Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Apple iPhone + Cisco PIX

Reply
Thread Tools

Apple iPhone + Cisco PIX

 
 
amattina@layer8group.com
Guest
Posts: n/a
 
      01-15-2008
After much searching and testing and debugging, I'm asking IF the
iPhone can do an L2TP tunnel to a Cisco PIX. I can get IKE done but
then the PIX decides it wants to do IPSEC for the rest. The phone
doesn't seem to support IPSEC. I found this out after going through
the pix wizard to see if I missed anything obvious. The wizard states
that "The PIX does not support native L2TP itself. It has to be used
with IPSec." My debug is below...thoughts would be appreciated! I
know this works with ASAs and 3000 VPN concentrators as there are
descriptions of the phone working with those. Thanks!

----
crypto_isakmp_process_block:src:32.142.139.86, dest:74.41.88.210 spt:
500 dpt:500
OAK_MM exchange
ISAKMP (0): processing SA payload. message ID = 0

ISAKMP (0): Checking ISAKMP transform 1 against priority 10 policy
ISAKMP: life type in seconds
ISAKMP: life duration (basic) of 3600
ISAKMP: encryption 3DES-CBC
ISAKMP: auth pre-share
ISAKMP: hash SHA
ISAKMP: default group 2
ISAKMP (0): atts are acceptable. Next payload is 0
ISAKMP (0): processing vendor id payload

ISAKMP (0): processing vendor id payload

ISAKMP (0): processing vendor id payload

ISAKMP (0): processing vendor id payload

ISAKMP (0): processing vendor id payload

ISAKMP (0): processing vendor id payload

ISAKMP (0): processing vendor id payload

ISAKMP (0): processing vendor id payload

ISAKMP (0:0): vendor ID is NAT-T
ISAKMP (0): processing vendor id payload

ISAKMP (0): processing vendor id payload

ISAKMP (0:0): vendor ID is NAT-T
ISAKMP (0): processing vendor id payload

ISAKMP (0): remote peer supports dead peer detection

ISAKMP (0): SA is doing pre-shared key authentication using id type
ID_IPV4_ADDR
ISAKMP (0:0): sending NAT-T vendor ID - rev 2 & 3
ISAKMP (0:0): Detected port floating
return status is IKMP_NO_ERROR
crypto_isakmp_process_block:src:32.142.139.86, dest:74.41.88.210 spt:
500 dpt:500
OAK_MM exchange
ISAKMP (0): processing KE payload. message ID = 0

ISAKMP (0): processing NONCE payload. message ID = 0

ISAKMP (0:0): Detected NAT-D payload
ISAKMP (0:0): NAT match MINE hash
ISAKMP (0:0): Detected NAT-D payload
ISAKMP (0:0): NAT does not match HIS hash
hash received: 59 f7 2b ee da 61 d5 67 5a ef cf ba 0 b5 cf 98 10 93 7e
99
his nat hash : 8e 89 75 24 4e 80 32 62 cc 1d fb 6 71 b8 fc f5 e7 31 2c
46
ISAKMP (0:0): constructed HIS NAT-D
ISAKMP (0:0): constructed MINE NAT-D
return status is IKMP_NO_ERROR
crypto_isakmp_process_block:src:32.142.139.86, dest:74.41.88.210 spt:
4500 dpt:4500
OAK_MM exchange
ISAKMP (0): processing ID payload. message ID = 0
ISAKMP (0): processing HASH payload. message ID = 0
ISAKMP (0): SA has been authenticated

ISAKMP (0): ID payload
next-payload : 8
type : 1
protocol : 17
port : 0
length : 8
ISAKMP (0): Total payload length: 12
return status is IKMP_NO_ERROR
VPN Peer: ISAKMP: Peer ip:32.142.139.86/4500 Ref cnt incremented to:2
Total VPN Peers:2
crypto_isakmp_process_block:src:32.142.139.86, dest:74.41.88.210 spt:
4500 dpt:4500
ISAKMP (0): processing NOTIFY payload 24578 protocol 1
spi 0, message ID = 3825114823
ISAKMP (0): processing notify INITIAL_CONTACT
ISAKMP (0): deleting SA: src 32.142.139.86, dst 74.41.88.210
ISADB: reaper checking SA 0xb7d064, conn_id = 0 DELETE IT!

VPN Peer: ISAKMP: Peer ip:32.142.139.86/4500 Ref cnt decremented to:1
Total VPN Peers:2
ISADB: reaper checking SA 0xad9e04, conn_id = 0
ISADB: reaper checking SA 0xb7db04, conn_id = 0
return status is IKMP_NO_ERR_NO_TRANS
ISADB: reaper checking SA 0xad9e04, conn_id = 0
ISADB: reaper checking SA 0xb7db04, conn_id = 0
crypto_isakmp_process_block:src:32.142.139.86, dest:74.41.88.210 spt:
4500 dpt:4500
OAK_QM exchange
oakley_process_quick_mode:
OAK_QM_IDLE
ISAKMP (0): processing SA payload. message ID = 3185697016

ISAKMP : Checking IPSec proposal 1

ISAKMP: transform 1, ESP_AES
ISAKMP: attributes in transform:
ISAKMP: SA life type in seconds
ISAKMP: SA life duration (basic) of 3600
ISAKMP: encaps is 61444
ISAKMP: key length is 128
ISAKMP: authenticator is HMAC-SHA
ISAKMP (0): atts not acceptable. Next payload is 3
ISAKMP: transform 2, ESP_AES
ISAKMP: attributes in transform:
ISAKMP: SA life type in seconds
ISAKMP: SA life duration (basic) of 3600
ISAKMP: encaps is 61444
ISAKMP: key length is 128
ISAKMP: authenticator is HMAC-MD5
ISAKMP (0): atts not acceptable. Next payload is 3
ISAKMP: transform 3, ESP_3DES
ISAKMP: attributes in transform:
ISAKMP: SA life type in seconds
ISAKMP: SA life duration (basic) of 3600
ISAKMP: encaps is 61444
ISAKMP: authenticator is HMAC-SHA
ISAKMP (0): atts not acceptable. Next payload is 3
ISAKMP: transform 4, ESP_3DES
ISAKMP: attributes in transform:
ISAKMP: SA life type in seconds
ISAKMP: SA life duration (basic) of 3600
ISAKMP: encaps is 61444
ISAKMP: authenticator is HMAC-MD5
ISAKMP (0): atts not acceptable. Next payload is 0
ISAKMP (0): SA not acceptable!
ISAKMP (0): sending NOTIFY message 14 protocol 0
return status is IKMP_ERR_NO_RETRANS
crypto_isakmp_process_block:src:32.142.139.86, dest:74.41.88.210 spt:
4500 dpt:4500
ISAKMP: phase 2 packet is a duplicate of a previous packet
ISAKMP: resending last response
crypto_isakmp_process_block:src:32.142.139.86, dest:74.41.88.210 spt:
4500 dpt:4500
ISAKMP: phase 2 packet is a duplicate of a previous packet
crypto_isakmp_process_block:src:32.142.139.86, dest:74.41.88.210 spt:
4500 dpt:4500
ISAKMP: phase 2 packet is a duplicate of a previous packet
ISAKMP: resending last response
crypto_isakmp_process_block:src:32.142.139.86, dest:74.41.88.210 spt:
4500 dpt:4500
ISAKMP: phase 2 packet is a duplicate of a previous packet
crypto_isakmp_process_block:src:32.142.139.86, dest:74.41.88.210 spt:
4500 dpt:4500
OAK_QM exchange
oakley_process_quick_mode:
OAK_QM_IDLE
ISAKMP (0): processing SA payload. message ID = 2638162007

ISAKMP : Checking IPSec proposal 1

ISAKMP: transform 1, ESP_AES
ISAKMP: attributes in transform:
ISAKMP: SA life type in seconds
ISAKMP: SA life duration (basic) of 3600
ISAKMP: encaps is 61444
ISAKMP: key length is 128
ISAKMP: authenticator is HMAC-SHA
ISAKMP (0): atts not acceptable. Next payload is 3
ISAKMP: transform 2, ESP_AES
ISAKMP: attributes in transform:
ISAKMP: SA life type in seconds
ISAKMP: SA life duration (basic) of 3600
ISAKMP: encaps is 61444
ISAKMP: key length is 128
ISAKMP: authenticator is HMAC-MD5
ISAKMP (0): atts not acceptable. Next payload is 3
ISAKMP: transform 3, ESP_3DES
ISAKMP: attributes in transform:
ISAKMP: SA life type in seconds
ISAKMP: SA life duration (basic) of 3600
ISAKMP: encaps is 61444
ISAKMP: authenticator is HMAC-SHA
ISAKMP (0): atts not acceptable. Next payload is 3
ISAKMP: transform 4, ESP_3DES
ISAKMP: attributes in transform:
ISAKMP: SA life type in seconds
ISAKMP: SA life duration (basic) of 3600
ISAKMP: encaps is 61444
ISAKMP: authenticator is HMAC-MD5
ISAKMP (0): atts not acceptable. Next payload is 0
ISAKMP (0): SA not acceptable!
ISAKMP (0): sending NOTIFY message 14 protocol 0
return status is IKMP_ERR_NO_RETRANS

---
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Advertisments