01-17-2019 05:43 AM
SO we are setting up a connection to a DR cloud location and to connect to this cloud the cloud provider has given us an IP to connect to and a pre shared key. we need to create a vpn connection with just that information.
so far this is what i added but the connection is not working. this is a Cisco 4331router running version 16.6.3
crypto keyring Navisite
pre-shared-key address "DR IP address" key "this key"
crypto isakmp policy 2
authentication pre-share
group 2
!
crypto isakmp profile Navisite
keyring Navisite
match identity address "DR IP address" 255.255.255.255
local-address GigabitEthernet0/0/0
!
crypto ipsec transform-set Navisite esp-3des esp-sha-hmac
mode tunnel
!
crypto map Navisite 1 ipsec-isakmp
set peer "DR IP address"
set transform-set Navisite
match address NAVISITE
!
ip access-list extended NAVISITE
permit ip "internal subnet1" "DR remote subnet"
permit ip "internal subnet2" "DR remote subnet"
!
interface GigabitEthernet0/0/0
crypto map Navisite
Solved! Go to Solution.
01-18-2019 07:21 AM
01-18-2019 11:27 AM
01-17-2019 06:06 AM
Hi,
Do you control the other end of the VPN? Can you confirm the configuration of the other peer, especially in regard to the isakmp policy and transform set? PFS is also not enabled under the crypto-map in your configuration, this may be enabled on the other peer. So best to clarify what the other peer has defined.
If you enable "debug crypto isakmp", attempt to send traffic over the VPN tunnel and then upload the output of the debug please?
This link is useful in troubleshooting IPSec tunnels
HTH
01-17-2019 06:32 AM
well i set group 2 under the policy but i wall add it to the crypto map
i do not have access to the remote site at all.
01-17-2019 07:04 AM
I did enable the debugs but i appear to be getting nothing from that what so ever from that DR IP. there is alot of fluff in the debug since i have 60 DMPVN tunnels running on this very same router currently.
01-17-2019 07:12 AM
01-17-2019 07:24 AM
couple things on this one.
First so far i have not receive anything logs on the debug.
debug crypto condition peer ipv4 "DR ip address" worked
and the other debug does not seem to exist at all.
R-BAY-TW#debug crypto ?
3gpp Crypto 3GPP Group Key Management debug
ber decode ASN.1 BER data
condition Define debug condition filters
eap EAP
engine Crypto Engine Debug
est-client Enrollment over Secure Transport (EST) Client
gdoi Crypto GKM - Group Key Management (including GDOI) debug
gkm Crypto GKM - Group Key Management debug
ha Crypto High Availability (generic) debug
ikev2 IKEv2 debugging
interface Crypto Interface debug
ipsec IPSEC processing
ipv6 Crypto IPv6 debug
isakmp ISAKMP Key Management
kmi Crypto Key Management Interface debug
mib IPSEC Management Transactions
pki PKI Client
rmal Crypto RMAL debug
routing IPSEC Route Events
socket Crypto Secure Socket Debug
ssl Crypto SSL Packet Debugs
tls-tunnel Crypto TLS-Tunnel Debugs
verbose verbose decode
01-17-2019 07:30 AM
01-17-2019 08:07 AM
the internal networks in question are not on this router they are on a core switch. I see where you are getting at I will need to put a route on the core switch for the DR subnet to point to the router in question.
01-17-2019 08:28 AM
sorry but the "debug crypto isakmp 200" does not work either best i can get is the "debug crypto isakmp"
01-17-2019 08:34 AM
01-17-2019 10:30 AM
Sorry i am still not getting anything from the debugs. i have gone back to the cloud provider to see if there is missing information.
01-17-2019 10:39 AM
01-18-2019 06:53 AM
OK so it turns out the provider did not have anything set. so now it is, and now i am getting debugs
R-BAY-TW(conf-keyring)#do sh log
Syslog logging: enabled (0 messages dropped, 622 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)
No Active Message Discriminator.
No Inactive Message Discriminator.
Console logging: level warnings, 24010 messages logged, xml disabled,
filtering disabled
Monitor logging: level debugging, 148 messages logged, xml disabled,
filtering disabled
Buffer logging: level debugging, 378926 messages logged, xml disabled,
filtering disabled
Exception Logging: size (4096 bytes)
Count and timestamp logging messages: disabled
Persistent logging: disabled
No active filter modules.
Trap logging: level informational, 48606 message lines logged
Logging Source-Interface: VRF Name:
Log Buffer (100000 bytes):
Jan 18 08:44:34: ISAKMP-PAK: (0):received packet from 209.235.70.147 dport 500 sport 500 Global (R) MM_NO_STATE
Jan 18 08:45:03: ISAKMP: (0):purging SA., sa=80007FA2D6EC4C58, delme=80007FA2D6EC4C58
Jan 18 08:45:13: ISAKMP-PAK: (0):received packet from "remote IP" dport 500 sport 500 Global (N) NEW SA
Jan 18 08:45:13: ISAKMP: (0):Created a peer struct for "remote IP", peer port 500
Jan 18 08:45:13: ISAKMP: (0):New peer created peer = 0x80007FA2D69BBA70 peer_handle = 0x80000000800027A6
Jan 18 08:45:13: ISAKMP: (0):Locking peer struct 0x80007FA2D69BBA70, refcount 1 for crypto_isakmp_process_block
Jan 18 08:45:13: ISAKMP: (0):local port 500, remote port 500
Jan 18 08:45:13: ISAKMP: (0):insert sa successfully sa = 80007FA2CA37CC38
Jan 18 08:45:13: ISAKMP: (0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Jan 18 08:45:13: ISAKMP: (0):Old State = IKE_READY New State = IKE_R_MM1
Jan 18 08:45:13: ISAKMP: (0):processing SA payload. message ID = 0
Jan 18 08:45:13: ISAKMP: (0):processing vendor id payload
Jan 18 08:45:13: ISAKMP: (0):vendor ID seems Unity/DPD but major 0 mismatch
Jan 18 08:45:13: ISAKMP: (0):processing vendor id payload
Jan 18 08:45:13: ISAKMP: (0):vendor ID is DPD
Jan 18 08:45:13: ISAKMP: (0):processing vendor id payload
Jan 18 08:45:13: ISAKMP: (0):vendor ID seems Unity/DPD but major 69 mismatch
Jan 18 08:45:13: ISAKMP: (0):vendor ID is NAT-T RFC 3947
Jan 18 08:45:13: ISAKMP: (0):processing vendor id payload
Jan 18 08:45:13: ISAKMP: (0):vendor ID seems Unity/DPD but major 157 mismatch
Jan 18 08:45:13: ISAKMP: (0):vendor ID is NAT-T v3
Jan 18 08:45:13: ISAKMP: (0):processing vendor id payload
Jan 18 08:45:13: ISAKMP: (0):vendor ID seems Unity/DPD but major 123 mismatch
Jan 18 08:45:13: ISAKMP: (0):vendor ID is NAT-T v2
Jan 18 08:45:13: ISAKMP: (0):processing vendor id payload
Jan 18 08:45:13: ISAKMP: (0):vendor ID seems Unity/DPD but major 164 mismatch
Jan 18 08:45:13: ISAKMP: (0):processing vendor id payload
Jan 18 08:45:13: ISAKMP: (0):vendor ID seems Unity/DPD but major 221 mismatch
Jan 18 08:45:13: ISAKMP: (0):found peer pre-shared key matching "remote IP"
Jan 18 08:45:13: ISAKMP: (0):local preshared key found
Jan 18 08:45:13: ISAKMP: (0):Checking ISAKMP transform 0 against priority 1 policy
Jan 18 08:45:13: ISAKMP: (0): life type in seconds
Jan 18 08:45:13: ISAKMP: (0): life duration (basic) of 28800
Jan 18 08:45:13: ISAKMP: (0): encryption 3DES-CBC
Jan 18 08:45:13: ISAKMP: (0): hash SHA
Jan 18 08:45:13: ISAKMP: (0): auth pre-share
Jan 18 08:45:13: ISAKMP: (0): default group 2
Jan 18 08:45:13: ISAKMP-ERROR: (0):Encryption algorithm offered does not match policy!
Jan 18 08:45:13: ISAKMP-ERROR: (0):atts are not acceptable. Next payload is 0
Jan 18 08:45:13: ISAKMP: (0):Checking ISAKMP transform 0 against priority 2 policy
Jan 18 08:45:13: ISAKMP: (0): life type in seconds
Jan 18 08:45:13: ISAKMP: (0): life duration (basic) of 28800
Jan 18 08:45:13: ISAKMP: (0): encryption 3DES-CBC
Jan 18 08:45:13: ISAKMP: (0): hash SHA
Jan 18 08:45:13: ISAKMP: (0): auth pre-share
Jan 18 08:45:13: ISAKMP: (0): default group 2
Jan 18 08:45:13: ISAKMP-ERROR: (0):Encryption algorithm offered does not match policy!
Jan 18 08:45:13: ISAKMP-ERROR: (0):atts are not acceptable. Next payload is 0
Jan 18 08:45:13: ISAKMP: (0):Checking ISAKMP transform 0 against priority 10 policy
Jan 18 08:45:13: ISAKMP: (0): life type in seconds
Jan 18 08:45:13: ISAKMP: (0): life duration (basic) of 28800
Jan 18 08:45:13: ISAKMP: (0): encryption 3DES-CBC
Jan 18 08:45:13: ISAKMP: (0): hash SHA
Jan 18 08:45:13: ISAKMP: (0): auth pre-share
Jan 18 08:45:13: ISAKMP: (0): default group 2
Jan 18 08:45:13: ISAKMP-ERROR: (0):Hash algorithm offered does not match policy!
Jan 18 08:45:13: ISAKMP-ERROR: (0):atts are not acceptable. Next payload is 0
Jan 18 08:45:13: ISAKMP-ERROR: (0):no offers accepted!
Jan 18 08:45:13: ISAKMP-ERROR: (0):phase 1 SA policy not acceptable! (local "Router IP" remote "remote IP")
Jan 18 08:45:13: ISAKMP: (0):: incrementing error counter on sa, attempt 1 of 5: construct_fail_ag_init
Jan 18 08:45:13: ISAKMP-PAK: (0):sending packet to "remote IP" my_port 500 peer_port 500 (R) MM_NO_STATE
Jan 18 08:45:13: ISAKMP: (0):Sending an IKE IPv4 Packet.
Jan 18 08:45:13: ISAKMP: (0):peer does not do paranoid keepalives.
Jan 18 08:45:13: ISAKMP-ERROR: (0):deleting SA reason "Phase1 SA policy proposal not accepted" state (R) MM_NO_STATE (peer 209.235.70.147)
Jan 18 08:45:13: ISAKMP: (0):processing vendor id payload
Jan 18 08:45:13: ISAKMP: (0):vendor ID seems Unity/DPD but major 0 mismatch
Jan 18 08:45:13: ISAKMP: (0):processing vendor id payload
Jan 18 08:45:13: ISAKMP: (0):vendor ID is DPD
Jan 18 08:45:13: ISAKMP: (0):processing vendor id payload
Jan 18 08:45:13: ISAKMP: (0):vendor ID seems Unity/DPD but major 69 mismatch
Jan 18 08:45:13: ISAKMP: (0):vendor ID is NAT-T RFC 3947
Jan 18 08:45:13: ISAKMP: (0):processing vendor id payload
Jan 18 08:45:13: ISAKMP: (0):vendor ID seems Unity/DPD but major 157 mismatch
Jan 18 08:45:13: ISAKMP: (0):vendor ID is NAT-T v3
Jan 18 08:45:13: ISAKMP: (0):processing vendor id payload
Jan 18 08:45:13: ISAKMP: (0):vendor ID seems Unity/DPD but major 123 mismatch
Jan 18 08:45:13: ISAKMP: (0):vendor ID is NAT-T v2
Jan 18 08:45:13: ISAKMP: (0):processing vendor id payload
Jan 18 08:45:13: ISAKMP: (0):vendor ID seems Unity/DPD but major 164 mismatch
Jan 18 08:45:13: ISAKMP: (0):processing vendor id payload
Jan 18 08:45:13: ISAKMP: (0):vendor ID seems Unity/DPD but major 221 mismatch
Jan 18 08:45:13: ISAKMP-ERROR: (0):(0): FSM action returned error: 2
Jan 18 08:45:13: ISAKMP: (0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Jan 18 08:45:13: ISAKMP: (0):Old State = IKE_R_MM1 New State = IKE_R_MM1
Jan 18 08:45:13: ISAKMP-ERROR: (0):deleting SA reason "Phase1 SA policy proposal not accepted" state (R) MM_NO_STATE (peer 209.235.70.147)
Jan 18 08:45:13: ISAKMP: (0):Unlocking peer struct 0x80007FA2D69BBA70 for isadb_mark_sa_deleted(), count 0
Jan 18 08:45:13: ISAKMP: (0):Deleting peer node by peer_reap for "remote IP": 80007FA2D69BBA70
Jan 18 08:45:13: ISAKMP: (0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
Jan 18 08:45:13: ISAKMP: (0):Old State = IKE_R_MM1 New State = IKE_DEST_SA
Jan 18 08:45:53: ISAKMP-PAK: (0):received packet from "remote IP" dport 500 sport 500 Global (R) MM_NO_STATE
Jan 18 08:45:57: %SYS-5-CONFIG_I: Configured from console by zmbbadm on vty0 (10.210.1.4)
Jan 18 08:46:03: ISAKMP-PAK: (0):received packet from "remote IP" dport 500 sport 500 Global (N) NEW SA
Jan 18 08:46:03: ISAKMP: (0):Created a peer struct for "remote IP", peer port 500
Jan 18 08:46:03: ISAKMP: (0):New peer created peer = 0x80007FA2D6E5EEE8 peer_handle = 0x80000000800050BE
Jan 18 08:46:03: ISAKMP: (0):Locking peer struct 0x80007FA2D6E5EEE8, refcount 1 for crypto_isakmp_process_block
Jan 18 08:46:03: ISAKMP: (0):local port 500, remote port 500
Jan 18 08:46:03: ISAKMP: (0):Find a dup sa in the avl tree during calling isadb_insert sa = 80007FA2D694C7B0
Jan 18 08:46:03: ISAKMP: (0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Jan 18 08:46:03: ISAKMP: (0):Old State = IKE_READY New State = IKE_R_MM1
Jan 18 08:46:03: ISAKMP: (0):processing SA payload. message ID = 0
Jan 18 08:46:03: ISAKMP: (0):processing vendor id payload
Jan 18 08:46:03: ISAKMP: (0):vendor ID seems Unity/DPD but major 0 mismatch
Jan 18 08:46:03: ISAKMP: (0):processing vendor id payload
Jan 18 08:46:03: ISAKMP: (0):vendor ID is DPD
Jan 18 08:46:03: ISAKMP: (0):processing vendor id payload
Jan 18 08:46:03: ISAKMP: (0):vendor ID seems Unity/DPD but major 69 mismatch
Jan 18 08:46:03: ISAKMP: (0):vendor ID is NAT-T RFC 3947
Jan 18 08:46:03: ISAKMP: (0):processing vendor id payload
Jan 18 08:46:03: ISAKMP: (0):vendor ID seems Unity/DPD but major 157 mismatch
Jan 18 08:46:03: ISAKMP: (0):vendor ID is NAT-T v3
Jan 18 08:46:03: ISAKMP: (0):processing vendor id payload
Jan 18 08:46:03: ISAKMP: (0):vendor ID seems Unity/DPD but major 123 mismatch
Jan 18 08:46:03: ISAKMP: (0):vendor ID is NAT-T v2
Jan 18 08:46:03: ISAKMP: (0):processing vendor id payload
Jan 18 08:46:03: ISAKMP: (0):vendor ID seems Unity/DPD but major 164 mismatch
Jan 18 08:46:03: ISAKMP: (0):processing vendor id payload
Jan 18 08:46:03: ISAKMP: (0):vendor ID seems Unity/DPD but major 221 mismatch
Jan 18 08:46:03: ISAKMP: (0):found peer pre-shared key matching 209.235.70.147
Jan 18 08:46:03: ISAKMP: (0):local preshared key found
Jan 18 08:46:03: ISAKMP: (0):Checking ISAKMP transform 0 against priority 1 policy
Jan 18 08:46:03: ISAKMP: (0): life type in seconds
Jan 18 08:46:03: ISAKMP: (0): life duration (basic) of 28800
Jan 18 08:46:03: ISAKMP: (0): encryption 3DES-CBC
Jan 18 08:46:03: ISAKMP: (0): hash SHA
Jan 18 08:46:03: ISAKMP: (0): auth pre-share
Jan 18 08:46:03: ISAKMP: (0): default group 2
Jan 18 08:46:03: ISAKMP-ERROR: (0):Encryption algorithm offered does not match policy!
Jan 18 08:46:03: ISAKMP-ERROR: (0):atts are not acceptable. Next payload is 0
Jan 18 08:46:03: ISAKMP: (0):Checking ISAKMP transform 0 against priority 2 policy
Jan 18 08:46:03: ISAKMP: (0): life type in seconds
Jan 18 08:46:03: ISAKMP: (0): life duration (basic) of 28800
Jan 18 08:46:03: ISAKMP: (0): encryption 3DES-CBC
Jan 18 08:46:03: ISAKMP: (0): hash SHA
Jan 18 08:46:03: ISAKMP: (0): auth pre-share
Jan 18 08:46:03: ISAKMP: (0): default group 2
Jan 18 08:46:03: ISAKMP-ERROR: (0):Encryption algorithm offered does not match policy!
Jan 18 08:46:03: ISAKMP-ERROR: (0):atts are not acceptable. Next payload is 0
Jan 18 08:46:03: ISAKMP: (0):Checking ISAKMP transform 0 against priority 10 policy
Jan 18 08:46:03: ISAKMP: (0): life type in seconds
Jan 18 08:46:03: ISAKMP: (0): life duration (basic) of 28800
Jan 18 08:46:03: ISAKMP: (0): encryption 3DES-CBC
Jan 18 08:46:03: ISAKMP: (0): hash SHA
Jan 18 08:46:03: ISAKMP: (0): auth pre-share
Jan 18 08:46:03: ISAKMP: (0): default group 2
Jan 18 08:46:03: ISAKMP-ERROR: (0):Hash algorithm offered does not match policy!
Jan 18 08:46:03: ISAKMP-ERROR: (0):atts are not acceptable. Next payload is 0
Jan 18 08:46:03: ISAKMP-ERROR: (0):no offers accepted!
Jan 18 08:46:03: ISAKMP-ERROR: (0):phase 1 SA policy not acceptable! (local "Router IP" remote "remote IP")
Jan 18 08:46:03: ISAKMP: (0):: incrementing error counter on sa, attempt 1 of 5: construct_fail_ag_init
Jan 18 08:46:03: ISAKMP-PAK: (0):sending packet to "remote IP" my_port 500 peer_port 500 (R) MM_NO_STATE
Jan 18 08:46:03: ISAKMP: (0):Sending an IKE IPv4 Packet.
Jan 18 08:46:03: ISAKMP: (0):peer does not do paranoid keepalives.
Jan 18 08:46:03: ISAKMP-ERROR: (0):deleting SA reason "Phase1 SA policy proposal not accepted" state (R) MM_NO_STATE (peer 209.235.70.147)
Jan 18 08:46:03: ISAKMP: (0):processing vendor id payload
Jan 18 08:46:03: ISAKMP: (0):vendor ID seems Unity/DPD but major 0 mismatch
Jan 18 08:46:03: ISAKMP: (0):processing vendor id payload
Jan 18 08:46:03: ISAKMP: (0):vendor ID is DPD
Jan 18 08:46:03: ISAKMP: (0):processing vendor id payload
Jan 18 08:46:03: ISAKMP: (0):vendor ID seems Unity/DPD but major 69 mismatch
Jan 18 08:46:03: ISAKMP: (0):vendor ID is NAT-T RFC 3947
Jan 18 08:46:03: ISAKMP: (0):processing vendor id payload
Jan 18 08:46:03: ISAKMP: (0):vendor ID seems Unity/DPD but major 157 mismatch
Jan 18 08:46:03: ISAKMP: (0):vendor ID is NAT-T v3
Jan 18 08:46:03: ISAKMP: (0):processing vendor id payload
Jan 18 08:46:03: ISAKMP: (0):vendor ID seems Unity/DPD but major 123 mismatch
Jan 18 08:46:03: ISAKMP: (0):vendor ID is NAT-T v2
Jan 18 08:46:03: ISAKMP: (0):processing vendor id payload
Jan 18 08:46:03: ISAKMP: (0):vendor ID seems Unity/DPD but major 164 mismatch
Jan 18 08:46:03: ISAKMP: (0):processing vendor id payload
Jan 18 08:46:03: ISAKMP: (0):vendor ID seems Unity/DPD but major 221 mismatch
Jan 18 08:46:03: ISAKMP-ERROR: (0):(0): FSM action returned error: 2
Jan 18 08:46:03: ISAKMP: (0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Jan 18 08:46:03: ISAKMP: (0):Old State = IKE_R_MM1 New State = IKE_R_MM1
Jan 18 08:46:03: ISAKMP-ERROR: (0):deleting SA reason "Phase1 SA policy proposal not accepted" state (R) MM_NO_STATE (peer 209.235.70.147)
Jan 18 08:46:03: ISAKMP: (0):Unlocking peer struct 0x80007FA2D6E5EEE8 for isadb_mark_sa_deleted(), count 0
Jan 18 08:46:03: ISAKMP: (0):Deleting peer node by peer_reap for "remote IP": 80007FA2D6E5EEE8
Jan 18 08:46:03: ISAKMP: (0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
Jan 18 08:46:03: ISAKMP: (0):Old State = IKE_R_MM1 New State = IKE_DEST_SA
Jan 18 08:46:13: ISAKMP: (0):purging SA., sa=80007FA2CA37CC38, delme=80007FA2CA37CC38
Jan 18 08:46:13: ISAKMP-PAK: (0):received packet from "remote IP" dport 500 sport 500 Global (R) MM_NO_STATE
Jan 18 08:46:33: ISAKMP-PAK: (0):received packet from "remote IP" dport 500 sport 500 Global (R) MM_NO_STATE
Jan 18 08:47:03: ISAKMP: (0):purging SA., sa=80007FA2D694C7B0, delme=80007FA2D694C7B0
