ā03-14-2013 08:38 AM
I've found that my clients can NOT access to my ASA 5510 with their Cisco VPN Client Ver 5.0 through IPsec over UDP.
By comparing my new running config with the old one I found some strang following configuration:
svc enable
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol IPSec l2tp-ipsec
We have 3 diffrent IT expert who have access to our router and I think this configuration is cause of our VPN access problem.
Is it really because of that or somthing els.
Any way I want to know how can I get rid of these configuration?
Thanks
Solved! Go to Solution.
ā03-14-2013 08:34 PM
Thanks
Please do the following:
crypto isakmp policy 10
encryption aes
hash sha
group 2
authentication pre-share
Try again and let me know.
Portu
ā03-14-2013 09:13 AM
Hi Arash,
svc enable --> This is for AnyConnect.
!
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol IPSec l2tp-ipsec ---> This allows the IPsec clients to connect, in case the get this group-policy.
The commands above are not the reason of this issue.
Could you please share more details?
"debug crypto isakmp 190" & "debug crypto ipsec 190" outputs, during a connection attempt?
HTH.
Portu.
ā03-14-2013 09:38 AM
Hi Portuquez,
Thanks for your really quick respond. Here is the outputs:
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:57:33 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:57:33 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:57:33 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:57:33 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:57:33 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:57:33 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:57:33 [IKEv1]: IP = 184.151.63.210, IKE_DECODE SENDING Message (msgid=
0) with payloads : HDR + NOTIFY (11) + NONE (0) total length : 596
Mar 14 11:57:33 [IKEv1 DEBUG]: Group = skyline, IP = 184.151.63.210, All SA prop
osals found unacceptable
Mar 14 11:57:33 [IKEv1]: IP = 184.151.63.210, All IKE SA proposals found unaccep
table!
Mar 14 11:57:33 [IKEv1 DEBUG]: Group = skyline, IP = 184.151.63.210, IKE AM Resp
onder FSM error history (struct &0xae14aee8)
OR-->AM_BLD_MSG2, EV_PROCESS_SA-->AM_BLD_MSG2, EV_GROUP_LOOKUP-->AM_BLD_MSG2, EV
_PROCESS_MSG-->AM_BLD_MSG2, EV_CREATE_TMR-->AM_START, EV_RCV_MSG-->AM_START, EV_
START_AM-->AM_START, EV_START_AM
Mar 14 11:57:33 [IKEv1 DEBUG]: Group = skyline, IP = 184.151.63.210, IKE SA AM:f
1735152 terminating: flags 0x0100c001, refcnt 0, tuncnt 0
Mar 14 11:57:33 [IKEv1 DEBUG]: Group = skyline, IP = 184.151.63.210, sending del
ete/delete with reason message
Mar 14 11:57:33 [IKEv1]: Group = skyline, IP = 184.151.63.210, Removing peer fro
m peer table failed, no match!
Mar 14 11:57:33 [IKEv1]: Group = skyline, IP = 184.151.63.210, Error: Unable to
remove PeerTblEntry
Mar 14 11:57:38 [IKEv1]: IP = 184.151.63.210, IKE_DECODE RECEIVED Message (msgid
=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + VENDOR (13) +
VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length :
851
Mar 14 11:57:38 [IKEv1 DEBUG]: IP = 184.151.63.210, processing SA payload
Mar 14 11:57:38 [IKEv1 DEBUG]: IP = 184.151.63.210, processing ke payload
Mar 14 11:57:38 [IKEv1 DEBUG]: IP = 184.151.63.210, processing ISA_KE payload
Mar 14 11:57:38 [IKEv1 DEBUG]: IP = 184.151.63.210, processing nonce payload
Mar 14 11:57:38 [IKEv1 DEBUG]: IP = 184.151.63.210, processing ID payload
Mar 14 11:57:38 [IKEv1 DEBUG]: IP = 184.151.63.210, processing VID payload
Mar 14 11:57:38 [IKEv1 DEBUG]: IP = 184.151.63.210, Received xauth V6 VID
Mar 14 11:57:38 [IKEv1 DEBUG]: IP = 184.151.63.210, processing VID payload
