Flex VPN MAC Book The VPN client failed to establish a connection

chamikar · ‎06-08-2022

Hi Everyone,

I'm facing a difficulty in connecting to Flex VPN server from any of the MAC books. But I can connect to the server (router Cisco C1111-4P) from Windows, IOS and Android.

I already updated the acvpn.xml but still facing the issue.

On the MAC Book it prompts for username / password then goes to checking for profile updates then The VPN client failed to establish a connection

When I compare the debug if ikev2, with Windows and MAC, everything seem to be matching

However when debug IPSec just after Line protocol of Virtual interface got up (In Windows the debug messages stop here)

SSS.SSS.SSS.SSS - Router / Server IP Address

CCC.CCC.CCC.CCC - Client IP Address

Jun 8 06:48:14.920: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access6, changed state to up
Jun 8 06:48:16.870: IPSEC(key_engine): got a queue event with 1 KMI message(s)
Jun 8 06:48:16.870: IDB is NULL : in crypto_ipsec_key_engine_delete_sas (), 6145
Jun 8 06:48:16.871: IPSEC:(SESSION ID = 169) (key_engine_delete_sas) rec'd delete notify from ISAKMP
Jun 8 06:48:16.871: IPSEC:(SESSION ID = 169) (key_engine_delete_sas) delete SA with spi 0x398F41FC proto 50 for SSS.SSS.SSS.SSS
Jun 8 06:48:16.871: IPSEC:(SESSION ID = 169) (delete_sa) deleting SA,
(sa) sa_dest= SSS.SSS.SSS.SSS, sa_proto= 50,
sa_spi= 0x398F41FC(965689852),
sa_trans= esp-aes 256 esp-sha256-hmac , sa_conn_id= 2227
sa_lifetime(k/sec)= (4608000/3600),
(identity) local= SSS.SSS.SSS.SSS:0, remote= CCC.CCC.CCC.CCC:0,
local_proxy= 0.0.0.0/0.0.0.0/256/0,
remote_proxy= 192.168.104.208/255.255.255.255/256/0
Jun 8 06:48:16.871: IPSEC:(SESSION ID = 169) (delete_sa) deleting SA,
(sa) sa_dest= CCC.CCC.CCC.CCC, sa_proto= 50,
sa_spi= 0xA5FC0C5F(2784758879),
sa_trans= esp-aes 256 esp-sha256-hmac , sa_conn_id= 2228
sa_lifetime(k/sec)= (4608000/3600),
(identity) local= SSS.SSS.SSS.SSS:0, remote= CCC.CCC.CCC.CCC:0,
local_proxy= 0.0.0.0/0.0.0.0/256/0,
remote_proxy= 192.168.104.208/255.255.255.255/256/0
Jun 8 06:48:16.871: IPSEC(send_delete_notify_kmi): not sending KEY_ENGINE_DELETE_SAS
Jun 8 06:48:16.871: IPSEC:(SESSION ID = 169) (sibling_delete_notify_ident_action) Info: Reverse Route ID Mismatch between Sibling and Ident
Jun 8 06:48:16.871: IPSEC(rte_mgr): ID: 84 Event: Ident delete sa : Remove RRI route
Jun 8 06:48:16.872: IPSEC(rte_mgr): Delete Route found ID 84
Jun 8 06:48:16.872: IPSEC(rte_mgr) Route delete: peer 0.0.0.0 , destination 192.168.104.208, rt_type 0
Jun 8 06:48:16.872: IPSEC(rte_mgr): VPN Route Refcount 0 Virtual-Access6
Jun 8 06:48:16.872: ipsec_out_sa_hash_idx: sa=0x7F45914FD0, hash_idx=102, port=4500/14204, addr=0xDCE9C9A1/0x7BE757C1
Jun 8 06:48:16.874: IPSEC(key_engine): got a queue event with 1 KMI message(s)
Jun 8 06:48:16.875: IDB is NULL : in crypto_ipsec_key_engine_delete_sas (), 6145
Jun 8 06:48:16.875: IPSEC:(SESSION ID = 169) (key_engine_delete_sas) rec'd delete notify from ISAKMP
Jun 8 06:48:16.875: IPSEC(key_engine): got a queue event with 1 KMI message(s)
Jun 8 06:48:16.880: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access6, changed state to down
Jun 8 06:48:16.882: %LINK-3-UPDOWN: Interface Virtual-Access6, changed state to down
J
exer13149_shermangl_nsw#un 8 06:48:16.884: IPSEC:(SESSION ID = 169) (ident_delete_notify_kmi) Failed to send KEY_ENG_DELETE_SAS
Jun 8 06:48:16.884: IPSEC:(SESSION ID = 169) (ident_update_final_flow_stats) Collect Final Stats and update MIB
IPSEC get IKMP peer index from peer 0x7F45912398 ikmp handle 0x0
[ident_update_final_flow_stats] : Flow delete complete event received for flow id 0x240000E3,peer index 0

Jun 8 06:48:16.886: Interface (Vi6) is getting freed. crypto_int_process_message (), 660
Jun 8 06:48:16.891: %SYS-5-CONFIG_P: Configured programmatically by process VTEMPLATE Background Mgr from console as console

Please assist.

Thank you.