06-15-2016 06:56 AM
I am trying to setup VPN between Cisco 1812 & Macbook Air but it's not working. just wondering if you have any input to share?
Router#sh running-config
Building configuration...
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging buffered 409600 debugging
enable secret 5 $1$o/m4$e3RZehFjggafTjpPWMeYP/
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login userauth local
aaa authentication login USERAUTH local
aaa authentication login VPN_CLIENT_LOGIN local
aaa authorization exec default local
aaa authorization network NETAUTHORIZE local
aaa authorization network groupauth local
aaa authorization network VPN_CLIENT_GROUP local
!
aaa session-id common
!
resource policy
!
memory-size iomem 5
clock timezone JST 9
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.254
!
ip dhcp pool dHCP
network 192.168.1.0 255.255.255.0
default-router 192.168.1.254
dns-server 221.113.139.137 4.2.2.2 8.8.8.8
!
!
ip tcp synwait-time 10
vpdn enable
!
!
!
!
!
no spanning-tree vlan 10
username test privilege 15 password 7 15060E1F10
username cisco password 7 0822455D0A16
!
!
class-map match-any ads
match access-group name ads
match protocol http host "*outbrain*"
match protocol http host "*paid.outbrain.com*"
match protocol http host "*dwell*"
match protocol http host "*learni.st*"
match protocol http host "*googleads*"
match protocol http host "*doubleclick*"
match protocol http host "*taboola*"
!
!
policy-map ads
class ads
drop
!
!
crypto keyring vpnclientskey
pre-shared-key address 0.0.0.0 0.0.0.0 key cisco123
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
lifetime 3600
!
crypto isakmp client configuration group remotevpn
key cisco123
pool mypool
acl 108
netmask 255.255.255.0
!
crypto isakmp client configuration group VPN_CLIENTS
key ClientVpnKey
dns 192.168.2.4
domain test.local
pool VPN_CLIENT_POOL
acl 110
crypto isakmp profile remoteclients
keyring vpnclientskey
match identity group remotevpn
client authentication list USERAUTH
isakmp authorization list NETAUTHORIZE
client configuration address respond
!
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
crypto ipsec transform-set TRANS_3DES_SHA esp-3des esp-sha-hmac
!
crypto dynamic-map EXT_DYNAMIC_MAP 10
set transform-set TRANS_3DES_SHA
!
crypto dynamic-map dynmap 10
set security-association lifetime seconds 86400
set transform-set myset
set isakmp-profile remoteclients
reverse-route
!
!
crypto map EXT_MAP client authentication list VPN_CLIENT_LOGIN
crypto map EXT_MAP isakmp authorization list VPN_CLIENT_GROUP
crypto map EXT_MAP client configuration address respond
crypto map EXT_MAP 10 ipsec-isakmp dynamic EXT_DYNAMIC_MAP
!
crypto map VPNMAP 10 ipsec-isakmp dynamic dynmap
!
crypto map mymap client authentication list userauth
crypto map mymap isakmp authorization list groupauth
crypto map mymap client configuration address respond
crypto map mymap 65535 ipsec-isakmp dynamic dynmap
!
!
!
bba-group pppoe global
!
!
interface FastEthernet0
no ip address
ip mtu 1450
ip virtual-reassembly max-reassemblies 1024
ip tcp adjust-mss 1420
no ip mroute-cache
duplex auto
speed auto
pppoe enable
pppoe-client dial-pool-number 1
!
interface FastEthernet1
no ip address
shutdown
duplex auto
speed auto
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
interface FastEthernet2
switchport access vlan 10
spanning-tree portfast
!
interface FastEthernet3
switchport access vlan 10
spanning-tree portfast
!
interface FastEthernet4
switchport access vlan 10
spanning-tree portfast
!
interface FastEthernet5
switchport access vlan 10
spanning-tree portfast
!
interface FastEthernet6
switchport access vlan 10
spanning-tree portfast
!
interface FastEthernet7
switchport access vlan 10
spanning-tree portfast
!
interface FastEthernet8
switchport access vlan 10
spanning-tree portfast
!
interface FastEthernet9
switchport access vlan 10
spanning-tree portfast
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 192.168.1.254 255.255.255.0
ip mtu 1450
ip nat inside
ip virtual-reassembly max-reassemblies 1024
ip tcp adjust-mss 1420
arp timeout 300
!
interface Dialer1
ip address negotiated
ip mtu 1450
ip nat outside
ip virtual-reassembly max-reassemblies 1024
encapsulation ppp
ip tcp adjust-mss 1420
no ip mroute-cache
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname a68ffi6n
ppp chap password 7 060305
ppp pap sent-username a68ffi6n password 7 060305
ppp ipcp dns request accept
ppp ipcp route default
crypto map EXT_MAP
service-policy input ads
!
ip local pool vpnpool 192.168.50.1 192.168.50.10
ip local pool mypool 192.168.200.1 192.168.200.50
ip local pool VPN_CLIENT_POOL 192.168.20.200 192.168.20.210
!
!
no ip http server
no ip http secure-server
no ip nat service sip tcp port 5060
no ip nat service sip udp port 5060
ip nat inside source route-map nat interface Dialer1 overload
!
access-list 100 remark ****** NAT ACL ******
access-list 100 deny ip 192.168.0.0 0.0.0.255 192.168.200.0 0.0.0.255
access-list 100 permit ip 192.168.0.0 0.0.0.255 any
access-list 100 deny ip 192.168.1.0 0.0.0.255 192.168.200.0 0.0.0.255
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 100 remark ****** NAT ACL ******
access-list 100 remark ****** NAT ACL ******
access-list 108 remark ****** Split Tunnel Encrypted Traffic ******
access-list 108 permit ip 192.168.0.0 0.0.0.255 192.168.200.0 0.0.0.255
access-list 108 permit ip 192.168.1.0 0.0.0.255 192.168.200.0 0.0.0.255
access-list 108 remark ****** Split Tunnel Encrypted Traffic ******
access-list 108 remark ****** Split Tunnel Encrypted Traffic ******
access-list 108 remark ****** Split Tunnel Encrypted Traffic ******
access-list 108 remark ****** Split Tunnel Encrypted Traffic ******
access-list 108 remark ****** Split Tunnel Encrypted Traffic ******
access-list 110 permit ip 192.168.2.0 0.0.0.255 192.168.20.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
!
!
!
route-map nat permit 10
match ip address 100
!
!
!
!
control-plane
!
alias exec siib show ip int brie | ex down
alias exec ct config term
!
line con 0
logging synchronous
line aux 0
line vty 0 4
privilege level 15
password 7 115A4B52414A
logging synchronous
autocommand term mon
autocommand-options nohangup
!
ntp clock-period 17180100
ntp server 195.167.30.249
ntp server 131.107.13.100 key 1
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end
Router#
06-16-2016 05:56 AM
Hello.
I see that you are using a dialer for connection to ISP with dynamic IP address. Are you getting a public IP address from ISP? Is it accesseble from the internet?
And can you show a logging information of connection from your VPN client?
Best Regards.
06-16-2016 07:13 AM
Are you getting a public IP address from ISP? => Yes
Is it accesseble from the internet? => Yes
And can you show a logging information of connection from your VPN client?
=> Yes
From Client:
The negotiation with the VPN server failed. Verify the server address and try reconnecting.
Thank you
06-16-2016 07:38 AM
Ok. Try change line
crypto map EXT_MAP 10 ipsec-isakmp dynamic EXT_DYNAMIC_MAP
to
crypto map EXT_MAP 10 ipsec-isakmp dynamic dynmap
You configured dynamic map for clients but didn't "connected" it to the interface in right way.
Best Regards.
06-17-2016 07:47 AM
No luck!
Router#sh running-config
Building configuration...
Current configuration : 6448 bytes
!
! Last configuration change at 23:21:58 JST Fri Jun 17 2016 by test
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging buffered 409600 debugging
enable secret 5 $1$o/m4$e3RZehFjggafTjpPWMeYP/
!
aaa new-model
!
!
aaa authentication login VPN_CLIENT_LOGIN local
aaa authorization network VPN_CLIENT_GROUP local
!
aaa session-id common
!
resource policy
!
memory-size iomem 5
clock timezone JST 9
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.254
!
ip dhcp pool dHCP
network 192.168.1.0 255.255.255.0
default-router 192.168.1.254
dns-server 221.113.139.137 4.2.2.2 8.8.8.8
!
!
ip tcp synwait-time 10
vpdn enable
!
!
!
!
!
no spanning-tree vlan 10
username test privilege 15 password 7 15060E1F10
username cisco password 7 14141B180F0B
!
!
class-map match-any ads
match access-group name ads
match protocol http host "*outbrain*"
match protocol http host "*paid.outbrain.com*"
match protocol http host "*dwell*"
match protocol http host "*learni.st*"
match protocol http host "*googleads*"
match protocol http host "*doubleclick*"
match protocol http host "*taboola*"
!
!
policy-map ads
class ads
drop
!
!
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
lifetime 3600
!
crypto isakmp client configuration group admin
key admin
domain test.com
pool vpnpool
acl 101
!
crypto isakmp client configuration group VPN_CLIENTS
key ClientVpnKey
dns 8.8.8.8
domain test.local
pool VPN_CLIENT_POOL
acl 110
crypto isakmp profile isakmp-profile
match identity group admin
client authentication list auth
isakmp authorization list auth
client configuration address respond
virtual-template 1
!
!
crypto ipsec transform-set tset esp-3des esp-sha-hmac
mode transport
crypto ipsec transform-set TRANS_3DES_SHA esp-3des esp-sha-hmac
!
crypto ipsec profile ipsec-profile
set transform-set tset
set isakmp-profile isakmp-profile
!
!
crypto dynamic-map EXT_DYNAMIC_MAP 10
set transform-set TRANS_3DES_SHA
!
crypto dynamic-map dynmap 10
set security-association lifetime seconds 86400
set transform-set myset
set isakmp-profile remoteclients
reverse-route
!
!
crypto map EXT_MAP 10 ipsec-isakmp dynamic dynmap
!
!
!
bba-group pppoe global
!
!
interface FastEthernet0
no ip address
ip mtu 1450
ip virtual-reassembly max-reassemblies 1024
ip tcp adjust-mss 1420
no ip mroute-cache
duplex auto
speed auto
pppoe enable
pppoe-client dial-pool-number 1
!
interface FastEthernet1
no ip address
shutdown
duplex auto
speed auto
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
interface FastEthernet2
switchport access vlan 10
spanning-tree portfast
!
interface FastEthernet3
switchport access vlan 10
spanning-tree portfast
!
interface FastEthernet4
switchport access vlan 10
spanning-tree portfast
!
interface FastEthernet5
switchport access vlan 10
spanning-tree portfast
!
interface FastEthernet6
switchport access vlan 10
spanning-tree portfast
!
interface FastEthernet7
switchport access vlan 10
spanning-tree portfast
!
interface FastEthernet8
switchport access vlan 10
spanning-tree portfast
!
interface FastEthernet9
switchport access vlan 10
spanning-tree portfast
!
interface Virtual-Dot11Radio2
no ip address
no cdp enable
!
interface Virtual-PPP2
no ip address
no cdp enable
!
interface Virtual-Template1 type tunnel
ip unnumbered Vlan10
tunnel source Vlan10
tunnel mode ipsec ipv4
tunnel protection ipsec profile ipsec-profile
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 192.168.1.254 255.255.255.0
ip mtu 1450
ip nat inside
ip virtual-reassembly max-reassemblies 1024
ip tcp adjust-mss 1420
arp timeout 300
!
interface Dialer1
ip address negotiated
ip mtu 1450
ip nat outside
ip virtual-reassembly max-reassemblies 1024
encapsulation ppp
ip tcp adjust-mss 1420
no ip mroute-cache
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname a68ffi6n@one.ocn.ne.jp
ppp chap password 7 06030
ppp pap sent-username a68ffi6n password 7 02030
ppp ipcp dns request accept
ppp ipcp route default
crypto map EXT_MAP
service-policy input ads
!
interface Virtual-TokenRing2
no ip address
ring-speed 16
!
ip local pool vpnpool 192.168.50.1 192.168.50.10
ip local pool VPN_CLIENT_POOL 192.168.20.200 192.168.20.210
!