Mar 14 11:57:38 [IKEv1 DEBUG]: IP = 184.151.63.210, Received DPD VID
Mar 14 11:57:38 [IKEv1 DEBUG]: IP = 184.151.63.210, processing VID payload
Mar 14 11:57:38 [IKEv1 DEBUG]: IP = 184.151.63.210, Received Fragmentation VID
Mar 14 11:57:38 [IKEv1 DEBUG]: IP = 184.151.63.210, IKE Peer included IKE fragme
ntation capability flags: Main Mode: True Aggressive Mode: False
Mar 14 11:57:38 [IKEv1 DEBUG]: IP = 184.151.63.210, processing VID payload
Mar 14 11:57:38 [IKEv1 DEBUG]: IP = 184.151.63.210, Received NAT-Traversal ver 0
2 VID
Mar 14 11:57:38 [IKEv1 DEBUG]: IP = 184.151.63.210, processing VID payload
Mar 14 11:57:38 [IKEv1 DEBUG]: IP = 184.151.63.210, Received Cisco Unity client
VID
Mar 14 11:57:38 [IKEv1]: IP = 184.151.63.210, Connection landed on tunnel_group
skyline
Mar 14 11:57:38 [IKEv1 DEBUG]: Group = skyline, IP = 184.151.63.210, processing
IKE SA payload
Mar 14 11:57:38 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:57:38 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:57:38 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:57:38 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:57:38 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:57:38 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:57:38 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:57:38 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:57:38 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:57:38 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:57:38 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:57:38 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:57:38 [IKEv1]: IP = 184.151.63.210, IKE_DECODE SENDING Message (msgid=
0) with payloads : HDR + NOTIFY (11) + NONE (0) total length : 596
Mar 14 11:57:38 [IKEv1 DEBUG]: Group = skyline, IP = 184.151.63.210, All SA prop
osals found unacceptable
Mar 14 11:57:38 [IKEv1]: IP = 184.151.63.210, All IKE SA proposals found unaccep
table!
Mar 14 11:57:38 [IKEv1 DEBUG]: Group = skyline, IP = 184.151.63.210, IKE AM Resp
onder FSM error history (struct &0xae3ca500)
OR-->AM_BLD_MSG2, EV_PROCESS_SA-->AM_BLD_MSG2, EV_GROUP_LOOKUP-->AM_BLD_MSG2, EV
_PROCESS_MSG-->AM_BLD_MSG2, EV_CREATE_TMR-->AM_START, EV_RCV_MSG-->AM_START, EV_
START_AM-->AM_START, EV_START_AM
Mar 14 11:57:38 [IKEv1 DEBUG]: Group = skyline, IP = 184.151.63.210, IKE SA AM:1
deaf147 terminating: flags 0x0100c001, refcnt 0, tuncnt 0
Mar 14 11:57:38 [IKEv1 DEBUG]: Group = skyline, IP = 184.151.63.210, sending del
ete/delete with reason message
Mar 14 11:57:38 [IKEv1]: Group = skyline, IP = 184.151.63.210, Removing peer fro
m peer table failed, no match!
Mar 14 11:57:38 [IKEv1]: Group = skyline, IP = 184.151.63.210, Error: Unable to
remove PeerTblEntry
Mar 14 11:57:43 [IKEv1]: IP = 184.151.63.210, IKE_DECODE RECEIVED Message (msgid
=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + VENDOR (13) +
VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length :
851
Mar 14 11:57:43 [IKEv1 DEBUG]: IP = 184.151.63.210, processing SA payload
Mar 14 11:57:43 [IKEv1 DEBUG]: IP = 184.151.63.210, processing ke payload
Mar 14 11:57:43 [IKEv1 DEBUG]: IP = 184.151.63.210, processing ISA_KE payload
Mar 14 11:57:43 [IKEv1 DEBUG]: IP = 184.151.63.210, processing nonce payload
Mar 14 11:57:43 [IKEv1 DEBUG]: IP = 184.151.63.210, processing ID payload
Mar 14 11:57:43 [IKEv1 DEBUG]: IP = 184.151.63.210, processing VID payload
Mar 14 11:57:43 [IKEv1 DEBUG]: IP = 184.151.63.210, Received xauth V6 VID
Mar 14 11:57:43 [IKEv1 DEBUG]: IP = 184.151.63.210, processing VID payload
Mar 14 11:57:43 [IKEv1 DEBUG]: IP = 184.151.63.210, Received DPD VID
Mar 14 11:57:43 [IKEv1 DEBUG]: IP = 184.151.63.210, processing VID payload
Mar 14 11:57:43 [IKEv1 DEBUG]: IP = 184.151.63.210, Received Fragmentation VID
Mar 14 11:57:43 [IKEv1 DEBUG]: IP = 184.151.63.210, IKE Peer included IKE fragme
ntation capability flags: Main Mode: True Aggressive Mode: False
Mar 14 11:57:43 [IKEv1 DEBUG]: IP = 184.151.63.210, processing VID payload
Mar 14 11:57:43 [IKEv1 DEBUG]: IP = 184.151.63.210, Received NAT-Traversal ver 0
2 VID
Mar 14 11:57:43 [IKEv1 DEBUG]: IP = 184.151.63.210, processing VID payload
Mar 14 11:57:43 [IKEv1 DEBUG]: IP = 184.151.63.210, Received Cisco Unity client
VID
Mar 14 11:57:43 [IKEv1]: IP = 184.151.63.210, Connection landed on tunnel_group
skyline
Mar 14 11:57:43 [IKEv1 DEBUG]: Group = skyline, IP = 184.151.63.210, processing
IKE SA payload
Mar 14 11:57:43 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:57:43 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:57:43 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:57:43 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:57:43 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:57:43 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:57:43 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:57:43 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:57:43 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:57:43 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:57:43 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:57:43 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:57:43 [IKEv1]: IP = 184.151.63.210, IKE_DECODE SENDING Message (msgid=
0) with payloads : HDR + NOTIFY (11) + NONE (0) total length : 596
Mar 14 11:57:43 [IKEv1 DEBUG]: Group = skyline, IP = 184.151.63.210, All SA prop
osals found unacceptable
Mar 14 11:57:43 [IKEv1]: IP = 184.151.63.210, All IKE SA proposals found unaccep
table!
Mar 14 11:57:43 [IKEv1 DEBUG]: Group = skyline, IP = 184.151.63.210, IKE AM Resp
onder FSM error history (struct &0xae3ca500)
OR-->AM_BLD_MSG2, EV_PROCESS_SA-->AM_BLD_MSG2, EV_GROUP_LOOKUP-->AM_BLD_MSG2, EV
_PROCESS_MSG-->AM_BLD_MSG2, EV_CREATE_TMR-->AM_START, EV_RCV_MSG-->AM_START, EV_
START_AM-->AM_START, EV_START_AM
Mar 14 11:57:43 [IKEv1 DEBUG]: Group = skyline, IP = 184.151.63.210, IKE SA AM:e
1637447 terminating: flags 0x0100c001, refcnt 0, tuncnt 0
Mar 14 11:57:43 [IKEv1 DEBUG]: Group = skyline, IP = 184.151.63.210, sending del
ete/delete with reason message
Mar 14 11:57:43 [IKEv1]: Group = skyline, IP = 184.151.63.210, Removing peer fro
m peer table failed, no match!
Mar 14 11:57:43 [IKEv1]: Group = skyline, IP = 184.151.63.210, Error: Unable to
remove PeerTblEntry
Mar 14 11:57:48 [IKEv1]: IP = 184.151.63.210, IKE_DECODE RECEIVED Message (msgid
=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + VENDOR (13) +
VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length :
851
Mar 14 11:57:48 [IKEv1 DEBUG]: IP = 184.151.63.210, processing SA payload
Mar 14 11:57:48 [IKEv1 DEBUG]: IP = 184.151.63.210, processing ke payload
Mar 14 11:57:48 [IKEv1 DEBUG]: IP = 184.151.63.210, processing ISA_KE payload
Mar 14 11:57:48 [IKEv1 DEBUG]: IP = 184.151.63.210, processing nonce payload
Mar 14 11:57:48 [IKEv1 DEBUG]: IP = 184.151.63.210, processing ID payload
Mar 14 11:57:48 [IKEv1 DEBUG]: IP = 184.151.63.210, processing VID payload
Mar 14 11:57:48 [IKEv1 DEBUG]: IP = 184.151.63.210, Received xauth V6 VID
Mar 14 11:57:48 [IKEv1 DEBUG]: IP = 184.151.63.210, processing VID payload
Mar 14 11:57:48 [IKEv1 DEBUG]: IP = 184.151.63.210, Received DPD VID
Mar 14 11:57:48 [IKEv1 DEBUG]: IP = 184.151.63.210, processing VID payload
Mar 14 11:57:48 [IKEv1 DEBUG]: IP = 184.151.63.210, Received Fragmentation VID
Mar 14 11:57:48 [IKEv1 DEBUG]: IP = 184.151.63.210, IKE Peer included IKE fragme
ntation capability flags: Main Mode: True Aggressive Mode: False
Mar 14 11:57:48 [IKEv1 DEBUG]: IP = 184.151.63.210, processing VID payload
Mar 14 11:57:48 [IKEv1 DEBUG]: IP = 184.151.63.210, Received NAT-Traversal ver 0
2 VID
Mar 14 11:57:48 [IKEv1 DEBUG]: IP = 184.151.63.210, processing VID payload
Mar 14 11:57:48 [IKEv1 DEBUG]: IP = 184.151.63.210, Received Cisco Unity client
VID
Mar 14 11:57:48 [IKEv1]: IP = 184.151.63.210, Connection landed on tunnel_group
skyline
Mar 14 11:57:48 [IKEv1 DEBUG]: Group = skyline, IP = 184.151.63.210, processing
IKE SA payload
Mar 14 11:57:48 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:57:48 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:57:48 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:57:48 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:57:48 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:57:48 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:57:48 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:57:48 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:57:48 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:57:48 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:57:48 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:57:48 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:57:48 [IKEv1]: IP = 184.151.63.210, IKE_DECODE SENDING Message (msgid=
0) with payloads : HDR + NOTIFY (11) + NONE (0) total length : 596
Mar 14 11:57:48 [IKEv1 DEBUG]: Group = skyline, IP = 184.151.63.210, All SA prop
osals found unacceptable
Mar 14 11:57:48 [IKEv1]: IP = 184.151.63.210, All IKE SA proposals found unaccep
table!
Mar 14 11:57:48 [IKEv1 DEBUG]: Group = skyline, IP = 184.151.63.210, IKE AM Resp
onder FSM error history (struct &0xae737fa0)
OR-->AM_BLD_MSG2, EV_PROCESS_SA-->AM_BLD_MSG2, EV_GROUP_LOOKUP-->AM_BLD_MSG2, EV
_PROCESS_MSG-->AM_BLD_MSG2, EV_CREATE_TMR-->AM_START, EV_RCV_MSG-->AM_START, EV_
START_AM-->AM_START, EV_START_AM
Mar 14 11:57:48 [IKEv1 DEBUG]: Group = skyline, IP = 184.151.63.210, IKE SA AM:8
c1c1c40 terminating: flags 0x0100c001, refcnt 0, tuncnt 0
Mar 14 11:57:48 [IKEv1 DEBUG]: Group = skyline, IP = 184.151.63.210, sending del
ete/delete with reason message
Mar 14 11:57:48 [IKEv1]: Group = skyline, IP = 184.151.63.210, Removing peer fro
m peer table failed, no match!
Mar 14 11:57:48 [IKEv1]: Group = skyline, IP = 184.151.63.210, Error: Unable to
remove PeerTblEntry
debug crypto ipsec 190
ciscoasa# Mar 14 11:58:36 [IKEv1]: IP = 184.151.63.210, IKE_DECODE RECEIVED Mess
age (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + VEND
OR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total
length : 851
Mar 14 11:58:36 [IKEv1 DEBUG]: IP = 184.151.63.210, processing SA payload
Mar 14 11:58:36 [IKEv1 DEBUG]: IP = 184.151.63.210, processing ke payload
Mar 14 11:58:36 [IKEv1 DEBUG]: IP = 184.151.63.210, processing ISA_KE payload
Mar 14 11:58:36 [IKEv1 DEBUG]: IP = 184.151.63.210, processing nonce payload
Mar 14 11:58:36 [IKEv1 DEBUG]: IP = 184.151.63.210, processing ID payload
Mar 14 11:58:36 [IKEv1 DEBUG]: IP = 184.151.63.210, processing VID payload
Mar 14 11:58:36 [IKEv1 DEBUG]: IP = 184.151.63.210, Received xauth V6 VID
Mar 14 11:58:36 [IKEv1 DEBUG]: IP = 184.151.63.210, processing VID payload
Mar 14 11:58:36 [IKEv1 DEBUG]: IP = 184.151.63.210, Received DPD VID
Mar 14 11:58:36 [IKEv1 DEBUG]: IP = 184.151.63.210, processing VID payload
Mar 14 11:58:36 [IKEv1 DEBUG]: IP = 184.151.63.210, Received Fragmentation VID
