VPN na 881 nie zestawia się

Problemy związane z routingiem
ODPOWIEDZ
Wiadomość
Autor
pkurzak
member
member
Posty: 17
Rejestracja: 01 lis 2007, 17:30

VPN na 881 nie zestawia się

#1

#1 Post autor: pkurzak »

Witam wszystkich,

W dwóch różnych lokalizacjach mam dwa identyczne routery 881 z identyczną konfiguracją (za wyjątkiem adresacji). W obu lokalizacjach internet dostarcza Orange (DSL). W jednej z lokalizacji VPN działa bez żadnego problemu, w drugiej walczę już drugi dzień a efekty żadne. Debug pokazuje błędy, ale zupełnie nie rozumiem skąd się biorą. Gdyby ktoś mógł rzucić na to okiem:

Kod: Zaznacz cały

R1#sh  ver

Cisco IOS Software, C880 Software (C880DATA-UNIVERSALK9-M), Version 15.3(3)M2, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Thu 30-Jan-14 02:35 by prod_rel_team

ROM: System Bootstrap, Version 12.4(22r)YB5, RELEASE SOFTWARE (fc1)

R1 uptime is 4 hours, 31 minutes
System returned to ROM by power-on
System restarted at 08:55:25 CET Tue May 6 2014
System image file is "flash:c880data-universalk9-mz.153-3.M2.bin"
Last reload type: Normal Reload
Last reload reason: power-on



This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco 881 (MPC8300) processor (revision 1.0) with 236544K/25600K bytes of memory.
Processor board ID FCZ181590H6

5 FastEthernet interfaces
1 Virtual Private Network (VPN) Module
256K bytes of non-volatile configuration memory.
125496K bytes of ATA CompactFlash (Read/Write)


License Info:

License UDI:

-------------------------------------------------
Device#   PID                   SN
-------------------------------------------------
*0        CISCO881-K9           XXXXXXXX



License Information for 'c880-data'
    License Level: advsecurity   Type: Permanent
    Next reboot license Level: advsecurity


Configuration register is 0x2102

Kod: Zaznacz cały

R1#sh run
Building configuration...