!
no ip http server
no ip http secure-server
no ip nat service sip tcp port 5060
no ip nat service sip udp port 5060
ip nat inside source route-map nat interface Dialer1 overload
!
access-list 100 remark ****** NAT ACL ******
access-list 100 deny ip 192.168.0.0 0.0.0.255 192.168.200.0 0.0.0.255
access-list 100 permit ip 192.168.0.0 0.0.0.255 any
access-list 100 deny ip 192.168.1.0 0.0.0.255 192.168.200.0 0.0.0.255
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 100 remark ****** NAT ACL ******
access-list 100 remark ****** NAT ACL ******
access-list 100 deny ip 192.168.2.0 0.0.0.255 192.168.20.0 0.0.0.255
access-list 101 permit ip any any
access-list 108 remark ****** Split Tunnel Encrypted Traffic ******
access-list 108 permit ip 192.168.0.0 0.0.0.255 192.168.200.0 0.0.0.255
access-list 108 permit ip 192.168.1.0 0.0.0.255 192.168.200.0 0.0.0.255
access-list 108 remark ****** Split Tunnel Encrypted Traffic ******
access-list 108 remark ****** Split Tunnel Encrypted Traffic ******
access-list 108 remark ****** Split Tunnel Encrypted Traffic ******
access-list 108 remark ****** Split Tunnel Encrypted Traffic ******
access-list 108 remark ****** Split Tunnel Encrypted Traffic ******
access-list 110 permit ip 192.168.2.0 0.0.0.255 192.168.20.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
!
!
!
route-map nat permit 10
match ip address 100
!
!
!
!
control-plane
!
alias exec siib show ip int brie | ex down
alias exec ct config term
!
line con 0
logging synchronous
line aux 0
line vty 0 4
privilege level 15
password 7 115A4B52414A
logging synchronous
autocommand-options nohangup
!
ntp clock-period 17180343
ntp server 195.167.30.249
ntp server 131.107.13.100 key 1
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end
Router#
007753: Jun 17 23:30:52.758 JST: ISAKMP (0:0): received packet from 126.237.116.229 dport 500 sport 500 Global (N) NEW SA
007754: Jun 17 23:30:52.758 JST: ISAKMP: Created a peer struct for 126.237.116.229, peer port 500
007755: Jun 17 23:30:52.758 JST: ISAKMP: New peer created peer = 0x84D4E434 peer_handle = 0x80000066
007756: Jun 17 23:30:52.758 JST: ISAKMP: Locking peer struct 0x84D4E434, refcount 1 for crypto_isakmp_process_block
007757: Jun 17 23:30:52.758 JST: ISAKMP: local port 500, remote port 500
007758: Jun 17 23:30:52.758 JST: insert sa successfully sa = 849D6A08
007759: Jun 17 23:30:52.758 JST: ISAKMP:(0): processing SA payload. message ID = 0
007760: Jun 17 23:30:52.758 JST: ISAKMP:(0): processing ID payload. message ID = 0
007761: Jun 17 23:30:52.758 JST: ISAKMP (0:0): ID payload
next-payload : 13
type : 11
group id : VPN_CLIENTS
protocol : 0
port : 0
length : 19
007762: Jun 17 23:30:52.758 JST: ISAKMP:(0):: peer matches *none* of the profiles
007763: Jun 17 23:30:52.758 JST: ISAKMP:(0): processing vendor id payload
007764: Jun 17 23:30:52.758 JST: ISAKMP:(0): vendor ID seems Unity/DPD but major 194 mismatch
007765: Jun 17 23:30:52.758 JST: ISAKMP:(0): processing vendor id payload
007766: Jun 17 23:30:52.758 JST: ISAKMP:(0): vendor ID seems Unity/DPD but major 69 mismatch
007767: Jun 17 23:30:52.758 JST: ISAKMP:(0): processing vendor id payload
007768: Jun 17 23:30:52.758 JST: ISAKMP:(0): vendor ID seems Unity/DPD but major 198 mismatch
007769: Jun 17 23:30:52.758 JST: ISAKMP:(0): processing vendor id payload
007770: Jun 17 23:30:52.758 JST: ISAKMP:(0): vendor ID seems Unity/DPD but major 29 mismatch
007771: Jun 17 23:30:52.758 JST: ISAKMP:(0): processing vendor id payload
007772: Jun 17 23:30:52.758 JST: ISAKMP:(0): vendor ID seems Unity/DPD but major 245 mismatch
007773: Jun 17 23:30:52.758 JST: ISAKMP (0:0): vendor ID is NAT-T v7
007774: Jun 17 23:30:52.758 JST: ISAKMP:(0): processing vendor id payload
007775: Jun 17 23:30:52.758 JST: ISAKMP:(0): vendor ID seems Unity/DPD but major 114 mismatch
007776: Jun 17 23:30:52.758 JST: ISAKMP:(0): processing vendor id payload
007777: Jun 17 23:30:52.758 JST: ISAKMP:(0): vendor ID seems Unity/DPD but major 227 mismatch
007778: Jun 17 23:30:52.758 JST: ISAKMP:(0): processing vendor id payload
007779: Jun 17 23:30:52.758 JST: ISAKMP:(0): vendor ID seems Unity/DPD but major 250 mismatch
007780: Jun 17 23:30:52.758 JST: ISAKMP:(0): processing vendor id payload
007781: Jun 17 23:30:52.758 JST: ISAKMP:(0): vendor ID seems Unity/DPD but major 157 mismatch
007782: Jun 17 23:30:52.758 JST: ISAKMP:(0): vendor ID is NAT-T v3
007783: Jun 17 23:30:52.758 JST: ISAKMP:(0): processing vendor id payload
007784: Jun 17 23:30:52.758 JST: ISAKMP:(0): vendor ID seems Unity/DPD but major 164 mismatch
007785: Jun 17 23:30:52.758 JST: ISAKMP:(0): processing vendor id payload
007786: Jun 17 23:30:52.758 JST: ISAKMP:(0): vendor ID seems Unity/DPD but major 123 mismatch
007787: Jun 17 23:30:52.758 JST: ISAKMP:(0): vendor ID is NAT-T v2
007788: Jun 17 23:30:52.758 JST: ISAKMP:(0): processing vendor id payload
007789: Jun 17 23:30:52.758 JST: ISAKMP:(0): vendor ID seems Unity/DPD but major 242 mismatch
007790: Jun 17 23:30:52.758 JST: ISAKMP:(0): vendor ID is XAUTH
007791: Jun 17 23:30:52.758 JST: ISAKMP:(0): processing vendor id payload
007792: Jun 17 23:30:52.758 JST: ISAKMP:(0): vendor ID is Unity
007793: Jun 17 23:30:52.758 JST: ISAKMP:(0): processing vendor id payload
007794: Jun 17 23:30:52.758 JST: ISAKMP:(0): vendor ID is DPD
007795: Jun 17 23:30:52.758 JST: ISAKMP : Scanning profiles for xauth ... isakmp-profile
007796: Jun 17 23:30:52.758 JST: ISAKMP:(0): Authentication by xauth preshared
007797: Jun 17 23:30:52.758 JST: ISAKMP:(0):Checking ISAKMP transform 1 against priority 10 policy
007798: Jun 17 23:30:52.758 JST: ISAKMP: life type in seconds
007799: Jun 17 23:30:52.758 JST: ISAKMP: life duration (basic) of 3600
007800: Jun 17 23:30:52.762 JST: ISAKMP: encryption AES-CBC
007801: Jun 17 23:30:52.762 JST: ISAKMP: keylength of 256
007802: Jun 17 23:30:52.762 JST: ISAKMP: auth XAUTHInitPreShared
007803: Jun 17 23:30:52.762 JST: ISAKMP: hash... What? 4?
007804: Jun 17 23:30:52.762 JST: ISAKMP: unknown DH group 14
007805: Jun 17 23:30:52.762 JST: ISAKMP:(0):Encryption algorithm offered does not match policy!
007806: Jun 17 23:30:52.762 JST: ISAKMP:(0):atts are not acceptable. Next payload is 3
007807: Jun 17 23:30:52.762 JST: ISAKMP:(0):Checking ISAKMP transform 2 against priority 10 policy
007808: Jun 17 23:30:52.762 JST: ISAKMP: life type in seconds
007809: Jun 17 23:30:52.762 JST: ISAKMP: life duration (basic) of 3600
007810: Jun 17 23:30:52.762 JST: ISAKMP: encryption AES-CBC
007811: Jun 17 23:30:52.762 JST: ISAKMP: keylength of 256
007812: Jun 17 23:30:52.762 JST: ISAKMP: auth XAUTHInitPreShared
007813: Jun 17 23:30:52.762 JST: ISAKMP: hash SHA
007814: Jun 17 23:30:52.762 JST: ISAKMP: unknown DH group 14
007815: Jun 17 23:30:52.762 JST: ISAKMP:(0):Encryption algorithm offered does not match policy!
007816: Jun 17 23:30:52.762 JST: ISAKMP:(0):atts are not acceptable. Next payload is 3
007817: Jun 17 23:30:52.762 JST: ISAKMP:(0):Checking ISAKMP transform 3 against priority 10 policy
007818: Jun 17 23:30:52.762 JST: ISAKMP: life type in seconds
007819: Jun 17 23:30:52.762 JST: ISAKMP: life duration (basic) of 3600
007820: Jun 17 23:30:52.762 JST: ISAKMP: encryption AES-CBC
007821: Jun 17 23:30:52.762 JST: ISAKMP: keylength of 256
007822: Jun 17 23:30:52.762 JST: ISAKMP: auth XAUTHInitPreShared
007823: Jun 17 23:30:52.762 JST: ISAKMP: hash MD5
007824: Jun 17 23:30:52.762 JST: ISAKMP: unknown DH group 14
007825: Jun 17 23:30:52.762 JST: ISAKMP:(0):Encryption algorithm offered does not match policy!
007826: Jun 17 23:30:52.762 JST: ISAKMP:(0):atts are not acceptable. Next payload is 3
007827: Jun 17 23:30:52.762 JST: ISAKMP:(0):Checking ISAKMP transform 4 against priority 10 policy
007828: Jun 17 23:30:52.762 JST: ISAKMP: life type in seconds
007829: Jun 17 23:30:52.762 JST: ISAKMP: life duration (basic) of 3600
007830: Jun 17 23:30:52.762 JST: ISAKMP: encryption AES-CBC
007831: Jun 17 23:30:52.762 JST: ISAKMP: keylength of 256
007832: Jun 17 23:30:52.762 JST: ISAKMP: auth XAUTHInitPreShared
007833: Jun 17 23:30:52.762 JST: ISAKMP: hash... What? 6?
