01-16-2002 01:21 PM - edited 02-21-2020 11:34 AM
Trying to build a VPN tunnel from a 827 DSL router to a Pix515, I have built over 80 of these to the same PIX and had no problems. Now every one I build is telling me the below message in my debugging of ipsec and isakmp. If anyone knows what this means and possibly a fix, please let me know. The problem seems to start at the line that says "01:44:00: ISAKMP (0:32): processing NOTIFY PROPOSAL_NOT_CHOSEN protocol 3"
01:43:58: IPSEC(sa_request): ,
(key eng. msg.) src= 67.112.8.42, dest= 65.210.17.66,
src_proxy= 10.5.113.0/255.255.255.0/0/0 (type=4),
dest_proxy= 10.0.0.0/255.0.0.0/0/0 (type=4),
protocol= ESP, transform= esp-des esp-md5-hmac ,
lifedur= 3600s and 4608000kb,
spi= 0x139AA2D9(328901337), conn_id= 0, keysize= 0, flags= 0x4004
01:43:58: ISAKMP: received ke message (1/1)
01:43:58: ISAKMP: local port 500, remote port 500
01:43:58: ISAKMP (0:32): beginning Main Mode exchange
01:43:58: ISAKMP (0:32): sending packet to 65.210.17.66 (I) MM_NO_STATE
01:43:58: ISAKMP (0:32): received packet from 65.210.17.66 (I) MM_NO_STATE
01:43:58: ISAKMP (0:32): processing SA payload. message ID = 0
01:43:58: ISAKMP (0:32): found peer pre-shared key matching 65.210.17.66
01:43:58: ISAKMP (0:32): Checking ISAKMP transform 1 against priority 10 policy
01:43:58: ISAKMP: encryption DES-CBC
01:43:58: ISAKMP: hash MD5
01:43:58: ISAKMP: default group 1
01:43:58: ISAKMP: auth pre-share
01:43:58: ISAKMP: life type in seconds
01:43:58: ISAKMP: life duration (basic) of 3600
01:43:58: ISAKMP (0:32): atts are acceptable. Next payload is 0
01:43:59: ISAKMP (0:32): SA is doing pre-shared key authentication using id type
ID_IPV4_ADDR13.1
01:43:59: ISAKMP (0:32): sending packet to 65.210.17.66 (I) MM_SA_SETUP
01:43:59: ISAKMP (0:32): received packet from 65.210.17.66 (I) MM_SA_SETUP
01:43:59: ISAKMP (0:32): processing KE payload. message ID = 0
01:43:59: ISAKMP (0:32): processing NONCE payload. message ID = 0
01:43:59: ISAKMP (0:32): found peer pre-shared key matching 65.210.17.66
01:43:59: ISAKMP (0:32): SKEYID state generated
01:43:59: ISAKMP (0:32): processing vendor id payload
01:43:59: ISAKMP (0:32): processing vendor id payload
01:43:59: ISAKMP (0:32): processing vendor id payload
01:43:59: ISAKMP (0:32): speaking to another IOS box!
01:43:59: ISAKMP (32): ID payload
next-payload : 8
type : 1
protocol : 17
port : 500
length : 8
01:43:59: ISAKMP (32): Total payload length: 12
01:43:59: ISAKMP (0:32): sending packet to 65.210.17.66 (I) MM_KEY_EXCH
01:43:59: ISAKMP (0:32): received packet from 65.210.17.66 (I) MM_KEY_EXCH
01:43:59: ISAKMP (0:32): processing ID payload. message ID = 0
01:43:59: ISAKMP (0:32): processing HASH payload. message ID = 0
01:43:59: ISAKMP (0:32): SA has been authenticated with 65.210.17.66
01:43:59: ISAKMP (0:32): beginning Quick Mode exchange, M-ID of 1533428816
01:43:59: ISAKMP (0:32): sending packet to 65.210.17.66 (I) QM_IDLE
01:44:00: ISAKMP (0:32): received packet from 65.210.17.66 (I) QM_IDLE
01:44:00: ISAKMP (0:32): processing HASH payload. message ID = -1063731131
01:44:00: ISAKMP (0:32): processing NOTIFY PROPOSAL_NOT_CHOSEN protocol 3
spi 328901337, message ID = -1063731131
01:44:00: ISAKMP (0:32): deleting spi 328901337 message ID = 1533428816
01:44:00: ISAKMP (0:32): deleting node 1533428816 error TRUE reason "delete_larv
al"
01:44:00: ISAKMP (0:32): deleting node -1063731131 error FALSE reason "informati
onal (in) state 1"
01-23-2002 07:32 AM
What version of PIX code are you running? I would check that against bug tracker to see if there are any known issues. Other than that, youll probably have to talk to tac to see whats going on.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide