L2TP/IPSec issue, Authentication failure? Please Take a Look =)

Discussion in 'Cisco' started by Xunzi, Apr 11, 2009.

  1. Xunzi

    Xunzi

    Joined:
    Apr 10, 2009
    Messages:
    2
    Hi im trying to configure IPSec/L2TP on a 2651XM so far the IPSec seems to be working, a SA is established. L2TP negoation seems to take place but fails
    with "Auth glob Overall Failed". Below is a read out of the complete L2TP attempt from debug l2tp all.

    Any help would be greatly appreciated!

    *Nov 24 00:52:52.141: L2TP _____:_____:
    *Nov 24 00:52:52.141: L2TP _____:_____: I SCCRQ, flg TLS, ver 2, len 102
    *Nov 24 00:52:52.141: L2TP _____:_____: IETF v2:
    *Nov 24 00:52:52.145: L2TP _____:_____: Protocol Version 1, Revision 0
    *Nov 24 00:52:52.145: L2TP _____:_____: Framing Cap sync(0x1)
    *Nov 24 00:52:52.145: L2TP _____:_____: Bearer Cap none(0x0)
    *Nov 24 00:52:52.145: L2TP _____:_____: Firmware Ver 0x402
    *Nov 24 00:52:52.149: L2TP _____:_____: Hostname "Pocket_PC"
    *Nov 24 00:52:52.149: L2TP _____:_____: Vendor Name
    *Nov 24 00:52:52.149: L2TP _____:_____: "Microsoft"
    *Nov 24 00:52:52.153: L2TP _____:_____: Assigned Tunnel I 23
    *Nov 24 00:52:52.153: L2TP _____:_____: Rx Window Size 8
    *Nov 24 00:52:52.157: L2TP _____:_____:
    *Nov 24 00:52:52.161: L2X tnl 4112 :_____: Create logical tunnel
    *Nov 24 00:52:52.161: L2TP tnl 4112 :_____: Create tunnel
    *Nov 24 00:52:52.161: L2TP tnl 4112 :_____: version set to V2
    *Nov 24 00:52:52.161: L2TP tnl 4112 :_____: remote ip set to "Remote IP"
    *Nov 24 00:52:52.161: L2TP tnl 4112 :_____: local ip set to 86.20.144.157
    *Nov 24 00:52:52.161: L2TP tnl 4112 :33915: FSM-CC ev Rx-SCCRQ
    *Nov 24 00:52:52.165: L2TP tnl 4112 :33915: FSM-CC Idle->Proc-SCCRQ
    *Nov 24 00:52:52.165: L2TP tnl 4112 :33915: FSM-CC do Rx-SCCRQ
    *Nov 24 00:52:52.165: L2X _____:_____: Tunnel author started for Pocket_PC
    *Nov 24 00:52:52.169: L2X _____:_____: Tunnel author found
    *Nov 24 00:52:52.169: L2TP tnl 4112 :33915: Author reply, data source: "VPN"
    *Nov 24 00:52:52.169: L2X _____:_____: class [AAA author, group "VPN"]
    *Nov 24 00:52:52.169: L2X _____:_____: created
    *Nov 24 00:52:52.173: L2X _____:_____: class [AAA author, group "VPN"]
    *Nov 24 00:52:52.173: L2X _____:_____: App locked 0->1
    *Nov 24 00:52:52.173: L2X _____:_____: class [AAA author, group "VPN"]
    *Nov 24 00:52:52.173: L2X _____:_____: Protocol locked 0->1
    *Nov 24 00:52:52.173: L2TP tnl 4112 :33915: class name AAA author, group "VPN"
    *Nov 24 00:52:52.173: L2X _____:_____: class [AAA author, group "VPN"]
    *Nov 24 00:52:52.173: L2X _____:_____: App unlocked 1->0
    *Nov 24 00:52:52.177: L2TP tnl 4112 :33915: peer cap sync set
    *Nov 24 00:52:52.177: L2TP tnl 4112 :33915: FSM-CC ev SCCRQ-OK
    *Nov 24 00:52:52.177: L2TP tnl 4112 :33915: FSM-CC Proc-SCCRQ->Wt-SCCCN
    *Nov 24 00:52:52.177: L2TP tnl 4112 :33915: FSM-CC do Tx-SCCRP
    *Nov 24 00:52:52.177: L2TP tnl 4112 :33915: Open sock "LOCAL GLOBAL IP":1701->"REMOTE IP":46610
    *Nov 24 00:52:52.181: L2TP tnl 4112 :33915: FSM-CC ev Sock-Ready
    *Nov 24 00:52:52.181: L2TP tnl 4112 :33915: FSM-CC in Wt-SCCCN
    *Nov 24 00:52:52.181: L2TP tnl 4112 :33915: FSM-CC do Ignore-Sock-Up
    *Nov 24 00:52:52.181: L2TP tnl 4112 :33915:
    *Nov 24 00:52:52.181: L2TP tnl 4112 :33915: O SCCRP to Pocket_PC tnl 23
    *Nov 24 00:52:52.189: L2TP tnl 4112 :33915: IETF v2:
    *Nov 24 00:52:52.189: L2TP tnl 4112 :33915: Protocol Version 1, Revision 0
    *Nov 24 00:52:52.189: L2TP tnl 4112 :33915: Framing Cap none(0x0)
    *Nov 24 00:52:52.189: L2TP tnl 4112 :33915: Firmware Ver 0x1130
    *Nov 24 00:52:52.189: L2TP tnl 4112 :33915: Hostname "RTR-90c"
    *Nov 24 00:52:52.193: L2TP tnl 4112 :33915: Vendor Name
    *Nov 24 00:52:52.193: L2TP tnl 4112 :33915: "Cisco Systems, Inc."
    *Nov 24 00:52:52.197: L2TP tnl 4112 :33915: Assigned Tunnel I 33915
    *Nov 24 00:52:52.197: L2TP tnl 4112 :33915: Rx Window Size 256
    *Nov 24 00:52:52.197: L2TP tnl 4112 :33915: Challenge [16]
    *Nov 24 00:52:52.197: L2TP tnl 4112 :33915: 0xA32888366E7E8D4EB7B575099D7E75F0
    *Nov 24 00:52:52.201: L2TP tnl 4112 :33915: Cisco v2:
    *Nov 24 00:52:52.201: L2TP tnl 4112 :33915: PPPoE Relay Forward Capable
    *Nov 24 00:52:52.201: L2TP tnl 4112 :33915: PPPoE Relay Response Capable
    *Nov 24 00:52:52.205: L2TP tnl 4112 :33915:
    *Nov 24 00:52:52.541: L2TP tnl 4112 :33915: I SCCCN, flg TLS, ver 2, len 42
    *Nov 24 00:52:52.541: L2TP tnl 4112 :33915: IETF v2:
    *Nov 24 00:52:52.541: L2TP tnl 4112 :33915: Challenge Resp [16]
    *Nov 24 00:52:52.541: L2TP tnl 4112 :33915: 0x26E451B0E2F3B454C8F9793BE3155B21
    *Nov 24 00:52:52.549: L2TP tnl 4112 :33915:
    *Nov 24 00:52:52.549: L2TP tnl 4112 :33915: FSM-CC ev Rx-SCCCN
    *Nov 24 00:52:52.549: L2TP tnl 4112 :33915: FSM-CC Wt-SCCCN->Proc-SCCCN
    *Nov 24 00:52:52.549: L2TP tnl 4112 :33915: FSM-CC do Rx-SCCCN
    *Nov 24 00:52:52.553: L2TP tnl 4112 :33915: ERROR: Auth cc Overall Failed, 1
    *Nov 24 00:52:52.553: L2TP tnl 4112 :33915: ERROR: Auth glob Overall Failed, 4
    *Nov 24 00:52:52.557: L2TP tnl 4112 :33915:
    *Nov 24 00:52:52.557: L2TP tnl 4112 :33915: Shutting down tunnel
    *Nov 24 00:52:52.557: L2TP tnl 4112 :33915: Result Code
    *Nov 24 00:52:52.557: L2TP tnl 4112 :33915: Authorization failure
    *Nov 24 00:52:52.557: L2TP tnl 4112 :33915: Error Code
    *Nov 24 00:52:52.557: L2TP tnl 4112 :33915: No error
    *Nov 24 00:52:52.557: L2TP tnl 4112 :33915: Vendor Error
    *Nov 24 00:52:52.557: L2TP tnl 4112 :33915: None
    *Nov 24 00:52:52.557: L2TP tnl 4112 :33915: Optional Message
    *Nov 24 00:52:52.561: L2TP tnl 4112 :33915: "process challenge response failed Failed"
    *Nov 24 00:52:52.561: L2TP tnl 4112 :33915:
    *Nov 24 00:52:52.561: L2TP tnl 4112 :33915: FSM-CC ev Shut
    *Nov 24 00:52:52.561: L2TP tnl 4112 :33915: FSM-CC Proc-SCCCN->Wt-STOPACK
    *Nov 24 00:52:52.561: L2TP tnl 4112 :33915: FSM-CC do Tx-StopCCN-Error
    *Nov 24 00:52:52.561: L2TP tnl 4112 :33915:
    *Nov 24 00:52:52.565: L2TP tnl 4112 :33915: O StopCCN to Pocket_PC tnl 23
    *Nov 24 00:52:52.569: L2TP tnl 4112 :33915: IETF v2:
    *Nov 24 00:52:52.569: L2TP tnl 4112 :33915: Result Code
    *Nov 24 00:52:52.569: L2TP tnl 4112 :33915: Authorization failure(4)
    *Nov 24 00:52:52.569: L2TP tnl 4112 :33915: Error code
    *Nov 24 00:52:52.573: L2TP tnl 4112 :33915: No error(0)
    *Nov 24 00:52:52.573: L2TP tnl 4112 :33915: Optional msg
    *Nov 24 00:52:52.573: L2TP tnl 4112 :33915: "process challenge response failed Failed"
    *Nov 24 00:52:52.577: L2TP tnl 4112 :33915: Assigned Tunnel I 33915
    *Nov 24 00:52:52.581: L2TP tnl 4112 :33915:
    *Nov 24 00:52:52.585: L2TP tnl 4112 :33915: ICRQ: Peer acked StopCCN
    *Nov 24 00:52:52.585: L2TP tnl 4112 :33915: FSM-CC ev Shut
    *Nov 24 00:52:52.585: L2TP tnl 4112 :33915: FSM-CC in Wt-STOPACK
    *Nov 24 00:52:52.589: L2TP tnl 4112 :33915: FSM-CC do Shutnow
    *Nov 24 00:52:52.589: L2TP tnl 4112 :33915: FSM-CC ev Shut-Comp
    *Nov 24 00:52:52.589: L2TP tnl 4112 :33915: FSM-CC Wt-STOPACK->Dead
    *Nov 24 00:52:52.589: L2TP tnl 4112 :33915: FSM-CC do Shutdown-Completed
    *Nov 24 00:52:52.589: L2TP tnl 4112 :33915: Control channel down
    *Nov 24 00:52:52.589: L2TP tnl 4112 :33915: 86.20.144.157<->217.171.129.65
    *Nov 24 00:52:52.589: L2TP tnl 4112 :33915: Destroying tunnel
    *Nov 24 00:52:52.593: L2X tnl 4112 :_____: Destroying logical tunnel
    *Nov 24 00:52:52.593: L2X _____:_____: class [AAA author, group "VPN"]
    *Nov 24 00:52:52.593: L2X _____:_____: Protocol unlocked 1->0
    *Nov 24 00:52:52.593: L2X _____:_____: class[AAA author, group "VPN"]
    *Nov 24 00:52:52.597: L2X _____:_____: no more locks
    *Nov 24 00:52:52.597: L2X _____:_____: class [AAA author, group "VPN"]
    *Nov 24 00:52:52.597: L2X _____:_____: created
    *Nov 24 00:52:52.597: L2TP _____:_____: ICRQ: dropping packet
    *Nov 24 00:52:52.597: L2TP _____:_____: ERROR: ZLB: Could not find tunnel for tnl 33915, ns 3 nr
    1
    *Nov 24 00:52:52.597: L2TP _____:_____: ZLB: dropping packet
    *Nov 24 00:52:52.946: L2TP _____:_____: ERROR: ZLB: Could not find tunnel for tnl 33915, ns 3 nr
    2
    *Nov 24 00:52:52.946: L2TP _____:_____: ZLB: dropping packet
     
    Xunzi, Apr 11, 2009
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mike
    Replies:
    0
    Views:
    655
  2. Mike
    Replies:
    0
    Views:
    650
  3. Mike
    Replies:
    0
    Views:
    1,132
  4. AM
    Replies:
    1
    Views:
    570
  5. AM
    Replies:
    0
    Views:
    472
Loading...

Share This Page