007834: Jun 17 23:30:52.762 JST: ISAKMP: unknown DH group 14
007835: Jun 17 23:30:52.762 JST: ISAKMP:(0):Encryption algorithm offered does not match policy!
007836: Jun 17 23:30:52.762 JST: ISAKMP:(0):atts are not acceptable. Next payload is 0
007837: Jun 17 23:30:52.762 JST: ISAKMP:(0):Checking ISAKMP transform 1 against priority 65535 policy
007838: Jun 17 23:30:52.762 JST: ISAKMP: life type in seconds
007839: Jun 17 23:30:52.762 JST: ISAKMP: life duration (basic) of 3600
007840: Jun 17 23:30:52.762 JST: ISAKMP: encryption AES-CBC
007841: Jun 17 23:30:52.762 JST: ISAKMP: keylength of 256
007842: Jun 17 23:30:52.762 JST: ISAKMP: auth XAUTHInitPreShared
007843: Jun 17 23:30:52.762 JST: ISAKMP: hash... What? 4?
007844: Jun 17 23:30:52.762 JST: ISAKMP: unknown DH group 14
007845: Jun 17 23:30:52.762 JST: ISAKMP:(0):Encryption algorithm offered does not match policy!
007846: Jun 17 23:30:52.762 JST: ISAKMP:(0):atts are not acceptable. Next payload is 3
007847: Jun 17 23:30:52.762 JST: ISAKMP:(0):Checking ISAKMP transform 2 against priority 65535 policy
007848: Jun 17 23:30:52.762 JST: ISAKMP: life type in seconds
007849: Jun 17 23:30:52.762 JST: ISAKMP: life duration (basic) of 3600
007850: Jun 17 23:30:52.762 JST: ISAKMP: encryption AES-CBC
007851: Jun 17 23:30:52.762 JST: ISAKMP: keylength of 256
007852: Jun 17 23:30:52.762 JST: ISAKMP: auth XAUTHInitPreShared
007853: Jun 17 23:30:52.762 JST: ISAKMP: hash SHA
007854: Jun 17 23:30:52.762 JST: ISAKMP: unknown DH group 14
007855: Jun 17 23:30:52.762 JST: ISAKMP:(0):Encryption algorithm offered does not match policy!
007856: Jun 17 23:30:52.762 JST: ISAKMP:(0):atts are not acceptable. Next payload is 3
007857: Jun 17 23:30:52.762 JST: ISAKMP:(0):Checking ISAKMP transform 3 against priority 65535 policy
007858: Jun 17 23:30:52.762 JST: ISAKMP: life type in seconds
007859: Jun 17 23:30:52.762 JST: ISAKMP: life duration (basic) of 3600
007860: Jun 17 23:30:52.762 JST: ISAKMP: encryption AES-CBC
007861: Jun 17 23:30:52.762 JST: ISAKMP: keylength of 256
007862: Jun 17 23:30:52.762 JST: ISAKMP: auth XAUTHInitPreShared
007863: Jun 17 23:30:52.762 JST: ISAKMP: hash MD5
007864: Jun 17 23:30:52.762 JST: ISAKMP: unknown DH group 14
007865: Jun 17 23:30:52.762 JST: ISAKMP:(0):Encryption algorithm offered does not match policy!
007866: Jun 17 23:30:52.762 JST: ISAKMP:(0):atts are not acceptable. Next payload is 3
007867: Jun 17 23:30:52.762 JST: ISAKMP:(0):Checking ISAKMP transform 4 against priority 65535 policy
007868: Jun 17 23:30:52.762 JST: ISAKMP: life type in seconds
007869: Jun 17 23:30:52.762 JST: ISAKMP: life duration (basic) of 3600
007870: Jun 17 23:30:52.762 JST: ISAKMP: encryption AES-CBC
007871: Jun 17 23:30:52.762 JST: ISAKMP: keylength of 256
007872: Jun 17 23:30:52.762 JST: ISAKMP: auth XAUTHInitPreShared
007873: Jun 17 23:30:52.762 JST: ISAKMP: hash... What? 6?
007874: Jun 17 23:30:52.762 JST: ISAKMP: unknown DH group 14
007875: Jun 17 23:30:52.762 JST: ISAKMP:(0):Encryption algorithm offered does not match policy!
007876: Jun 17 23:30:52.762 JST: ISAKMP:(0):atts are not acceptable. Next payload is 0
007877: Jun 17 23:30:52.762 JST: ISAKMP:(0):no offers accepted!
007878: Jun 17 23:30:52.762 JST: ISAKMP:(0): phase 1 SA policy not acceptable! (local 114.164.241.157 remote 126.237.116.229)
007879: Jun 17 23:30:52.762 JST: ISAKMP (0:0): incrementing error counter on sa, attempt 1 of 5: construct_fail_ag_init
007880: Jun 17 23:30:52.762 JST: ISAKMP:(0): sending packet to 126.237.116.229 my_port 500 peer_port 500 (R) AG_NO_STATE
007881: Jun 17 23:30:52.762 JST: ISAKMP:(0):peer does not do paranoid keepalives.
007882: Jun 17 23:30:52.762 JST: ISAKMP:(0):deleting SA reason "Phase1 SA policy proposal not accepted" state (R) AG_NO_STATE (peer 126.237.116.229)
007883: Jun 17 23:30:52.762 JST: ISAKMP:(0): processing KE payload. message ID = 0
007884: Jun 17 23:30:52.762 JST: ISAKMP:(0): group size changed! Should be 0, is 256
007885: Jun 17 23:30:52.762 JST: ISAKMP (0:0): Unknown Input IKE_MESG_FROM_PEER, IKE_AM_EXCH: state = IKE_READY
007886: Jun 17 23:30:52.766 JST: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH
007887: Jun 17 23:30:52.766 JST: ISAKMP:(0):Old State = IKE_READY New State = IKE_READY
007888: Jun 17 23:30:52.766 JST: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode failed with peer at 126.237.116.229
Router#
007889: Jun 17 23:30:52.766 JST: ISAKMP:(0):deleting SA reason "Phase1 SA policy proposal not accepted" state (R) AG_NO_STATE (peer 126.237.116.229)
007890: Jun 17 23:30:52.766 JST: ISAKMP: Unlocking peer struct 0x84D4E434 for isadb_mark_sa_deleted(), count 0
007891: Jun 17 23:30:52.766 JST: ISAKMP: Deleting peer node by peer_reap for 126.237.116.229: 84D4E434
007892: Jun 17 23:30:52.766 JST: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
007893: Jun 17 23:30:52.766 JST: ISAKMP:(0):Old State = IKE_READY New State = IKE_DEST_SA
007894: Jun 17 23:30:53.058 JST: ISAKMP (0:0): received packet from 126.237.116.229 dport 500 sport 500 Global (N) NEW SA
007895: Jun 17 23:30:53.058 JST: ISAKMP: Created a peer struct for 126.237.116.229, peer port 500
007896: Jun 17 23:30:53.058 JST: ISAKMP: New peer created peer = 0x84D4E434 peer_handle = 0x80000059
007897: Jun 17 23:30:53.058 JST: ISAKMP: Locking peer struct 0x84D4E434, refcount 1 for crypto_isakmp_process_block
007898: Jun 17 23:30:53.058 JST: ISAKMP: local port 500, remote port 500
007899: Jun 17 23:30:53.058 JST: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 849D7578
007900: Jun 17 23:30:53.058 JST: ISAKMP:(0): processing SA payload. message ID = 0
007901: Jun 17 23:30:53.058 JST: ISAKMP:(0): processing ID payload. message ID = 0
007902: Jun 17 23:30:53.058 JST: ISAKMP (0:0): ID payload
next-payload : 13
type : 11
group id : VPN_CLIENTS
protocol : 0
port : 0
length : 19
007903: Jun 17 23:30:53.058 JST: ISAKMP:(0):: peer matches *none* of the profiles
007904: Jun 17 23:30:53.058 JST: ISAKMP:(0): processing vendor id payload
007905: Jun 17 23:30:53.058 JST: ISAKMP:(0): vendor ID seems Unity/DPD but major 194 mismatch
007906: Jun 17 23:30:53.058 JST: ISAKMP:(0): processing vendor id payload
007907: Jun 17 23:30:53.058 JST: ISAKMP:(0): vendor ID seems Unity/DPD but major 69 mismatch
007908: Jun 17 23:30:53.058 JST: ISAKMP:(0): processing vendor id payload
007909: Jun 17 23:30:53.058 JST: ISAKMP:(0): vendor ID seems Unity/DPD but major 198 mismatch
007910: Jun 17 23:30:53.058 JST: ISAKMP:(0): processing vendor id payload
007911: Jun 17 23:30:53.058 JST: ISAKMP:(0): vendor ID seems Unity/DPD but major 29 mismatch
007912: Jun 17 23:30:53.058 JST: ISAKMP:(0): processing vendor id payload
007913: Jun 17 23:30:53.058 JST: ISAKMP:(0): vendor ID seems Unity/DPD but major 245 mismatch
007914: Jun 17 23:30:53.058 JST: ISAKMP (0:0): vendor ID is NAT-T v7
007915: Jun 17 23:30:53.058 JST: ISAKMP:(0): processing vendor id payload
007916: Jun 17 23:30:53.058 JST: ISAKMP:(0): vendor ID seems Unity/DPD but major 114 mismatch
007917: Jun 17 23:30:53.058 JST: ISAKMP:(0): processing vendor id payload
007918: Jun 17 23:30:53.058 JST: ISAKMP:(0): vendor ID seems Unity/DPD but major 227 mismatch
007919: Jun 17 23:30:53.058 JST: ISAKMP:(0): processing vendor id payload
007920: Jun 17 23:30:53.058 JST: ISAKMP:(0): vendor ID seems Unity/DPD but major 250 mismatch
007921: Jun 17 23:30:53.058 JST: ISAKMP:(0): processing vendor id payload
007922: Jun 17 23:30:53.058 JST: ISAKMP:(0): vendor ID seems Unity/DPD but major 157 mismatch
007923: Jun 17 23:30:53.058 JST: ISAKMP:(0): vendor ID is NAT-T v3
007924: Jun 17 23:30:53.058 JST: ISAKMP:(0): processing vendor id payload
007925: Jun 17 23:30:53.058 JST: ISAKMP:(0): vendor ID seems Unity/DPD but major 164 mismatch
007926: Jun 17 23:30:53.058 JST: ISAKMP:(0): processing vendor id payload
007927: Jun 17 23:30:53.058 JST: ISAKMP:(0): vendor ID seems Unity/DPD but major 123 mismatch
007928: Jun 17 23:30:53.058 JST: ISAKMP:(0): vendor ID is NAT-T v2
007929: Jun 17 23:30:53.058 JST: ISAKMP:(0): processing vendor id payload
007930: Jun 17 23:30:53.058 JST: ISAKMP:(0): vendor ID seems Unity/DPD but major 242 mismatch
007931: Jun 17 23:30:53.058 JST: ISAKMP:(0): vendor ID is XAUTH
007932: Jun 17 23:30:53.058 JST: ISAKMP:(0): processing vendor id payload
007933: Jun 17 23:30:53.058 JST: ISAKMP:(0): vendor ID is Unity
007934: Jun 17 23:30:53.058 JST: ISAKMP:(0): processing vendor id payload
007935: Jun 17 23:30:53.058 JST: ISAKMP:(0): vendor ID is DPD
007936: Jun 17 23:30:53.058 JST: ISAKMP : Scanning profiles for xauth ... isakmp-profile
007937: Jun 17 23:30:53.058 JST: ISAKMP:(0): Authentication by xauth preshared
007938: Jun 17 23:30:53.058 JST: ISAKMP:(0):Checking ISAKMP transform 1 against priority 10 policy
007939: Jun 17 23:30:53.058 JST: ISAKMP: life type in seconds
007940: Jun 17 23:30:53.058 JST: ISAKMP: life duration (basic) of 3600
007941: Jun 17 23:30:53.058 JST: ISAKMP: encryption AES-CBC
007942: Jun 17 23:30:53.058 JST: ISAKMP: keylength of 256
007943: Jun 17 23:30:53.058 JST: ISAKMP: auth XAUTHInitPreShared
007944: Jun 17 23:30:53.058 JST: ISAKMP: hash SHA
007945: Jun 17 23:30:53.058 JST: ISAKMP: default group 2
007946: Jun 17 23:30:53.058 JST: ISAKMP:(0):Encryption algorithm offered does not match policy!
