VPN problem
in [Cisco]
|
From: Ned on 29 Aug 2006 12:07 When I try to VPN into my network I am getting debug messages on my PIX: pixfirewall# pixfirewall# IPSEC(validate_proposal): invalid local address 191.196.37.5 IPSEC(validate_proposal): invalid local address 191.191.37.5 IPSEC(validate_proposal): invalid local address 191.191.37.5 IPSEC(validate_proposal): invalid local address 191.191.37.5 The address is correct in that users on the iunside can browse out from that interface and I can PING it from the outside. ( I have changed the addresses for this posting...) I also get this debug: debug crypto isakmp crypto_isakmp_process_block:src:191.191.37.35, dest:191.191.37.5 spt:13 dpt:500 OAK_AG exchange ISAKMP (0): processing SA payload. message ID = 0 ISAKMP (0): Checking ISAKMP transform 1 against priority 10 policy ISAKMP: encryption AES-CBC ISAKMP: hash SHA ISAKMP: default group 2 ISAKMP: extended auth pre-share (init) ISAKMP: life type in seconds ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b ISAKMP: keylength of 256 ISAKMP (0): atts are not acceptable. Next payload is 3 ISAKMP (0): Checking ISAKMP transform 2 against priority 10 policy ISAKMP: encryption AES-CBC ISAKMP: hash MD5 ISAKMP: default group 2 ISAKMP: extended auth pre-share (init) ISAKMP: life type in seconds ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b ISAKMP: keylength of 256 ISAKMP (0): atts are not acceptable. Next payload is 3 ************************************************* Any ideas? TIA, Ned
From: Ned on 30 Aug 2006 05:44 Ned wrote: > When I try to VPN into my network I am getting debug messages on my > PIX: > > pixfirewall# > pixfirewall# IPSEC(validate_proposal): invalid local address > 191.196.37.5 > IPSEC(validate_proposal): invalid local address 191.191.37.5 > IPSEC(validate_proposal): invalid local address 191.191.37.5 > IPSEC(validate_proposal): invalid local address 191.191.37.5 > > The address is correct in that users on the iunside can browse out from > that interface and I can PING it from the outside. ( I have changed the > addresses for this posting...) > > I also get this debug: > > debug crypto isakmp > crypto_isakmp_process_block:src:191.191.37.35, dest:191.191.37.5 spt:13 > dpt:500 > OAK_AG exchange > ISAKMP (0): processing SA payload. message ID = 0 > > ISAKMP (0): Checking ISAKMP transform 1 against priority 10 policy > ISAKMP: encryption AES-CBC > ISAKMP: hash SHA > ISAKMP: default group 2 > ISAKMP: extended auth pre-share (init) > ISAKMP: life type in seconds > ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b > ISAKMP: keylength of 256 > ISAKMP (0): atts are not acceptable. Next payload is 3 > ISAKMP (0): Checking ISAKMP transform 2 against priority 10 policy > ISAKMP: encryption AES-CBC > ISAKMP: hash MD5 > ISAKMP: default group 2 > ISAKMP: extended auth pre-share (init) > ISAKMP: life type in seconds > ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b > ISAKMP: keylength of 256 > ISAKMP (0): atts are not acceptable. Next payload is 3 > ******************************** I also get this debug output: crypto_isakmp_process_block:src:191.191.37.35, dest:191.191.37.5 spt:1027 dpt:4500 crypto_isakmp_process_block:src:191.191.37.35, dest:191.191.37.5 spt:1027 dpt:4500 ISAKMP: phase 2 packet is a duplicate of a previous packet ISAKMP: resending last response crypto_isakmp_process_block:src:191.191.37.35, dest:191.191.37.5 spt:1027 dpt:4500 ISAKMP (0): processing NOTIFY payload 11 protocol 1 spi 0, message ID = 2387466550IPSEC(key_engine): got a queue event... IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP IPSEC(key_engine_delete_sas): delete all SAs shared with 191.191.37.35 return status is IKMP_NO_ERR_NO_TRANS crypto_isakmp_process_block:src:191.191.37.35, dest:191.191.37.5 spt:1027 dpt:4500 ISAKMP: phase 2 packet is a duplicate of a previous packet ISAKMP: resending last response crypto_isakmp_process_block:src:191.191.37.35, dest:191.191.37.5 spt:1027 dpt:4500 ISAKMP (0): processing NOTIFY payload 11 protocol 1 spi 0, message ID = 1206514397IPSEC(key_engine): got a queue event... IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP IPSEC(key_engine_delete_sas): delete all SAs shared with 191.191.37.35 return status is IKMP_NO_ERR_NO_TRANS crypto_isakmp_process_block:src:191.191.37.35, dest:191.191.37.5 spt:1027 dpt:4500 ISAKMP (0): processing DELETE payload. message ID = 1118155919, spi size = 4IPSEC(key_engine): got a queue event... IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP VPN Peer: ISAKMP: Peer ip:191.191.37.35/1027 Ref cnt decremented to:0 Total VPN Peers:1 VPN Peer: ISAKMP: Deleted peer: ip:191.191.37.35/1027 Total VPN peers:0IPSEC(key_engine): got a queue event... IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP IPSEC(key_engine_delete_sas): delete all SAs shared with 191.191.37.5 > Any ideas? TIA, Ned
|
Pages: 1 Prev: %FW-3-FTP_SESSION_NOT_AUTHENTICATED Next: CISCO 851 -VPN CLIENT |