Jan 18 08:47:13: ISAKMP-PAK: (0):received packet from "remote IP" dport 500 sport 500 Global (N) NEW SA
Jan 18 08:47:13: ISAKMP: (0):Created a peer struct for "remote IP", peer port 500
Jan 18 08:47:13: ISAKMP: (0):New peer created peer = 0x80007FA2D6DD5288 peer_handle = 0x8000000080004654
Jan 18 08:47:13: ISAKMP: (0):Locking peer struct 0x80007FA2D6DD5288, refcount 1 for crypto_isakmp_process_block
Jan 18 08:47:13: ISAKMP: (0):local port 500, remote port 500
Jan 18 08:47:13: ISAKMP: (0):insert sa successfully sa = 80007FA2D693BA10
Jan 18 08:47:13: ISAKMP: (0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Jan 18 08:47:13: ISAKMP: (0):Old State = IKE_READY New State = IKE_R_MM1
Jan 18 08:47:13: ISAKMP: (0):processing SA payload. message ID = 0
Jan 18 08:47:13: ISAKMP: (0):processing vendor id payload
Jan 18 08:47:13: ISAKMP: (0):vendor ID seems Unity/DPD but major 0 mismatch
Jan 18 08:47:13: ISAKMP: (0):processing vendor id payload
Jan 18 08:47:13: ISAKMP: (0):vendor ID is DPD
Jan 18 08:47:13: ISAKMP: (0):processing vendor id payload
Jan 18 08:47:13: ISAKMP: (0):vendor ID seems Unity/DPD but major 69 mismatch
Jan 18 08:47:13: ISAKMP: (0):vendor ID is NAT-T RFC 3947
Jan 18 08:47:13: ISAKMP: (0):processing vendor id payload
Jan 18 08:47:13: ISAKMP: (0):vendor ID seems Unity/DPD but major 157 mismatch
Jan 18 08:47:13: ISAKMP: (0):vendor ID is NAT-T v3
Jan 18 08:47:13: ISAKMP: (0):processing vendor id payload
Jan 18 08:47:13: ISAKMP: (0):vendor ID seems Unity/DPD but major 123 mismatch
Jan 18 08:47:13: ISAKMP: (0):vendor ID is NAT-T v2
Jan 18 08:47:13: ISAKMP: (0):processing vendor id payload
Jan 18 08:47:13: ISAKMP: (0):vendor ID seems Unity/DPD but major 164 mismatch
Jan 18 08:47:13: ISAKMP: (0):processing vendor id payload
Jan 18 08:47:13: ISAKMP: (0):vendor ID seems Unity/DPD but major 221 mismatch
Jan 18 08:47:13: ISAKMP: (0):found peer pre-shared key matching "remote IP"
Jan 18 08:47:13: ISAKMP: (0):local preshared key found
Jan 18 08:47:13: ISAKMP: (0):Checking ISAKMP transform 0 against priority 1 policy
Jan 18 08:47:13: ISAKMP: (0): life type in seconds
Jan 18 08:47:13: ISAKMP: (0): life duration (basic) of 28800
Jan 18 08:47:13: ISAKMP: (0): encryption 3DES-CBC
Jan 18 08:47:13: ISAKMP: (0): hash SHA
Jan 18 08:47:13: ISAKMP: (0): auth pre-share
Jan 18 08:47:13: ISAKMP: (0): default group 2
Jan 18 08:47:13: ISAKMP-ERROR: (0):Encryption algorithm offered does not match policy!
Jan 18 08:47:13: ISAKMP-ERROR: (0):atts are not acceptable. Next payload is 0
Jan 18 08:47:13: ISAKMP: (0):Checking ISAKMP transform 0 against priority 2 policy
Jan 18 08:47:13: ISAKMP: (0): life type in seconds
Jan 18 08:47:13: ISAKMP: (0): life duration (basic) of 28800
Jan 18 08:47:13: ISAKMP: (0): encryption 3DES-CBC
Jan 18 08:47:13: ISAKMP: (0): hash SHA
Jan 18 08:47:13: ISAKMP: (0): auth pre-share
Jan 18 08:47:13: ISAKMP: (0): default group 2
Jan 18 08:47:13: ISAKMP-ERROR: (0):Encryption algorithm offered does not match policy!
Jan 18 08:47:13: ISAKMP-ERROR: (0):atts are not acceptable. Next payload is 0
Jan 18 08:47:13: ISAKMP: (0):Checking ISAKMP transform 0 against priority 10 policy
Jan 18 08:47:13: ISAKMP: (0): life type in seconds
Jan 18 08:47:13: ISAKMP: (0): life duration (basic) of 28800
Jan 18 08:47:13: ISAKMP: (0): encryption 3DES-CBC
Jan 18 08:47:13: ISAKMP: (0): hash SHA
Jan 18 08:47:13: ISAKMP: (0): auth pre-share
Jan 18 08:47:13: ISAKMP: (0): default group 2
Jan 18 08:47:13: ISAKMP-ERROR: (0):Hash algorithm offered does not match policy!
Jan 18 08:47:13: ISAKMP-ERROR: (0):atts are not acceptable. Next payload is 0
Jan 18 08:47:13: ISAKMP-ERROR: (0):no offers accepted!
Jan 18 08:47:13: ISAKMP-ERROR: (0):phase 1 SA policy not acceptable! (local "Router IP" remote "remote IP")
Jan 18 08:47:13: ISAKMP: (0):: incrementing error counter on sa, attempt 1 of 5: construct_fail_ag_init
Jan 18 08:47:13: ISAKMP-PAK: (0):sending packet to "remote IP" my_port 500 peer_port 500 (R) MM_NO_STATE
Jan 18 08:47:13: ISAKMP: (0):Sending an IKE IPv4 Packet.
Jan 18 08:47:13: ISAKMP: (0):peer does not do paranoid keepalives.