007947: Jun 17 23:30:53.058 JST: ISAKMP:(0):atts are not acceptable. Next payload is 3
007948: Jun 17 23:30:53.058 JST: ISAKMP:(0):Checking ISAKMP transform 2 against priority 10 policy
007949: Jun 17 23:30:53.058 JST: ISAKMP: life type in seconds
007950: Jun 17 23:30:53.058 JST: ISAKMP: life duration (basic) of 3600
007951: Jun 17 23:30:53.058 JST: ISAKMP: encryption AES-CBC
007952: Jun 17 23:30:53.058 JST: ISAKMP: keylength of 256
007953: Jun 17 23:30:53.062 JST: ISAKMP: auth XAUTHInitPreShared
007954: Jun 17 23:30:53.062 JST: ISAKMP: hash MD5
007955: Jun 17 23:30:53.062 JST: ISAKMP: default group 2
007956: Jun 17 23:30:53.062 JST: ISAKMP:(0):Encryption algorithm offered does not match policy!
007957: Jun 17 23:30:53.062 JST: ISAKMP:(0):atts are not acceptable. Next payload is 3
007958: Jun 17 23:30:53.062 JST: ISAKMP:(0):Checking ISAKMP transform 3 against priority 10 policy
007959: Jun 17 23:30:53.062 JST: ISAKMP: life type in seconds
007960: Jun 17 23:30:53.062 JST: ISAKMP: life duration (basic) of 3600
007961: Jun 17 23:30:53.062 JST: ISAKMP: encryption AES-CBC
007962: Jun 17 23:30:53.062 JST: ISAKMP: keylength of 128
007963: Jun 17 23:30:53.062 JST: ISAKMP: auth XAUTHInitPreShared
007964: Jun 17 23:30:53.062 JST: ISAKMP: hash SHA
007965: Jun 17 23:30:53.062 JST: ISAKMP: default group 2
007966: Jun 17 23:30:53.062 JST: ISAKMP:(0):Encryption algorithm offered does not match policy!
007967: Jun 17 23:30:53.062 JST: ISAKMP:(0):atts are not acceptable. Next payload is 3
007968: Jun 17 23:30:53.062 JST: ISAKMP:(0):Checking ISAKMP transform 4 against priority 10 policy
007969: Jun 17 23:30:53.062 JST: ISAKMP: life type in seconds
007970: Jun 17 23:30:53.062 JST: ISAKMP: life duration (basic) of 3600
007971: Jun 17 23:30:53.062 JST: ISAKMP: encryption AES-CBC
007972: Jun 17 23:30:53.062 JST: ISAKMP: keylength of 128
007973: Jun 17 23:30:53.062 JST: ISAKMP: auth XAUTHInitPreShared
007974: Jun 17 23:30:53.062 JST: ISAKMP: hash MD5
007975: Jun 17 23:30:53.062 JST: ISAKMP: default group 2
007976: Jun 17 23:30:53.062 JST: ISAKMP:(0):Encryption algorithm offered does not match policy!
007977: Jun 17 23:30:53.062 JST: ISAKMP:(0):atts are not acceptable. Next payload is 3
007978: Jun 17 23:30:53.062 JST: ISAKMP:(0):Checking ISAKMP transform 5 against priority 10 policy
007979: Jun 17 23:30:53.062 JST: ISAKMP: life type in seconds
007980: Jun 17 23:30:53.062 JST: ISAKMP: life duration (basic) of 3600
007981: Jun 17 23:30:53.062 JST: ISAKMP: encryption 3DES-CBC
007982: Jun 17 23:30:53.062 JST: ISAKMP: auth XAUTHInitPreShared
007983: Jun 17 23:30:53.062 JST: ISAKMP: hash SHA
007984: Jun 17 23:30:53.062 JST: ISAKMP: default group 2
007985: Jun 17 23:30:53.062 JST: ISAKMP:(0):Xauth authentication by pre-shared key offered but does not match policy!
007986: Jun 17 23:30:53.062 JST: ISAKMP:(0):atts are not acceptable. Next payload is 3
007987: Jun 17 23:30:53.062 JST: ISAKMP:(0):Checking ISAKMP transform 6 against priority 10 policy
007988: Jun 17 23:30:53.062 JST: ISAKMP: life type in seconds
007989: Jun 17 23:30:53.062 JST: ISAKMP: life duration (basic) of 3600
007990: Jun 17 23:30:53.062 JST: ISAKMP: encryption 3DES-CBC
007991: Jun 17 23:30:53.062 JST: ISAKMP: auth XAUTHInitPreShared
007992: Jun 17 23:30:53.062 JST: ISAKMP: hash MD5
007993: Jun 17 23:30:53.062 JST: ISAKMP: default group 2
007994: Jun 17 23:30:53.062 JST: ISAKMP:(0):Hash algorithm offered does not match policy!
007995: Jun 17 23:30:53.062 JST: ISAKMP:(0):atts are not acceptable. Next payload is 3
007996: Jun 17 23:30:53.062 JST: ISAKMP:(0):Checking ISAKMP transform 7 against priority 10 policy
007997: Jun 17 23:30:53.062 JST: ISAKMP: life type in seconds
007998: Jun 17 23:30:53.062 JST: ISAKMP: life duration (basic) of 3600
007999: Jun 17 23:30:53.062 JST: ISAKMP: encryption DES-CBC
008000: Jun 17 23:30:53.062 JST: ISAKMP: auth XAUTHInitPreShared
008001: Jun 17 23:30:53.062 JST: ISAKMP: hash SHA
008002: Jun 17 23:30:53.062 JST: ISAKMP: default group 2
008003: Jun 17 23:30:53.062 JST: ISAKMP:(0):Encryption algorithm offered does not match policy!
008004: Jun 17 23:30:53.062 JST: ISAKMP:(0):atts are not acceptable. Next payload is 3
008005: Jun 17 23:30:53.062 JST: ISAKMP:(0):Checking ISAKMP transform 8 against priority 10 policy
008006: Jun 17 23:30:53.062 JST: ISAKMP: life type in seconds
008007: Jun 17 23:30:53.062 JST: ISAKMP: life duration (basic) of 3600
008008: Jun 17 23:30:53.062 JST: ISAKMP: encryption DES-CBC
008009: Jun 17 23:30:53.062 JST: ISAKMP: auth XAUTHInitPreShared
008010: Jun 17 23:30:53.062 JST: ISAKMP: hash MD5
008011: Jun 17 23:30:53.062 JST: ISAKMP: default group 2
008012: Jun 17 23:30:53.062 JST: ISAKMP:(0):Encryption algorithm offered does not match policy!
008013: Jun 17 23:30:53.062 JST: ISAKMP:(0):atts are not acceptable. Next payload is 0
008014: Jun 17 23:30:53.062 JST: ISAKMP:(0):Checking ISAKMP transform 1 against priority 65535 policy
008015: Jun 17 23:30:53.062 JST: ISAKMP: life type in seconds
008016: Jun 17 23:30:53.062 JST: ISAKMP: life duration (basic) of 3600
008017: Jun 17 23:30:53.062 JST: ISAKMP: encryption AES-CBC
008018: Jun 17 23:30:53.062 JST: ISAKMP: keylength of 256
008019: Jun 17 23:30:53.062 JST: ISAKMP: auth XAUTHInitPreShared
008020: Jun 17 23:30:53.062 JST: ISAKMP: hash SHA
008021: Jun 17 23:30:53.062 JST: ISAKMP: default group 2
008022: Jun 17 23:30:53.062 JST: ISAKMP:(0):Encryption algorithm offered does not match policy!
008023: Jun 17 23:30:53.062 JST: ISAKMP:(0):atts are not acceptable. Next payload is 3
008024: Jun 17 23:30:53.062 JST: ISAKMP:(0):Checking ISAKMP transform 2 against priority 65535 policy
008025: Jun 17 23:30:53.062 JST: ISAKMP: life type in seconds
008026: Jun 17 23:30:53.062 JST: ISAKMP: life duration (basic) of 3600
008027: Jun 17 23:30:53.062 JST: ISAKMP: encryption A
Router#ES-CBC
008028: Jun 17 23:30:53.062 JST: ISAKMP: keylength of 256
008029: Jun 17 23:30:53.062 JST: ISAKMP: auth XAUTHInitPreShared
008030: Jun 17 23:30:53.062 JST: ISAKMP: hash MD5
008031: Jun 17 23:30:53.062 JST: ISAKMP: default group 2
008032: Jun 17 23:30:53.062 JST: ISAKMP:(0):Encryption algorithm offered does not match policy!
008033: Jun 17 23:30:53.062 JST: ISAKMP:(0):atts are not acceptable. Next payload is 3
008034: Jun 17 23:30:53.062 JST: ISAKMP:(0):Checking ISAKMP transform 3 against priority 65535 policy
008035: Jun 17 23:30:53.062 JST: ISAKMP: life type in seconds
008036: Jun 17 23:30:53.062 JST: ISAKMP: life duration (basic) of 3600
008037: Jun 17 23:30:53.062 JST: ISAKMP: encryption AES-CBC
008038: Jun 17 23:30:53.062 JST: ISAKMP: keylength of 128
008039: Jun 17 23:30:53.062 JST: ISAKMP: auth XAUTHInitPreShared
008040: Jun 17 23:30:53.062 JST: ISAKMP: hash SHA
008041: Jun 17 23:30:53.062 JST: ISAKMP: default group 2
008042: Jun 17 23:30:53.062 JST: ISAKMP:(0):Encryption algorithm offered does not match policy!
008043: Jun 17 23:30:53.062 JST: ISAKMP:(0):atts are not acceptable. Next payload is 3
008044: Jun 17 23:30:53.062 JST: ISAKMP:(0):Checking ISAKMP transform 4 against priority 65535 policy
008045: Jun 17 23:30:53.062 JST: ISAKMP: life type in seconds
008046: Jun 17 23:30:53.062 JST: ISAKMP: life duration (basic) of 3600
008047: Jun 17 23:30:53.062 JST: ISAKMP: encryption AES-CBC
008048: Jun 17 23:30:53.062 JST: ISAKMP: keylength of 128
008049: Jun 17 23:30:53.062 JST: ISAKMP: auth XAUTHInitPreShared
008050: Jun 17 23:30:53.062 JST: ISAKMP: hash MD5
008051: Jun 17 23:30:53.062 JST: ISAKMP: default group 2
008052: Jun 17 23:30:53.062 JST: ISAKMP:(0):Encryption algorithm offered does not match policy!
008053: Jun 17 23:30:53.062 JST: ISAKMP:(0):atts are not acceptable. Next payload is 3
008054: Jun 17 23:30:53.066 JST: ISAKMP:(0):Checking ISAKMP transform 5 against priority 65535 policy
008055: Jun 17 23:30:53.066 JST: ISAKMP: life type in seconds
008056: Jun 17 23:30:53.066 JST: ISAKMP: life duration (basic) of 3600
008057: Jun 17 23:30:53.066 JST: ISAKMP: encryption 3DES-CBC
008058: Jun 17 23:30:53.066 JST: ISAKMP: auth XAUTHInitPreShared
008059: Jun 17 23:30:53.066 JST: ISAKMP: hash SHA
008060: Jun 17 23:30:53.066 JST: ISAKMP: default group 2
008061: Jun 17 23:30:53.066 JST: ISAKMP:(0):Encryption algorithm offered does not match policy!
008062: Jun 17 23:30:53.066 JST: ISAKMP:(0):atts are not acceptable. Next payload is 3
008063: Jun 17 23:30:53.066 JST: ISAKMP:(0):Checking ISAKMP transform 6 against priority 65535 policy
008064: Jun 17 23:30:53.066 JST: ISAKMP: life type in seconds
008065: Jun 17 23:30:53.066 JST: ISAKMP: life duration (basic) of 3600
008066: Jun 17 23:30:53.066 JST: ISAKMP: encryption 3DES-CBC
008067: Jun 17 23:30:53.066 JST: ISAKMP: auth XAUTHInitPreShared
008068: Jun 17 23:30:53.066 JST: ISAKMP: hash MD5
008069: Jun 17 23:30:53.066 JST: ISAKMP: default group 2
008070: Jun 17 23:30:53.066 JST: ISAKMP:(0):Encryption algorithm offered does not match policy!
008071: Jun 17 23:30:53.066 JST: ISAKMP:(0):atts are not acceptable. Next payload is 3
008072: Jun 17 23:30:53.066 JST: ISAKMP:(0):Checking ISAKMP transform 7 against priority 65535 policy
008073: Jun 17 23:30:53.066 JST: ISAKMP: life type in seconds
008074: Jun 17 23:30:53.066 JST: ISAKMP: life duration (basic) of 3600
008075: Jun 17 23:30:53.066 JST: ISAKMP: encryption DES-CBC
008076: Jun 17 23:30:53.066 JST: ISAKMP: auth XAUTHInitPreShared
008077: Jun 17 23:30:53.066 JST: ISAKMP: hash SHA
008078: Jun 17 23:30:53.066 JST: ISAKMP: default group 2
008079: Jun 17 23:30:53.066 JST: ISAKMP:(0):Authentication method offered does not match policy!
008080: Jun 17 23:30:53.066 JST: ISAKMP:(0):atts are not acceptable. Next payload is 3
008081: Jun 17 23:30:53.066 JST: ISAKMP:(0):Checking ISAKMP transform 8 against priority 65535 policy
008082: Jun 17 23:30:53.066 JST: ISAKMP: life type in seconds
008083: Jun 17 23:30:53.066 JST: ISAKMP: life duration (basic) of 3600
008084: Jun 17 23:30:53.066 JST: ISAKMP: encryption DES-CBC
008085: Jun 17 23:30:53.066 JST: ISAKMP: auth XAUTHInitPreShared
008086: Jun 17 23:30:53.066 JST: ISAKMP: hash MD5
008087: Jun 17 23:30:53.066 JST: ISAKMP: default group 2
008088: Jun 17 23:30:53.066 JST: ISAKMP:(0):Hash algorithm offered does not match policy!
008089: Jun 17 23:30:53.066 JST: ISAKMP:(0):atts are not acceptable. Next payload is 0
008090: Jun 17 23:30:53.066 JST: ISAKMP:(0):no offers accepted!
008091: Jun 17 23:30:53.066 JST: ISAKMP:(0): phase 1 SA policy not acceptable! (local 114.164.241.157 remote 126.237.116.229)
008092: Jun 17 23:30:53.066 JST: ISAKMP (0:0): incrementing error counter on sa, attempt 1 of 5: construct_fail_ag_init
008093: Jun 17 23:30:53.066 JST: ISAKMP:(0): sending packet to 126.237.116.229 my_port 500 peer_port 500 (R) AG_NO_STATE
008094: Jun 17 23:30:53.066 JST: ISAKMP:(0):peer does not do paranoid keepalives.
008095: Jun 17 23:30:53.066 JST: ISAKMP:(0):deleting SA reason "Phase1 SA policy proposal not accepted" state (R) AG_NO_STATE (peer 126.237.116.229)
008096: Jun 17 23:30:53.066 JST: ISAKMP:(0): processing KE payload. message ID = 0
008097: Jun 17 23:30:53.066 JST: ISAKMP:(0): group size changed! Should be 0, is 128
008098: Jun 17 23:30:53.066 JST: ISAKMP (0:0): Unknown Input IKE_MESG_FROM_PEER, IKE_AM_EXCH: state = IKE_READY
008099: Jun 17 23:30:53.066 JST: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH
008100: Jun 17 23:30:53.066 JST: ISAKMP:(0):Old State = IKE_READY New State = IKE_READY
008101: Jun 17 23:30:53.066 JST: ISAKMP:(0):deleting SA reason "Phase1 SA policy proposal not accepted" state (R) AG_NO_STATE (peer 126.237.116.229)
008102: Jun 17 23:30:53.066 JST: ISAKMP: Unlocking peer struct 0x84D4E434 for isadb_mark_sa_deleted(), count 0
008103: Jun 17 23:30:53.066 JST: ISAKMP: Deleting peer node by peer_reap for 126.237.116.229: 84D4E434
008104: Jun 17 23:30:53.066 JST: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
008105: Jun 17 23:30:53.066 JST: ISAKMP:(0):Old State = IKE_READY New State = IKE_DEST_SA
Router#
06-30-2016 02:38 AM
Hi.
Sorry for a long responce. For some time I didn't have any time for community. Really sorry.
Ok, about your problem. It sys that there is no matching with isakmp policyes. Could you try this?
crypto isakmp profile isakmp-profile
no client authentication list auth
no isakmp authorization list auth
client authentication VPN_CLIENT_LOGIN
isakmp authorization list VPN_CLIENT_GROUP
Best Regards.
06-30-2016 06:53 AM
Hi, AllerGen, Thank you for your time!
MAC VPN connection error: The negotiation with the VPN server failed. Verify the server address and try reconnecting.
Router#
Router#
Router#
014501: Jun 30 22:50:21.253 JST: ISAKMP (0:0): received packet from 192.168.1.11 dport 500 sport 500 Global (N) NEW SA
014502: Jun 30 22:50:21.253 JST: ISAKMP: Created a peer struct for 192.168.1.11, peer port 500
014503: Jun 30 22:50:21.253 JST: ISAKMP: New peer created peer = 0x849A7524 peer_handle = 0x8000008A
014504: Jun 30 22:50:21.253 JST: ISAKMP: Locking peer struct 0x849A7524, refcount 1 for crypto_isakmp_process_block
014505: Jun 30 22:50:21.253 JST: ISAKMP: local port 500, remote port 500
014506: Jun 30 22:50:21.253 JST: insert sa successfully sa = 849C78DC
014507: Jun 30 22:50:21.253 JST: ISAKMP:(0): processing SA payload. message ID = 0
014508: Jun 30 22:50:21.253 JST: ISAKMP:(0): processing ID payload. message ID = 0
014509: Jun 30 22:50:21.253 JST: ISAKMP (0:0): ID payload
next-payload : 13
type : 11
group id : VPN_CLIENTS
protocol : 0
port : 0
length : 19
014510: Jun 30 22:50:21.253 JST: ISAKMP:(0):: peer matches *none* of the profiles
014511: Jun 30 22:50:21.253 JST: ISAKMP:(0): processing vendor id payload
014512: Jun 30 22:50:21.253 JST: ISAKMP:(0): vendor ID seems Unity/DPD but major 194 mismatch
014513: Jun 30 22:50:21.253 JST: ISAKMP:(0): processing vendor id payload
014514: Jun 30 22:50:21.253 JST: ISAKMP:(0): vendor ID seems Unity/DPD but major 69 mismatch
014515: Jun 30 22:50:21.253 JST: ISAKMP:(0): processing vendor id payload
014516: Jun 30 22:50:21.253 JST: ISAKMP:(0): vendor ID seems Unity/DPD but major 198 mismatch
014517: Jun 30 22:50:21.253 JST: ISAKMP:(0): processing vendor id payload
014518: Jun 30 22:50:21.253 JST: ISAKMP:(0): vendor ID seems Unity/DPD but major 29 mismatch
014519: Jun 30 22:50:21.253 JST: ISAKMP:(0): processing vendor id payload
014520: Jun 30 22:50:21.253 JST: ISAKMP:(0): vendor ID seems Unity/DPD but major 245 mismatch
014521: Jun 30 22:50:21.253 JST: ISAKMP (0:0): vendor ID is NAT-T v7
014522: Jun 30 22:50:21.253 JST: ISAKMP:(0): processing vendor id payload
014523: Jun 30 22:50:21.253 JST: ISAKMP:(0): vendor ID seems Unity/DPD but major 114 mismatch
014524: Jun 30 22:50:21.253 JST: ISAKMP:(0): processing vendor id payload
014525: Jun 30 22:50:21.253 JST: ISAKMP:(0): vendor ID seems Unity/DPD but major 227 mismatch
014526: Jun 30 22:50:21.253 JST: ISAKMP:(0): processing vendor id payload
014527: Jun 30 22:50:21.253 JST: ISAKMP:(0): vendor ID seems Unity/DPD but major 250 mismatch
014528: Jun 30 22:50:21.253 JST: ISAKMP:(0): processing vendor id payload
014529: Jun 30 22:50:21.253 JST: ISAKMP:(0): vendor ID seems Unity/DPD but major 157 mismatch
014530: Jun 30 22:50:21.253 JST: ISAKMP:(0): vendor ID is NAT-T v3
014531: Jun 30 22:50:21.253 JST: ISAKMP:(0): processing vendor id payload
014532: Jun 30 22:50:21.253 JST: ISAKMP:(0): vendor ID seems Unity/DPD but major 164 mismatch
014533: Jun 30 22:50:21.253 JST: ISAKMP:(0): processing vendor id payload
014534: Jun 30 22:50:21.253 JST: ISAKMP:(0): vendor ID seems Unity/DPD but major 123 mismatch
014535: Jun 30 22:50:21.253 JST: ISAKMP:(0): vendor ID is NAT-T v2
014536: Jun 30 22:50:21.253 JST: ISAKMP:(0): processing vendor id payload
014537: Jun 30 22:50:21.253 JST: ISAKMP:(0): vendor ID seems Unity/DPD but major 242 mismatch
014538: Jun 30 22:50:21.253 JST: ISAKMP:(0): vendor ID is XAUTH
014539: Jun 30 22:50:21.253 JST: ISAKMP:(0): processing vendor id payload
014540: Jun 30 22:50:21.253 JST: ISAKMP:(0): vendor ID is Unity
014541: Jun 30 22:50:21.253 JST: ISAKMP:(0): processing vendor id payload
014542: Jun 30 22:50:21.253 JST: ISAKMP:(0): vendor ID is DPD
014543: Jun 30 22:50:21.253 JST: ISAKMP : Scanning profiles for xauth ... isakmp-profile
014544: Jun 30 22:50:21.253 JST: ISAKMP:(0): Authentication by xauth preshared
014545: Jun 30 22:50:21.253 JST: ISAKMP:(0):Checking ISAKMP transform 1 against priority 10 policy
014546: Jun 30 22:50:21.253 JST: ISAKMP: life type in seconds
014547: Jun 30 22:50:21.253 JST: ISAKMP: life duration (basic) of 3600
014548: Jun 30 22:50:21.253 JST: ISAKMP: encryption AES-CBC
014549: Jun 30 22:50:21.253 JST: ISAKMP: keylength of 256
014550: Jun 30 22:50:21.253 JST: ISAKMP: auth XAUTHInitPreShared
014551: Jun 30 22:50:21.253 JST: ISAKMP: hash... What? 4?