Current configuration : 8027 bytes
!
! Last configuration change at 13:16:41 CET Tue May 6 2014 by 
! NVRAM config last updated at 13:16:50 CET Tue May 6 2014 by 
! NVRAM config last updated at 13:16:50 CET Tue May 6 2014 by 
version 15.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone year
service timestamps log datetime msec localtime show-timezone year
service password-encryption
service sequence-numbers
!
hostname ACFlr-R1
!
boot-start-marker
boot-end-marker
!
!
logging buffered 64000
enable secret 5 XXXXXXXXXXXXXXXXXXXXXXXXXXXX
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization network ACFlr_RVPN local
!
!
!
!
!
aaa session-id common
memory-size iomem 10
clock timezone CET 1 0
clock summer-time CET recurring last Sun Mar 2:00 last Sun Oct 3:00
!
crypto pki trustpoint ACFlr-R1-self-signed
 enrollment selfsigned
 serial-number
 subject-name cn=IOS-Self-Signed-Certificate-ACFlr-R1
 revocation-check none
 rsakeypair ACFlr-R1-self-signed-certificate
!
!
crypto pki certificate chain ACFlr-R1-self-signed
 certificate self-signed 01
 aaaaaaaa bbbbbbbb
        quit
no ip source-route
no ip gratuitous-arps
!
!
!
ip dhcp excluded-address 192.168.39.1 192.168.39.200
ip dhcp excluded-address 192.168.39.221 192.168.39.254
!
ip dhcp pool 192.168.39.0/24
 network 192.168.39.0 255.255.255.0
 default-router 192.168.39.1
 dns-server 194.204.159.1 194.204.152.34
!
!
!
no ip bootp server
no ip domain lookup
ip domain name ACFlr.local
ip cef
login block-for 60 attempts 5 within 60
login delay 8
login quiet-mode access-class LOGIN_ACL
login on-failure log
login on-success log
no ipv6 cef
!
!
license udi pid CISCO881-K9 sn XXXXXXXXXXXXXXXXX
!
!
archive
 log config
  hidekeys
file verify auto
username QQQQQQQQQQQ privilege 15 password 7 PPPPPPPPPPPPPPP
!
!
!
!
!
no ip ftp passive
ip ssh time-out 10
ip ssh logging events
ip ssh version 2
!
crypto logging session
crypto logging ezvpn
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
crypto isakmp keepalive 10 3 periodic
!
crypto isakmp client configuration group RVPN_GROUP
 key YYYYYYYYYYYYY
 pool RVPN_POOL
 acl RVPN_ACL
 max-users 30
 netmask 255.255.255.0
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
 mode tunnel
!
!
!
crypto dynamic-map RVPN_MAP 10
 set transform-set ESP-3DES-SHA
 reverse-route
!
!
crypto map ClientMap client authentication list default
crypto map ClientMap isakmp authorization list ACFlr_RVPN
crypto map ClientMap client configuration address respond
crypto map ClientMap 10 ipsec-isakmp dynamic RVPN_MAP
!
!
!
!
!
interface FastEthernet0
 switchport access vlan 39
 no ip address
 no cdp enable
!
interface FastEthernet1
 switchport access vlan 39
 no ip address
 no cdp enable
!
interface FastEthernet2
 switchport access vlan 39
 no ip address
 no cdp enable
!
interface FastEthernet3
 switchport access vlan 39
 no ip address
 no cdp enable
!
interface FastEthernet4
 description WAN
 ip address 83.14.xx.yy 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly in
 no ip route-cache
 duplex auto
 speed auto
 no cdp enable
 crypto map ClientMap
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan39
 description LAN
 ip address 192.168.39.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly in
!
ip local pool RVPN_POOL 192.168.139.2 192.168.139.30
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list NAT_ACL interface FastEthernet4 overload
ip nat inside source static tcp 192.168.39.5 3389 83.14.xx.yy 13389 extendable
ip nat inside source static udp 192.168.39.5 3389 83.14.xx.yy 13389 extendable
ip route 0.0.0.0 0.0.0.0 83.14.xx.zz
!
ip access-list extended LOGIN_ACL
 remark Lista do Quiet-Mode
 permit ip 192.168.139.0 0.0.0.255 any
 permit ip 192.168.39.0 0.0.0.255 any
ip access-list extended NAT_ACL
 remark Lista do NAT
 deny   ip 192.168.39.0 0.0.0.255 192.168.139.0 0.0.0.255
 permit ip 192.168.39.0 0.0.0.255 any
ip access-list extended RVPN_ACL
 remark Lista do Remote VPN
 permit ip 192.168.39.0 0.0.0.255 192.168.139.0 0.0.0.255
!
logging trap debugging
logging host 192.168.39.5
no cdp run
!
!
!
!
banner login ^CC
-------------
W A R N I N G
-------------
^C
!
line con 0
 exec-timeout 5 0
 password 7 XXXXXXXXXXXXXXX
 no modem enable
line aux 0
 exec-timeout 0 1
 no exec
line vty 0 4
 transport input ssh
line vty 5 15
 transport input ssh
!
scheduler max-task-time 5000
ntp server 212.244.36.227
ntp server 212.244.36.228
ntp server 131.107.13.100
!
end

Kod: Zaznacz cały

R1#terminal monitor
R1#debug crypto isakmp
Crypto ISAKMP debugging is on
R1#
000414: May  6 2014 13:39:00.961 CET: ISAKMP (0): received packet from 83.144.xx.xx dport 500 sport 59629 Global (N) NEW SA
000415: May  6 2014 13:39:00.965 CET: ISAKMP: Created a peer struct for 83.144.xx.xx, peer port 59629
000416: May  6 2014 13:39:00.965 CET: ISAKMP: New peer created peer = 0x89722D3C peer_handle = 0x80000009
000417: May  6 2014 13:39:00.965 CET: ISAKMP: Locking peer struct 0x89722D3C, refcount 1 for crypto_isakmp_process_block
000418: May  6 2014 13:39:00.965 CET: ISAKMP:(0):Setting client config settings 867B6E18
000419: May  6 2014 13:39:00.965 CET: ISAKMP:(0):(Re)Setting client xauth list  and state
000420: May  6 2014 13:39:00.965 CET: ISAKMP/xauth: initializing AAA request
000421: May  6 2014 13:39:00.965 CET: ISAKMP: local port 500, remote port 59629
000422: May  6 2014 13:39:00.965 CET: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 8935FAC8
000423: May  6 2014 13:39:00.965 CET: ISAKMP:(0): processing SA payload. message ID = 0
000424: May  6 2014 13:39:00.965 CET: ISAKMP:(0): processing ID payload. message ID = 0
000425: May  6 2014 13:39:00.965 CET: ISAKMP (0): ID payload
        next-payload : 13
        type         : 11
        group id     : RVPN_GROUP
        protocol     : 17
        port         : 500
        length       : 18
000426: May  6 2014 13:39:00.965 CET: ISAKMP:(0):: peer matches *none* of the profiles
000427: May  6 2014 13:39:00.965 CET: ISAKMP:(0): processing vendor id payload
000428: May  6 2014 13:39:00.965 CET: ISAKMP:(0): vendor ID seems Unity/DPD but major 215 mismatch
000429: May  6 2014 13:39:00.965 CET: ISAKMP:(0): vendor ID is XAUTH
000430: May  6 2014 13:39:00.965 CET: ISAKMP:(0): processing vendor id payload
000431: May  6 2014 13:39:00.965 CET: ISAKMP:(0): vendor ID is DPD
000432: May  6 2014 13:39:00.965 CET: ISAKMP:(0): processing vendor id payload
000433: May  6 2014 13:39:00.965 CET: ISAKMP:(0): processing IKE frag vendor id payload
000434: May  6 2014 13:39:00.965 CET: ISAKMP:(0):Support for IKE Fragmentation not enabled
000435: May  6 2014 13:39:00.965 CET: ISAKMP:(0): processing vendor id payload
000436: May  6 2014 13:39:00.965 CET: ISAKMP:(0): vendor ID seems Unity/DPD but major 123 mismatch
000437: May  6 2014 13:39:00.965 CET: ISAKMP:(0): vendor ID is NAT-T v2
000438: May  6 2014 13:39:00.965 CET: ISAKMP:(0): processing vendor id payload
000439: May  6 2014 13:39:00.965 CET: ISAKMP:(0): vendor ID is Unity
000440: May  6 2014 13:39:00.965 CET: ISAKMP:(0): Authentication by xauth preshared
000441: May  6 2014 13:39:00.965 CET: ISAKMP:(0):Checking ISAKMP transform 1 against priority 1 policy
000442: May  6 2014 13:39:00.965 CET: ISAKMP:      encryption AES-CBC
000443: May  6 2014 13:39:00.965 CET: ISAKMP:      hash SHA
000444: May  6 2014 13:39:00.965 CET: ISAKMP:      default group 2
000445: May  6 2014 13:39:00.965 CET: ISAKMP:      auth XAUTHInitPreShared
000446: May  6 2014 13:39:00.965 CET: ISAKMP:      life type in seconds
000447: May  6 2014 13:39:00.965 CET: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
000448: May  6 2014 13:39:00.965 CET: ISAKMP:      keylength of 256
000449: May  6 2014 13:39:00.965 CET: ISAKMP:(0):Encryption algorithm offered does not match policy!
000450: May  6 2014 13:39:00.965 CET: ISAKMP:(0):atts are not acceptable. Next payload is 3
000451: May  6 2014 13:39:00.965 CET: ISAKMP:(0):Checking ISAKMP transform 2 against priority 1 policy
000452: May  6 2014 13:39:00.965 CET: ISAKMP:      encryption AES-CBC
000453: May  6 2014 13:39:00.965 CET: ISAKMP:      hash MD5
000454: May  6 2014 13:39:00.965 CET: ISAKMP:      default group 2
000455: May  6 2014 13:39:00.965 CET: ISAKMP:      auth XAUTHInitPreShared
000456: May  6 2014 13:39:00.969 CET: ISAKMP:      life type in seconds
000457: May  6 2014 13:39:00.969 CET: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
000458: May  6 2014 13:39:00.969 CET: ISAKMP:      keylength of 256
000459: May  6 2014 13:39:00.969 CET: ISAKMP:(0):Encryption algorithm offered does not match policy!
000460: May  6 2014 13:39:00.969 CET: ISAKMP:(0):atts are not acceptable. Next payload is 3
000461: May  6 2014 13:39:00.969 CET: ISAKMP:(0):Checking ISAKMP transform 3 against priority 1 policy
000462: May  6 2014 13:39:00.969 CET: ISAKMP:      encryption AES-CBC
000463: May  6 2014 13:39:00.969 CET: ISAKMP:      hash SHA
000464: May  6 2014 13:39:00.969 CET: ISAKMP:      default group 2
000465: May  6 2014 13:39:00.969 CET: ISAKMP:      auth pre-share
000466: May  6 2014 13:39:00.969 CET: ISAKMP:      life type in seconds
000467: May  6 2014 13:39:00.969 CET: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
000468: May  6 2014 13:39:00.969 CET: ISAKMP:      keylength of 256
000469: May  6 2014 13:39:00.969 CET: ISAKMP:(0):Encryption algorithm offered does not match policy!
000470: May  6 2014 13:39:00.969 CET: ISAKMP:(0):atts are not acceptable. Next payload is 3
000471: May  6 2014 13:39:00.969 CET: ISAKMP:(0):Checking ISAKMP transform 4 against priority 1 policy
000472: May  6 2014 13:39:00.969 CET: ISAKMP:      encryption AES-CBC
000473: May  6 2014 13:39:00.969 CET: ISAKMP:      hash MD5
000474: May  6 2014 13:39:00.969 CET: ISAKMP:      default group 2
000475: May  6 2014 13:39:00.969 CET: ISAKMP:      auth pre-share
000476: May  6 2014 13:39:00.969 CET: ISAKMP:      life type in seconds
000477: May  6 2014 13:39:00.969 CET: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
000478: May  6 2014 13:39:00.969 CET: ISAKMP:      keylength of 256
000479: May  6 2014 13:39:00.969 CET: ISAKMP:(0):Encryption algorithm offered does not match policy!
000480: May  6 2014 13:39:00.969 CET: ISAKMP:(0):atts are not acceptable. Next payload is 3
000481: May  6 2014 13:39:00.969 CET: ISAKMP:(0):Checking ISAKMP transform 5 against priority 1 policy
000482: May  6 2014 13:39:00.969 CET: ISAKMP:      encryption AES-CBC
000483: May  6 2014 13:39:00.969 CET: ISAKMP:      hash SHA
000484: May  6 2014 13:39:00.969 CET: ISAKMP:      default group 2
000485: May  6 2014 13:39:00.969 CET: ISAKMP:      auth XAUTHInitPreShared
000486: May  6 2014 13:39:00.969 CET: ISAKMP:      life type in seconds
000487: May  6 2014 13:39:00.969 CET: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
000488: May  6 2014 13:39:00.969 CET: ISAKMP:      keylength of 128
000489: May  6 2014 13:39:00.969 CET: ISAKMP:(0):Encryption algorithm offered does not match policy!
000490: May  6 2014 13:39:00.969 CET: ISAKMP:(0):atts are not acceptable. Next payload is 3
000491: May  6 2014 13:39:00.969 CET: ISAKMP:(0):Checking ISAKMP transform 6 against priority 1 policy
000492: May  6 2014 13:39:00.969 CET: ISAKMP:      encryption AES-CBC
000493: May  6 2014 13:39:00.969 CET: ISAKMP:      hash MD5
000494: May  6 2014 13:39:00.969 CET: ISAKMP:      default group 2
000495: May  6 2014 13:39:00.969 CET: ISAKMP:      auth XAUTHInitPreShared
000496: May  6 2014 13:39:00.969 CET: ISAKMP:      life type in seconds
000497: May  6 2014 13:39:00.969 CET: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
000498: May  6 2014 13:39:00.969 CET: ISAKMP:      keylength of 128
000499: May  6 2014 13:39:00.969 CET: ISAKMP:(0):Encryption algorithm offered does not match policy!
000500: May  6 2014 13:39:00.969 CET: ISAKMP:(0):atts are not acceptable. Next payload is 3
000501: May  6 2014 13:39:00.969 CET: ISAKMP:(0):Checking ISAKMP transform 7 against priority 1 policy
000502: May  6 2014 13:39:00.969 CET: ISAKMP:      encryption AES-CBC
000503: May  6 2014 13:39:00.969 CET: ISAKMP:      hash SHA
000504: May  6 2014 13:39:00.969 CET: ISAKMP:      default group 2
000505: May  6 2014 13:39:00.969 CET: ISAKMP:      auth pre-share
000506: May  6 2014 13:39:00.969 CET: ISAKMP:      life type in seconds
000507: May  6 2014 13:39:00.969 CET: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
000508: May  6 2014 13:39:00.969 CET: ISAKMP:      keylength of 128
000509: May  6 2014 13:39:00.969 CET: ISAKMP:(0):Encryption algorithm offered does not match policy!
000510: May  6 2014 13:39:00.969 CET: ISAKMP:(0):atts are not acceptable. Next payload is 3
000511: May  6 2014 13:39:00.969 CET: ISAKMP:(0):Checking ISAKMP transform 8 against priority 1 policy
000512: May  6 2014 13:39:00.969 CET: ISAKMP:      encryption AES-CBC
000513: May  6 2014 13:39:00.969 CET: ISAKMP:      hash MD5
000514: May  6 2014 13:39:00.969 CET: ISAKMP:      default group 2
000515: May  6 2014 13:39:00.969 CET: ISAKMP:      auth pre-share
000516: May  6 2014 13:39:00.969 CET: ISAKMP:      life type in seconds
000517: May  6 2014 13:39:00.969 CET: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
000518: May  6 2014 13:39:00.969 CET: ISAKMP:      keylength of 128
000519: May  6 2014 13:39:00.969 CET: ISAKMP:(0):Encryption algorithm offered does not match policy!
000520: May  6 2014 13:39:00.969 CET: ISAKMP:(0):atts are not acceptable. Next payload is 3
000521: May  6 2014 13:39:00.969 CET: ISAKMP:(0):Checking ISAKMP transform 9 against priority 1 policy
000522: May  6 2014 13:39:00.969 CET: ISAKMP:      encryption 3DES-CBC
000523: May  6 2014 13:39:00.969 CET: ISAKMP:      hash SHA
000524: May  6 2014 13:39:00.969 CET: ISAKMP:      default group 2
000525: May  6 2014 13:39:00.973 CET: ISAKMP:      auth XAUTHInitPreShared
000526: May  6 2014 13:39:00.973 CET: ISAKMP:      life type in seconds
000527: May  6 2014 13:39:00.973 CET: ISAKMP:      life duration (VPI) of  0x0 0x20 0xC4 0x9B
000528: May  6 2014 13:39:00.973 CET: ISAKMP:(0):atts are acceptable. Next payload is 3
000529: May  6 2014 13:39:00.973 CET: ISAKMP:(0):Acceptable atts:actual life: 86400
000530: May  6 2014 13:39:00.973 CET: ISAKMP:(0):Acceptable atts:life: 0
000531: May  6 2014 13:39:00.973 CET: ISAKMP:(0):Fill atts in sa vpi_length:4
000532: May  6 2014 13:39:00.973 CET: ISAKMP:(0):Fill atts in sa life_in_seconds:2147483
000533: May  6 2014 13:39:00.973 CET: ISAKMP:(0):Returning Actual lifetime: 86400
000534: May  6 2014 13:39:00.973 CET: ISAKMP:(0)::Started lifetime timer: 86400.

000535: May  6 2014 13:39:00.973 CET: ISAKMP:(0): processing KE payload. message ID = 0
000536: May  6 2014 13:39:01.005 CET: ISAKMP:(0): processing NONCE payload. message ID = 0
000537: May  6 2014 13:39:01.005 CET: ISAKMP:(0): vendor ID is NAT-T v2
000538: May  6 2014 13:39:01.005 CET: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH
000539: May  6 2014 13:39:01.005 CET: ISAKMP:(0):Old State = IKE_READY  New State = IKE_R_AM_AAA_AWAIT

000540: May  6 2014 13:39:01.005 CET: ISAKMP:(2008): constructed NAT-T vendor-02 ID
000541: May  6 2014 13:39:01.005 CET: ISAKMP:(2008):SA is doing pre-shared key authentication plus XAUTH using id type ID_IPV4_ADDR
000542: May  6 2014 13:39:01.005 CET: ISAKMP (2008): ID payload
        next-payload : 10
        type         : 1
        address      : 83.14.yy.yy
        protocol     : 0
        port         : 0
        length       : 12
000543: May  6 2014 13:39:01.009 CET: ISAKMP:(2008):Total payload length: 12
000544: May  6 2014 13:39:01.009 CET: ISAKMP:(2008): sending packet to 83.144.xx.xx my_port 500 peer_port 59629 (R) AG_INIT_EXCH
000545: May  6 2014 13:39:01.009 CET: ISAKMP:(2008):Sending an IKE IPv4 Packet.
000546: May  6 2014 13:39:01.009 CET: ISAKMP:(2008):Input = IKE_MESG_FROM_AAA, PRESHARED_KEY_REPLY
000547: May  6 2014 13:39:01.009 CET: ISAKMP:(2008):Old State = IKE_R_AM_AAA_AWAIT  New State = IKE_R_AM2

000548: May  6 2014 13:39:11.009 CET: ISAKMP:(2008): retransmitting phase 1 AG_INIT_EXCH...
000549: May  6 2014 13:39:11.009 CET: ISAKMP (2008): incrementing error counter on sa, attempt 1 of 5: retransmit phase 1
000550: May  6 2014 13:39:11.009 CET: ISAKMP:(2008): retransmitting phase 1 AG_INIT_EXCH
000551: May  6 2014 13:39:11.009 CET: ISAKMP:(2008): sending packet to 83.144.xx.xx my_port 500 peer_port 59629 (R) AG_INIT_EXCH
000552: May  6 2014 13:39:11.009 CET: ISAKMP:(2008):Sending an IKE IPv4 Packet.
000553: May  6 2014 13:39:21.010 CET: ISAKMP:(2008): retransmitting phase 1 AG_INIT_EXCH...
000554: May  6 2014 13:39:21.010 CET: ISAKMP (2008): incrementing error counter on sa, attempt 2 of 5: retransmit phase 1
000555: May  6 2014 13:39:21.010 CET: ISAKMP:(2008): retransmitting phase 1 AG_INIT_EXCH
000556: May  6 2014 13:39:21.010 CET: ISAKMP:(2008): sending packet to 83.144.xx.xx my_port 500 peer_port 59629 (R) AG_INIT_EXCH
000557: May  6 2014 13:39:21.010 CET: ISAKMP:(2008):Sending an IKE IPv4 Packet.
000558: May  6 2014 13:39:31.010 CET: ISAKMP:(2008): retransmitting phase 1 AG_INIT_EXCH...
000559: May  6 2014 13:39:31.010 CET: ISAKMP (2008): incrementing error counter on sa, attempt 3 of 5: retransmit phase 1
000560: May  6 2014 13:39:31.010 CET: ISAKMP:(2008): retransmitting phase 1 AG_INIT_EXCH
000561: May  6 2014 13:39:31.010 CET: ISAKMP:(2008): sending packet to 83.144.xx.xx my_port 500 peer_port 59629 (R) AG_INIT_EXCH
000562: May  6 2014 13:39:31.010 CET: ISAKMP:(2008):Sending an IKE IPv4 Packet.
000563: May  6 2014 13:39:32.698 CET: ISAKMP:(2007):purging SA., sa=8965C890, delme=8965C890
000564: May  6 2014 13:39:41.011 CET: ISAKMP:(2008): retransmitting phase 1 AG_INIT_EXCH...
000565: May  6 2014 13:39:41.011 CET: ISAKMP (2008): incrementing error counter on sa, attempt 4 of 5: retransmit phase 1
000566: May  6 2014 13:39:41.011 CET: ISAKMP:(2008): retransmitting phase 1 AG_INIT_EXCH
000567: May  6 2014 13:39:41.011 CET: ISAKMP:(2008): sending packet to 83.144.xx.xx my_port 500 peer_port 59629 (R) AG_INIT_EXCH
000568: May  6 2014 13:39:41.011 CET: ISAKMP:(2008):Sending an IKE IPv4 Packet.
000569: May  6 2014 13:39:51.011 CET: ISAKMP:(2008): retransmitting phase 1 AG_INIT_EXCH...
000570: May  6 2014 13:39:51.011 CET: ISAKMP (2008): incrementing error counter on sa, attempt 5 of 5: retransmit phase 1
000571: May  6 2014 13:39:51.011 CET: ISAKMP:(2008): retransmitting phase 1 AG_INIT_EXCH
000572: May  6 2014 13:39:51.011 CET: ISAKMP:(2008): sending packet to 83.144.xx.xx my_port 500 peer_port 59629 (R) AG_INIT_EXCH
000573: May  6 2014 13:39:51.011 CET: ISAKMP:(2008):Sending an IKE IPv4 Packet.
000574: May  6 2014 13:40:01.011 CET: ISAKMP:(2008): retransmitting phase 1 AG_INIT_EXCH...
000575: May  6 2014 13:40:01.011 CET: ISAKMP:(2008):peer does not do paranoid keepalives.

000576: May  6 2014 13:40:01.011 CET: ISAKMP:(2008):deleting SA reason "Death by retransmission P1" state (R) AG_INIT_EXCH (peer 83.144.xx.xx)
000577: May  6 2014 13:40:01.011 CET: ISAKMP:(2008):deleting SA reason "Death by retransmission P1" state (R) AG_INIT_EXCH (peer 83.144.xx.xx)
000578: May  6 2014 13:40:01.011 CET: ISAKMP: Unlocking peer struct 0x89722D3C for isadb_mark_sa_deleted(), count 0
000579: May  6 2014 13:40:01.011 CET: ISAKMP: Deleting peer node by peer_reap for 83.144.xx.xx: 89722D3C
000580: May  6 2014 13:40:01.011 CET: %CRYPTO-5-IKMP_SETUP_FAILURE: IKE SETUP FAILED for local:83.144.xx.xx local_id:83.144.xx.xx remote:83.14.yy.yy remote_id:83.14.yy.yy IKE profile:None fvrf:None fail_reason:Peer lost fail_class_cnt:1
000581: May  6 2014 13:40:01.011 CET: ISAKMP:(2008):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
000582: May  6 2014 13:40:01.011 CET: ISAKMP:(2008):Old State = IKE_R_AM2  New State = IKE_DEST_SA

000583: May  6 2014 13:41:01.014 CET: ISAKMP:(2008):purging SA., sa=8935FAC8, delme=8935FAC8
Na górę
Awatar użytkownika
frontier
wannabe
wannabe
Posty: 1861
Rejestracja: 16 lis 2004, 13:55
Lokalizacja: Edinburgh

#2

#2 Post autor: frontier »

Moze ISP blokuje? Spróbuj przelaczyc na IPSec over TCP

Klik!
Jeden konfig wart więcej niż tysiąc słów
Na górę
pkurzak
member
member
Posty: 17
Rejestracja: 01 lis 2007, 17:30

#3

#3 Post autor: pkurzak »

frontier pisze:Moze ISP blokuje?
To raczej niemożliwe. Jak już wspomniałem, to jest usługa Internet DSL z Orange, a tam żadnych blokad nie ma.
Na górę
Awatar użytkownika
frontier
wannabe
wannabe
Posty: 1861
Rejestracja: 16 lis 2004, 13:55
Lokalizacja: Edinburgh

#4

#4 Post autor: frontier »

Ja bym zrobil debug i packet capture na kliencie.
Jeden konfig wart więcej niż tysiąc słów
Na górę
ODPOWIEDZ

Wróć do „Routing”