Jan 18 08:47:13: ISAKMP-ERROR: (0):deleting SA reason "Phase1 SA policy proposal not accepted" state (R) MM_NO_STATE (peer 209.235.70.147)
Jan 18 08:47:13: ISAKMP: (0):processing vendor id payload
Jan 18 08:47:13: ISAKMP: (0):vendor ID seems Unity/DPD but major 0 mismatch
Jan 18 08:47:13: ISAKMP: (0):processing vendor id payload
Jan 18 08:47:13: ISAKMP: (0):vendor ID is DPD
Jan 18 08:47:13: ISAKMP: (0):processing vendor id payload
Jan 18 08:47:13: ISAKMP: (0):vendor ID seems Unity/DPD but major 69 mismatch
Jan 18 08:47:13: ISAKMP: (0):vendor ID is NAT-T RFC 3947
Jan 18 08:47:13: ISAKMP: (0):processing vendor id payload
Jan 18 08:47:13: ISAKMP: (0):vendor ID seems Unity/DPD but major 157 mismatch
Jan 18 08:47:13: ISAKMP: (0):vendor ID is NAT-T v3
Jan 18 08:47:13: ISAKMP: (0):processing vendor id payload
Jan 18 08:47:13: ISAKMP: (0):vendor ID seems Unity/DPD but major 123 mismatch
Jan 18 08:47:13: ISAKMP: (0):vendor ID is NAT-T v2
Jan 18 08:47:13: ISAKMP: (0):processing vendor id payload
Jan 18 08:47:13: ISAKMP: (0):vendor ID seems Unity/DPD but major 164 mismatch
Jan 18 08:47:13: ISAKMP: (0):processing vendor id payload
Jan 18 08:47:13: ISAKMP: (0):vendor ID seems Unity/DPD but major 221 mismatch
Jan 18 08:47:13: ISAKMP-ERROR: (0):(0): FSM action returned error: 2
Jan 18 08:47:13: ISAKMP: (0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Jan 18 08:47:13: ISAKMP: (0):Old State = IKE_R_MM1 New State = IKE_R_MM1
Jan 18 08:47:13: ISAKMP-ERROR: (0):deleting SA reason "Phase1 SA policy proposal not accepted" state (R) MM_NO_STATE (peer 209.235.70.147)
Jan 18 08:47:13: ISAKMP: (0):Unlocking peer struct 0x80007FA2D6DD5288 for isadb_mark_sa_deleted(), count 0
Jan 18 08:47:13: ISAKMP: (0):Deleting peer node by peer_reap for "remote IP"80007FA2D6DD5288
Jan 18 08:47:13: ISAKMP: (0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
Jan 18 08:47:13: ISAKMP: (0):Old State = IKE_R_MM1 New State = IKE_DEST_SA
Jan 18 08:47:53: ISAKMP-PAK: (0):received packet from "remote IP" dport 500 sport 500 Global (R) MM_NO_STATE
Jan 18 08:48:03: ISAKMP-PAK: (0):received packet from "remote IP" dport 500 sport 500 Global (N) NEW SA
Jan 18 08:48:03: ISAKMP: (0):Created a peer struct for "remote IP", peer port 500
Jan 18 08:48:03: ISAKMP: (0):New peer created peer = 0x80007FA2CA3E1C20 peer_handle = 0x8000000080003781
Jan 18 08:48:03: ISAKMP: (0):Locking peer struct 0x80007FA2CA3E1C20, refcount 1 for crypto_isakmp_process_block
Jan 18 08:48:03: ISAKMP: (0):local port 500, remote port 500
Jan 18 08:48:03: ISAKMP: (0):Find a dup sa in the avl tree during calling isadb_insert sa = 80007FA2D6E00DF0
Jan 18 08:48:03: ISAKMP: (0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Jan 18 08:48:03: ISAKMP: (0):Old State = IKE_READY New State = IKE_R_MM1
Jan 18 08:48:03: ISAKMP: (0):processing SA payload. message ID = 0
Jan 18 08:48:03: ISAKMP: (0):processing vendor id payload
Jan 18 08:48:03: ISAKMP: (0):vendor ID seems Unity/DPD but major 0 mismatch
Jan 18 08:48:03: ISAKMP: (0):processing vendor id payload
Jan 18 08:48:03: ISAKMP: (0):vendor ID is DPD
Jan 18 08:48:03: ISAKMP: (0):processing vendor id payload
Jan 18 08:48:03: ISAKMP: (0):vendor ID seems Unity/DPD but major 69 mismatch
Jan 18 08:48:03: ISAKMP: (0):vendor ID is NAT-T RFC 3947
Jan 18 08:48:03: ISAKMP: (0):processing vendor id payload
Jan 18 08:48:03: ISAKMP: (0):vendor ID seems Unity/DPD but major 157 mismatch
Jan 18 08:48:03: ISAKMP: (0):vendor ID is NAT-T v3
Jan 18 08:48:03: ISAKMP: (0):processing vendor id payload
Jan 18 08:48:03: ISAKMP: (0):vendor ID seems Unity/DPD but major 123 mismatch
Jan 18 08:48:03: ISAKMP: (0):vendor ID is NAT-T v2
Jan 18 08:48:03: ISAKMP: (0):processing vendor id payload
Jan 18 08:48:03: ISAKMP: (0):vendor ID seems Unity/DPD but major 164 mismatch
Jan 18 08:48:03: ISAKMP: (0):processing vendor id payload
Jan 18 08:48:03: ISAKMP: (0):vendor ID seems Unity/DPD but major 221 mismatch
Jan 18 08:48:03: ISAKMP: (0):found peer pre-shared key matching 209.235.70.147
Jan 18 08:48:03: ISAKMP: (0):local preshared key found
Jan 18 08:48:03: ISAKMP: (0):Checking ISAKMP transform 0 against priority 1 policy
Jan 18 08:48:03: ISAKMP: (0): life type in seconds
Jan 18 08:48:03: ISAKMP: (0): life duration (basic) of 28800
Jan 18 08:48:03: ISAKMP: (0): encryption 3DES-CBC
Jan 18 08:48:03: ISAKMP: (0): hash SHA
Jan 18 08:48:03: ISAKMP: (0): auth pre-share
Jan 18 08:48:03: ISAKMP: (0): default group 2
Jan 18 08:48:03: ISAKMP-ERROR: (0):Encryption algorithm offered does not match policy!
Jan 18 08:48:03: ISAKMP-ERROR: (0):atts are not acceptable. Next payload is 0
Jan 18 08:48:03: ISAKMP: (0):Checking ISAKMP transform 0 against priority 2 policy
Jan 18 08:48:03: ISAKMP: (0): life type in seconds
Jan 18 08:48:03: ISAKMP: (0): life duration (basic) of 28800
Jan 18 08:48:03: ISAKMP: (0): encryption 3DES-CBC
Jan 18 08:48:03: ISAKMP: (0): hash SHA
Jan 18 08:48:03: ISAKMP: (0): auth pre-share
Jan 18 08:48:03: ISAKMP: (0): default group 2
Jan 18 08:48:03: ISAKMP-ERROR: (0):Encryption algorithm offered does not match policy!
Jan 18 08:48:03: ISAKMP-ERROR: (0):atts are not acceptable. Next payload is 0
Jan 18 08:48:03: ISAKMP: (0):Checking ISAKMP transform 0 against priority 10 policy
Jan 18 08:48:03: ISAKMP: (0): life type in seconds
Jan 18 08:48:03: ISAKMP: (0): life duration (basic) of 28800
Jan 18 08:48:03: ISAKMP: (0): encryption 3DES-CBC
Jan 18 08:48:03: ISAKMP: (0): hash SHA
Jan 18 08:48:03: ISAKMP: (0): auth pre-share
Jan 18 08:48:03: ISAKMP: (0): default group 2
Jan 18 08:48:03: ISAKMP-ERROR: (0):Hash algorithm offered does not match policy!
Jan 18 08:48:03: ISAKMP-ERROR: (0):atts are not acceptable. Next payload is 0
Jan 18 08:48:03: ISAKMP-ERROR: (0):no offers accepted!
Jan 18 08:48:03: ISAKMP-ERROR: (0):phase 1 SA policy not acceptable! (local "Router IP" remote "remote IP")
Jan 18 08:48:03: ISAKMP: (0):: incrementing error counter on sa, attempt 1 of 5: construct_fail_ag_init
Jan 18 08:48:03: ISAKMP-PAK: (0):sending packet to "remote IP" my_port 500 peer_port 500 (R) MM_NO_STATE
Jan 18 08:48:03: ISAKMP: (0):Sending an IKE IPv4 Packet.
Jan 18 08:48:03: ISAKMP: (0):peer does not do paranoid keepalives.