014552: Jun 30 22:50:21.253 JST: ISAKMP: unknown DH group 14
014553: Jun 30 22:50:21.253 JST: ISAKMP:(0):Encryption algorithm offered does not match policy!
014554: Jun 30 22:50:21.253 JST: ISAKMP:(0):atts are not acceptable. Next payload is 3
014555: Jun 30 22:50:21.253 JST: ISAKMP:(0):Checking ISAKMP transform 2 against priority 10 policy
014556: Jun 30 22:50:21.257 JST: ISAKMP: life type in seconds
014557: Jun 30 22:50:21.257 JST: ISAKMP: life duration (basic) of 3600
014558: Jun 30 22:50:21.257 JST: ISAKMP: encryption AES-CBC
014559: Jun 30 22:50:21.257 JST: ISAKMP: keylength of 256
014560: Jun 30 22:50:21.257 JST: ISAKMP: auth XAUTHInitPreShared
014561: Jun 30 22:50:21.257 JST: ISAKMP: hash SHA
014562: Jun 30 22:50:21.257 JST: ISAKMP: unknown DH group 14
014563: Jun 30 22:50:21.257 JST: ISAKMP:(0):Encryption algorithm offered does not match policy!
014564: Jun 30 22:50:21.257 JST: ISAKMP:(0):atts are not acceptable. Next payload is 3
014565: Jun 30 22:50:21.257 JST: ISAKMP:(0):Checking ISAKMP transform 3 against priority 10 policy
014566: Jun 30 22:50:21.257 JST: ISAKMP: life type in seconds
014567: Jun 30 22:50:21.257 JST: ISAKMP: life duration (basic) of 3600
014568: Jun 30 22:50:21.257 JST: ISAKMP: encryption AES-CBC
014569: Jun 30 22:50:21.257 JST: ISAKMP: keylength of 256
014570: Jun 30 22:50:21.257 JST: ISAKMP: auth XAUTHInitPreShared
014571: Jun 30 22:50:21.257 JST: ISAKMP: hash MD5
014572: Jun 30 22:50:21.257 JST: ISAKMP: unknown DH group 14
014573: Jun 30 22:50:21.257 JST: ISAKMP:(0):Encryption algorithm offered does not match policy!
014574: Jun 30 22:50:21.257 JST: ISAKMP:(0):atts are not acceptable. Next payload is 3
014575: Jun 30 22:50:21.257 JST: ISAKMP:(0):Checking ISAKMP transform 4 against priority 10 policy
014576: Jun 30 22:50:21.257 JST: ISAKMP: life type in seconds
014577: Jun 30 22:50:21.257 JST: ISAKMP: life duration (basic) of 3600
014578: Jun 30 22:50:21.257 JST: ISAKMP: encryption AES-CBC
014579: Jun 30 22:50:21.257 JST: ISAKMP: keylength of 256
014580: Jun 30 22:50:21.257 JST: ISAKMP: auth XAUTHInitPreShared
014581: Jun 30 22:50:21.257 JST: ISAKMP: hash... What? 6?
014582: Jun 30 22:50:21.257 JST: ISAKMP: unknown DH group 14
014583: Jun 30 22:50:21.257 JST: ISAKMP:(0):Encryption algorithm offered does not match policy!
014584: Jun 30 22:50:21.257 JST: ISAKMP:(0):atts are not acceptable. Next payload is 0
014585: Jun 30 22:50:21.257 JST: ISAKMP:(0):Checking ISAKMP transform 1 against priority 65535 policy
014586: Jun 30 22:50:21.257 JST: ISAKMP: life type in seconds
014587: Jun 30 22:50:21.257 JST: ISAKMP: life duration (basic) of 3600
014588: Jun 30 22:50:21.257 JST: ISAKMP: encryption AES-CBC
014589: Jun 30 22:50:21.257 JST: ISAKMP: keylength of 256
014590: Jun 30 22:50:21.257 JST: ISAKMP: auth XAUTHInitPreShared
014591: Jun 30 22:50:21.257 JST: ISAKMP: hash... What? 4?
014592: Jun 30 22:50:21.257 JST: ISAKMP: unknown DH group 14
014593: Jun 30 22:50:21.257 JST: ISAKMP:(0):Encryption algorithm offered does not match policy!
014594: Jun 30 22:50:21.257 JST: ISAKMP:(0):atts are not acceptable. Next payload is 3
014595: Jun 30 22:50:21.257 JST: ISAKMP:(0):Checking ISAKMP transform 2 against priority 65535 policy
014596: Jun 30 22:50:21.257 JST: ISAKMP: life type in seconds
014597: Jun 30 22:50:21.257 JST: ISAKMP: life duration (basic) of 3600
014598: Jun 30 22:50:21.257 JST: ISAKMP: encryption AES-CBC
014599: Jun 30 22:50:21.257 JST: ISAKMP: keylength of 256
014600: Jun 30 22:50:21.257 JST: ISAKMP: auth XAUTHInitPreShared
014601: Jun 30 22:50:21.257 JST: ISAKMP: hash SHA
014602: Jun 30 22:50:21.257 JST: ISAKMP: unknown DH group 14
014603: Jun 30 22:50:21.257 JST: ISAKMP:(0):Encryption algorithm offered does not match policy!
014604: Jun 30 22:50:21.257 JST: ISAKMP:(0):atts are not acceptable. Next payload is 3
014605: Jun 30 22:50:21.257 JST: ISAKMP:(0):Checking ISAKMP transform 3 against priority 65535 policy
014606: Jun 30 22:50:21.257 JST: ISAKMP: life type in seconds
014607: Jun 30 22:50:21.257 JST: ISAKMP: life duration (basic) of 3600
014608: Jun 30 22:50:21.257 JST: ISAKMP: encryption AES-CBC
014609: Jun 30 22:50:21.257 JST: ISAKMP: keylength of 256
014610: Jun 30 22:50:21.257 JST: ISAKMP: auth XAUTHInitPreShared
014611: Jun 30 22:50:21.257 JST: ISAKMP: hash MD5
014612: Jun 30 22:50:21.257 JST: ISAKMP: unknown DH group 14
014613: Jun 30 22:50:21.257 JST: ISAKMP:(0):Encryption algorithm offered does not match policy!
014614: Jun 30 22:50:21.257 JST: ISAKMP:(0):atts are not acceptable. Next payload is 3
014615: Jun 30 22:50:21.257 JST: ISAKMP:(0):Checking ISAKMP transform 4 against priority 65535 policy
014616: Jun 30 22:50:21.257 JST: ISAKMP: life type in seconds
014617: Jun 30 22:50:21.257 JST: ISAKMP: life duration (basic) of 3600
014618: Jun 30 22:50:21.257 JST: ISAKMP: encryption AES-CBC
014619: Jun 30 22:50:21.257 JST: ISAKMP: keylength of 256
014620: Jun 30 22:50:21.257 JST: ISAKMP: auth XAUTHInitPreShared
014621: Jun 30 22:50:21.257 JST: ISAKMP: hash... What? 6?
014622: Jun 30 22:50:21.257 JST: ISAKMP: unknown DH group 14
014623: Jun 30 22:50:21.257 JST: ISAKMP:(0):Encryption algorithm offered does not match policy!
014624: Jun 30 22:50:21.257 JST: ISAKMP:(0):atts are not acceptable. Next payload is 0
014625: Jun 30 22:50:21.257 JST: ISAKMP:(0):no offers accepted!
014626: Jun 30 22:50:21.257 JST: ISAKMP:(0): phase 1 SA policy not acceptable! (local 114.164.241.157 remote 192.168.1.11)
014627: Jun 30 22:50:21.257 JST: ISAKMP (0:0): incrementing error counter on sa, attempt 1 of 5: construct_fail_ag_init
014628: Jun 30 22:50:21.257 JST: ISAKMP:(0): sending packet to 192.168.1.11 my_port 500 peer_port 500 (R) AG_NO_STATE
014629: Jun 30 22:50:21.257 JST: ISAKMP:(0):peer does not do paranoid keepalives.
