28 09:57:30.762: ISAKMP:(1004):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE

003980: Apr 28 09:57:32.943: ISAKMP:(1004): retransmitting phase 2 QM_IDLE -671883512 ...
003981: Apr 28 09:57:32.943: ISAKMP (1004): incrementing error counter on node, attempt 4 of 5: retransmit phase 2
003982: Apr 28 09:57:32.943: ISAKMP (1004): incrementing error counter on sa, attempt 4 of 5: retransmit phase 2
003983: Apr 28 09:57:32.943: ISAKMP:(1004): retransmitting phase 2 -671883512 QM_IDLE
003984: Apr 28 09:57:32.943: ISAKMP:(1004): sending packet to [IP-client] my_port 4500 peer_port 45180 (R) QM_IDLE
003985: Apr 28 09:57:32.943: ISAKMP:(1004):Sending an IKE IPv4 Packet.
003986: Apr 28 09:57:40.975: ISAKMP (1004): received packet from [IP-client] dport 4500 sport 45180 Global (R) QM_IDLE
003987: Apr 28 09:57:40.975: ISAKMP: set new node -1712758536 to QM_IDLE
003988: Apr 28 09:57:40.975: ISAKMP:(1004): processing HASH payload. message ID = 2582208760
003989: Apr 28 09:57:40.975: ISAKMP:(1004): processing NOTIFY DPD/R_U_THERE protocol 1
spi 0, message ID = 2582208760, sa = 0x48AF2A28
003990: Apr 28 09:57:40.975: ISAKMP:(1004):deleting node -1712758536 error FALSE reason "Informational (in) state 1"
003991: Apr 28 09:57:40.975: ISAKMP:(1004):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
003992: Apr 28 09:57:40.975: ISAKMP:(1004):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE

003993: Apr 28 09:57:40.975: ISAKMP:(1004):DPD/R_U_THERE received from peer [IP-client], sequence 0x111070B
003994: Apr 28 09:57:40.975: ISAKMP: set new node 1642495793 to QM_IDLE
003995: Apr 28 09:57:40.975: ISAKMP:(1004):Sending NOTIFY DPD/R_U_THERE_ACK protocol 1
spi 1201109384, message ID = 1642495793
003996: Apr 28 09:57:40.975: ISAKMP:(1004): seq. no 0x111070B
003997: Apr 28 09:57:40.975: ISAKMP:(1004): sending packet to [IP-client] my_port 4500 peer_port 45180 (R) QM_IDLE
003998: Apr 28 09:57:40.975: ISAKMP:(1004):Sending an IKE IPv4 Packet.
003999: Apr 28 09:57:40.979: ISAKMP:(1004):purging node 1642495793
004000: Apr 28 09:57:40.979: ISAKMP:(1004):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALIVE
004001: Apr 28 09:57:40.979: ISAKMP:(1004):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE

004002: Apr 28 09:57:42.943: ISAKMP:(1004): retransmitting phase 2 QM_IDLE -671883512 ...
004003: Apr 28 09:57:42.943: ISAKMP (1004): incrementing error counter on node, attempt 5 of 5: retransmit phase 2
004004: Apr 28 09:57:42.943: ISAKMP (1004): incrementing error counter on sa, attempt 5 of 5: retransmit phase 2
004005: Apr 28 09:57:42.943: ISAKMP:(1004): retransmitting phase 2 -671883512 QM_IDLE
004006: Apr 28 09:57:42.943: ISAKMP:(1004): sending packet to [IP-client] my_port 4500 peer_port 45180 (R) QM_IDLE
004007: Apr 28 09:57:42.943: ISAKMP:(1004):Sending an IKE IPv4 Packet.
004008: Apr 28 09:57:50.163: ISAKMP:(1004):purging node -520535932
004009: Apr 28 09:57:50.171: ISAKMP:(1004):purging node 1822881572
004010: Apr 28 09:57:51.159: ISAKMP (1004): received packet from [IP-client] dport 4500 sport 45180 Global (R) QM_IDLE
004011: Apr 28 09:57:51.159: ISAKMP: set new node 603664258 to QM_IDLE
004012: Apr 28 09:57:51.159: ISAKMP:(1004): processing HASH payload. message ID = 603664258
004013: Apr 28 09:57:51.159: ISAKMP:(1004): processing NOTIFY DPD/R_U_THERE protocol 1
spi 0, message ID = 603664258, sa = 0x48AF2A28
004014: Apr 28 09:57:51.159: ISAKMP:(1004):deleting node 603664258 error FALSE reason "Informational (in) state 1"
004015: Apr 28 09:57:51.159: ISAKMP:(1004):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
004016: Apr 28 09:57:51.159: ISAKMP:(1004):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE

004017: Apr 28 09:57:51.163: ISAKMP:(1004):DPD/R_U_THERE received from peer [IP-client], sequence 0x111070C
004018: Apr 28 09:57:51.163: ISAKMP: set new node -303455399 to QM_IDLE
004019: Apr 28 09:57:51.163: ISAKMP:(1004):Sending NOTIFY DPD/R_U_THERE_ACK protocol 1
spi 1201109384, message ID = 3991511897
004020: Apr 28 09:57:51.163: ISAKMP:(1004): seq. no 0x111070C
004021: Apr 28 09:57:51.163: ISAKMP:(1004):peer does not do paranoid keepalives.

004022: Apr 28 09:57:51.163: ISAKMP:(1004):peer does not do paranoid keepalives.

004023: Apr 28 09:57:51.163: ISAKMP:(1004):deleting SA reason "Death by retransmission throw" state (R) QM_IDLE (peer [IP-client])
004024: Apr 28 09:57:51.163: ISAKMP:(1004):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALIVE
004025: Apr 28 09:57:51.163: ISAKMP:(1004):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE

004026: Apr 28 09:57:51.163: ISAKMP: set new node -515412245 to QM_IDLE
004027: Apr 28 09:57:51.167: ISAKMP:(1004): sending packet to [IP-client] my_port 4500 peer_port 45180 (R) QM_IDLE
004028: Apr 28 09:57:51.167: ISAKMP:(1004):Sending an IKE IPv4 Packet.
004029: Apr 28 09:57:51.167: ISAKMP:(1004):purging node -515412245
004030: Apr 28 09:57:51.167: ISAKMP:(1004):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
004031: Apr 28 09:57:51.167: ISAKMP:(1004):Old State = IKE_P1_COMPLETE New State = IKE_DEST_SA

004032: Apr 28 09:57:51.167: ISAKMP:(1004):deleting SA reason "Death by retransmission throw" state (R) QM_IDLE (peer [IP-client])
004033: Apr 28 09:57:51.167: ISAKMP (1004): returning address 192.168.0.223 to pool
004034: Apr 28 09:57:51.167: ISAKMP: Unlocking peer struct 0x48D14CD4 for isadb_mark_sa_deleted(), count 0
004035: Apr 28 09:57:51.167: crypto_ikmp_dpd_refcount_zero: Freeing dpd profile_name PROFIL_IKE
004036: Apr 28 09:57:51.167: ISAKMP: returning address 192.168.0.223 to pool
004037: Apr 28 09:57:51.167: ISAKMP: Deleting peer node by peer_reap for [IP-client]: 48D14CD4
004038: Apr 28 09:57:51.167: ISAKMP: returning address 192.168.0.223 to pool
004039: Apr 28 09:57:51.167: ISAKMP:(1004):deleting node -671883512 error FALSE reason "IKE deleted"
004040: Apr 28 09:57:51.167: ISAKMP:(1004):deleting node -303455399 error FALSE reason "IKE deleted"
004041: Apr 28 09:57:51.167: ISAKMP:(1004):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
004042: Apr 28 09:57:51.167: ISAKMP:(1004):Old State = IKE_DEST_SA New State = IKE_DEST_SA

004043: Apr 28 09:58:00.439: ISAKMP:(1004):purging node -397863734

knet40001 · ‎05-22-2015

Sorry, that answer alone on your posts, but maybe someone toss an idea.

I went to the version of IOS: c2800nm-adventerprisek9-mz.124-25g.bin
I have no problem breaking, nor any retransmission phase 2 - but I want to run on 15.1.x

Previously, he was soft:
c2800nm-advsecurityk9-mz.151-4.M7

And also I tried to c2800nm-advsecurityk9-mz.151-4.M9

Cisco VPN Client disconnect few seconds