Jan 18 08:48:03: ISAKMP-ERROR: (0):deleting SA reason "Phase1 SA policy proposal not accepted" state (R) MM_NO_STATE (peer 209.235.70.147)
Jan 18 08:48:03: ISAKMP: (0):processing vendor id payload
Jan 18 08:48:03: ISAKMP: (0):vendor ID seems Unity/DPD but major 0 mismatch
Jan 18 08:48:03: ISAKMP: (0):processing vendor id payload
Jan 18 08:48:03: ISAKMP: (0):vendor ID is DPD
Jan 18 08:48:03: ISAKMP: (0):processing vendor id payload
Jan 18 08:48:03: ISAKMP: (0):vendor ID seems Unity/DPD but major 69 mismatch
Jan 18 08:48:03: ISAKMP: (0):vendor ID is NAT-T RFC 3947
Jan 18 08:48:03: ISAKMP: (0):processing vendor id payload
Jan 18 08:48:03: ISAKMP: (0):vendor ID seems Unity/DPD but major 157 mismatch
Jan 18 08:48:03: ISAKMP: (0):vendor ID is NAT-T v3
Jan 18 08:48:03: ISAKMP: (0):processing vendor id payload
Jan 18 08:48:03: ISAKMP: (0):vendor ID seems Unity/DPD but major 123 mismatch
Jan 18 08:48:03: ISAKMP: (0):vendor ID is NAT-T v2
Jan 18 08:48:03: ISAKMP: (0):processing vendor id payload
Jan 18 08:48:03: ISAKMP: (0):vendor ID seems Unity/DPD but major 164 mismatch
Jan 18 08:48:03: ISAKMP: (0):processing vendor id payload
Jan 18 08:48:03: ISAKMP: (0):vendor ID seems Unity/DPD but major 221 mismatch
Jan 18 08:48:03: ISAKMP-ERROR: (0):(0): FSM action returned error: 2
Jan 18 08:48:03: ISAKMP: (0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Jan 18 08:48:03: ISAKMP: (0):Old State = IKE_R_MM1 New State = IKE_R_MM1
Jan 18 08:48:03: ISAKMP-ERROR: (0):deleting SA reason "Phase1 SA policy proposal not accepted" state (R) MM_NO_STATE (peer 209.235.70.147)
Jan 18 08:48:03: ISAKMP: (0):Unlocking peer struct 0x80007FA2CA3E1C20 for isadb_mark_sa_deleted(), count 0
Jan 18 08:48:03: ISAKMP: (0):Deleting peer node by peer_reap for "remote IP": 80007FA2CA3E1C20
Jan 18 08:48:03: ISAKMP: (0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
Jan 18 08:48:03: ISAKMP: (0):Old State = IKE_R_MM1 New State = IKE_DEST_SA
Jan 18 08:48:13: ISAKMP: (0):purging SA., sa=80007FA2D693BA10, delme=80007FA2D693BA10
Jan 18 08:48:13: ISAKMP-PAK: (0):received packet from "remote IP"dport 500 sport 500 Global (R) MM_NO_STATE
Jan 18 08:48:33: ISAKMP-PAK: (0):received packet from "remote IP" dport 500 sport 500 Global (R) MM_NO_STATE
01-18-2019 07:21 AM
01-18-2019 07:39 AM
Thanks We are definitely getting closer. looks like we got past phase one possibly phase 2.
changes:
crypto isakmp policy 2
encr 3des
authentication pre-share
group 2
!
*DEBUGS*
Log Buffer (100000 bytes):
Jan 18 09:33:31: ISAKMP: (17044):peer does not do paranoid keepalives.
Jan 18 09:33:31: ISAKMP: (17044):deleting SA reason "Death by tree-walk" state (R) QM_IDLE (peer "Remote IP")
Jan 18 09:33:31: ISAKMP: (17044):set new node 3082544749 to QM_IDLE
Jan 18 09:33:31: ISAKMP-PAK: (17044):sending packet to "Remote IP" my_port 500 peer_port 500 (R) QM_IDLE
Jan 18 09:33:31: ISAKMP: (17044):Sending an IKE IPv4 Packet.
Jan 18 09:33:31: ISAKMP: (17044):purging node 3082544749
Jan 18 09:33:31: ISAKMP: (17044):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
Jan 18 09:33:31: ISAKMP: (17044):Old State = IKE_P1_COMPLETE New State = IKE_DEST_SA
Jan 18 09:33:31: ISAKMP: (17044):deleting SA reason "Death by tree-walk" state (R) QM_IDLE (peer "Remote IP")
Jan 18 09:33:31: ISAKMP: (0):Unlocking peer struct 0x80007FA2D6CFF658 for isadb_mark_sa_deleted(), count 0
Jan 18 09:33:31: ISAKMP: (0):Deleting peer node by peer_reap for "Remote IP": 80007FA2D6CFF658
Jan 18 09:33:31: ISAKMP: (17044):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Jan 18 09:33:31: ISAKMP: (17044):Old State = IKE_DEST_SA New State = IKE_DEST_SA
Jan 18 09:33:31: ISAKMP-PAK: (17044):received packet from "Remote IP" dport 500 sport 500 Global (R) MM_NO_STATE
Jan 18 09:33:33: ISAKMP-PAK: (0):received packet from "Remote IP" dport 500 sport 500 Global (N) NEW SA
Jan 18 09:33:33: ISAKMP: (0):Created a peer struct for "Remote IP", peer port 500
Jan 18 09:33:33: ISAKMP: (0):New peer created peer = 0x80007FA2D5AD24F8 peer_handle = 0x800000008000385F
Jan 18 09:33:33: ISAKMP: (0):Locking peer struct 0x80007FA2D5AD24F8, refcount 1 for crypto_isakmp_process_block
Jan 18 09:33:33: ISAKMP: (0):local port 500, remote port 500
Jan 18 09:33:33: ISAKMP: (0):Find a dup sa in the avl tree during calling isadb_insert sa = 80007FA2D6B54250
Jan 18 09:33:33: ISAKMP: (0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Jan 18 09:33:33: ISAKMP: (0):Old State = IKE_READY New State = IKE_R_MM1
Jan 18 09:33:33: ISAKMP: (0):processing SA payload. message ID = 0
Jan 18 09:33:33: ISAKMP: (0):processing vendor id payload
Jan 18 09:33:33: ISAKMP: (0):vendor ID seems Unity/DPD but major 0 mismatch
Jan 18 09:33:33: ISAKMP: (0):processing vendor id payload
Jan 18 09:33:33: ISAKMP: (0):vendor ID is DPD
Jan 18 09:33:33: ISAKMP: (0):processing vendor id payload
Jan 18 09:33:33: ISAKMP: (0):vendor ID seems Unity/DPD but major 69 mismatch
Jan 18 09:33:33: ISAKMP: (0):vendor ID is NAT-T RFC 3947
Jan 18 09:33:33: ISAKMP: (0):processing vendor id payload
Jan 18 09:33:33: ISAKMP: (0):vendor ID seems Unity/DPD but major 157 mismatch
Jan 18 09:33:33: ISAKMP: (0):vendor ID is NAT-T v3
Jan 18 09:33:33: ISAKMP: (0):processing vendor id payload
Jan 18 09:33:33: ISAKMP: (0):vendor ID seems Unity/DPD but major 123 mismatch
Jan 18 09:33:33: ISAKMP: (0):vendor ID is NAT-T v2
Jan 18 09:33:33: ISAKMP: (0):processing vendor id payload
Jan 18 09:33:33: ISAKMP: (0):vendor ID seems Unity/DPD but major 164 mismatch
Jan 18 09:33:33: ISAKMP: (0):processing vendor id payload
Jan 18 09:33:33: ISAKMP: (0):vendor ID seems Unity/DPD but major 221 mismatch
Jan 18 09:33:33: ISAKMP: (0):found peer pre-shared key matching 209.235.70.147
Jan 18 09:33:33: ISAKMP: (0):local preshared key found
Jan 18 09:33:33: ISAKMP: (0):Checking ISAKMP transform 0 against priority 1 policy
Jan 18 09:33:33: ISAKMP: (0): life type in seconds
Jan 18 09:33:33: ISAKMP: (0): life duration (basic) of 28800
Jan 18 09:33:33: ISAKMP: (0): encryption 3DES-CBC
Jan 18 09:33:33: ISAKMP: (0): hash SHA
Jan 18 09:33:33: ISAKMP: (0): auth pre-share
Jan 18 09:33:33: ISAKMP: (0): default group 2
Jan 18 09:33:33: ISAKMP-ERROR: (0):Encryption algorithm offered does not match policy!
