Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Cisco Community
- Technology and Support
- Security
- VPN
- Your side seems reasonably
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
481
Views
3
Helpful
1
Replies
VPN issues Cisco to Sonicwall
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-28-2016 08:29 AM
Hi, I have a cisco 1841 that I am trying to connect by vpn to a sonicwall. I do not have access to the sonicwall and I am trying to determine if the issue is on my end(cisco). I've read that Cisco ASA's need PFS enabled on the sonicwall but I'm not sure if it does for 1841's as well. Any pointers will be greatly appreciated.
Peer: xx.xx.xx.xx
Local: YY.YY.YY.YY
I get the following error:
%CRYPTO-6-IKMP_NOT_ENCRYPTED: IKE packet from xx.xx.xx.xx was not encrypted and it should've been.
sh crypto isakmp sa
CRC_1841#sh crypto isakmp sa
dst src state conn-id slot status
XX.XX.XX.XX YY.YY.YY.YY MM_NO_STATE 1140 0 ACTIVE (deleted)
Log
527831: Jul 28 07:45:12.233 EST: ISAKMP: received ke message (1/1)
527832: Jul 28 07:45:12.233 EST: ISAKMP:(0:0:N/A:0): SA request profile is (NULL)
527833: Jul 28 07:45:12.233 EST: ISAKMP: Created a peer struct for XX.XX.XX.XX, peer port 500
527834: Jul 28 07:45:12.233 EST: ISAKMP: New peer created peer = 0x6403A5A8 peer_handle = 0x8000DD68
527835: Jul 28 07:45:12.233 EST: ISAKMP: Locking peer struct 0x6403A5A8, IKE refcount 1 for isakmp_initiator
527836: Jul 28 07:45:12.233 EST: ISAKMP: local port 500, remote port 500
527837: Jul 28 07:45:12.233 EST: ISAKMP: set new node 0 to QM_IDLE
527838: Jul 28 07:45:12.233 EST: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 64038628
527839: Jul 28 07:45:12.233 EST: ISAKMP:(0:0:N/A:0):Can not start Aggressive mode, trying Main mode.
527840: Jul 28 07:45:12.233 EST: ISAKMP:(0:0:N/A:0):Looking for a matching key for XX.XX.XX.XX in default
527841: Jul 28 07:45:12.233 EST: ISAKMP:(0:0:N/A:0): : success
527842: Jul 28 07:45:12.233 EST: ISAKMP:(0:0:N/A:0):found peer pre-shared key matching XX.XX.XX.XX
527843: Jul 28 07:45:12.233 EST: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM
527844: Jul 28 07:45:12.233 EST: ISAKMP:(0:0:N/A:0):Old State = IKE_READY New State = IKE_I_MM1
527845: Jul 28 07:45:12.233 EST: ISAKMP:(0:0:N/A:0): beginning Main Mode exchange
527846: Jul 28 07:45:12.233 EST: ISAKMP:(0:0:N/A:0): sending packet to XX.XX.XX.XX my_port 500 peer_port 500 (I) MM_NO_STATE
527847: Jul 28 07:45:12.293 EST: ISAKMP (0:0): received packet from XX.XX.XX.XX dport 500 sport 500 Global (I) MM_NO_STATE
527848: Jul 28 07:45:12.293 EST: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
527849: Jul 28 07:45:12.293 EST: ISAKMP:(0:0:N/A:0):Old State = IKE_I_MM1 New State = IKE_I_MM2
527850: Jul 28 07:45:12.293 EST: ISAKMP:(0:0:N/A:0): processing SA payload. message ID = 0
527851: Jul 28 07:45:12.293 EST: ISAKMP:(0:0:N/A:0): processing vendor id payload
527852: Jul 28 07:45:12.293 EST: ISAKMP:(0:0:N/A:0): vendor ID seems Unity/DPD but major 0 mismatch
527853: Jul 28 07:45:12.293 EST: ISAKMP:(0:0:N/A:0):Looking for a matching key for XX.XX.XX.XX in default
527854: Jul 28 07:45:12.293 EST: ISAKMP:(0:0:N/A:0): : success
527855: Jul 28 07:45:12.293 EST: ISAKMP:(0:0:N/A:0):found peer pre-shared key matching XX.XX.XX.XX
527856: Jul 28 07:45:12.293 EST: ISAKMP:(0:0:N/A:0): local preshared key found
527857: Jul 28 07:45:12.293 EST: ISAKMP : Scanning profiles for xauth ...
527858: Jul 28 07:45:12.293 EST: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 1 against priority 1 policy
527859: Jul 28 07:45:12.293 EST: ISAKMP: encryption 3DES-CBC
527860: Jul 28 07:45:12.293 EST: ISAKMP: hash SHA
527861: Jul 28 07:45:12.293 EST: ISAKMP: default group 2
527862: Jul 28 07:45:12.293 EST: ISAKMP: auth pre-share
527863: Jul 28 07:45:12.293 EST: ISAKMP: life type in seconds
527864: Jul 28 07:45:12.293 EST: ISAKMP: life duration (basic) of 3600
527865: Jul 28 07:45:12.297 EST: ISAKMP:(0:0:N/A:0):Hash algorithm offered does not match policy!
527866: Jul 28 07:45:12.297 EST: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 0
527867: Jul 28 07:45:12.297 EST: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 1 against priority 2 policy
527868: Jul 28 07:45:12.297 EST: ISAKMP: encryption 3DES-CBC
527869: Jul 28 07:45:12.297 EST: ISAKMP: hash SHA
527870: Jul 28 07:45:12.297 EST: ISAKMP: default group 2
527871: Jul 28 07:45:12.297 EST: ISAKMP: auth pre-share
527872: Jul 28 07:45:12.297 EST: ISAKMP: life type in seconds
527873: Jul 28 07:45:12.297 EST: ISAKMP: life duration (basic) of 3600
527874: Jul 28 07:45:12.297 EST: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
527875: Jul 28 07:45:12.297 EST: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 0
527876: Jul 28 07:45:12.297 EST: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 1 against priority 3 policy
527877: Jul 28 07:45:12.297 EST: ISAKMP: encryption 3DES-CBC
527878: Jul 28 07:45:12.297 EST: ISAKMP: hash SHA
527879: Jul 28 07:45:12.297 EST: ISAKMP: default group 2
527880: Jul 28 07:45:12.297 EST: ISAKMP: auth pre-share
527881: Jul 28 07:45:12.297 EST: ISAKMP: life type in seconds
527882: Jul 28 07:45:12.297 EST: ISAKMP: life duration (basic) of 3600
527883: Jul 28 07:45:12.297 EST: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
527884: Jul 28 07:45:12.297 EST: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 0
527885: Jul 28 07:45:12.297 EST: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 1 against priority 4 policy
527886: Jul 28 07:45:12.297 EST: ISAKMP: encryption 3DES-CBC
527887: Jul 28 07:45:12.297 EST: ISAKMP: hash SHA
527888: Jul 28 07:45:12.297 EST: ISAKMP: default group 2
527889: Jul 28 07:45:12.297 EST: ISAKMP: auth pre-share
527890: Jul 28 07:45:12.297 EST: ISAKMP: life type in seconds
527891: Jul 28 07:45:12.297 EST: ISAKMP: life duration (basic) of 3600
527892: Jul 28 07:45:12.297 EST: ISAKMP:(0:0:N/A:0):Hash algorithm offered does not match policy!
527893: Jul 28 07:45:12.297 EST: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 0
527894: Jul 28 07:45:12.297 EST: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 1 against priority 5 policy
527895: Jul 28 07:45:12.297 EST: ISAKMP: encryption 3DES-CBC
527896: Jul 28 07:45:12.297 EST: ISAKMP: hash SHA
527897: Jul 28 07:45:12.297 EST: ISAKMP: default group 2
527898: Jul 28 07:45:12.297 EST: ISAKMP: auth pre-share
527899: Jul 28 07:45:12.297 EST: ISAKMP: life type in seconds
527900: Jul 28 07:45:12.297 EST: ISAKMP: life duration (basic) of 3600
527901: Jul 28 07:45:12.297 EST: ISAKMP:(0:0:N/A:0):Hash algorithm offered does not match policy!
527902: Jul 28 07:45:12.297 EST: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 0
527903: Jul 28 07:45:12.297 EST: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 1 against priority 6 policy
527904: Jul 28 07:45:12.301 EST: ISAKMP: encryption 3DES-CBC
527905: Jul 28 07:45:12.301 EST: ISAKMP: hash SHA
527906: Jul 28 07:45:12.301 EST: ISAKMP: default group 2
527907: Jul 28 07:45:12.301 EST: ISAKMP: auth pre-share
527908: Jul 28 07:45:12.301 EST: ISAKMP: life type in seconds
527909: Jul 28 07:45:12.301 EST: ISAKMP: life duration (basic) of 3600
527910: Jul 28 07:45:12.301 EST: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
527911: Jul 28 07:45:12.301 EST: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 0
527912: Jul 28 07:45:12.301 EST: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 1 against priority 7 policy
527913: Jul 28 07:45:12.301 EST: ISAKMP: encryption 3DES-CBC
527914: Jul 28 07:45:12.301 EST: ISAKMP: hash SHA
527915: Jul 28 07:45:12.301 EST: ISAKMP: default group 2
527916: Jul 28 07:45:12.301 EST: ISAKMP: auth pre-share
527917: Jul 28 07:45:12.301 EST: ISAKMP: life type in seconds
527918: Jul 28 07:45:12.301 EST: ISAKMP: life duration (basic) of 3600
527919: Jul 28 07:45:12.301 EST: ISAKMP:(0:0:N/A:0):atts are acceptable. Next payload is 0
527920: Jul 28 07:45:12.357 EST: ISAKMP:(0:1262:SW:1): processing vendor id payload
527921: Jul 28 07:45:12.357 EST: ISAKMP:(0:1262:SW:1): vendor ID seems Unity/DPD but major 0 mismatch
527922: Jul 28 07:45:12.357 EST: ISAKMP:(0:1262:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
527923: Jul 28 07:45:12.357 EST: ISAKMP:(0:1262:SW:1):Old State = IKE_I_MM2 New State = IKE_I_MM2
527924: Jul 28 07:45:12.361 EST: ISAKMP:(0:1262:SW:1): sending packet to XX.XX.XX.XX my_port 500 peer_port 500 (I) MM_SA_SETUP
527925: Jul 28 07:45:12.361 EST: ISAKMP:(0:1262:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
527926: Jul 28 07:45:12.361 EST: ISAKMP:(0:1262:SW:1):Old State = IKE_I_MM2 New State = IKE_I_MM3
527927: Jul 28 07:45:12.425 EST: ISAKMP (0:134218990): received packet from XX.XX.XX.XX dport 500 sport 500 Global (I) MM_SA_SETUP
527928: Jul 28 07:45:12.425 EST: ISAKMP:(0:1262:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
527929: Jul 28 07:45:12.425 EST: ISAKMP:(0:1262:SW:1):Old State = IKE_I_MM3 New State = IKE_I_MM4
527930: Jul 28 07:45:12.425 EST: ISAKMP:(0:1262:SW:1): processing KE payload. message ID = 0
527931: Jul 28 07:45:12.493 EST: ISAKMP:(0:1262:SW:1): processing NONCE payload. message ID = 0
527932: Jul 28 07:45:12.493 EST: ISAKMP:(0:0:N/A:0):Looking for a matching key for XX.XX.XX.XX in default
527933: Jul 28 07:45:12.493 EST: ISAKMP:(0:0:N/A:0): : success
527934: Jul 28 07:45:12.493 EST: ISAKMP:(0:1262:SW:1):found peer pre-shared key matching XX.XX.XX.XX
527935: Jul 28 07:45:12.493 EST: ISAKMP:(0:1262:SW:1):SKEYID state generated
527936: Jul 28 07:45:12.493 EST: ISAKMP:(0:1262:SW:1): processing vendor id payload
527937: Jul 28 07:45:12.493 EST: ISAKMP:(0:1262:SW:1): vendor ID seems Unity/DPD but major 38 mismatch
527938: Jul 28 07:45:12.493 EST: ISAKMP:(0:1262:SW:1): processing vendor id payload
527939: Jul 28 07:45:12.493 EST: ISAKMP:(0:1262:SW:1): vendor ID seems Unity/DPD but major 215 mismatch
527940: Jul 28 07:45:12.493 EST: ISAKMP:(0:1262:SW:1): vendor ID is XAUTH
527941: Jul 28 07:45:12.493 EST: ISAKMP:(0:1262:SW:1): processing vendor id payload
527942: Jul 28 07:45:12.493 EST: ISAKMP:(0:1262:SW:1): vendor ID is DPD
527943: Jul 28 07:45:12.493 EST: ISAKMP:(0:1262:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
527944: Jul 28 07:45:12.493 EST: ISAKMP:(0:1262:SW:1):Old State = IKE_I_MM4 New State = IKE_I_MM4
527945: Jul 28 07:45:12.497 EST: ISAKMP:(0:1262:SW:1):Send initial contact
527946: Jul 28 07:45:12.497 EST: ISAKMP:(0:1262:SW:1):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
527947: Jul 28 07:45:12.497 EST: ISAKMP (0:134218990): ID payload
next-payload : 8
type : 1
address : YY.YY.YY.YYT
protocol : 17
port : 500
length : 12
527948: Jul 28 07:45:12.497 EST: ISAKMP:(0:1262:SW:1):Total payload length: 12
527949: Jul 28 07:45:12.497 EST: ISAKMP:(0:1262:SW:1): sending packet to XX.XX.XX.XX my_port 500 peer_port 500 (I) MM_KEY_EXCH
527950: Jul 28 07:45:12.497 EST: ISAKMP:(0:1262:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
527951: Jul 28 07:45:12.501 EST: ISAKMP:(0:1262:SW:1):Old State = IKE_I_MM4 New State = IKE_I_MM5
527952: Jul 28 07:45:12.549 EST: ISAKMP (0:134218990): received packet from XX.XX.XX.XX dport 500 sport 500 Global (I) MM_KEY_EXCH
527953: Jul 28 07:45:12.549 EST: %CRYPTO-6-IKMP_NOT_ENCRYPTED: IKE packet from XX.XX.XX.XX was not encrypted and it should've been.
Labels:
- Labels:
-
VPN
1 Reply 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-28-2016 05:45 PM
Your side seems reasonably happy. You need to ask the other end why it is complaining.
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
Customers Also Viewed These Support Documents