pix 506E to VPN3000 cant connect

Discussion in 'Cisco' started by jayp_kkk, Jun 3, 2007.

  1. jayp_kkk

    jayp_kkk Guest

    Guys here's the debug output im getting.. what seems to be wrong ?

    ISAKMP (0:0): sending NAT-T vendor ID - rev 2 & 3
    ISAKMP (0): beginning Main Mode exchange
    crypto_isakmp_process_block:src:198.235.13.31, dest:203.115.153.42 spt:500
    dpt:500
    OAK_MM exchange
    ISAKMP (0): processing SA payload. message ID = 0

    ISAKMP (0): Checking ISAKMP transform 1 against priority 20 policy
    ISAKMP: encryption AES-CBC
    ISAKMP: keylength of 192
    ISAKMP: hash SHA
    ISAKMP: default group 2
    ISAKMP: auth pre-share
    ISAKMP: life type in seconds
    ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
    ISAKMP (0): atts are acceptable. Next payload is 0
    ISAKMP (0): processing vendor id payload

    ISAKMP (0): SA is doing pre-shared key authentication using id type
    ID_IPV4_ADDR
    return status is IKMP_NO_ERROR
    crypto_isakmp_process_block:src:198.235.13.31, dest:203.115.153.42 spt:500
    dpt:500
    OAK_MM exchange
    ISAKMP (0): processing KE payload. message ID = 0

    ISAKMP (0): processing NONCE payload. message ID = 0

    ISAKMP (0): processing vendor id payload

    ISAKMP (0): processing vendor id payload

    ISAKMP (0): received xauth v6 vendor id

    ISAKMP (0): processing vendor id payload

    ISAKMP (0): speaking to another IOS box!

    ISAKMP (0): processing vendor id payload

    ISAKMP (0): speaking to a VPN3000 concentrator

    ISAKMP (0): ID payload
    next-payload : 8
    type : 1
    protocol : 17
    port : 500
    length : 8
    ISAKMP (0): Total payload length: 12
    return status is IKMP_NO_ERROR
    crypto_isakmp_process_block:src:198.235.13.31, dest:203.115.153.42 spt:500
    dpt:500
    ISAKMP: error, msg not encrypted
    crypto_isakmp_process_block:src:198.235.13.31, dest:203.115.153.42 spt:500
    dpt:500
    ISAKMP: sa not found for ike msg
     
    jayp_kkk, Jun 3, 2007
    #1
    1. Advertising

  2. Jayr,

    Would you post a portion of your config? It looks like you didn't define
    "interesting traffic" which should be encrypted ("msg not encrypted" message
    at the bottom of your output).

    Good luck,

    Mike
    CCNP, CCDP, CCSP, Cisco Voice, MCSE W2K, MCSE+I, Security+, etc.
    CCIE R&S (in progress), CCIE Voice (in progress)
    ------
    Headset Adapters for Cisco IP Phones
    www.ciscoheadsetadapter.com
    www.headsetadapter.com



    "jayp_kkk" <u34742@uwe> wrote in message news:731eddc9e78d2@uwe...
    > Guys here's the debug output im getting.. what seems to be wrong ?
    >
    > ISAKMP (0:0): sending NAT-T vendor ID - rev 2 & 3
    > ISAKMP (0): beginning Main Mode exchange
    > crypto_isakmp_process_block:src:198.235.13.31, dest:203.115.153.42 spt:500
    > dpt:500
    > OAK_MM exchange
    > ISAKMP (0): processing SA payload. message ID = 0
    >
    > ISAKMP (0): Checking ISAKMP transform 1 against priority 20 policy
    > ISAKMP: encryption AES-CBC
    > ISAKMP: keylength of 192
    > ISAKMP: hash SHA
    > ISAKMP: default group 2
    > ISAKMP: auth pre-share
    > ISAKMP: life type in seconds
    > ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
    > ISAKMP (0): atts are acceptable. Next payload is 0
    > ISAKMP (0): processing vendor id payload
    >
    > ISAKMP (0): SA is doing pre-shared key authentication using id type
    > ID_IPV4_ADDR
    > return status is IKMP_NO_ERROR
    > crypto_isakmp_process_block:src:198.235.13.31, dest:203.115.153.42 spt:500
    > dpt:500
    > OAK_MM exchange
    > ISAKMP (0): processing KE payload. message ID = 0
    >
    > ISAKMP (0): processing NONCE payload. message ID = 0
    >
    > ISAKMP (0): processing vendor id payload
    >
    > ISAKMP (0): processing vendor id payload
    >
    > ISAKMP (0): received xauth v6 vendor id
    >
    > ISAKMP (0): processing vendor id payload
    >
    > ISAKMP (0): speaking to another IOS box!
    >
    > ISAKMP (0): processing vendor id payload
    >
    > ISAKMP (0): speaking to a VPN3000 concentrator
    >
    > ISAKMP (0): ID payload
    > next-payload : 8
    > type : 1
    > protocol : 17
    > port : 500
    > length : 8
    > ISAKMP (0): Total payload length: 12
    > return status is IKMP_NO_ERROR
    > crypto_isakmp_process_block:src:198.235.13.31, dest:203.115.153.42 spt:500
    > dpt:500
    > ISAKMP: error, msg not encrypted
    > crypto_isakmp_process_block:src:198.235.13.31, dest:203.115.153.42 spt:500
    > dpt:500
    > ISAKMP: sa not found for ike msg
    >
     
    headsetadapter.com, Jun 3, 2007
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Dietmar Romer

    VPN3000, radius: error = -9 ("ENOBUFS")

    Dietmar Romer, Aug 2, 2004, in forum: Cisco
    Replies:
    0
    Views:
    677
    Dietmar Romer
    Aug 2, 2004
  2. Matthew
    Replies:
    1
    Views:
    529
  3. Wil Schultz

    VPN3000 v4.7

    Wil Schultz, Mar 12, 2005, in forum: Cisco
    Replies:
    0
    Views:
    465
    Wil Schultz
    Mar 12, 2005
  4. Replies:
    1
    Views:
    499
    Matthew Melbourne
    Jun 11, 2005
  5. Replies:
    1
    Views:
    446
    Stefan Heinrich
    Aug 22, 2005
Loading...

Share This Page