Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > pix 506E to VPN3000 cant connect

Reply
Thread Tools

pix 506E to VPN3000 cant connect

 
 
jayp_kkk
Guest
Posts: n/a
 
      06-03-2007
Guys here's the debug output im getting.. what seems to be wrong ?

ISAKMP (0:0): sending NAT-T vendor ID - rev 2 & 3
ISAKMP (0): beginning Main Mode exchange
crypto_isakmp_process_block:src:198.235.13.31, dest:203.115.153.42 spt:500
dpt:500
OAK_MM exchange
ISAKMP (0): processing SA payload. message ID = 0

ISAKMP (0): Checking ISAKMP transform 1 against priority 20 policy
ISAKMP: encryption AES-CBC
ISAKMP: keylength of 192
ISAKMP: hash SHA
ISAKMP: default group 2
ISAKMP: auth pre-share
ISAKMP: life type in seconds
ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
ISAKMP (0): atts are acceptable. Next payload is 0
ISAKMP (0): processing vendor id payload

ISAKMP (0): SA is doing pre-shared key authentication using id type
ID_IPV4_ADDR
return status is IKMP_NO_ERROR
crypto_isakmp_process_block:src:198.235.13.31, dest:203.115.153.42 spt:500
dpt:500
OAK_MM exchange
ISAKMP (0): processing KE payload. message ID = 0

ISAKMP (0): processing NONCE payload. message ID = 0

ISAKMP (0): processing vendor id payload

ISAKMP (0): processing vendor id payload

ISAKMP (0): received xauth v6 vendor id

ISAKMP (0): processing vendor id payload

ISAKMP (0): speaking to another IOS box!

ISAKMP (0): processing vendor id payload

ISAKMP (0): speaking to a VPN3000 concentrator

ISAKMP (0): ID payload
next-payload : 8
type : 1
protocol : 17
port : 500
length : 8
ISAKMP (0): Total payload length: 12
return status is IKMP_NO_ERROR
crypto_isakmp_process_block:src:198.235.13.31, dest:203.115.153.42 spt:500
dpt:500
ISAKMP: error, msg not encrypted
crypto_isakmp_process_block:src:198.235.13.31, dest:203.115.153.42 spt:500
dpt:500
ISAKMP: sa not found for ike msg

 
Reply With Quote
 
 
 
 
headsetadapter.com
Guest
Posts: n/a
 
      06-03-2007
Jayr,

Would you post a portion of your config? It looks like you didn't define
"interesting traffic" which should be encrypted ("msg not encrypted" message
at the bottom of your output).

Good luck,

Mike
CCNP, CCDP, CCSP, Cisco Voice, MCSE W2K, MCSE+I, Security+, etc.
CCIE R&S (in progress), CCIE Voice (in progress)
------
Headset Adapters for Cisco IP Phones
www.ciscoheadsetadapter.com
www.headsetadapter.com



"jayp_kkk" <u34742@uwe> wrote in message news:731eddc9e78d2@uwe...
> Guys here's the debug output im getting.. what seems to be wrong ?
>
> ISAKMP (0:0): sending NAT-T vendor ID - rev 2 & 3
> ISAKMP (0): beginning Main Mode exchange
> crypto_isakmp_process_block:src:198.235.13.31, dest:203.115.153.42 spt:500
> dpt:500
> OAK_MM exchange
> ISAKMP (0): processing SA payload. message ID = 0
>
> ISAKMP (0): Checking ISAKMP transform 1 against priority 20 policy
> ISAKMP: encryption AES-CBC
> ISAKMP: keylength of 192
> ISAKMP: hash SHA
> ISAKMP: default group 2
> ISAKMP: auth pre-share
> ISAKMP: life type in seconds
> ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
> ISAKMP (0): atts are acceptable. Next payload is 0
> ISAKMP (0): processing vendor id payload
>
> ISAKMP (0): SA is doing pre-shared key authentication using id type
> ID_IPV4_ADDR
> return status is IKMP_NO_ERROR
> crypto_isakmp_process_block:src:198.235.13.31, dest:203.115.153.42 spt:500
> dpt:500
> OAK_MM exchange
> ISAKMP (0): processing KE payload. message ID = 0
>
> ISAKMP (0): processing NONCE payload. message ID = 0
>
> ISAKMP (0): processing vendor id payload
>
> ISAKMP (0): processing vendor id payload
>
> ISAKMP (0): received xauth v6 vendor id
>
> ISAKMP (0): processing vendor id payload
>
> ISAKMP (0): speaking to another IOS box!
>
> ISAKMP (0): processing vendor id payload
>
> ISAKMP (0): speaking to a VPN3000 concentrator
>
> ISAKMP (0): ID payload
> next-payload : 8
> type : 1
> protocol : 17
> port : 500
> length : 8
> ISAKMP (0): Total payload length: 12
> return status is IKMP_NO_ERROR
> crypto_isakmp_process_block:src:198.235.13.31, dest:203.115.153.42 spt:500
> dpt:500
> ISAKMP: error, msg not encrypted
> crypto_isakmp_process_block:src:198.235.13.31, dest:203.115.153.42 spt:500
> dpt:500
> ISAKMP: sa not found for ike msg
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
cant compile on linux system.cant compile on cant compile onlinux system. Nagaraj C++ 1 03-01-2007 11:18 AM
VPN3000 v4.7 Wil Schultz Cisco 0 03-12-2005 06:25 PM
VPN on PIX 506E, only two clients can connect ChudleyDog Cisco 2 02-11-2005 02:54 PM
CISCO VPN3000 - Million Dollar Question Matthew Cisco 1 10-01-2004 04:56 AM
VPN3000, radius: error = -9 ("ENOBUFS") Dietmar Romer Cisco 0 08-02-2004 06:34 PM



Advertisments