Jan 18 09:33:33: ISAKMP-ERROR: (0):atts are not acceptable. Next payload is 0
Jan 18 09:33:33: ISAKMP: (0):Checking ISAKMP transform 0 against priority 2 policy
Jan 18 09:33:33: ISAKMP: (0): life type in seconds
Jan 18 09:33:33: ISAKMP: (0): life duration (basic) of 28800
Jan 18 09:33:33: ISAKMP: (0): encryption 3DES-CBC
Jan 18 09:33:33: ISAKMP: (0): hash SHA
Jan 18 09:33:33: ISAKMP: (0): auth pre-share
Jan 18 09:33:33: ISAKMP: (0): default group 2
Jan 18 09:33:33: ISAKMP: (0):atts are acceptable. Next payload is 0
Jan 18 09:33:33: ISAKMP: (0):Acceptable atts:actual life: 86400
Jan 18 09:33:33: ISAKMP: (0):Acceptable atts:life: 0
Jan 18 09:33:33: ISAKMP: (0):Basic life_in_seconds:28800
Jan 18 09:33:33: ISAKMP: (0):Returning Actual lifetime: 28800
Jan 18 09:33:33: ISAKMP: (0):Started lifetime timer: 28800.
Jan 18 09:33:33: ISAKMP: (0):processing vendor id payload
Jan 18 09:33:33: ISAKMP: (0):vendor ID seems Unity/DPD but major 0 mismatch
Jan 18 09:33:33: ISAKMP: (0):processing vendor id payload
Jan 18 09:33:33: ISAKMP: (0):vendor ID is DPD
Jan 18 09:33:33: ISAKMP: (0):processing vendor id payload
Jan 18 09:33:33: ISAKMP: (0):vendor ID seems Unity/DPD but major 69 mismatch
Jan 18 09:33:33: ISAKMP: (0):vendor ID is NAT-T RFC 3947
Jan 18 09:33:33: ISAKMP: (0):processing vendor id payload
Jan 18 09:33:33: ISAKMP: (0):vendor ID seems Unity/DPD but major 157 mismatch
Jan 18 09:33:33: ISAKMP: (0):vendor ID is NAT-T v3
Jan 18 09:33:33: ISAKMP: (0):processing vendor id payload
Jan 18 09:33:33: ISAKMP: (0):vendor ID seems Unity/DPD but major 123 mismatch
Jan 18 09:33:33: ISAKMP: (0):vendor ID is NAT-T v2
Jan 18 09:33:33: ISAKMP: (0):processing vendor id payload
Jan 18 09:33:33: ISAKMP: (0):vendor ID seems Unity/DPD but major 164 mismatch
Jan 18 09:33:33: ISAKMP: (0):processing vendor id payload
Jan 18 09:33:33: ISAKMP: (0):vendor ID seems Unity/DPD but major 221 mismatch
Jan 18 09:33:33: ISAKMP: (0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Jan 18 09:33:33: ISAKMP: (0):Old State = IKE_R_MM1 New State = IKE_R_MM1
Jan 18 09:33:33: ISAKMP: (0):constructed NAT-T vendor-rfc3947 ID
Jan 18 09:33:33: ISAKMP-PAK: (0):sending packet to "Remote IP" my_port 500 peer_port 500 (R) MM_SA_SETUP
Jan 18 09:33:33: ISAKMP: (0):Sending an IKE IPv4 Packet.
Jan 18 09:33:33: ISAKMP: (0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Jan 18 09:33:33: ISAKMP: (0):Old State = IKE_R_MM1 New State = IKE_R_MM2
Jan 18 09:33:33: ISAKMP-PAK: (0):received packet from "Remote IP" dport 500 sport 500 Global (R) MM_SA_SETUP
Jan 18 09:33:33: ISAKMP: (0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Jan 18 09:33:33: ISAKMP: (0):Old State = IKE_R_MM2 New State = IKE_R_MM3
Jan 18 09:33:33: ISAKMP: (0):processing KE payload. message ID = 0
Jan 18 09:33:33: ISAKMP: (0):processing NONCE payload. message ID = 0
Jan 18 09:33:33: ISAKMP: (0):found peer pre-shared key matching 209.235.70.147
Jan 18 09:33:33: ISAKMP: (17045):received payload type 20
Jan 18 09:33:33: ISAKMP: (17045):His hash no match - this node outside NAT
Jan 18 09:33:33: ISAKMP: (17045):received payload type 20
Jan 18 09:33:33: ISAKMP: (17045):No NAT Found for self or peer
Jan 18 09:33:33: ISAKMP: (17045):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Jan 18 09:33:33: ISAKMP: (17045):Old State = IKE_R_MM3 New State = IKE_R_MM3
Jan 18 09:33:33: ISAKMP-PAK: (17045):sending packet to "Remote IP" my_port 500 peer_port 500 (R) MM_KEY_EXCH
Jan 18 09:33:33: ISAKMP: (17045):Sending an IKE IPv4 Packet.
Jan 18 09:33:33: ISAKMP: (17045):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Jan 18 09:33:33: ISAKMP: (17045):Old State = IKE_R_MM3 New State = IKE_R_MM4
Jan 18 09:33:33: ISAKMP-PAK: (17045):received packet from "Remote IP" dport 500 sport 500 Global (R) MM_KEY_EXCH
Jan 18 09:33:33: ISAKMP: (17045):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Jan 18 09:33:33: ISAKMP: (17045):Old State = IKE_R_MM4 New State = IKE_R_MM5
Jan 18 09:33:33: ISAKMP: (17045):processing ID payload. message ID = 0
Jan 18 09:33:33: ISAKMP: (17045):ID payload
next-payload : 8
type : 1
Jan 18 09:33:33: ISAKMP: (17045): address : "Remote IP"
Jan 18 09:33:33: ISAKMP: (17045): protocol : 0
port : 0
length : 12
Jan 18 09:33:33: ISAKMP: (17045):Found ADDRESS key in keyring Navisite
Jan 18 09:33:33: ISAKMP: (17045):processing HASH payload. message ID = 0
Jan 18 09:33:33: ISAKMP: (17045):SA authentication status:
authenticated
Jan 18 09:33:33: ISAKMP: (17045):SA has been authenticated with "Remote IP"
Jan 18 09:33:33: ISAKMP: (0):Trying to insert a peer "Router IP"/"Remote IP"/500/,
Jan 18 09:33:33: ISAKMP: (0): and inserted successfully 80007FA2D5AD24F8.
Jan 18 09:33:33: ISAKMP: (17045):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Jan 18 09:33:33: ISAKMP: (17045):Old State = IKE_R_MM5 New State = IKE_R_MM5
Jan 18 09:33:33: ISAKMP: (17045):SA is doing
Jan 18 09:33:33: ISAKMP: (17045):pre-shared key authentication using id type ID_IPV4_ADDR
Jan 18 09:33:33: ISAKMP: (17045):ID payload
next-payload : 8
type : 1
Jan 18 09:33:33: ISAKMP: (17045): address : "Router IP"
Jan 18 09:33:33: ISAKMP: (17045): protocol : 17
port : 500
length : 12
Jan 18 09:33:33: ISAKMP: (17045):Total payload length: 12
Jan 18 09:33:33: ISAKMP-PAK: (17045):sending packet to "Remote IP" my_port 500 peer_port 500 (R) MM_KEY_EXCH
Jan 18 09:33:33: ISAKMP: (17045):Sending an IKE IPv4 Packet.
Jan 18 09:33:33: ISAKMP: (17045):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Jan 18 09:33:33: ISAKMP: (17045):Old State = IKE_R_MM5 New State = IKE_P1_COMPLETE
Jan 18 09:33:33: ISAKMP: (17045):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
Jan 18 09:33:33: ISAKMP: (17045):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
Jan 18 09:33:33: ISAKMP-PAK: (17045):received packet from "Remote IP" dport 500 sport 500 Global (R) QM_IDLE
Jan 18 09:33:33: ISAKMP: (17045):set new node 3935253500 to QM_IDLE
Jan 18 09:33:33: ISAKMP: (17045):processing HASH payload. message ID = 3935253500
Jan 18 09:33:33: ISAKMP: (17045):processing SA payload. message ID = 3935253500
Jan 18 09:33:33: ISAKMP: (17045):Checking IPSec proposal 0
Jan 18 09:33:33: ISAKMP: (17045):transform 0, ESP_3DES
Jan 18 09:33:33: ISAKMP: (17045): attributes in transform:
Jan 18 09:33:33: ISAKMP: (17045): group is 2
Jan 18 09:33:33: ISAKMP: (17045): encaps is 1 (Tunnel)
Jan 18 09:33:33: ISAKMP: (17045): SA life type in seconds
Jan 18 09:33:33: ISAKMP: (17045): SA life duration (basic) of 3600
Jan 18 09:33:33: ISAKMP: (17045): authenticator is HMAC-SHA
Jan 18 09:33:33: ISAKMP: (17045):atts are acceptable.
Jan 18 09:33:33: ISAKMP: (17045):processing NONCE payload. message ID = 3935253500
Jan 18 09:33:33: ISAKMP: (17045):processing KE payload. message ID = 3935253500
Jan 18 09:33:33: ISAKMP: (17045):processing ID payload. message ID = 3935253500
Jan 18 09:33:33: ISAKMP: (17045):processing ID payload. message ID = 3935253500
Jan 18 09:33:33: ISAKMP: (17045):QM Responder gets spi
Jan 18 09:33:33: ISAKMP: (17045):Node 3935253500, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH
Jan 18 09:33:33: ISAKMP: (17045):Old State = IKE_QM_READY New State = IKE_QM_SPI_STARVE
Jan 18 09:33:33: ISAKMP: (17045):Node 3935253500, Input = IKE_MESG_INTERNAL, IKE_GOT_SPI
Jan 18 09:33:33: ISAKMP: (17045):Old State = IKE_QM_SPI_STARVE New State = IKE_QM_IPSEC_INSTALL_AWAIT
Jan 18 09:33:33: ISAKMP-PAK: (17045):received packet from 209.235.70.147 dport 500 sport 500 Global (R) QM_IDLE
Jan 18 09:33:33: ISAKMP: (17045):set new node 1686563950 to QM_IDLE
Jan 18 09:33:33: ISAKMP: (17045):processing HASH payload. message ID = 1686563950
Jan 18 09:33:33: ISAKMP: (17045):processing SA payload. message ID = 1686563950
Jan 18 09:33:33: ISAKMP: (17045):Checking IPSec proposal 0
Jan 18 09:33:33: ISAKMP: (17045):transform 0, ESP_3DES
Jan 18 09:33:33: ISAKMP: (17045): attributes in transform:
Jan 18 09:33:33: ISAKMP: (17045): group is 2
Jan 18 09:33:33: ISAKMP: (17045): encaps is 1 (Tunnel)
Jan 18 09:33:33: ISAKMP: (17045): SA life type in seconds
Jan 18 09:33:33: ISAKMP: (17045): SA life duration (basic) of 3600
Jan 18 09:33:33: ISAKMP: (17045): authenticator is HMAC-SHA
Jan 18 09:33:33: ISAKMP: (17045):atts are acceptable.
Jan 18 09:33:33: ISAKMP: (17045):processing NONCE payload. message ID = 1686563950
Jan 18 09:33:33: ISAKMP: (17045):processing KE payload. message ID = 1686563950
Jan 18 09:33:33: ISAKMP: (17045):processing ID payload. message ID = 1686563950
Jan 18 09:33:33: ISAKMP: (17045):processing ID payload. message ID = 1686563950
Jan 18 09:33:33: ISAKMP: (17045):QM Responder gets spi
Jan 18 09:33:33: ISAKMP: (17045):Node 1686563950, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH
Jan 18 09:33:33: ISAKMP: (17045):Old State = IKE_QM_READY New State = IKE_QM_SPI_STARVE
Jan 18 09:33:33: ISAKMP: (17045):Node 1686563950, Input = IKE_MESG_INTERNAL, IKE_GOT_SPI
Jan 18 09:33:33: ISAKMP: (17045):Old State = IKE_QM_SPI_STARVE New State = IKE_QM_IPSEC_INSTALL_AWAIT
Jan 18 09:33:33: ISAKMP-ERROR: (0):Failed to find peer index node to update peer_info_list
Jan 18 09:33:33: ISAKMP: (17045):Received IPSec Install callback... proceeding with the negotiation
Jan 18 09:33:33: ISAKMP: (17045):Successfully installed IPSEC SA (SPI:0xF4665758) on GigabitEthernet0/0/0
Jan 18 09:33:33: ISAKMP-PAK: (17045):sending packet to 209.235.70.147 my_port 500 peer_port 500 (R) QM_IDLE
Jan 18 09:33:33: ISAKMP: (17045):Sending an IKE IPv4 Packet.
Jan 18 09:33:33: ISAKMP: (17045):Node 3935253500, Input = IKE_MESG_FROM_IPSEC, IPSEC_INSTALL_DONE
Jan 18 09:33:33: ISAKMP: (17045):Old State = IKE_QM_IPSEC_INSTALL_AWAIT New State = IKE_QM_R_QM2
Jan 18 09:33:33: ISAKMP-ERROR: (0):Failed to find peer index node to update peer_info_list
Jan 18 09:33:33: ISAKMP: (17045):Received IPSec Install callback... proceeding with the negotiation
Jan 18 09:33:33: ISAKMP: (17045):Successfully installed IPSEC SA (SPI:0x31910073) on GigabitEthernet0/0/0
Jan 18 09:33:33: ISAKMP-PAK: (17045):sending packet to "Remote IP" my_port 500 peer_port 500 (R) QM_IDLE
Jan 18 09:33:33: ISAKMP: (17045):Sending an IKE IPv4 Packet.
Jan 18 09:33:33: ISAKMP: (17045):Node 1686563950, Input = IKE_MESG_FROM_IPSEC, IPSEC_INSTALL_DONE
Jan 18 09:33:33: ISAKMP: (17045):Old State = IKE_QM_IPSEC_INSTALL_AWAIT New State = IKE_QM_R_QM2
Jan 18 09:33:33: ISAKMP-PAK: (17045):received packet from "Remote IP" dport 500 sport 500 Global (R) QM_IDLE
Jan 18 09:33:33: ISAKMP: (17045):deleting node 3935253500 error FALSE reason "QM done (await)"
Jan 18 09:33:33: ISAKMP: (17045):Node 3935253500, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH
Jan 18 09:33:33: ISAKMP: (17045):Old State = IKE_QM_R_QM2 New State = IKE_QM_PHASE2_COMPLETE
Jan 18 09:33:33: ISAKMP-PAK: (17045):received packet from 209.235.70.147 dport 500 sport 500 Global (R) QM_IDLE
Jan 18 09:33:33: ISAKMP: (17045):deleting node 1686563950 error FALSE reason "QM done (await)"
Jan 18 09:33:33: ISAKMP: (17045):Node 1686563950, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH
Jan 18 09:33:33: ISAKMP: (17045):Old State = IKE_QM_R_QM2 New State = IKE_QM_PHASE2_COMPLETE
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide