Remote peer no longer responding -- please help

Discussion in 'Cisco' started by soup_or_power@yahoo.com, Dec 15, 2006.

  1. Guest

    Hi
    I am trying to connect to a PIX (a very old version) firewall and I get
    the dreaded 412 error (The remote peer is no longer responding).
    Googled it and no relevant posts. Can someone kindly help me figure
    this out?


    Cisco Systems VPN Client Version 4.0.5 (Rel)
    Copyright (C) 1998-2003 Cisco Systems, Inc. All Rights Reserved.
    Client Type(s): Windows, WinNT
    Running on: 5.1.2600 Service Pack 2

    1 21:52:59.515 12/14/06 Sev=Info/4 CM/0x63100002
    Begin connection process

    2 21:52:59.718 12/14/06 Sev=Info/4 CM/0x63100004
    Establish secure connection using Ethernet

    3 21:52:59.718 12/14/06 Sev=Info/4 CM/0x63100024
    Attempt connection with server "209.178.198.242"

    4 21:53:02.781 12/14/06 Sev=Critical/1 CVPND/0xE3400003
    Function SocketApiBind() failed with an error code of
    0xFFFFFFF8(f:\temp\IPSecClient\Rel\PubKeyPK\SRC\ike-init-state.cpp:390)

    5 21:53:02.781 12/14/06 Sev=Critical/1 CVPND/0x63400012
    Unable to bind to IKE port. This could be because there is another VPN
    client installed or running. Please disable or uninstall all VPN
    Clients other than the Cisco VPN Client.

    6 21:53:02.828 12/14/06 Sev=Info/4 CM/0xE3100003
    Failure to Initialize IKE ports

    7 21:53:02.828 12/14/06 Sev=Info/5 CM/0x63100025
    Initializing CVPNDrv

    8 21:53:02.906 12/14/06 Sev=Info/4 IPSEC/0x63700008
    IPSec driver successfully started

    9 21:53:02.906 12/14/06 Sev=Info/4 IPSEC/0x63700014
    Deleted all keys

    10 21:53:02.906 12/14/06 Sev=Info/4 IPSEC/0x63700014
    Deleted all keys

    11 21:53:02.906 12/14/06 Sev=Info/4 IPSEC/0x63700014
    Deleted all keys

    12 21:53:02.906 12/14/06 Sev=Info/4 IPSEC/0x6370000A
    IPSec driver successfully stopped

    13 21:54:28.671 12/14/06 Sev=Info/4 CM/0x63100002
    Begin connection process

    14 21:54:28.765 12/14/06 Sev=Info/4 CM/0x63100004
    Establish secure connection using Ethernet

    15 21:54:28.765 12/14/06 Sev=Info/4 CM/0x63100024
    Attempt connection with server "209.178.198.242"

    16 21:54:28.796 12/14/06 Sev=Info/6 IKE/0x6300003B
    Attempting to establish a connection with 209.178.198.242.

    17 21:54:29.109 12/14/06 Sev=Info/4 IKE/0x63000013
    SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd),
    VID(Nat-T), VID(Frag), VID(Unity)) to 209.178.198.242

    18 21:54:29.453 12/14/06 Sev=Info/4 IPSEC/0x63700008
    IPSec driver successfully started

    19 21:54:29.453 12/14/06 Sev=Info/4 IPSEC/0x63700014
    Deleted all keys

    20 21:54:29.578 12/14/06 Sev=Info/5 IKE/0x6300002F
    Received ISAKMP packet: peer = 209.178.198.242

    21 21:54:29.578 12/14/06 Sev=Info/4 IKE/0x63000014
    RECEIVING <<< ISAKMP OAK AG (SA, VID(Unity), VID(dpd), VID(?), KE, ID,
    NON, HASH) from 209.178.198.242

    22 21:54:29.578 12/14/06 Sev=Info/5 IKE/0x63000001
    Peer is a Cisco-Unity compliant peer

    23 21:54:29.578 12/14/06 Sev=Info/5 IKE/0x63000001
    Peer supports DPD

    24 21:54:29.578 12/14/06 Sev=Info/5 IKE/0x63000081
    Received IOS Vendor ID with unknown capabilities flag 0x00000025

    25 21:54:29.593 12/14/06 Sev=Info/6 IKE/0x63000001
    IOS Vendor ID Contruction successful

    26 21:54:29.593 12/14/06 Sev=Info/4 IKE/0x63000013
    SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT,
    VID(?), VID(Unity)) to 209.178.198.242

    27 21:54:29.593 12/14/06 Sev=Info/4 IKE/0x63000082
    IKE Port in use - Local Port = 0x01F4, Remote Port = 0x01F4

    28 21:54:29.593 12/14/06 Sev=Info/4 CM/0x6310000E
    Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated
    IKE SA in the system

    29 21:54:29.593 12/14/06 Sev=Info/4 CM/0x6310000E
    Established Phase 1 SA. 1 Crypto Active IKE SA, 1 User Authenticated
    IKE SA in the system

    30 21:54:30.046 12/14/06 Sev=Info/5 IKE/0x6300005D
    Client sending a firewall request to concentrator

    31 21:54:30.046 12/14/06 Sev=Info/5 IKE/0x6300005C
    Firewall Policy: Product=Cisco Systems Integrated Client, Capability=
    (Centralized Protection Policy).

    32 21:54:30.046 12/14/06 Sev=Info/4 IKE/0x63000013
    SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 209.178.198.242

    33 21:54:30.109 12/14/06 Sev=Info/5 IKE/0x6300002F
    Received ISAKMP packet: peer = 209.178.198.242

    34 21:54:30.109 12/14/06 Sev=Info/4 IKE/0x63000014
    RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 209.178.198.242

    35 21:54:30.109 12/14/06 Sev=Info/5 IKE/0x63000010
    MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_ADDRESS: , value =
    192.168.99.1

    36 21:54:30.109 12/14/06 Sev=Info/5 IKE/0x63000010
    MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS(1): , value = 192.168.1.6

    37 21:54:30.109 12/14/06 Sev=Info/5 IKE/0x63000010
    MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_NBNS(1) (a.k.a. WINS) : ,
    value = 192.168.1.6

    38 21:54:30.109 12/14/06 Sev=Info/5 IKE/0x6300000E
    MODE_CFG_REPLY: Attribute = MODECFG_UNITY_DEFDOMAIN: , value =
    corp.iexpect.com

    39 21:54:30.109 12/14/06 Sev=Info/4 CM/0x63100019
    Mode Config data received

    40 21:54:30.281 12/14/06 Sev=Info/4 IKE/0x63000055
    Received a key request from Driver: Local IP = 192.168.99.1, GW IP =
    209.178.198.242, Remote IP = 0.0.0.0

    41 21:54:30.281 12/14/06 Sev=Info/4 IKE/0x63000013
    SENDING >>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID) to 209.178.198.242

    42 21:54:30.406 12/14/06 Sev=Info/5 IKE/0x6300002F
    Received ISAKMP packet: peer = 209.178.198.242

    43 21:54:30.406 12/14/06 Sev=Info/4 IKE/0x63000014
    RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:NO_PROPOSAL_CHOSEN) from
    209.178.198.242

    44 21:54:30.406 12/14/06 Sev=Warning/3 IKE/0xA300004B
    Received a NOTIFY message with an invalid protocol id (0)

    45 21:54:30.468 12/14/06 Sev=Info/4 IPSEC/0x63700014
    Deleted all keys

    46 21:54:35.453 12/14/06 Sev=Info/4 IKE/0x63000021
    Retransmitting last packet!

    47 21:54:35.453 12/14/06 Sev=Info/4 IKE/0x63000013
    SENDING >>> ISAKMP OAK QM *(Retransmission) to 209.178.198.242

    48 21:54:40.453 12/14/06 Sev=Info/4 IKE/0x63000021
    Retransmitting last packet!

    49 21:54:40.453 12/14/06 Sev=Info/4 IKE/0x63000013
    SENDING >>> ISAKMP OAK QM *(Retransmission) to 209.178.198.242

    50 21:54:45.453 12/14/06 Sev=Info/4 IKE/0x63000021
    Retransmitting last packet!

    51 21:54:45.453 12/14/06 Sev=Info/4 IKE/0x63000013
    SENDING >>> ISAKMP OAK QM *(Retransmission) to 209.178.198.242

    52 21:54:50.453 12/14/06 Sev=Info/4 IKE/0x6300002D
    Phase-2 retransmission count exceeded: MsgID=586F5A33

    53 21:54:50.453 12/14/06 Sev=Info/6 IKE/0x6300003D
    Sending DPD request to 209.178.198.242, seq# = 3403392917

    54 21:54:50.453 12/14/06 Sev=Info/4 IKE/0x63000013
    SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to
    209.178.198.242

    55 21:54:50.453 12/14/06 Sev=Info/4 IKE/0x63000013
    SENDING >>> ISAKMP OAK INFO *(HASH, DEL) to 209.178.198.242

    56 21:54:50.453 12/14/06 Sev=Info/4 IKE/0x63000048
    Discarding IPsec SA negotiation, MsgID=586F5A33

    57 21:54:50.500 12/14/06 Sev=Info/5 IKE/0x6300002F
    Received ISAKMP packet: peer = 209.178.198.242

    58 21:54:50.500 12/14/06 Sev=Info/4 IKE/0x63000014
    RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:DPD_ACK) from
    209.178.198.242

    59 21:54:50.500 12/14/06 Sev=Info/5 IKE/0x6300003F
    Received DPD ACK from 209.178.198.242, seq# received = 3403392918, seq#
    expected = 3403392918

    60 21:55:20.453 12/14/06 Sev=Info/4 IKE/0x63000017
    Marking IKE SA for deletion (I_Cookie=37BCC08204AE4596
    R_Cookie=4DFC26D470437156) reason = DEL_REASON_PEER_NOT_RESPONDING

    61 21:55:20.453 12/14/06 Sev=Info/4 IKE/0x63000013
    SENDING >>> ISAKMP OAK INFO *(HASH, DEL) to 209.178.198.242

    62 21:55:20.953 12/14/06 Sev=Info/4 IKE/0x6300004A
    Discarding IKE SA negotiation (I_Cookie=37BCC08204AE4596
    R_Cookie=4DFC26D470437156) reason = DEL_REASON_PEER_NOT_RESPONDING

    63 21:55:20.953 12/14/06 Sev=Info/4 CM/0x63100012
    Phase 1 SA deleted before first Phase 2 SA is up cause by
    "DEL_REASON_PEER_NOT_RESPONDING". 0 Crypto Active IKE SA, 0 User
    Authenticated IKE SA in the system

    64 21:55:20.953 12/14/06 Sev=Info/5 CM/0x63100025
    Initializing CVPNDrv

    65 21:55:20.984 12/14/06 Sev=Info/4 IKE/0x63000001
    IKE received signal to terminate VPN connection

    66 21:55:21.453 12/14/06 Sev=Info/4 IPSEC/0x63700014
    Deleted all keys

    67 21:55:21.453 12/14/06 Sev=Info/4 IPSEC/0x63700014
    Deleted all keys

    68 21:55:21.453 12/14/06 Sev=Info/4 IPSEC/0x63700014
    Deleted all keys

    69 21:55:21.453 12/14/06 Sev=Info/4 IPSEC/0x6370000A
    IPSec driver successfully stopped
    , Dec 15, 2006
    #1
    1. Advertising

  2. In article <>,
    <> wrote:

    >I am trying to connect to a PIX (a very old version) firewall and I get
    >the dreaded 412 error (The remote peer is no longer responding).
    >Googled it and no relevant posts. Can someone kindly help me figure
    >this out?


    >35 21:54:30.109 12/14/06 Sev=Info/5 IKE/0x63000010
    >MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_ADDRESS: , value =
    >192.168.99.1



    >36 21:54:30.109 12/14/06 Sev=Info/5 IKE/0x63000010
    >MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS(1): , value = 192.168.1.6


    Possibly your end 192.168.99.1 is not set to route properly to
    192.168.1.6 . This could happen, for example, if you use an ip pool
    in the 192.168 range without specifying the netmask on the
    ip pool. (For 192.168.x, it -should- choose /24 but it is better to
    not leave it to chance if you don't need to.)

    >40 21:54:30.281 12/14/06 Sev=Info/4 IKE/0x63000055
    >Received a key request from Driver: Local IP = 192.168.99.1, GW IP =
    >209.178.198.242, Remote IP = 0.0.0.0


    >41 21:54:30.281 12/14/06 Sev=Info/4 IKE/0x63000013
    >SENDING >>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID) to 209.178.198.242


    >42 21:54:30.406 12/14/06 Sev=Info/5 IKE/0x6300002F
    >Received ISAKMP packet: peer = 209.178.198.242


    >43 21:54:30.406 12/14/06 Sev=Info/4 IKE/0x63000014
    >RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:NO_PROPOSAL_CHOSEN) from
    >209.178.198.242


    and everything quits after that. The NO_PROPOSAL_CHOSEN is why
    nothing else works after that point.

    You can have NO_PROPOSAL_CHOSEN if you have an isakmp key mismatch
    (because the two sides disagree on how to encrypt or decrypt)
    or if one only side wants RSA and the other only wants pre-shared.


    If you'd gotten further in the dialog, there would be another
    couple of places where NO_PROPOSAL_CHOSEN : those would indicate
    that the two sides disagreed on the transforms.
    Walter Roberson, Dec 15, 2006
    #2
    1. Advertising

  3. Guest

    The PIX has these rules:
    crypto ipsec transform-set iexpect esp-des esp-md5-hmac
    crypto ipsec transform-set myset esp-des esp-md5-hmac
    crypto dynamic-map dynmap 10 set transform-set myset
    crypto map corp 1 ipsec-isakmp
    crypto map corp 1 match address ipsec
    crypto map corp 1 set peer 216.74.138.157
    crypto map corp 1 set transform-set iexpect
    crypto map corp 10 ipsec-isakmp dynamic dynmap
    crypto map corp client configuration address initiate
    crypto map corp client configuration address respond
    crypto map corp interface outside
    isakmp enable outside
    isakmp key ******** address 216.74.138.157 netmask 255.255.255.255
    isakmp identity address
    isakmp policy 1 authentication pre-share
    isakmp policy 1 encryption des
    isakmp policy 1 hash md5
    isakmp policy 1 group 1
    isakmp policy 1 lifetime 86400
    isakmp policy 10 authentication pre-share
    isakmp policy 10 encryption des
    isakmp policy 10 hash md5
    isakmp policy 10 group 2
    isakmp policy 10 lifetime 86400
    vpngroup corphome address-pool corp-home
    vpngroup corphome dns-server 192.168.1.6
    vpngroup corphome wins-server 192.168.1.6
    vpngroup corphome default-domain corp.iexpect.com
    vpngroup corphome idle-time 1800
    vpngroup corphome password ********

    How can I configure the Cisco Client 4.0.5 to use key share?

    Thanks

    Walter Roberson wrote:
    > In article <>,
    > <> wrote:
    >
    > >I am trying to connect to a PIX (a very old version) firewall and I get
    > >the dreaded 412 error (The remote peer is no longer responding).
    > >Googled it and no relevant posts. Can someone kindly help me figure
    > >this out?

    >
    > >35 21:54:30.109 12/14/06 Sev=Info/5 IKE/0x63000010
    > >MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_ADDRESS: , value =
    > >192.168.99.1

    >
    >
    > >36 21:54:30.109 12/14/06 Sev=Info/5 IKE/0x63000010
    > >MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS(1): , value = 192.168.1.6

    >
    > Possibly your end 192.168.99.1 is not set to route properly to
    > 192.168.1.6 . This could happen, for example, if you use an ip pool
    > in the 192.168 range without specifying the netmask on the
    > ip pool. (For 192.168.x, it -should- choose /24 but it is better to
    > not leave it to chance if you don't need to.)
    >
    > >40 21:54:30.281 12/14/06 Sev=Info/4 IKE/0x63000055
    > >Received a key request from Driver: Local IP = 192.168.99.1, GW IP =
    > >209.178.198.242, Remote IP = 0.0.0.0

    >
    > >41 21:54:30.281 12/14/06 Sev=Info/4 IKE/0x63000013
    > >SENDING >>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID) to 209.178.198.242

    >
    > >42 21:54:30.406 12/14/06 Sev=Info/5 IKE/0x6300002F
    > >Received ISAKMP packet: peer = 209.178.198.242

    >
    > >43 21:54:30.406 12/14/06 Sev=Info/4 IKE/0x63000014
    > >RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:NO_PROPOSAL_CHOSEN) from
    > >209.178.198.242

    >
    > and everything quits after that. The NO_PROPOSAL_CHOSEN is why
    > nothing else works after that point.
    >
    > You can have NO_PROPOSAL_CHOSEN if you have an isakmp key mismatch
    > (because the two sides disagree on how to encrypt or decrypt)
    > or if one only side wants RSA and the other only wants pre-shared.
    >
    >
    > If you'd gotten further in the dialog, there would be another
    > couple of places where NO_PROPOSAL_CHOSEN : those would indicate
    > that the two sides disagreed on the transforms.
    , Dec 15, 2006
    #3
  4. Guest

    Here is the debug from the PIX. I'd appreciate if Walter or someone
    can comment.

    Thanks


    crypto_isakmp_process_block: src 72.79.125.235, dest 209.178.198.242
    VPN Peer: ISAKMP: Added new peer: ip:72.79.125.235 Total VPN Peers:1
    VPN Peer: ISAKMP: Peer ip:72.79.125.235 Ref cnt incremented to:1 Total
    VPN Peers:1
    OAK_AG exchange
    ISAKMP (0): processing SA payload. message ID = 0

    ISAKMP (0): Checking ISAKMP transform 1 against priority 1 policy
    ISAKMP: encryption... What? 7?
    ISAKMP: hash SHA
    ISAKMP: default group 2
    ISAKMP: extended auth pre-share
    ISAKMP: life type in seconds
    ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b
    ISAKMP: attribute 3584
    ISAKMP (0): atts are not acceptable. Next payload is 3
    ISAKMP (0): Checking ISAKMP transform 2 against priority 1 policy
    ISAKMP: encryption... What? 7?
    ISAKMP: hash MD5
    ISAKMP: default group 2
    ISAKMP: extended auth pre-share
    ISAKMP: life type in seconds
    ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b
    ISAKMP: attribute 3584
    ISAKMP (0): atts are not acceptable. Next payload is 3
    ISAKMP (0): Checking ISAKMP transform 3 against priority 1 policy
    ISAKMP: encryption... What? 7?
    ISAKMP: hash SHA
    ISAKMP: default group 2
    ISAKMP: auth pre-share
    ISAKMP: life type in seconds
    ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b
    ISAKMP: attribute 3584
    ISAKMP (0): atts are not acceptable. Next payload is 3
    ISAKMP (0): Checking ISAKMP transform 4 against priority 1 policy
    ISAKMP: encryption... What? 7?
    ISAKMP: hash MD5
    ISAKMP: default group 2
    ISAKMP: auth pre-share
    ISAKMP: life type in seconds
    ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b
    ISAKMP: attribute 3584
    ISAKMP (0): atts are not acceptable. Next payload is 3
    ISAKMP (0): Checking ISAKMP transform 5 against priority 1 policy
    ISAKMP: encryption... What? 7?
    ISAKMP: hash SHA
    ISAKMP: default group 2
    ISAKMP: extended auth pre-share
    ISAKMP: life type in seconds
    ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b
    ISAKMP: attribute 3584
    ISAKMP (0): atts are not acceptable. Next payload is 3
    ISAKMP (0): Checking ISAKMP transform 6 against priority 1 policy
    ISAKMP: encryption... What? 7?
    ISAKMP: hash MD5
    ISAKMP: default group 2
    ISAKMP: extended auth pre-share
    ISAKMP: life type in seconds
    ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b
    ISAKMP: attribute 3584
    ISAKMP (0): atts are not acceptable. Next payload is 3
    ISAKMP (0): Checking ISAKMP transform 7 against priority 1 policy
    ISAKMP: encryption... What? 7?
    ISAKMP: hash SHA
    ISAKMP: default group 2
    ISAKMP: auth pre-share
    ISAKMP: life type in seconds
    ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b
    ISAKMP: attribute 3584
    ISAKMP (0): atts are not acceptable. Next payload is 3
    ISAKMP (0): Checking ISAKMP transform 8 against priority 1 policy
    ISAKMP: encryption... What? 7?
    ISAKMP: hash MD5
    ISAKMP: default group 2
    ISAKMP: auth pre-share
    ISAKMP: life type in seconds
    ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b
    ISAKMP: attribute 3584
    ISAKMP (0): atts are not acceptable. Next payload is 3
    ISAKMP (0): Checking ISAKMP transform 9 against priority 1 policy
    ISAKMP: encryption 3DES-CBC
    ISAKMP: hash SHA
    ISAKMP: default group 2
    ISAKMP: extended auth pre-share
    ISAKMP: life type in seconds
    ISAKMP: life duration (VPI) of 0x0 0x20 0xc4
    crypto_isakmp_process_block: src 72.79.125.235, dest 209.178.198.242
    OAK_AG exchange
    ISAKMP (0): processing HASH payload. message ID = 0
    ISAKMP (0): processing NOTIFY payload 24578 protocol 1
    spi 0, message ID = 0
    ISAKMP (0): processing notify INITIAL_CONTACTIPSEC(key_engine): got a
    queue event...
    IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP
    IPSEC(key_engine_delete_sas): delete all SAs shared with
    72.79.125.235

    ISAKMP (0): processing vendor id payload

    ISAKMP (0): speaking to another IOS box!

    ISAKMP (0): processing vendor id payload

    ISAKMP (0): speaking to a Unity client

    ISAKMP (0): SA has been authenticated
    return status is IKMP_NO_ERROR
    crypto_isakmp_process_block: src 72.79.125.235, dest 209.178.198.242
    ISAKMP_TRANSACTION exchange
    ISAKMP (0:0): processing transaction payload from 72.79.125.235.
    message ID = 0
    ISAKMP: Config payload CFG_REQUEST
    ISAKMP (0:0): checking request:
    ISAKMP: attribute IP4_ADDRESS (1)
    ISAKMP: attribute IP4_NETMASK (2)
    ISAKMP: attribute IP4_DNS (3)
    ISAKMP: attribute IP4_NBNS (4)
    ISAKMP: attribute ADDRESS_EXPIRY (5)
    Unsupported Attr: 5
    ISAKMP: attribute UNKNOWN (28672)
    Unsupported Attr: 28672
    ISAKMP: attribute UNKNOWN (28673)
    Unsupported Attr: 28673
    ISAKMP: attribute UNKNOWN (28674)
    ISAKMP: attribute UNKNOWN (28676)
    ISAKMP: attribute UNKNOWN (28675)
    Unsupported Attr: 28675
    ISAKMP: attribute UNKNOWN (28679)
    Unsupported Attr: 28679
    ISAKMP: attribute UNKNOWN (28681)
    Unsupported Attr: 28681
    ISAKMP: attribute APPLICATION_VERSION (7)
    Unsupported Attr: 7
    ISAKMP: attribute UNKNOWN (28680)
    Unsupported Attr: 28680
    ISAKMP: attribute UNKNOWN (28682)
    Unsupported Attr: 28682
    ISAKMP: attribute UNKNOWN (28677)
    Unsupported Attr: 28677
    ISAKMP: attribute UNKNOWN (28678)
    Unsupported Attr: 28678
    ISAKMP (0:0): responding to peer config from 72.79.125.235. ID =
    3561348378
    return status is IKMP_NO_ERROR
    crypto_isakmp_process_block: src 72.79.125.235, dest 209.178.198.242
    OAK_QM exchange
    oakley_process_quick_mode:
    OAK_QM_IDLE
    ISAKMP (0): processing SA payload. message ID = 3146087570

    ISAKMP : Checking IPSec proposal 1

    ISAKMP: unknown ESP transform!
    ISAKMP: attributes in transform:
    ISAKMP: authenticator is HMAC-MD5
    ISAKMP: key length is 256
    ISAKMP: encaps is 1
    ISAKMP: SA life type in seconds
    ISAKMP: SA life duration (VPI) of 0x0 0x20 0xc4 0x9b
    IPSEC(validate_proposal): invalid local address 209.178.198.242

    ISAKMP (0): atts not acceptable. Next payload is 0
    ISAKMP (0): skipping next ANDed proposal (1)
    ISAKMP : Checking IPSec proposal 2

    ISAKMP: unknown ESP transform!
    ISAKMP: attributes in transform:
    ISAKMP: authenticator is HMAC-SHA
    ISAKMP: key length is 256
    ISAKMP: encaps is 1
    ISAKMP: SA life type in seconds
    ISAKMP: SA life duration (VPI) of 0x0 0x20 0xc4 0x9b
    IPSEC(validate_proposal): invalid local address 209.178.198.242

    ISAKMP (0): atts not acceptable. Next payload is 0
    ISAKMP (0): skipping next ANDed proposal (2)
    ISAKMP : Checking IPSec proposal 3

    ISAKMP: unknown ESP transform!
    ISAKMP: attributes in transform:
    ISAKMP: authenticator is HMAC-MD5
    ISAKMP: key length is 128
    ISAKMP: encaps is 1
    ISAKMP: SA life type in seconds
    ISAKMP: SA life duration (VPI) of 0x0 0x20 0xc4 0x9b
    IPSEC(validate_proposal): invalid local address 209.178.198.242

    ISAKMP (0): atts not acceptable. Next payload is 0
    ISAKMP (0): skipping next ANDed proposal (3)
    ISAKMP : Checking IPSec proposal 4

    ISAKMP: unknown ESP transform!
    ISAKMP: attributes in transform:
    ISAKMP: authenticator is HMAC-SHA
    ISAKMP: key length is 128
    ISAKMP: encaps is 1
    ISAKMP: SA life type in seconds
    ISAKMP: SA life duration (VPI) of 0x0 0x20 0xc4 0x9b
    IPSEC(validate_proposal): invalid local address 209.178.198.242

    ISAKMP (0): atts not acceptable. Next payload is 0
    ISAKMP (0): skipping next ANDed proposal (4)
    ISAKMP : Checking IPSec proposal 5

    ISAKMP: unknown ESP transform!
    ISAKMP: attributes in transform:
    ISAKMP: authenticator is HMAC-MD5
    ISAKMP: key length is 256
    ISAKMP: encaps is 1
    ISAKMP: SA life type in seconds
    ISAKMP: SA life duration (VPI) of 0x0 0x20 0xc4 0x9b
    IPSEC(validate_proposal): invalid local address 209.178.198.242

    ISAKMP (0): atts not acceptable. Next payload is 0
    ISAKMP : Checking IPSec proposal 6

    ISAKMP: unknown ESP transform!
    ISAKMP: attributes in transform:
    ISAKMP: authenticator is HMAC-SHA
    ISAKMP: key length is 256
    ISAKMP: encaps is 1
    ISAKMP: SA life type in seconds
    ISAKMP: SA life duration (VPI) of 0x0 0x20 0xc4 0x9b
    IPSEC(validate_proposal): invalid local address 209.178.198.242

    ISAKMP (0): atts not acceptable. Next payload is 0
    ISAKMP : Checking IPSec proposal 7

    ISAKMP: unknown ESP transform!
    ISAKMP: attributes in transform:
    ISAKMP: authenticator is HMAC-MD5
    ISAKMP: key length is 128
    ISAKMP: encaps is 1
    ISAKMP: SA life type in seconds
    ISAKMP: SA life duration (VPI) of 0x0 0x20 0xc4 0x9b
    IPSEC(validate_proposal): invalid local address 209.178.198.242

    ISAKMP (0): atts not acceptable. Next payload is 0
    ISAKMP : Checking IPSec proposal 8

    ISAKMP: unknown ESP transform!
    ISAKMP: attributes in transform:
    ISAKMP: authenticator is HMAC-SHA
    ISAKMP: key length is 128
    ISAKMP: encaps is 1
    ISAKMP: SA life type in seconds
    ISAKMP: SA life duration (VPI) of 0x0 0x20 0xc4 0x9b
    IPSEC(validate_proposal): invalid local address 209.178.198.242
    crypto_isakmp_process_block: src 72.79.125.235, dest 209.178.198.242
    ISAKMP (0:0): phase 2 packet is a duplicate of a previous packet.
    crypto_isakmp_process_block: src 72.79.125.235, dest 209.178.198.242
    ISAKMP (0:0): phase 2 packet is a duplicate of a previous packet.
    crypto_isakmp_process_block: src 72.79.125.235, dest 209.178.198.242
    ISAKMP (0:0): phase 2 packet is a duplicate of a previous packet.
    crypto_isakmp_process_block: src 72.79.125.235, dest 209.178.198.242
    ISAKMP (0): processing NOTIFY payload 36136 protocol 1
    spi 0, message ID = 4224895108
    ISAMKP (0): received DPD_R_U_THERE from peer 72.79.125.235
    ISAKMP (0): sending NOTIFY message 36137 protocol 1
    return status is IKMP_NO_ERR_NO_TRANS
    crypto_isakmp_process_block: src 72.79.125.235, dest 209.178.198.242
    ISAKMP (0): processing DELETE payload. message ID =
    2699998900IPSEC(key_engine): got a queue event...
    IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP

    return status is IKMP_NO_ERR_NO_TRANS
    crypto_isakmp_process_block: src 72.79.125.235, dest 209.178.198.242
    ISAKMP (0): processing DELETE payload. message ID = 3651836985
    ISAKMP (0): deleting SA: src 72.79.125.235, dst 209.178.198.242
    ISAKMP (0): deleting IPSEC SAs with peer at
    72.79.125.235IPSEC(key_engine): got a queue event...
    IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP
    IPSEC(key_engine_delete_sas): delete all SAs shared with
    72.79.125.235

    return status is IKMP_NO_ERR_NO_TRANS
    ISADB: reaper checking SA 0x80c91590, conn_id = 0 DELETE IT!

    VPN Peer: ISAKMP: Peer ip:72.79.125.235 Ref cnt decremented to:0 Total
    VPN Peers:1
    VPN Peer: ISAKMP: Deleted peer: ip:72.79.125.235 Total VPN
    peers:0IPSEC(key_engine): got a queue event...
    IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP
    IPSEC(key_engine_delete_sas): delete all SAs shared with 72.79.125.235
    , Dec 16, 2006
    #4
  5. Guest

    I downloaded the GreenBow VPN client and tested the encryption. The PIX
    expects DES and MD5 for encryption and authentication respectively. The
    GreenBow VPN client passed the phase 1 and phase 2 but alas, it doesn't
    connect when a password is challenged. I have to make extensive changes
    on the PIX to make the GreenBow VPN client work. It is not a viable
    option to me. Also the GreenBow VPN client is not free. Now if I can
    replicate the limited success I had with GreenBow VPN client using
    Cisco VPN Client 4.0.5 that will be great. Can anyone please tell me
    what are the encryption and authentication schemes for the Cisco 4.0.5
    VPN client? How can I set the options on Cisco 4.0.5. VPN client?
    Kindly note that the PIX firewall is very old and there is no way to
    change the encryption and authentication schemes.

    Many thanks for your kind help.

    wrote:
    > Here is the debug from the PIX. I'd appreciate if Walter or someone
    > can comment.
    >
    > Thanks
    >
    >
    > crypto_isakmp_process_block: src 72.79.125.235, dest 209.178.198.242
    > VPN Peer: ISAKMP: Added new peer: ip:72.79.125.235 Total VPN Peers:1
    > VPN Peer: ISAKMP: Peer ip:72.79.125.235 Ref cnt incremented to:1 Total
    > VPN Peers:1
    > OAK_AG exchange
    > ISAKMP (0): processing SA payload. message ID = 0
    >
    > ISAKMP (0): Checking ISAKMP transform 1 against priority 1 policy
    > ISAKMP: encryption... What? 7?
    > ISAKMP: hash SHA
    > ISAKMP: default group 2
    > ISAKMP: extended auth pre-share
    > ISAKMP: life type in seconds
    > ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b
    > ISAKMP: attribute 3584
    > ISAKMP (0): atts are not acceptable. Next payload is 3
    > ISAKMP (0): Checking ISAKMP transform 2 against priority 1 policy
    > ISAKMP: encryption... What? 7?
    > ISAKMP: hash MD5
    > ISAKMP: default group 2
    > ISAKMP: extended auth pre-share
    > ISAKMP: life type in seconds
    > ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b
    > ISAKMP: attribute 3584
    > ISAKMP (0): atts are not acceptable. Next payload is 3
    > ISAKMP (0): Checking ISAKMP transform 3 against priority 1 policy
    > ISAKMP: encryption... What? 7?
    > ISAKMP: hash SHA
    > ISAKMP: default group 2
    > ISAKMP: auth pre-share
    > ISAKMP: life type in seconds
    > ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b
    > ISAKMP: attribute 3584
    > ISAKMP (0): atts are not acceptable. Next payload is 3
    > ISAKMP (0): Checking ISAKMP transform 4 against priority 1 policy
    > ISAKMP: encryption... What? 7?
    > ISAKMP: hash MD5
    > ISAKMP: default group 2
    > ISAKMP: auth pre-share
    > ISAKMP: life type in seconds
    > ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b
    > ISAKMP: attribute 3584
    > ISAKMP (0): atts are not acceptable. Next payload is 3
    > ISAKMP (0): Checking ISAKMP transform 5 against priority 1 policy
    > ISAKMP: encryption... What? 7?
    > ISAKMP: hash SHA
    > ISAKMP: default group 2
    > ISAKMP: extended auth pre-share
    > ISAKMP: life type in seconds
    > ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b
    > ISAKMP: attribute 3584
    > ISAKMP (0): atts are not acceptable. Next payload is 3
    > ISAKMP (0): Checking ISAKMP transform 6 against priority 1 policy
    > ISAKMP: encryption... What? 7?
    > ISAKMP: hash MD5
    > ISAKMP: default group 2
    > ISAKMP: extended auth pre-share
    > ISAKMP: life type in seconds
    > ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b
    > ISAKMP: attribute 3584
    > ISAKMP (0): atts are not acceptable. Next payload is 3
    > ISAKMP (0): Checking ISAKMP transform 7 against priority 1 policy
    > ISAKMP: encryption... What? 7?
    > ISAKMP: hash SHA
    > ISAKMP: default group 2
    > ISAKMP: auth pre-share
    > ISAKMP: life type in seconds
    > ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b
    > ISAKMP: attribute 3584
    > ISAKMP (0): atts are not acceptable. Next payload is 3
    > ISAKMP (0): Checking ISAKMP transform 8 against priority 1 policy
    > ISAKMP: encryption... What? 7?
    > ISAKMP: hash MD5
    > ISAKMP: default group 2
    > ISAKMP: auth pre-share
    > ISAKMP: life type in seconds
    > ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b
    > ISAKMP: attribute 3584
    > ISAKMP (0): atts are not acceptable. Next payload is 3
    > ISAKMP (0): Checking ISAKMP transform 9 against priority 1 policy
    > ISAKMP: encryption 3DES-CBC
    > ISAKMP: hash SHA
    > ISAKMP: default group 2
    > ISAKMP: extended auth pre-share
    > ISAKMP: life type in seconds
    > ISAKMP: life duration (VPI) of 0x0 0x20 0xc4
    > crypto_isakmp_process_block: src 72.79.125.235, dest 209.178.198.242
    > OAK_AG exchange
    > ISAKMP (0): processing HASH payload. message ID = 0
    > ISAKMP (0): processing NOTIFY payload 24578 protocol 1
    > spi 0, message ID = 0
    > ISAKMP (0): processing notify INITIAL_CONTACTIPSEC(key_engine): got a
    > queue event...
    > IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP
    > IPSEC(key_engine_delete_sas): delete all SAs shared with
    > 72.79.125.235
    >
    > ISAKMP (0): processing vendor id payload
    >
    > ISAKMP (0): speaking to another IOS box!
    >
    > ISAKMP (0): processing vendor id payload
    >
    > ISAKMP (0): speaking to a Unity client
    >
    > ISAKMP (0): SA has been authenticated
    > return status is IKMP_NO_ERROR
    > crypto_isakmp_process_block: src 72.79.125.235, dest 209.178.198.242
    > ISAKMP_TRANSACTION exchange
    > ISAKMP (0:0): processing transaction payload from 72.79.125.235.
    > message ID = 0
    > ISAKMP: Config payload CFG_REQUEST
    > ISAKMP (0:0): checking request:
    > ISAKMP: attribute IP4_ADDRESS (1)
    > ISAKMP: attribute IP4_NETMASK (2)
    > ISAKMP: attribute IP4_DNS (3)
    > ISAKMP: attribute IP4_NBNS (4)
    > ISAKMP: attribute ADDRESS_EXPIRY (5)
    > Unsupported Attr: 5
    > ISAKMP: attribute UNKNOWN (28672)
    > Unsupported Attr: 28672
    > ISAKMP: attribute UNKNOWN (28673)
    > Unsupported Attr: 28673
    > ISAKMP: attribute UNKNOWN (28674)
    > ISAKMP: attribute UNKNOWN (28676)
    > ISAKMP: attribute UNKNOWN (28675)
    > Unsupported Attr: 28675
    > ISAKMP: attribute UNKNOWN (28679)
    > Unsupported Attr: 28679
    > ISAKMP: attribute UNKNOWN (28681)
    > Unsupported Attr: 28681
    > ISAKMP: attribute APPLICATION_VERSION (7)
    > Unsupported Attr: 7
    > ISAKMP: attribute UNKNOWN (28680)
    > Unsupported Attr: 28680
    > ISAKMP: attribute UNKNOWN (28682)
    > Unsupported Attr: 28682
    > ISAKMP: attribute UNKNOWN (28677)
    > Unsupported Attr: 28677
    > ISAKMP: attribute UNKNOWN (28678)
    > Unsupported Attr: 28678
    > ISAKMP (0:0): responding to peer config from 72.79.125.235. ID =
    > 3561348378
    > return status is IKMP_NO_ERROR
    > crypto_isakmp_process_block: src 72.79.125.235, dest 209.178.198.242
    > OAK_QM exchange
    > oakley_process_quick_mode:
    > OAK_QM_IDLE
    > ISAKMP (0): processing SA payload. message ID = 3146087570
    >
    > ISAKMP : Checking IPSec proposal 1
    >
    > ISAKMP: unknown ESP transform!
    > ISAKMP: attributes in transform:
    > ISAKMP: authenticator is HMAC-MD5
    > ISAKMP: key length is 256
    > ISAKMP: encaps is 1
    > ISAKMP: SA life type in seconds
    > ISAKMP: SA life duration (VPI) of 0x0 0x20 0xc4 0x9b
    > IPSEC(validate_proposal): invalid local address 209.178.198.242
    >
    > ISAKMP (0): atts not acceptable. Next payload is 0
    > ISAKMP (0): skipping next ANDed proposal (1)
    > ISAKMP : Checking IPSec proposal 2
    >
    > ISAKMP: unknown ESP transform!
    > ISAKMP: attributes in transform:
    > ISAKMP: authenticator is HMAC-SHA
    > ISAKMP: key length is 256
    > ISAKMP: encaps is 1
    > ISAKMP: SA life type in seconds
    > ISAKMP: SA life duration (VPI) of 0x0 0x20 0xc4 0x9b
    > IPSEC(validate_proposal): invalid local address 209.178.198.242
    >
    > ISAKMP (0): atts not acceptable. Next payload is 0
    > ISAKMP (0): skipping next ANDed proposal (2)
    > ISAKMP : Checking IPSec proposal 3
    >
    > ISAKMP: unknown ESP transform!
    > ISAKMP: attributes in transform:
    > ISAKMP: authenticator is HMAC-MD5
    > ISAKMP: key length is 128
    > ISAKMP: encaps is 1
    > ISAKMP: SA life type in seconds
    > ISAKMP: SA life duration (VPI) of 0x0 0x20 0xc4 0x9b
    > IPSEC(validate_proposal): invalid local address 209.178.198.242
    >
    > ISAKMP (0): atts not acceptable. Next payload is 0
    > ISAKMP (0): skipping next ANDed proposal (3)
    > ISAKMP : Checking IPSec proposal 4
    >
    > ISAKMP: unknown ESP transform!
    > ISAKMP: attributes in transform:
    > ISAKMP: authenticator is HMAC-SHA
    > ISAKMP: key length is 128
    > ISAKMP: encaps is 1
    > ISAKMP: SA life type in seconds
    > ISAKMP: SA life duration (VPI) of 0x0 0x20 0xc4 0x9b
    > IPSEC(validate_proposal): invalid local address 209.178.198.242
    >
    > ISAKMP (0): atts not acceptable. Next payload is 0
    > ISAKMP (0): skipping next ANDed proposal (4)
    > ISAKMP : Checking IPSec proposal 5
    >
    > ISAKMP: unknown ESP transform!
    > ISAKMP: attributes in transform:
    > ISAKMP: authenticator is HMAC-MD5
    > ISAKMP: key length is 256
    > ISAKMP: encaps is 1
    > ISAKMP: SA life type in seconds
    > ISAKMP: SA life duration (VPI) of 0x0 0x20 0xc4 0x9b
    > IPSEC(validate_proposal): invalid local address 209.178.198.242
    >
    > ISAKMP (0): atts not acceptable. Next payload is 0
    > ISAKMP : Checking IPSec proposal 6
    >
    > ISAKMP: unknown ESP transform!
    > ISAKMP: attributes in transform:
    > ISAKMP: authenticator is HMAC-SHA
    > ISAKMP: key length is 256
    > ISAKMP: encaps is 1
    > ISAKMP: SA life type in seconds
    > ISAKMP: SA life duration (VPI) of 0x0 0x20 0xc4 0x9b
    > IPSEC(validate_proposal): invalid local address 209.178.198.242
    >
    > ISAKMP (0): atts not acceptable. Next payload is 0
    > ISAKMP : Checking IPSec proposal 7
    >
    > ISAKMP: unknown ESP transform!
    > ISAKMP: attributes in transform:
    > ISAKMP: authenticator is HMAC-MD5
    > ISAKMP: key length is 128
    > ISAKMP: encaps is 1
    > ISAKMP: SA life type in seconds
    > ISAKMP: SA life duration (VPI) of 0x0 0x20 0xc4 0x9b
    > IPSEC(validate_proposal): invalid local address 209.178.198.242
    >
    > ISAKMP (0): atts not acceptable. Next payload is 0
    > ISAKMP : Checking IPSec proposal 8
    >
    > ISAKMP: unknown ESP transform!
    > ISAKMP: attributes in transform:
    > ISAKMP: authenticator is HMAC-SHA
    > ISAKMP: key length is 128
    > ISAKMP: encaps is 1
    > ISAKMP: SA life type in seconds
    > ISAKMP: SA life duration (VPI) of 0x0 0x20 0xc4 0x9b
    > IPSEC(validate_proposal): invalid local address 209.178.198.242
    > crypto_isakmp_process_block: src 72.79.125.235, dest 209.178.198.242
    > ISAKMP (0:0): phase 2 packet is a duplicate of a previous packet.
    > crypto_isakmp_process_block: src 72.79.125.235, dest 209.178.198.242
    > ISAKMP (0:0): phase 2 packet is a duplicate of a previous packet.
    > crypto_isakmp_process_block: src 72.79.125.235, dest 209.178.198.242
    > ISAKMP (0:0): phase 2 packet is a duplicate of a previous packet.
    > crypto_isakmp_process_block: src 72.79.125.235, dest 209.178.198.242
    > ISAKMP (0): processing NOTIFY payload 36136 protocol 1
    > spi 0, message ID = 4224895108
    > ISAMKP (0): received DPD_R_U_THERE from peer 72.79.125.235
    > ISAKMP (0): sending NOTIFY message 36137 protocol 1
    > return status is IKMP_NO_ERR_NO_TRANS
    > crypto_isakmp_process_block: src 72.79.125.235, dest 209.178.198.242
    > ISAKMP (0): processing DELETE payload. message ID =
    > 2699998900IPSEC(key_engine): got a queue event...
    > IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP
    >
    > return status is IKMP_NO_ERR_NO_TRANS
    > crypto_isakmp_process_block: src 72.79.125.235, dest 209.178.198.242
    > ISAKMP (0): processing DELETE payload. message ID = 3651836985
    > ISAKMP (0): deleting SA: src 72.79.125.235, dst 209.178.198.242
    > ISAKMP (0): deleting IPSEC SAs with peer at
    > 72.79.125.235IPSEC(key_engine): got a queue event...
    > IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP
    > IPSEC(key_engine_delete_sas): delete all SAs shared with
    > 72.79.125.235
    >
    > return status is IKMP_NO_ERR_NO_TRANS
    > ISADB: reaper checking SA 0x80c91590, conn_id = 0 DELETE IT!
    >
    > VPN Peer: ISAKMP: Peer ip:72.79.125.235 Ref cnt decremented to:0 Total
    > VPN Peers:1
    > VPN Peer: ISAKMP: Deleted peer: ip:72.79.125.235 Total VPN
    > peers:0IPSEC(key_engine): got a queue event...
    > IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP
    > IPSEC(key_engine_delete_sas): delete all SAs shared with 72.79.125.235
    , Dec 16, 2006
    #5
  6. Guest

    Also are there any other VPN clients to connect to a fairly old PIX? I
    tried the network wizard on Windows XP and it didn't do the connection.
    If you know of any 3rd party VPN clients kindly drop me a word.
    Thanks
    wrote:
    > I downloaded the GreenBow VPN client and tested the encryption. The PIX
    > expects DES and MD5 for encryption and authentication respectively. The
    > GreenBow VPN client passed the phase 1 and phase 2 but alas, it doesn't
    > connect when a password is challenged. I have to make extensive changes
    > on the PIX to make the GreenBow VPN client work. It is not a viable
    > option to me. Also the GreenBow VPN client is not free. Now if I can
    > replicate the limited success I had with GreenBow VPN client using
    > Cisco VPN Client 4.0.5 that will be great. Can anyone please tell me
    > what are the encryption and authentication schemes for the Cisco 4.0.5
    > VPN client? How can I set the options on Cisco 4.0.5. VPN client?
    > Kindly note that the PIX firewall is very old and there is no way to
    > change the encryption and authentication schemes.
    >
    > Many thanks for your kind help.
    >
    > wrote:
    > > Here is the debug from the PIX. I'd appreciate if Walter or someone
    > > can comment.
    > >
    > > Thanks
    > >
    > >
    > > crypto_isakmp_process_block: src 72.79.125.235, dest 209.178.198.242
    > > VPN Peer: ISAKMP: Added new peer: ip:72.79.125.235 Total VPN Peers:1
    > > VPN Peer: ISAKMP: Peer ip:72.79.125.235 Ref cnt incremented to:1 Total
    > > VPN Peers:1
    > > OAK_AG exchange
    > > ISAKMP (0): processing SA payload. message ID = 0
    > >
    > > ISAKMP (0): Checking ISAKMP transform 1 against priority 1 policy
    > > ISAKMP: encryption... What? 7?
    > > ISAKMP: hash SHA
    > > ISAKMP: default group 2
    > > ISAKMP: extended auth pre-share
    > > ISAKMP: life type in seconds
    > > ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b
    > > ISAKMP: attribute 3584
    > > ISAKMP (0): atts are not acceptable. Next payload is 3
    > > ISAKMP (0): Checking ISAKMP transform 2 against priority 1 policy
    > > ISAKMP: encryption... What? 7?
    > > ISAKMP: hash MD5
    > > ISAKMP: default group 2
    > > ISAKMP: extended auth pre-share
    > > ISAKMP: life type in seconds
    > > ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b
    > > ISAKMP: attribute 3584
    > > ISAKMP (0): atts are not acceptable. Next payload is 3
    > > ISAKMP (0): Checking ISAKMP transform 3 against priority 1 policy
    > > ISAKMP: encryption... What? 7?
    > > ISAKMP: hash SHA
    > > ISAKMP: default group 2
    > > ISAKMP: auth pre-share
    > > ISAKMP: life type in seconds
    > > ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b
    > > ISAKMP: attribute 3584
    > > ISAKMP (0): atts are not acceptable. Next payload is 3
    > > ISAKMP (0): Checking ISAKMP transform 4 against priority 1 policy
    > > ISAKMP: encryption... What? 7?
    > > ISAKMP: hash MD5
    > > ISAKMP: default group 2
    > > ISAKMP: auth pre-share
    > > ISAKMP: life type in seconds
    > > ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b
    > > ISAKMP: attribute 3584
    > > ISAKMP (0): atts are not acceptable. Next payload is 3
    > > ISAKMP (0): Checking ISAKMP transform 5 against priority 1 policy
    > > ISAKMP: encryption... What? 7?
    > > ISAKMP: hash SHA
    > > ISAKMP: default group 2
    > > ISAKMP: extended auth pre-share
    > > ISAKMP: life type in seconds
    > > ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b
    > > ISAKMP: attribute 3584
    > > ISAKMP (0): atts are not acceptable. Next payload is 3
    > > ISAKMP (0): Checking ISAKMP transform 6 against priority 1 policy
    > > ISAKMP: encryption... What? 7?
    > > ISAKMP: hash MD5
    > > ISAKMP: default group 2
    > > ISAKMP: extended auth pre-share
    > > ISAKMP: life type in seconds
    > > ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b
    > > ISAKMP: attribute 3584
    > > ISAKMP (0): atts are not acceptable. Next payload is 3
    > > ISAKMP (0): Checking ISAKMP transform 7 against priority 1 policy
    > > ISAKMP: encryption... What? 7?
    > > ISAKMP: hash SHA
    > > ISAKMP: default group 2
    > > ISAKMP: auth pre-share
    > > ISAKMP: life type in seconds
    > > ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b
    > > ISAKMP: attribute 3584
    > > ISAKMP (0): atts are not acceptable. Next payload is 3
    > > ISAKMP (0): Checking ISAKMP transform 8 against priority 1 policy
    > > ISAKMP: encryption... What? 7?
    > > ISAKMP: hash MD5
    > > ISAKMP: default group 2
    > > ISAKMP: auth pre-share
    > > ISAKMP: life type in seconds
    > > ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b
    > > ISAKMP: attribute 3584
    > > ISAKMP (0): atts are not acceptable. Next payload is 3
    > > ISAKMP (0): Checking ISAKMP transform 9 against priority 1 policy
    > > ISAKMP: encryption 3DES-CBC
    > > ISAKMP: hash SHA
    > > ISAKMP: default group 2
    > > ISAKMP: extended auth pre-share
    > > ISAKMP: life type in seconds
    > > ISAKMP: life duration (VPI) of 0x0 0x20 0xc4
    > > crypto_isakmp_process_block: src 72.79.125.235, dest 209.178.198.242
    > > OAK_AG exchange
    > > ISAKMP (0): processing HASH payload. message ID = 0
    > > ISAKMP (0): processing NOTIFY payload 24578 protocol 1
    > > spi 0, message ID = 0
    > > ISAKMP (0): processing notify INITIAL_CONTACTIPSEC(key_engine): got a
    > > queue event...
    > > IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP
    > > IPSEC(key_engine_delete_sas): delete all SAs shared with
    > > 72.79.125.235
    > >
    > > ISAKMP (0): processing vendor id payload
    > >
    > > ISAKMP (0): speaking to another IOS box!
    > >
    > > ISAKMP (0): processing vendor id payload
    > >
    > > ISAKMP (0): speaking to a Unity client
    > >
    > > ISAKMP (0): SA has been authenticated
    > > return status is IKMP_NO_ERROR
    > > crypto_isakmp_process_block: src 72.79.125.235, dest 209.178.198.242
    > > ISAKMP_TRANSACTION exchange
    > > ISAKMP (0:0): processing transaction payload from 72.79.125.235.
    > > message ID = 0
    > > ISAKMP: Config payload CFG_REQUEST
    > > ISAKMP (0:0): checking request:
    > > ISAKMP: attribute IP4_ADDRESS (1)
    > > ISAKMP: attribute IP4_NETMASK (2)
    > > ISAKMP: attribute IP4_DNS (3)
    > > ISAKMP: attribute IP4_NBNS (4)
    > > ISAKMP: attribute ADDRESS_EXPIRY (5)
    > > Unsupported Attr: 5
    > > ISAKMP: attribute UNKNOWN (28672)
    > > Unsupported Attr: 28672
    > > ISAKMP: attribute UNKNOWN (28673)
    > > Unsupported Attr: 28673
    > > ISAKMP: attribute UNKNOWN (28674)
    > > ISAKMP: attribute UNKNOWN (28676)
    > > ISAKMP: attribute UNKNOWN (28675)
    > > Unsupported Attr: 28675
    > > ISAKMP: attribute UNKNOWN (28679)
    > > Unsupported Attr: 28679
    > > ISAKMP: attribute UNKNOWN (28681)
    > > Unsupported Attr: 28681
    > > ISAKMP: attribute APPLICATION_VERSION (7)
    > > Unsupported Attr: 7
    > > ISAKMP: attribute UNKNOWN (28680)
    > > Unsupported Attr: 28680
    > > ISAKMP: attribute UNKNOWN (28682)
    > > Unsupported Attr: 28682
    > > ISAKMP: attribute UNKNOWN (28677)
    > > Unsupported Attr: 28677
    > > ISAKMP: attribute UNKNOWN (28678)
    > > Unsupported Attr: 28678
    > > ISAKMP (0:0): responding to peer config from 72.79.125.235. ID =
    > > 3561348378
    > > return status is IKMP_NO_ERROR
    > > crypto_isakmp_process_block: src 72.79.125.235, dest 209.178.198.242
    > > OAK_QM exchange
    > > oakley_process_quick_mode:
    > > OAK_QM_IDLE
    > > ISAKMP (0): processing SA payload. message ID = 3146087570
    > >
    > > ISAKMP : Checking IPSec proposal 1
    > >
    > > ISAKMP: unknown ESP transform!
    > > ISAKMP: attributes in transform:
    > > ISAKMP: authenticator is HMAC-MD5
    > > ISAKMP: key length is 256
    > > ISAKMP: encaps is 1
    > > ISAKMP: SA life type in seconds
    > > ISAKMP: SA life duration (VPI) of 0x0 0x20 0xc4 0x9b
    > > IPSEC(validate_proposal): invalid local address 209.178.198.242
    > >
    > > ISAKMP (0): atts not acceptable. Next payload is 0
    > > ISAKMP (0): skipping next ANDed proposal (1)
    > > ISAKMP : Checking IPSec proposal 2
    > >
    > > ISAKMP: unknown ESP transform!
    > > ISAKMP: attributes in transform:
    > > ISAKMP: authenticator is HMAC-SHA
    > > ISAKMP: key length is 256
    > > ISAKMP: encaps is 1
    > > ISAKMP: SA life type in seconds
    > > ISAKMP: SA life duration (VPI) of 0x0 0x20 0xc4 0x9b
    > > IPSEC(validate_proposal): invalid local address 209.178.198.242
    > >
    > > ISAKMP (0): atts not acceptable. Next payload is 0
    > > ISAKMP (0): skipping next ANDed proposal (2)
    > > ISAKMP : Checking IPSec proposal 3
    > >
    > > ISAKMP: unknown ESP transform!
    > > ISAKMP: attributes in transform:
    > > ISAKMP: authenticator is HMAC-MD5
    > > ISAKMP: key length is 128
    > > ISAKMP: encaps is 1
    > > ISAKMP: SA life type in seconds
    > > ISAKMP: SA life duration (VPI) of 0x0 0x20 0xc4 0x9b
    > > IPSEC(validate_proposal): invalid local address 209.178.198.242
    > >
    > > ISAKMP (0): atts not acceptable. Next payload is 0
    > > ISAKMP (0): skipping next ANDed proposal (3)
    > > ISAKMP : Checking IPSec proposal 4
    > >
    > > ISAKMP: unknown ESP transform!
    > > ISAKMP: attributes in transform:
    > > ISAKMP: authenticator is HMAC-SHA
    > > ISAKMP: key length is 128
    > > ISAKMP: encaps is 1
    > > ISAKMP: SA life type in seconds
    > > ISAKMP: SA life duration (VPI) of 0x0 0x20 0xc4 0x9b
    > > IPSEC(validate_proposal): invalid local address 209.178.198.242
    > >
    > > ISAKMP (0): atts not acceptable. Next payload is 0
    > > ISAKMP (0): skipping next ANDed proposal (4)
    > > ISAKMP : Checking IPSec proposal 5
    > >
    > > ISAKMP: unknown ESP transform!
    > > ISAKMP: attributes in transform:
    > > ISAKMP: authenticator is HMAC-MD5
    > > ISAKMP: key length is 256
    > > ISAKMP: encaps is 1
    > > ISAKMP: SA life type in seconds
    > > ISAKMP: SA life duration (VPI) of 0x0 0x20 0xc4 0x9b
    > > IPSEC(validate_proposal): invalid local address 209.178.198.242
    > >
    > > ISAKMP (0): atts not acceptable. Next payload is 0
    > > ISAKMP : Checking IPSec proposal 6
    > >
    > > ISAKMP: unknown ESP transform!
    > > ISAKMP: attributes in transform:
    > > ISAKMP: authenticator is HMAC-SHA
    > > ISAKMP: key length is 256
    > > ISAKMP: encaps is 1
    > > ISAKMP: SA life type in seconds
    > > ISAKMP: SA life duration (VPI) of 0x0 0x20 0xc4 0x9b
    > > IPSEC(validate_proposal): invalid local address 209.178.198.242
    > >
    > > ISAKMP (0): atts not acceptable. Next payload is 0
    > > ISAKMP : Checking IPSec proposal 7
    > >
    > > ISAKMP: unknown ESP transform!
    > > ISAKMP: attributes in transform:
    > > ISAKMP: authenticator is HMAC-MD5
    > > ISAKMP: key length is 128
    > > ISAKMP: encaps is 1
    > > ISAKMP: SA life type in seconds
    > > ISAKMP: SA life duration (VPI) of 0x0 0x20 0xc4 0x9b
    > > IPSEC(validate_proposal): invalid local address 209.178.198.242
    > >
    > > ISAKMP (0): atts not acceptable. Next payload is 0
    > > ISAKMP : Checking IPSec proposal 8
    > >
    > > ISAKMP: unknown ESP transform!
    > > ISAKMP: attributes in transform:
    > > ISAKMP: authenticator is HMAC-SHA
    > > ISAKMP: key length is 128
    > > ISAKMP: encaps is 1
    > > ISAKMP: SA life type in seconds
    > > ISAKMP: SA life duration (VPI) of 0x0 0x20 0xc4 0x9b
    > > IPSEC(validate_proposal): invalid local address 209.178.198.242
    > > crypto_isakmp_process_block: src 72.79.125.235, dest 209.178.198.242
    > > ISAKMP (0:0): phase 2 packet is a duplicate of a previous packet.
    > > crypto_isakmp_process_block: src 72.79.125.235, dest 209.178.198.242
    > > ISAKMP (0:0): phase 2 packet is a duplicate of a previous packet.
    > > crypto_isakmp_process_block: src 72.79.125.235, dest 209.178.198.242
    > > ISAKMP (0:0): phase 2 packet is a duplicate of a previous packet.
    > > crypto_isakmp_process_block: src 72.79.125.235, dest 209.178.198.242
    > > ISAKMP (0): processing NOTIFY payload 36136 protocol 1
    > > spi 0, message ID = 4224895108
    > > ISAMKP (0): received DPD_R_U_THERE from peer 72.79.125.235
    > > ISAKMP (0): sending NOTIFY message 36137 protocol 1
    > > return status is IKMP_NO_ERR_NO_TRANS
    > > crypto_isakmp_process_block: src 72.79.125.235, dest 209.178.198.242
    > > ISAKMP (0): processing DELETE payload. message ID =
    > > 2699998900IPSEC(key_engine): got a queue event...
    > > IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP
    > >
    > > return status is IKMP_NO_ERR_NO_TRANS
    > > crypto_isakmp_process_block: src 72.79.125.235, dest 209.178.198.242
    > > ISAKMP (0): processing DELETE payload. message ID = 3651836985
    > > ISAKMP (0): deleting SA: src 72.79.125.235, dst 209.178.198.242
    > > ISAKMP (0): deleting IPSEC SAs with peer at
    > > 72.79.125.235IPSEC(key_engine): got a queue event...
    > > IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP
    > > IPSEC(key_engine_delete_sas): delete all SAs shared with
    > > 72.79.125.235
    > >
    > > return status is IKMP_NO_ERR_NO_TRANS
    > > ISADB: reaper checking SA 0x80c91590, conn_id = 0 DELETE IT!
    > >
    > > VPN Peer: ISAKMP: Peer ip:72.79.125.235 Ref cnt decremented to:0 Total
    > > VPN Peers:1
    > > VPN Peer: ISAKMP: Deleted peer: ip:72.79.125.235 Total VPN
    > > peers:0IPSEC(key_engine): got a queue event...
    > > IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP
    > > IPSEC(key_engine_delete_sas): delete all SAs shared with 72.79.125.235
    , Dec 16, 2006
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Doug A Moller

    Need help with peer to peer no hub network

    Doug A Moller, Jun 23, 2004, in forum: Wireless Networking
    Replies:
    3
    Views:
    5,694
  2. James

    Peer no longer responding

    James, Nov 18, 2005, in forum: Cisco
    Replies:
    4
    Views:
    3,831
    James
    Nov 21, 2005
  3. James
    Replies:
    30
    Views:
    324,833
    diggisaur
    Jan 15, 2014
  4. James
    Replies:
    3
    Views:
    2,864
    James
    Oct 3, 2006
  5. Replies:
    4
    Views:
    5,354
Loading...

Share This Page