Failing Phase2 Auth - IPSec - All IPSec SA proposals foundunacceptable

Discussion in 'Cisco' started by scooter133@gmail.com, Nov 27, 2008.

  1. Guest

    I'm getting the Below Debug info when I try to Connect my Client to
    the PIX 515e.

    The Client is an iPhone. Seems like I have all of the Transforms in
    there.

    How can I trouble shoot this?

    Thanks!
    Scott<-



    4:15:32 PM %PIX-3-713119: Group = <group>, Username = <user>, IP =
    <ip>(unresolved), PHASE 1 COMPLETED
    4:15:32 PM %PIX-5-713904: Group = <group>, Username = <user>, IP =
    <ip>(unresolved), All IPSec SA proposals found unacceptable!
    4:15:32 PM %PIX-3-713902: Group = <group>, Username = <user>, IP =
    <ip>(unresolved), QM FSM error (P2 struct &0x2452b08, mess id
    0x9193376c)!
    4:15:32 PM %PIX-3-713902: Group = <group>, Username = <user>, IP =
    <ip>(unresolved), Removing peer from correlator table failed, no
    match!
    4:15:32 PM %PIX-4-113019: Group = <group>, Username = <user>, IP =
    <ip>(unresolved), Session disconnected. Session Type: IPSec, Duration:
    0h:00m:00s, Bytes xmt: 0, Bytes rcv: 0, Reason: Phase 2 Mismatch
    4:15:31 PM %PIX-6-713172: Group = <group>, IP = <ip>(unresolved),
    Automatic NAT Detection Status: Remote end IS behind a NAT device This
    end IS behind a NAT device
    4:15:31 PM %PIX-6-113012: AAA user authentication Successful : local
    database : user = <user>
    4:15:31 PM %PIX-6-113009: AAA retrieved default group policy
    (<group>) for user = <user>
    4:15:31 PM %PIX-6-113008: AAA transaction status ACCEPT : user =
    <user>
    4:15:31 PM %PIX-5-713130: Group = <group>, Username = <user>, IP =
    <ip>(unresolved), Received unsupported transaction mode attribute: 5
    4:15:31 PM %PIX-6-713184: Group = <group>, Username = <user>, IP =
    <ip>(unresolved), Client Type: iPhone OS Client Application Version:
    2.2
    4:15:31 PM %PIX-5-713131: Group = <group>, Username = <user>, IP =
    <ip>(unresolved), Received unknown transaction mode attribute: 28683
    4:15:31 PM %PIX-6-713228: Group = <group>, Username = <user>, IP =
    <ip>(unresolved), Assigned private IP address <IpSecIP>(unresolved) to
    remote user
    , Nov 27, 2008
    #1
    1. Advertising

  2. News Reader Guest

    Re: Failing Phase2 Auth - IPSec - All IPSec SA proposals found unacceptable

    wrote:
    > I'm getting the Below Debug info when I try to Connect my Client to
    > the PIX 515e.
    >
    > The Client is an iPhone. Seems like I have all of the Transforms in
    > there.
    >
    > How can I trouble shoot this?
    >
    > Thanks!
    > Scott<-
    >
    >
    >
    > 4:15:32 PM %PIX-3-713119: Group = <group>, Username = <user>, IP =
    > <ip>(unresolved), PHASE 1 COMPLETED
    > 4:15:32 PM %PIX-5-713904: Group = <group>, Username = <user>, IP =
    > <ip>(unresolved), All IPSec SA proposals found unacceptable!
    > 4:15:32 PM %PIX-3-713902: Group = <group>, Username = <user>, IP =
    > <ip>(unresolved), QM FSM error (P2 struct &0x2452b08, mess id
    > 0x9193376c)!
    > 4:15:32 PM %PIX-3-713902: Group = <group>, Username = <user>, IP =
    > <ip>(unresolved), Removing peer from correlator table failed, no
    > match!
    > 4:15:32 PM %PIX-4-113019: Group = <group>, Username = <user>, IP =
    > <ip>(unresolved), Session disconnected. Session Type: IPSec, Duration:
    > 0h:00m:00s, Bytes xmt: 0, Bytes rcv: 0, Reason: Phase 2 Mismatch
    > 4:15:31 PM %PIX-6-713172: Group = <group>, IP = <ip>(unresolved),
    > Automatic NAT Detection Status: Remote end IS behind a NAT device This
    > end IS behind a NAT device
    > 4:15:31 PM %PIX-6-113012: AAA user authentication Successful : local
    > database : user = <user>
    > 4:15:31 PM %PIX-6-113009: AAA retrieved default group policy
    > (<group>) for user = <user>
    > 4:15:31 PM %PIX-6-113008: AAA transaction status ACCEPT : user =
    > <user>
    > 4:15:31 PM %PIX-5-713130: Group = <group>, Username = <user>, IP =
    > <ip>(unresolved), Received unsupported transaction mode attribute: 5
    > 4:15:31 PM %PIX-6-713184: Group = <group>, Username = <user>, IP =
    > <ip>(unresolved), Client Type: iPhone OS Client Application Version:
    > 2.2
    > 4:15:31 PM %PIX-5-713131: Group = <group>, Username = <user>, IP =
    > <ip>(unresolved), Received unknown transaction mode attribute: 28683
    > 4:15:31 PM %PIX-6-713228: Group = <group>, Username = <user>, IP =
    > <ip>(unresolved), Assigned private IP address <IpSecIP>(unresolved) to
    > remote user


    Did a quick search on Google for the term "iphone ipsec transforms" and
    received plenty of results.

    The first link looked interesting in terms of identifying transform
    limitations of the iPhone:

    http://www.networkworld.com/community/node/23023

    Perhaps you'll find what you are looking for in that document, or one of
    the others within the search results.

    Best Regards,
    News Reader
    News Reader, Nov 27, 2008
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Tony

    Forcing native 802.1x supplicant to re-auth??!

    Tony, Jul 2, 2004, in forum: Wireless Networking
    Replies:
    3
    Views:
    3,029
    Pavel A.
    Jul 8, 2004
  2. Bill F
    Replies:
    0
    Views:
    650
    Bill F
    Nov 2, 2003
  3. Rik Bain

    pix-nortel contivity ipsec failing

    Rik Bain, Nov 2, 2003, in forum: Cisco
    Replies:
    1
    Views:
    2,699
    Bill F
    Nov 2, 2003
  4. soldara
    Replies:
    1
    Views:
    4,620
    soldara
    Sep 13, 2004
  5. whitemice

    IOS + OpenSWAN Phase2 problems

    whitemice, Jan 30, 2009, in forum: Cisco
    Replies:
    0
    Views:
    2,312
    whitemice
    Jan 30, 2009
Loading...

Share This Page