Mar 14 11:58:36 [IKEv1 DEBUG]: IP = 184.151.63.210, IKE Peer included IKE fragme
ntation capability flags: Main Mode: True Aggressive Mode: False
Mar 14 11:58:36 [IKEv1 DEBUG]: IP = 184.151.63.210, processing VID payload
Mar 14 11:58:36 [IKEv1 DEBUG]: IP = 184.151.63.210, Received NAT-Traversal ver 0
2 VID
Mar 14 11:58:36 [IKEv1 DEBUG]: IP = 184.151.63.210, processing VID payload
Mar 14 11:58:36 [IKEv1 DEBUG]: IP = 184.151.63.210, Received Cisco Unity client
VID
Mar 14 11:58:36 [IKEv1]: IP = 184.151.63.210, Connection landed on tunnel_group
skyline
Mar 14 11:58:36 [IKEv1 DEBUG]: Group = skyline, IP = 184.151.63.210, processing
IKE SA payload
Mar 14 11:58:36 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:58:36 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:58:36 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:58:36 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:58:36 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:58:36 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:58:36 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:58:36 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:58:36 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:58:36 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:58:36 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:58:36 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:58:36 [IKEv1]: IP = 184.151.63.210, IKE_DECODE SENDING Message (msgid=
0) with payloads : HDR + NOTIFY (11) + NONE (0) total length : 596
Mar 14 11:58:36 [IKEv1 DEBUG]: Group = skyline, IP = 184.151.63.210, All SA prop
osals found unacceptable
Mar 14 11:58:36 [IKEv1]: IP = 184.151.63.210, All IKE SA proposals found unaccep
table!
Mar 14 11:58:36 [IKEv1 DEBUG]: Group = skyline, IP = 184.151.63.210, IKE AM Resp
onder FSM error history (struct &0xae2e03c0)
OR-->AM_BLD_MSG2, EV_PROCESS_SA-->AM_BLD_MSG2, EV_GROUP_LOOKUP-->AM_BLD_MSG2, EV
_PROCESS_MSG-->AM_BLD_MSG2, EV_CREATE_TMR-->AM_START, EV_RCV_MSG-->AM_START, EV_
START_AM-->AM_START, EV_START_AM
Mar 14 11:58:36 [IKEv1 DEBUG]: Group = skyline, IP = 184.151.63.210, IKE SA AM:6
692c100 terminating: flags 0x0100c001, refcnt 0, tuncnt 0
Mar 14 11:58:36 [IKEv1 DEBUG]: Group = skyline, IP = 184.151.63.210, sending del
ete/delete with reason message
Mar 14 11:58:36 [IKEv1]: Group = skyline, IP = 184.151.63.210, Removing peer fro
m peer table failed, no match!
Mar 14 11:58:36 [IKEv1]: Group = skyline, IP = 184.151.63.210, Error: Unable to
remove PeerTblEntry
Mar 14 11:58:41 [IKEv1]: IP = 184.151.63.210, IKE_DECODE RECEIVED Message (msgid
=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + VENDOR (13) +
VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length :
851
Mar 14 11:58:41 [IKEv1 DEBUG]: IP = 184.151.63.210, processing SA payload
Mar 14 11:58:41 [IKEv1 DEBUG]: IP = 184.151.63.210, processing ke payload
Mar 14 11:58:41 [IKEv1 DEBUG]: IP = 184.151.63.210, processing ISA_KE payload
Mar 14 11:58:41 [IKEv1 DEBUG]: IP = 184.151.63.210, processing nonce payload
Mar 14 11:58:41 [IKEv1 DEBUG]: IP = 184.151.63.210, processing ID payload
Mar 14 11:58:41 [IKEv1 DEBUG]: IP = 184.151.63.210, processing VID payload
Mar 14 11:58:41 [IKEv1 DEBUG]: IP = 184.151.63.210, Received xauth V6 VID
Mar 14 11:58:41 [IKEv1 DEBUG]: IP = 184.151.63.210, processing VID payload
Mar 14 11:58:41 [IKEv1 DEBUG]: IP = 184.151.63.210, Received DPD VID
Mar 14 11:58:41 [IKEv1 DEBUG]: IP = 184.151.63.210, processing VID payload
Mar 14 11:58:41 [IKEv1 DEBUG]: IP = 184.151.63.210, Received Fragmentation VID
Mar 14 11:58:41 [IKEv1 DEBUG]: IP = 184.151.63.210, IKE Peer included IKE fragme