014630: Jun 30 22:50:21.257 JST: ISAKMP:(0):deleting SA reason "Phase1 SA policy proposal not accepted" state (R) AG_NO_STATE (peer 192.168.1.11)
014631: Jun 30 22:50:21.257 JST: ISAKMP:(0): processing KE payload. message ID = 0
014632: Jun 30 22:50:21.257 JST: ISAKMP:(0): group size changed! Should be 0, is 256
014633: Jun 30 22:50:21.257 JST: ISAKMP (0:0): Unknown Input IKE_MESG_FROM_PEER, IKE_AM_EXCH: state = IKE_READY
014634: Jun 30 22:50:21.257 JST: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH
014635: Jun 30 22:50:21.261 JST: ISAKMP:(0):Old State = IKE_READY New State = IKE_READY
014636: Jun 30 22:50:21.261 JST: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode failed with peer at 192.168.1.11
014637: Jun 30 22:50:21.261 JST: ISAKMP:(0):deleting SA reason "Phase1 SA policy proposal not
Router#accepted" state (R) AG_NO_STATE (peer 192.168.1.11)
014638: Jun 30 22:50:21.261 JST: ISAKMP: Unlocking peer struct 0x849A7524 for isadb_mark_sa_deleted(), count 0
014639: Jun 30 22:50:21.261 JST: ISAKMP: Deleting peer node by peer_reap for 192.168.1.11: 849A7524
014640: Jun 30 22:50:21.261 JST: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
014641: Jun 30 22:50:21.261 JST: ISAKMP:(0):Old State = IKE_READY New State = IKE_DEST_SA
014642: Jun 30 22:50:21.269 JST: ISAKMP (0:0): received packet from 192.168.1.11 dport 500 sport 500 Global (N) NEW SA
014643: Jun 30 22:50:21.269 JST: ISAKMP: Created a peer struct for 192.168.1.11, peer port 500
014644: Jun 30 22:50:21.269 JST: ISAKMP: New peer created peer = 0x849A7524 peer_handle = 0x8000007D
014645: Jun 30 22:50:21.269 JST: ISAKMP: Locking peer struct 0x849A7524, refcount 1 for crypto_isakmp_process_block
014646: Jun 30 22:50:21.269 JST: ISAKMP: local port 500, remote port 500
014647: Jun 30 22:50:21.269 JST: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 84A3FC14
014648: Jun 30 22:50:21.269 JST: ISAKMP:(0): processing SA payload. message ID = 0
014649: Jun 30 22:50:21.269 JST: ISAKMP:(0): processing ID payload. message ID = 0
014650: Jun 30 22:50:21.269 JST: ISAKMP (0:0): ID payload
next-payload : 13
type : 11
group id : VPN_CLIENTS
protocol : 0
port : 0
length : 19
014651: Jun 30 22:50:21.269 JST: ISAKMP:(0):: peer matches *none* of the profiles
014652: Jun 30 22:50:21.269 JST: ISAKMP:(0): processing vendor id payload
014653: Jun 30 22:50:21.269 JST: ISAKMP:(0): vendor ID seems Unity/DPD but major 194 mismatch
014654: Jun 30 22:50:21.269 JST: ISAKMP:(0): processing vendor id payload
014655: Jun 30 22:50:21.269 JST: ISAKMP:(0): vendor ID seems Unity/DPD but major 69 mismatch
014656: Jun 30 22:50:21.269 JST: ISAKMP:(0): processing vendor id payload
014657: Jun 30 22:50:21.269 JST: ISAKMP:(0): vendor ID seems Unity/DPD but major 198 mismatch
014658: Jun 30 22:50:21.269 JST: ISAKMP:(0): processing vendor id payload
014659: Jun 30 22:50:21.269 JST: ISAKMP:(0): vendor ID seems Unity/DPD but major 29 mismatch
014660: Jun 30 22:50:21.269 JST: ISAKMP:(0): processing vendor id payload
014661: Jun 30 22:50:21.269 JST: ISAKMP:(0): vendor ID seems Unity/DPD but major 245 mismatch
014662: Jun 30 22:50:21.269 JST: ISAKMP (0:0): vendor ID is NAT-T v7
014663: Jun 30 22:50:21.269 JST: ISAKMP:(0): processing vendor id payload
014664: Jun 30 22:50:21.269 JST: ISAKMP:(0): vendor ID seems Unity/DPD but major 114 mismatch
014665: Jun 30 22:50:21.269 JST: ISAKMP:(0): processing vendor id payload
014666: Jun 30 22:50:21.269 JST: ISAKMP:(0): vendor ID seems Unity/DPD but major 227 mismatch
014667: Jun 30 22:50:21.269 JST: ISAKMP:(0): processing vendor id payload
014668: Jun 30 22:50:21.269 JST: ISAKMP:(0): vendor ID seems Unity/DPD but major 250 mismatch
014669: Jun 30 22:50:21.269 JST: ISAKMP:(0): processing vendor id payload
014670: Jun 30 22:50:21.269 JST: ISAKMP:(0): vendor ID seems Unity/DPD but major 157 mismatch
014671: Jun 30 22:50:21.269 JST: ISAKMP:(0): vendor ID is NAT-T v3
014672: Jun 30 22:50:21.269 JST: ISAKMP:(0): processing vendor id payload
014673: Jun 30 22:50:21.269 JST: ISAKMP:(0): vendor ID seems Unity/DPD but major 164 mismatch
014674: Jun 30 22:50:21.269 JST: ISAKMP:(0): processing vendor id payload
014675: Jun 30 22:50:21.269 JST: ISAKMP:(0): vendor ID seems Unity/DPD but major 123 mismatch
014676: Jun 30 22:50:21.273 JST: ISAKMP:(0): vendor ID is NAT-T v2
014677: Jun 30 22:50:21.273 JST: ISAKMP:(0): processing vendor id payload
014678: Jun 30 22:50:21.273 JST: ISAKMP:(0): vendor ID seems Unity/DPD but major 242 mismatch
014679: Jun 30 22:50:21.273 JST: ISAKMP:(0): vendor ID is XAUTH
014680: Jun 30 22:50:21.273 JST: ISAKMP:(0): processing vendor id payload
014681: Jun 30 22:50:21.273 JST: ISAKMP:(0): vendor ID is Unity
014682: Jun 30 22:50:21.273 JST: ISAKMP:(0): processing vendor id payload
014683: Jun 30 22:50:21.273 JST: ISAKMP:(0): vendor ID is DPD
014684: Jun 30 22:50:21.273 JST: ISAKMP : Scanning profiles for xauth ... isakmp-profile
014685: Jun 30 22:50:21.273 JST: ISAKMP:(0): Authentication by xauth preshared
014686: Jun 30 22:50:21.273 JST: ISAKMP:(0):Checking ISAKMP transform 1 against priority 10 policy
014687: Jun 30 22:50:21.273 JST: ISAKMP: life type in seconds
014688: Jun 30 22:50:21.273 JST: ISAKMP: life duration (basic) of 3600
014689: Jun 30 22:50:21.273 JST: ISAKMP: encryption AES-CBC
014690: Jun 30 22:50:21.273 JST: ISAKMP: keylength of 256
014691: Jun 30 22:50:21.273 JST: ISAKMP: auth XAUTHInitPreShared
014692: Jun 30 22:50:21.273 JST: ISAKMP: hash SHA
014693: Jun 30 22:50:21.273 JST: ISAKMP: default group 2
014694: Jun 30 22:50:21.273 JST: ISAKMP:(0):Encryption algorithm offered does not match policy!
014695: Jun 30 22:50:21.273 JST: ISAKMP:(0):atts are not acceptable. Next payload is 3
014696: Jun 30 22:50:21.273 JST: ISAKMP:(0):Checking ISAKMP transform 2 against priority 10 policy
014697: Jun 30 22:50:21.273 JST: ISAKMP: life type in seconds
014698: Jun 30 22:50:21.273 JST: ISAKMP: life duration (basic) of 3600
014699: Jun 30 22:50:21.273 JST: ISAKMP: encryption AES-CBC
014700: Jun 30 22:50:21.273 JST: ISAKMP: keylength of 256
014701: Jun 30 22:50:21.273 JST: ISAKMP: auth XAUTHInitPreShared
014702: Jun 30 22:50:21.273 JST: ISAKMP: hash MD5
014703: Jun 30 22:50:21.273 JST: ISAKMP: default group 2
014704: Jun 30 22:50:21.273 JST: ISAKMP:(0):Encryption algorithm offered does not match policy!
014705: Jun 30 22:50:21.273 JST: ISAKMP:(0):atts are not acceptable. Next payload is 3
014706: Jun 30 22:50:21.273 JST: ISAKMP:(0):Checking ISAKMP transform 3 against priority 10 policy
014707: Jun 30 22:50:21.273 JST: ISAKMP: life type in seconds
014708: Jun 30 22:50:21.273 JST: ISAKMP: life duration (basic) of 3600
014709: Jun 30 22:50:21.273 JST: ISAKMP: encryption AES-CBC
014710: Jun 30 22:50:21.273 JST: ISAKMP: keylength of 128
014711: Jun 30 22:50:21.273 JST: ISAKMP: auth XAUTHInitPreShared
014712: Jun 30 22:50:21.273 JST: ISAKMP: hash SHA
014713: Jun 30 22:50:21.273 JST: ISAKMP: default group 2
014714: Jun 30 22:50:21.273 JST: ISAKMP:(0):Encryption algorithm offered does not match policy!
014715: Jun 30 22:50:21.273 JST: ISAKMP:(0):atts are not acceptable. Next payload is 3
014716: Jun 30 22:50:21.273 JST: ISAKMP:(0):Checking ISAKMP transform 4 against priority 10 policy
014717: Jun 30 22:50:21.273 JST: ISAKMP: life type in seconds
014718: Jun 30 22:50:21.273 JST: ISAKMP: life duration (basic) of 3600
014719: Jun 30 22:50:21.273 JST: ISAKMP: encryption AES-CBC
014720: Jun 30 22:50:21.273 JST: ISAKMP: keylength of 128
014721: Jun 30 22:50:21.273 JST: ISAKMP: auth XAUTHInitPreShared
014722: Jun 30 22:50:21.273 JST: ISAKMP: hash MD5
014723: Jun 30 22:50:21.273 JST: ISAKMP: default group 2
014724: Jun 30 22:50:21.273 JST: ISAKMP:(0):Encryption algorithm offered does not match policy!
014725: Jun 30 22:50:21.273 JST: ISAKMP:(0):atts are not acceptable. Next payload is 3
014726: Jun 30 22:50:21.273 JST: ISAKMP:(0):Checking ISAKMP transform 5 against priority 10 policy
014727: Jun 30 22:50:21.273 JST: ISAKMP: life type in seconds
014728: Jun 30 22:50:21.273 JST: ISAKMP: life duration (basic) of 3600
014729: Jun 30 22:50:21.273 JST: ISAKMP: encryption 3DES-CBC
014730: Jun 30 22:50:21.273 JST: ISAKMP: auth XAUTHInitPreShared
014731: Jun 30 22:50:21.273 JST: ISAKMP: hash SHA
014732: Jun 30 22:50:21.273 JST: ISAKMP: default group 2
014733: Jun 30 22:50:21.273 JST: ISAKMP:(0):Xauth authentication by pre-shared key offered but does not match policy!
014734: Jun 30 22:50:21.273 JST: ISAKMP:(0):atts are not acceptable. Next payload is 3
014735: Jun 30 22:50:21.273 JST: ISAKMP:(0):Checking ISAKMP transform 6 against priority 10 policy
014736: Jun 30 22:50:21.273 JST: ISAKMP: life type in seconds
014737: Jun 30 22:50:21.273 JST: ISAKMP: life duration (basic) of 3600
014738: Jun 30 22:50:21.273 JST: ISAKMP: encryption 3DES-CBC
014739: Jun 30 22:50:21.273 JST: ISAKMP: auth XAUTHInitPreShared
014740: Jun 30 22:50:21.273 JST: ISAKMP: hash MD5
014741: Jun 30 22:50:21.273 JST: ISAKMP: default group 2
014742: Jun 30 22:50:21.273 JST: ISAKMP:(0):Hash algorithm offered does not match policy!
014743: Jun 30 22:50:21.273 JST: ISAKMP:(0):atts are not acceptable. Next payload is 3
014744: Jun 30 22:50:21.273 JST: ISAKMP:(0):Checking ISAKMP transform 7 against priority 10 policy
014745: Jun 30 22:50:21.273 JST: ISAKMP: life type in seconds
014746: Jun 30 22:50:21.273 JST: ISAKMP: life duration (basic) of 3600
014747: Jun 30 22:50:21.273 JST: ISAKMP: encryption DES-CBC
014748: Jun 30 22:50:21.273 JST: ISAKMP: auth XAUTHInitPreShared
014749: Jun 30 22:50:21.273 JST: ISAKMP: hash SHA
014750: Jun 30 22:50:21.273 JST: ISAKMP: default group 2
014751: Jun 30 22:50:21.273 JST: ISAKMP:(0):Encryption algorithm offered does not match policy!
014752: Jun 30 22:50:21.273 JST: ISAKMP:(0):atts are not acceptable. Next payload is 3
014753: Jun 30 22:50:21.273 JST: ISAKMP:(0):Checking ISAKMP transform 8 against priority 10 policy
014754: Jun 30 22:50:21.273 JST: ISAKMP: life type in seconds
014755: Jun 30 22:50:21.273 JST: ISAKMP: life duration (basic) of 3600
014756: Jun 30 22:50:21.273 JST: ISAKMP: encryption DES-CBC
014757: Jun 30 22:50:21.273 JST: ISAKMP: auth XAUTHInitPreShared
014758: Jun 30 22:50:21.273 JST: ISAKMP: hash MD5
014759: Jun 30 22:50:21.277 JST: ISAKMP: default group 2
014760: Jun 30 22:50:21.277 JST: ISAKMP:(0):Encryption algorithm offered does not match policy!
014761: Jun 30 22:50:21.277 JST: ISAKMP:(0):atts are not acceptable. Next payload is 0
014762: Jun 30 22:50:21.277 JST: ISAKMP:(0):Checking ISAKMP transform 1 against priority 65535 policy
014763: Jun 30 22:50:21.277 JST: ISAKMP: life type in seconds
014764: Jun 30 22:50:21.277 JST: ISAKMP: life duration (basic) of 3600
014765: Jun 30 22:50:21.277 JST: ISAKMP: encryption AES-CBC
014766: Jun 30 22:50:21.277 JST: ISAKMP: keylength of 256
014767: Jun 30 22:50:21.277 JST: ISAKMP: auth XAUTHInitPreShared
014768: Jun 30 22:50:21.277 JST: ISAKMP: hash SHA
014769: Jun 30 22:50:21.277 JST: ISAKMP: default group 2
014770: Jun 30 22:50:21.277 JST: ISAKMP:(0):Encryption algorithm offered does not match policy!
014771: Jun 30 22:50:21.277 JST: ISAKMP:(0):atts are not acceptable. Next payload is 3
014772: Jun 30 22:50:21.277 JST: ISAKMP:(0):Checking ISAKMP transform 2 against priority 65535 policy
014773: Jun 30 22:50:21.277 JST: ISAKMP: life type in seconds
014774: Jun 30 22:50:21.277 JST: ISAKMP: life duration (basic) of 3600
014775: Jun 30 22:50:21.277 JST: ISAKMP: encryption AES-CBC
014776: Jun 30 22:50:21.277 JST: ISAKMP: keylength of 256
014777: Jun 30 22:50:21.277 JST: ISA
Router#KMP: auth XAUTHInitPreShared
014778: Jun 30 22:50:21.277 JST: ISAKMP: hash MD5
014779: Jun 30 22:50:21.277 JST: ISAKMP: default group 2
014780: Jun 30 22:50:21.277 JST: ISAKMP:(0):Encryption algorithm offered does not match policy!
014781: Jun 30 22:50:21.277 JST: ISAKMP:(0):atts are not acceptable. Next payload is 3
014782: Jun 30 22:50:21.277 JST: ISAKMP:(0):Checking ISAKMP transform 3 against priority 65535 policy
014783: Jun 30 22:50:21.277 JST: ISAKMP: life type in seconds
014784: Jun 30 22:50:21.277 JST: ISAKMP: life duration (basic) of 3600
014785: Jun 30 22:50:21.277 JST: ISAKMP: encryption AES-CBC
014786: Jun 30 22:50:21.277 JST: ISAKMP: keylength of 128
014787: Jun 30 22:50:21.277 JST: ISAKMP: auth XAUTHInitPreShared
014788: Jun 30 22:50:21.277 JST: ISAKMP: hash SHA
014789: Jun 30 22:50:21.277 JST: ISAKMP: default group 2
014790: Jun 30 22:50:21.277 JST: ISAKMP:(0):Encryption algorithm offered does not match policy!
014791: Jun 30 22:50:21.277 JST: ISAKMP:(0):atts are not acceptable. Next payload is 3
014792: Jun 30 22:50:21.277 JST: ISAKMP:(0):Checking ISAKMP transform 4 against priority 65535 policy
014793: Jun 30 22:50:21.277 JST: ISAKMP: life type in seconds
014794: Jun 30 22:50:21.277 JST: ISAKMP: life duration (basic) of 3600
014795: Jun 30 22:50:21.277 JST: ISAKMP: encryption AES-CBC
014796: Jun 30 22:50:21.277 JST: ISAKMP: keylength of 128
014797: Jun 30 22:50:21.277 JST: ISAKMP: auth XAUTHInitPreShared
014798: Jun 30 22:50:21.277 JST: ISAKMP: hash MD5
014799: Jun 30 22:50:21.277 JST: ISAKMP: default group 2
014800: Jun 30 22:50:21.277 JST: ISAKMP:(0):Encryption algorithm offered does not match policy!
014801: Jun 30 22:50:21.277 JST: ISAKMP:(0):atts are not acceptable. Next payload is 3
014802: Jun 30 22:50:21.277 JST: ISAKMP:(0):Checking ISAKMP transform 5 against priority 65535 policy
014803: Jun 30 22:50:21.277 JST: ISAKMP: life type in seconds
014804: Jun 30 22:50:21.277 JST: ISAKMP: life duration (basic) of 3600
014805: Jun 30 22:50:21.277 JST: ISAKMP: encryption 3DES-CBC
014806: Jun 30 22:50:21.277 JST: ISAKMP: auth XAUTHInitPreShared
014807: Jun 30 22:50:21.277 JST: ISAKMP: hash SHA
014808: Jun 30 22:50:21.277 JST: ISAKMP: default group 2
014809: Jun 30 22:50:21.277 JST: ISAKMP:(0):Encryption algorithm offered does not match policy!
014810: Jun 30 22:50:21.277 JST: ISAKMP:(0):atts are not acceptable. Next payload is 3
014811: Jun 30 22:50:21.277 JST: ISAKMP:(0):Checking ISAKMP transform 6 against priority 65535 policy
014812: Jun 30 22:50:21.277 JST: ISAKMP: life type in seconds
014813: Jun 30 22:50:21.277 JST: ISAKMP: life duration (basic) of 3600
014814: Jun 30 22:50:21.277 JST: ISAKMP: encryption 3DES-CBC
014815: Jun 30 22:50:21.277 JST: ISAKMP: auth XAUTHInitPreShared
014816: Jun 30 22:50:21.277 JST: ISAKMP: hash MD5
014817: Jun 30 22:50:21.277 JST: ISAKMP: default group 2
014818: Jun 30 22:50:21.277 JST: ISAKMP:(0):Encryption algorithm offered does not match policy!
014819: Jun 30 22:50:21.277 JST: ISAKMP:(0):atts are not acceptable. Next payload is 3
014820: Jun 30 22:50:21.277 JST: ISAKMP:(0):Checking ISAKMP transform 7 against priority 65535 policy
014821: Jun 30 22:50:21.277 JST: ISAKMP: life type in seconds
014822: Jun 30 22:50:21.277 JST: ISAKMP: life duration (basic) of 3600
014823: Jun 30 22:50:21.277 JST: ISAKMP: encryption DES-CBC
014824: Jun 30 22:50:21.277 JST: ISAKMP: auth XAUTHInitPreShared
014825: Jun 30 22:50:21.277 JST: ISAKMP: hash SHA
014826: Jun 30 22:50:21.277 JST: ISAKMP: default group 2
014827: Jun 30 22:50:21.277 JST: ISAKMP:(0):Authentication method offered does not match policy!
014828: Jun 30 22:50:21.277 JST: ISAKMP:(0):atts are not acceptable. Next payload is 3
014829: Jun 30 22:50:21.277 JST: ISAKMP:(0):Checking ISAKMP transform 8 against priority 65535 policy
014830: Jun 30 22:50:21.277 JST: ISAKMP: life type in seconds
014831: Jun 30 22:50:21.277 JST: ISAKMP: life duration (basic) of 3600
014832: Jun 30 22:50:21.277 JST: ISAKMP: encryption DES-CBC
014833: Jun 30 22:50:21.277 JST: ISAKMP: auth XAUTHInitPreShared
014834: Jun 30 22:50:21.277 JST: ISAKMP: hash MD5
014835: Jun 30 22:50:21.277 JST: ISAKMP: default group 2
014836: Jun 30 22:50:21.277 JST: ISAKMP:(0):Hash algorithm offered does not match policy!
014837: Jun 30 22:50:21.277 JST: ISAKMP:(0):atts are not acceptable. Next payload is 0
014838: Jun 30 22:50:21.277 JST: ISAKMP:(0):no offers accepted!
014839: Jun 30 22:50:21.277 JST: ISAKMP:(0): phase 1 SA policy not acceptable! (local 114.164.241.157 remote 192.168.1.11)
014840: Jun 30 22:50:21.277 JST: ISAKMP (0:0): incrementing error counter on sa, attempt 1 of 5: construct_fail_ag_init
014841: Jun 30 22:50:21.277 JST: ISAKMP:(0): sending packet to 192.168.1.11 my_port 500 peer_port 500 (R) AG_NO_STATE
014842: Jun 30 22:50:21.277 JST: ISAKMP:(0):peer does not do paranoid keepalives.
014843: Jun 30 22:50:21.281 JST: ISAKMP:(0):deleting SA reason "Phase1 SA policy proposal not accepted" state (R) AG_NO_STATE (peer 192.168.1.11)
014844: Jun 30 22:50:21.281 JST: ISAKMP:(0): processing KE payload. message ID = 0
014845: Jun 30 22:50:21.281 JST: ISAKMP:(0): group size changed! Should be 0, is 128
014846: Jun 30 22:50:21.281 JST: ISAKMP (0:0): Unknown Input IKE_MESG_FROM_PEER, IKE_AM_EXCH: state = IKE_READY
014847: Jun 30 22:50:21.281 JST: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH
014848: Jun 30 22:50:21.281 JST: ISAKMP:(0):Old State = IKE_READY New State = IKE_READY
014849: Jun 30 22:50:21.281 JST: ISAKMP:(0):deleting SA reason "Phase1 SA policy proposal not accepted" state (R) AG_NO_STATE (peer 192.168.1.11)
014850: Jun 30 22:50:21.281 JST: ISAKMP: Unlocking peer struct 0x849A7524 for isadb_mark_sa_deleted(), count 0
014851: Jun 30 22:50:21.281 JST: ISAKMP: Deleting peer node by peer_reap for 192.168.1.11: 849A7524
014852: Jun 30 22:50:21.281 JST: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
014853: Jun 30 22:50:21.281 JST: ISAKMP:(0):Old State = IKE_READY New State = IKE_DEST_SA
014854: Jun 30 22:51:21.262 JST: ISAKMP:(0):purging SA., sa=849C78DC, delme=849C78DC
014855: Jun 30 22:51:21.282 JST: ISAKMP:(0):purging SA., sa=84A3FC14, delme=84A3FC14
06-30-2016 11:00 AM
Hi.
Finnaly I had some free time to look at your configuration more deeply. Could you try to do this changes?
crypto isakmp profile isakmp-profile
client configuration group admin
exit
crypto dynamic-map dynmap 10
no set transform-set myset
no set isakmp-profile remoteclients
set transform-set tset
set isakmp-profile isakmp-profile
exit
crypto isakmp policy 10
hash md5
exit
Well, only because of the last 3 lines it could't hit any rule for 1 Phase. But without other lines you will have problems at the another parts. So try to commit them all.
Best Regards.
07-01-2016 06:23 AM
07-01-2016 08:44 AM
Hi.
Could you try connect under admin group first? Right now in dynamic crypto maps you have only admin record. We can add it a little later. I would like to test that it works by itself.
And as I can see from logs you're trying to use VPN_CLIENT. And because you don't have a dynamic crypto map for this you're getting this error:
Receive config attributes requested butconfig attributes not in crypto map. Sending empty reply.
Best Regards
07-02-2016 12:56 AM
07-03-2016 11:31 PM
Hi.
From the log there is no errors at the isakmp phase. Maybe some problems with ipsec phase. Can you use "debug crypto ipsec"?
Best Regards.
07-04-2016 06:53 AM
07-05-2016 12:04 AM
Hm. There is no specific error at the debug messages. But by some reason connection lost after sending settings to the client after authentication.
Could you try this?
crypto isakmp client configuration group admin no acl 101
07-05-2016 05:07 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide