Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Failing Phase2 Auth - IPSec - All IPSec SA proposals foundunacceptable

Reply
Thread Tools

Failing Phase2 Auth - IPSec - All IPSec SA proposals foundunacceptable

 
 
scooter133@gmail.com
Guest
Posts: n/a
 
      11-27-2008
I'm getting the Below Debug info when I try to Connect my Client to
the PIX 515e.

The Client is an iPhone. Seems like I have all of the Transforms in
there.

How can I trouble shoot this?

Thanks!
Scott<-



4:15:32 PM %PIX-3-713119: Group = <group>, Username = <user>, IP =
<ip>(unresolved), PHASE 1 COMPLETED
4:15:32 PM %PIX-5-713904: Group = <group>, Username = <user>, IP =
<ip>(unresolved), All IPSec SA proposals found unacceptable!
4:15:32 PM %PIX-3-713902: Group = <group>, Username = <user>, IP =
<ip>(unresolved), QM FSM error (P2 struct &0x2452b08, mess id
0x9193376c)!
4:15:32 PM %PIX-3-713902: Group = <group>, Username = <user>, IP =
<ip>(unresolved), Removing peer from correlator table failed, no
match!
4:15:32 PM %PIX-4-113019: Group = <group>, Username = <user>, IP =
<ip>(unresolved), Session disconnected. Session Type: IPSec, Duration:
0h:00m:00s, Bytes xmt: 0, Bytes rcv: 0, Reason: Phase 2 Mismatch
4:15:31 PM %PIX-6-713172: Group = <group>, IP = <ip>(unresolved),
Automatic NAT Detection Status: Remote end IS behind a NAT device This
end IS behind a NAT device
4:15:31 PM %PIX-6-113012: AAA user authentication Successful : local
database : user = <user>
4:15:31 PM %PIX-6-113009: AAA retrieved default group policy
(<group>) for user = <user>
4:15:31 PM %PIX-6-113008: AAA transaction status ACCEPT : user =
<user>
4:15:31 PM %PIX-5-713130: Group = <group>, Username = <user>, IP =
<ip>(unresolved), Received unsupported transaction mode attribute: 5
4:15:31 PM %PIX-6-713184: Group = <group>, Username = <user>, IP =
<ip>(unresolved), Client Type: iPhone OS Client Application Version:
2.2
4:15:31 PM %PIX-5-713131: Group = <group>, Username = <user>, IP =
<ip>(unresolved), Received unknown transaction mode attribute: 28683
4:15:31 PM %PIX-6-713228: Group = <group>, Username = <user>, IP =
<ip>(unresolved), Assigned private IP address <IpSecIP>(unresolved) to
remote user
 
Reply With Quote
 
 
 
 
News Reader
Guest
Posts: n/a
 
      11-27-2008
http://www.velocityreviews.com/forums/(E-Mail Removed) wrote:
> I'm getting the Below Debug info when I try to Connect my Client to
> the PIX 515e.
>
> The Client is an iPhone. Seems like I have all of the Transforms in
> there.
>
> How can I trouble shoot this?
>
> Thanks!
> Scott<-
>
>
>
> 4:15:32 PM %PIX-3-713119: Group = <group>, Username = <user>, IP =
> <ip>(unresolved), PHASE 1 COMPLETED
> 4:15:32 PM %PIX-5-713904: Group = <group>, Username = <user>, IP =
> <ip>(unresolved), All IPSec SA proposals found unacceptable!
> 4:15:32 PM %PIX-3-713902: Group = <group>, Username = <user>, IP =
> <ip>(unresolved), QM FSM error (P2 struct &0x2452b08, mess id
> 0x9193376c)!
> 4:15:32 PM %PIX-3-713902: Group = <group>, Username = <user>, IP =
> <ip>(unresolved), Removing peer from correlator table failed, no
> match!
> 4:15:32 PM %PIX-4-113019: Group = <group>, Username = <user>, IP =
> <ip>(unresolved), Session disconnected. Session Type: IPSec, Duration:
> 0h:00m:00s, Bytes xmt: 0, Bytes rcv: 0, Reason: Phase 2 Mismatch
> 4:15:31 PM %PIX-6-713172: Group = <group>, IP = <ip>(unresolved),
> Automatic NAT Detection Status: Remote end IS behind a NAT device This
> end IS behind a NAT device
> 4:15:31 PM %PIX-6-113012: AAA user authentication Successful : local
> database : user = <user>
> 4:15:31 PM %PIX-6-113009: AAA retrieved default group policy
> (<group>) for user = <user>
> 4:15:31 PM %PIX-6-113008: AAA transaction status ACCEPT : user =
> <user>
> 4:15:31 PM %PIX-5-713130: Group = <group>, Username = <user>, IP =
> <ip>(unresolved), Received unsupported transaction mode attribute: 5
> 4:15:31 PM %PIX-6-713184: Group = <group>, Username = <user>, IP =
> <ip>(unresolved), Client Type: iPhone OS Client Application Version:
> 2.2
> 4:15:31 PM %PIX-5-713131: Group = <group>, Username = <user>, IP =
> <ip>(unresolved), Received unknown transaction mode attribute: 28683
> 4:15:31 PM %PIX-6-713228: Group = <group>, Username = <user>, IP =
> <ip>(unresolved), Assigned private IP address <IpSecIP>(unresolved) to
> remote user


Did a quick search on Google for the term "iphone ipsec transforms" and
received plenty of results.

The first link looked interesting in terms of identifying transform
limitations of the iPhone:

http://www.networkworld.com/community/node/23023

Perhaps you'll find what you are looking for in that document, or one of
the others within the search results.

Best Regards,
News Reader
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
IOS + OpenSWAN Phase2 problems whitemice Cisco 0 01-30-2009 10:03 PM
windows auth and forms auth Smokey Grindle ASP .Net 1 06-08-2006 03:14 PM
Windows Auth, but Forms Auth for one page? =?Utf-8?B?ZGhucml2ZXJzaWRl?= ASP .Net 1 01-08-2005 05:50 PM
Configuring Windows Auth & Forms Auth in Asp.Net =?Utf-8?B?Q2hyaXMgTW9oYW4=?= ASP .Net 0 04-28-2004 06:11 PM
container-auth vs servlet-auth role-checking? Mark Chai Java 1 10-01-2003 06:30 PM



Advertisments