ntation capability flags: Main Mode: True Aggressive Mode: False
Mar 14 11:58:41 [IKEv1 DEBUG]: IP = 184.151.63.210, processing VID payload
Mar 14 11:58:41 [IKEv1 DEBUG]: IP = 184.151.63.210, Received NAT-Traversal ver 0
2 VID
Mar 14 11:58:41 [IKEv1 DEBUG]: IP = 184.151.63.210, processing VID payload
Mar 14 11:58:41 [IKEv1 DEBUG]: IP = 184.151.63.210, Received Cisco Unity client
VID
Mar 14 11:58:41 [IKEv1]: IP = 184.151.63.210, Connection landed on tunnel_group
skyline
Mar 14 11:58:41 [IKEv1 DEBUG]: Group = skyline, IP = 184.151.63.210, processing
IKE SA payload
Mar 14 11:58:41 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:58:41 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:58:41 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:58:41 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:58:41 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:58:41 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:58:41 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:58:41 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:58:41 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:58:41 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:58:41 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:58:41 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:58:41 [IKEv1]: IP = 184.151.63.210, IKE_DECODE SENDING Message (msgid=
0) with payloads : HDR + NOTIFY (11) + NONE (0) total length : 596
Mar 14 11:58:41 [IKEv1 DEBUG]: Group = skyline, IP = 184.151.63.210, All SA prop
osals found unacceptable
Mar 14 11:58:41 [IKEv1]: IP = 184.151.63.210, All IKE SA proposals found unaccep
table!
Mar 14 11:58:41 [IKEv1 DEBUG]: Group = skyline, IP = 184.151.63.210, IKE AM Resp
onder FSM error history (struct &0xaec001e0)
OR-->AM_BLD_MSG2, EV_PROCESS_SA-->AM_BLD_MSG2, EV_GROUP_LOOKUP-->AM_BLD_MSG2, EV
_PROCESS_MSG-->AM_BLD_MSG2, EV_CREATE_TMR-->AM_START, EV_RCV_MSG-->AM_START, EV_
START_AM-->AM_START, EV_START_AM
Mar 14 11:58:41 [IKEv1 DEBUG]: Group = skyline, IP = 184.151.63.210, IKE SA AM:7
7811ec5 terminating: flags 0x0100c001, refcnt 0, tuncnt 0
Mar 14 11:58:41 [IKEv1 DEBUG]: Group = skyline, IP = 184.151.63.210, sending del
ete/delete with reason message
Mar 14 11:58:41 [IKEv1]: Group = skyline, IP = 184.151.63.210, Removing peer fro
m peer table failed, no match!
Mar 14 11:58:41 [IKEv1]: Group = skyline, IP = 184.151.63.210, Error: Unable to
remove PeerTblEntry
Mar 14 11:58:46 [IKEv1]: IP = 184.151.63.210, IKE_DECODE RECEIVED Message (msgid
=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + VENDOR (13) +
VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length :
851
Mar 14 11:58:46 [IKEv1 DEBUG]: IP = 184.151.63.210, processing SA payload
Mar 14 11:58:46 [IKEv1 DEBUG]: IP = 184.151.63.210, processing ke payload
Mar 14 11:58:46 [IKEv1 DEBUG]: IP = 184.151.63.210, processing ISA_KE payload
Mar 14 11:58:46 [IKEv1 DEBUG]: IP = 184.151.63.210, processing nonce payload
Mar 14 11:58:46 [IKEv1 DEBUG]: IP = 184.151.63.210, processing ID payload
Mar 14 11:58:46 [IKEv1 DEBUG]: IP = 184.151.63.210, processing VID payload
Mar 14 11:58:46 [IKEv1 DEBUG]: IP = 184.151.63.210, Received xauth V6 VID
Mar 14 11:58:46 [IKEv1 DEBUG]: IP = 184.151.63.210, processing VID payload
Mar 14 11:58:46 [IKEv1 DEBUG]: IP = 184.151.63.210, Received DPD VID
Mar 14 11:58:46 [IKEv1 DEBUG]: IP = 184.151.63.210, processing VID payload
Mar 14 11:58:46 [IKEv1 DEBUG]: IP = 184.151.63.210, Received Fragmentation VID
Mar 14 11:58:46 [IKEv1 DEBUG]: IP = 184.151.63.210, IKE Peer included IKE fragme
ntation capability flags: Main Mode: True Aggressive Mode: False
