01-29-2007 09:34 AM - edited 02-21-2020 02:50 PM
Hello,
I'm trying to build a LAN-to-LAN tunnel using my Cisco VPN Concentrator 3020 and another piece of hardware (used the free Linux distribution IPCop and an Instagate). I can get the tunnel be build, but then the tunnel is being disconnected and I can't get a clue what is going wrong. I hope somebody here can help me a little bit.
I will take the IPCop (which should work before 1 feb this year) as example.
am using the following settings:
VPN Concentrator
Authentication ESP/MD5/HMAC-128
Encryption 3DES-168
IKE Proposal IKE-3DES-MD5
IPCop
IKE Encryption: 3DES
IKE Integrity: MD5
IKE Grouptype: MODP-1024
ESP Encryption: 3DES
ESP Integrity: MD5
ESP Grouptype: MODP-1024
This is what the Concentrator gives in his log files:
[quote]
5736 01/29/2007 11:20:25.660 SEV=4 IKE/41 RPT=93 <REMOTE IP>
IKE Initiator: New Phase 1, Intf 2, IKE Peer <REMOTE IP>
local Proxy Address 10.50.0.0, remote Proxy Address 192.168.0.0,
SA (L2L: Test)
5738 01/29/2007 11:20:26.140 SEV=4 IKE/119 RPT=7322 <REMOTE IP>
Group [<REMOTE IP>]
PHASE 1 COMPLETED
5739 01/29/2007 11:20:26.140 SEV=4 AUTH/22 RPT=7240
User [<REMOTE IP>] Group [<REMOTE IP>] connected, Session Type: IPSec/LAN-to
-LAN
5741 01/29/2007 11:20:26.140 SEV=4 AUTH/84 RPT=228
LAN-to-LAN tunnel to headend device <REMOTE IP> connected
5742 01/29/2007 11:20:26.280 SEV=5 IKE/68 RPT=418 <REMOTE IP>
Group [<REMOTE IP>]
Received non-routine Notify message: Invalid ID info (18)
5744 01/29/2007 11:20:34.210 SEV=5 IKE/68 RPT=419 <REMOTE IP>
Group [<REMOTE IP>]
Received non-routine Notify message: Invalid message id (9)
5746 01/29/2007 11:20:42.200 SEV=5 IKE/68 RPT=420 <REMOTE IP>
Group [<REMOTE IP>]
Received non-routine Notify message: Invalid message id (9)
5748 01/29/2007 11:20:44.380 SEV=5 IKE/35 RPT=270 <REMOTE IP>
Group [<REMOTE IP>]
Received remote IP Proxy Subnet data in ID Payload:
Address 192.168.0.0, Mask 255.255.255.0, Protocol 0, Port 0
5751 01/29/2007 11:20:44.380 SEV=5 IKE/34 RPT=8016 <REMOTE IP>
Group [<REMOTE IP>]
Received local IP Proxy Subnet data in ID Payload:
Address 10.50.0.0, Mask 255.255.0.0, Protocol 0, Port 0
5754 01/29/2007 11:20:44.380 SEV=5 IKE/66 RPT=8003 <REMOTE IP>
Group [<REMOTE IP>]
IKE Remote Peer configured for SA: L2L: Test
5755 01/29/2007 11:20:44.520 SEV=5 IKE/68 RPT=421 <REMOTE IP>
Group [<REMOTE IP>]
Received non-routine Notify message: Invalid ID info (18)
5756 01/29/2007 11:20:50.210 SEV=5 IKE/68 RPT=422 <REMOTE IP>
Group [<REMOTE IP>]
Received non-routine Notify message: Invalid message id (9)
5758 01/29/2007 11:20:52.520 SEV=5 IKE/68 RPT=423 <REMOTE IP>
Group [<REMOTE IP>]
Received non-routine Notify message: Invalid ID info (18)
5759 01/29/2007 11:20:54.660 SEV=5 IKE/68 RPT=424 <REMOTE IP>
Group [<REMOTE IP>]
Received non-routine Notify message: Invalid ID info (18)
5760 01/29/2007 11:20:58.140 SEV=4 IKEDBG/97 RPT=318 <REMOTE IP>
Group [<REMOTE IP>]
QM FSM error (P2 struct &0xaaefc18, mess id 0xf508de2d)!
5761 01/29/2007 11:21:02.660 SEV=5 IKE/68 RPT=425 <REMOTE IP>
Group [<REMOTE IP>]
Received non-routine Notify message: Invalid ID info (18)
5762 01/29/2007 11:21:10.520 SEV=4 IKEDBG/97 RPT=319 <REMOTE IP>
Group [<REMOTE IP>]
QM FSM error (P2 struct &0xadb027c, mess id 0x530bcfc5)!
5763 01/29/2007 11:21:10.530 SEV=4 AUTH/23 RPT=230 <REMOTE IP>
User [<REMOTE IP>] Group [<REMOTE IP>] disconnected: duration: 0:00:44
5764 01/29/2007 11:21:10.530 SEV=4 AUTH/85 RPT=228
LAN-to-LAN tunnel to headend device <REMOTE IP> disconnected: duration: 0:00:44
[/quote]
(I removed the IP's for safety).
I hope somebody who knows more of this stuff can take a look at this. Thanks a lot!
01-30-2007 12:13 PM
Nobody with experience who can help me a little bit??
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide