cisco 2621 vpn to Netopia R5300 problems

Hi,

Having severe problems with building a tunnel between these two
devices. The netopia has the most recent firmwarev4.11.3 and the cisco
is running IOS 12.3(8)T

Long and short is that IKE phase two doesn't complete details are below



here's the relevant bits of my cisco config
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
lifetime 3600
crypto ipsec transform-set e-trans esp-3des esp-md5-hmac
crypto isakmp key secret address 82.55.55.197
crypto map IPSEC 108 ipsec-isakmp
set peer 160.55.55.174
set security-association lifetime seconds 28800
set security-association lifetime kilobytes 536870912
set transform-set e-trans
set pfs group2
match address 105
access-list 105 permit ip 10.51.0.0 0.0.255.255 172.26.11.0 0.0.0.255

Netopia is set to equivalents.

Phase1 IKE completes, Phase2 doesn't.

debug crypto isakmp yeilds this:


*Jan 16 07:40:21.266 GMT: ISAKMP0:76:HW:2): retransmitting phase 2
QM_IDLE 429795767 ...
*Jan 16 07:40:21.266 GMT: ISAKMP0:76:HW:2):incrementing error
counter on sa: retransmit phase 2
*Jan 16 07:40:21.266 GMT: ISAKMP0:76:HW:2):incrementing error
counter on sa: retransmit phase 2
*Jan 16 07:40:21.266 GMT: ISAKMP0:76:HW:2): retransmitting phase 2
429795767 QM_IDLE
*Jan 16 07:40:21.266 GMT: ISAKMP0:76:HW:2): sending packet to
160.55.55.174 my_port 500 peer_port 500 (I) QM_IDLE
6 07:40:27.950 GMT: ISAKMP0:76:HW:2): retransmitting phase 2 QM_IDLE
235142799 ...
*Jan 16 07:40:27.950 GMT: ISAKMP0:76:HW:2):incrementing error
counter on sa: retransmit phase 2
*Jan 16 07:40:27.950 GMT: ISAKMP0:76:HW:2):incrementing error
counter on sa: retransmit phase 2
*Jan 16 07:40:27.950 GMT: ISAKMP0:76:HW:2): retransmitting phase 2
235142799 QM_IDLE
*Jan 16 07:40:27.950 GMT: ISAKMP0:76:HW:2): sending packet to
160.55.55.174 my_port 500 peer_port 500 (I) QM_IDLEs
*Jan 16 07:40:31.266 GMT: ISAKMP0:76:HW:2): retransmitting phase 2
QM_IDLE 429795767 ...
*Jan 16 07:40:31.266 GMT: ISAKMP0:76:HW:2)eer does not do paranoid
keepalives.
*Jan 16 07:40:31.266 GMT: ISAKMP0:76:HW:2):deleting SA reason "Death
by retransmission P2" state (I) QM_IDLE (peer 160.55.55.174)
*Jan 16 07:40:31.266 GMT: ISAKMP: set new node -416051795 to QM_IDLE
*Jan 16 07:40:31.270 GMT: ISAKMP0:76:HW:2): sending packet to
160.55.55.174 my_port 500 peer_port 500 (I) QM_IDLE


The netopia doesn't seem to have such a good debug system and I can't
see any errors it it's log.


The strange thing about this is:

I have built a tunnel from the Cisco to a Linux FreeSWAN using the
exact same parameters and I have also built a tunnel from the Netopia
to the same Linux FreeSWAN using exact same parameters... and they
interoperate just fine, which made me think that getting teh cisco to
talk to the netopia was going to be a breeze... obviously, nothing is
ever a breeze with interoperating VPN hardware, should have known
better.

Anyway, I thow myself at everyones mercy, can anyone help on this? I
was supposed to complete this over the weekend and still do some
housework, so now it isn't complete, the housework isn't done and I'm
in the doghouse :-( thanks for your help.

JogDial

 

:Having severe problems with building a tunnel between these two
:devices. The netopia has the most recent firmwarev4.11.3 and the cisco
:is running IOS 12.3(8)T

:Long and short is that IKE phase two doesn't complete details are below

A Phase 2 problem is often (but not always) a mismatch between
the shared keys.

 

Yes, that's been my experience as well... however the keys in this case
are exactly the same as I have been using on the other tunnels, and I
have even gone so far as to enter a very simple string on both ends to
make sure they are the same, but still no luck, that's for your
observations.