Mar 14 11:58:46 [IKEv1 DEBUG]: IP = 184.151.63.210, processing VID payload
Mar 14 11:58:46 [IKEv1 DEBUG]: IP = 184.151.63.210, Received NAT-Traversal ver 0
2 VID
Mar 14 11:58:46 [IKEv1 DEBUG]: IP = 184.151.63.210, processing VID payload
Mar 14 11:58:46 [IKEv1 DEBUG]: IP = 184.151.63.210, Received Cisco Unity client
VID
Mar 14 11:58:46 [IKEv1]: IP = 184.151.63.210, Connection landed on tunnel_group
skyline
Mar 14 11:58:46 [IKEv1 DEBUG]: Group = skyline, IP = 184.151.63.210, processing
IKE SA payload
Mar 14 11:58:46 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:58:46 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:58:46 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:58:46 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:58:46 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:58:46 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:58:46 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:58:46 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:58:46 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:58:46 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:58:46 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:58:46 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:58:46 [IKEv1]: IP = 184.151.63.210, IKE_DECODE SENDING Message (msgid=
0) with payloads : HDR + NOTIFY (11) + NONE (0) total length : 596
Mar 14 11:58:46 [IKEv1 DEBUG]: Group = skyline, IP = 184.151.63.210, All SA prop
osals found unacceptable
Mar 14 11:58:46 [IKEv1]: IP = 184.151.63.210, All IKE SA proposals found unaccep
table!
Mar 14 11:58:46 [IKEv1 DEBUG]: Group = skyline, IP = 184.151.63.210, IKE AM Resp
onder FSM error history (struct &0xa7b62e58)
OR-->AM_BLD_MSG2, EV_PROCESS_SA-->AM_BLD_MSG2, EV_GROUP_LOOKUP-->AM_BLD_MSG2, EV
_PROCESS_MSG-->AM_BLD_MSG2, EV_CREATE_TMR-->AM_START, EV_RCV_MSG-->AM_START, EV_
START_AM-->AM_START, EV_START_AM
Mar 14 11:58:46 [IKEv1 DEBUG]: Group = skyline, IP = 184.151.63.210, IKE SA AM:3
6bb869f terminating: flags 0x0100c001, refcnt 0, tuncnt 0
Mar 14 11:58:46 [IKEv1 DEBUG]: Group = skyline, IP = 184.151.63.210, sending del
ete/delete with reason message
Mar 14 11:58:46 [IKEv1]: Group = skyline, IP = 184.151.63.210, Removing peer fro
m peer table failed, no match!
Mar 14 11:58:46 [IKEv1]: Group = skyline, IP = 184.151.63.210, Error: Unable to
remove PeerTblEntry
Mar 14 11:58:51 [IKEv1]: IP = 184.151.63.210, IKE_DECODE RECEIVED Message (msgid
=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + VENDOR (13) +
VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length :
851
Mar 14 11:58:51 [IKEv1 DEBUG]: IP = 184.151.63.210, processing SA payload
Mar 14 11:58:51 [IKEv1 DEBUG]: IP = 184.151.63.210, processing ke payload
Mar 14 11:58:51 [IKEv1 DEBUG]: IP = 184.151.63.210, processing ISA_KE payload
Mar 14 11:58:51 [IKEv1 DEBUG]: IP = 184.151.63.210, processing nonce payload
Mar 14 11:58:51 [IKEv1 DEBUG]: IP = 184.151.63.210, processing ID payload
Mar 14 11:58:51 [IKEv1 DEBUG]: IP = 184.151.63.210, processing VID payload
Mar 14 11:58:51 [IKEv1 DEBUG]: IP = 184.151.63.210, Received xauth V6 VID
Mar 14 11:58:51 [IKEv1 DEBUG]: IP = 184.151.63.210, processing VID payload
Mar 14 11:58:51 [IKEv1 DEBUG]: IP = 184.151.63.210, Received DPD VID
Mar 14 11:58:51 [IKEv1 DEBUG]: IP = 184.151.63.210, processing VID payload
Mar 14 11:58:51 [IKEv1 DEBUG]: IP = 184.151.63.210, Received Fragmentation VID
Mar 14 11:58:51 [IKEv1 DEBUG]: IP = 184.151.63.210, IKE Peer included IKE fragme
ntation capability flags: Main Mode: True Aggressive Mode: False
Mar 14 11:58:51 [IKEv1 DEBUG]: IP = 184.151.63.210, processing VID payload
Mar 14 11:58:51 [IKEv1 DEBUG]: IP = 184.151.63.210, Received NAT-Traversal ver 0
2 VID
Mar 14 11:58:51 [IKEv1 DEBUG]: IP = 184.151.63.210, processing VID payload
Mar 14 11:58:51 [IKEv1 DEBUG]: IP = 184.151.63.210, Received Cisco Unity client
VID
Mar 14 11:58:51 [IKEv1]: IP = 184.151.63.210, Connection landed on tunnel_group
skyline
Mar 14 11:58:51 [IKEv1 DEBUG]: Group = skyline, IP = 184.151.63.210, processing
IKE SA payload
Mar 14 11:58:51 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:58:51 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:58:51 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:58:51 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:58:51 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:58:51 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:58:51 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:58:51 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:58:51 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:58:51 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:58:51 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:58:51 [IKEv1]: Phase 1 failure: Mismatched attribute types for class
Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Mar 14 11:58:51 [IKEv1]: IP = 184.151.63.210, IKE_DECODE SENDING Message (msgid=
0) with payloads : HDR + NOTIFY (11) + NONE (0) total length : 596
Mar 14 11:58:51 [IKEv1 DEBUG]: Group = skyline, IP = 184.151.63.210, All SA prop
osals found unacceptable
Mar 14 11:58:51 [IKEv1]: IP = 184.151.63.210, All IKE SA proposals found unaccep
table!
Mar 14 11:58:51 [IKEv1 DEBUG]: Group = skyline, IP = 184.151.63.210, IKE AM Resp
onder FSM error history (struct &0xa7b62e58)
OR-->AM_BLD_MSG2, EV_PROCESS_SA-->AM_BLD_MSG2, EV_GROUP_LOOKUP-->AM_BLD_MSG2, EV
_PROCESS_MSG-->AM_BLD_MSG2, EV_CREATE_TMR-->AM_START, EV_RCV_MSG-->AM_START, EV_
START_AM-->AM_START, EV_START_AM
Mar 14 11:58:51 [IKEv1 DEBUG]: Group = skyline, IP = 184.151.63.210, IKE SA AM:d
b6e5d1d terminating: flags 0x0100c001, refcnt 0, tuncnt 0
Mar 14 11:58:51 [IKEv1 DEBUG]: Group = skyline, IP = 184.151.63.210, sending del
ete/delete with reason message
Mar 14 11:58:51 [IKEv1]: Group = skyline, IP = 184.151.63.210, Removing peer fro
m peer table failed, no match!
Mar 14 11:58:51 [IKEv1]: Group = skyline, IP = 184.151.63.210, Error: Unable to
remove PeerTblEntry
ā03-14-2013 10:40 AM
Arash,
This is pretty much the issue:
"Mar 14 11:58:51 [IKEv1 DEBUG]: Group = skyline, IP = 184.151.63.210, All SA proposals found unacceptable
Mar 14 11:58:51 [IKEv1]: IP = 184.151.63.210, All IKE SA proposals found unacceptable!"
Please include your VPN configuration (avoid any pre-shared-key or sensitive application).
"show run isakmp"
"show run crypto dynamic"
Portu.
ā03-14-2013 11:18 AM
Thank You again,
ciscoasa# show run isakmp
crypto isakmp enable Atria
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash md5
group 1
lifetime 86400
crypto isakmp policy 50
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
+++++++++++++++++++++++++++++++++
ciscoasa# show run crypto dynamic
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128
-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256
-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
ā03-14-2013 08:34 PM
Thanks
Please do the following:
crypto isakmp policy 10
encryption aes
hash sha
group 2
authentication pre-share
Try again and let me know.
Portu
ā03-15-2013 05:57 AM
Good morning Portu,
So many thanks. It works!
Arash
ā03-15-2013 06:32 AM
Good Morning Arash,
I am glad to hear that
Have a nice day.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide