Failing Phase2 Auth - IPSec - All IPSec SA proposals foundunacceptable

Discussion in 'Cisco' started by scooter133, Nov 27, 2008.

  1. scooter133

    scooter133 Guest

    I'm getting the Below Debug info when I try to Connect my Client to
    the PIX 515e.

    The Client is an iPhone. Seems like I have all of the Transforms in
    there.

    How can I trouble shoot this?

    Thanks!
    Scott<-



    4:15:32 PM %PIX-3-713119: Group = <group>, Username = <user>, IP =
    <ip>(unresolved), PHASE 1 COMPLETED
    4:15:32 PM %PIX-5-713904: Group = <group>, Username = <user>, IP =
    <ip>(unresolved), All IPSec SA proposals found unacceptable!
    4:15:32 PM %PIX-3-713902: Group = <group>, Username = <user>, IP =
    <ip>(unresolved), QM FSM error (P2 struct &0x2452b08, mess id
    0x9193376c)!
    4:15:32 PM %PIX-3-713902: Group = <group>, Username = <user>, IP =
    <ip>(unresolved), Removing peer from correlator table failed, no
    match!
    4:15:32 PM %PIX-4-113019: Group = <group>, Username = <user>, IP =
    <ip>(unresolved), Session disconnected. Session Type: IPSec, Duration:
    0h:00m:00s, Bytes xmt: 0, Bytes rcv: 0, Reason: Phase 2 Mismatch
    4:15:31 PM %PIX-6-713172: Group = <group>, IP = <ip>(unresolved),
    Automatic NAT Detection Status: Remote end IS behind a NAT device This
    end IS behind a NAT device
    4:15:31 PM %PIX-6-113012: AAA user authentication Successful : local
    database : user = <user>
    4:15:31 PM %PIX-6-113009: AAA retrieved default group policy
    (<group>) for user = <user>
    4:15:31 PM %PIX-6-113008: AAA transaction status ACCEPT : user =
    <user>
    4:15:31 PM %PIX-5-713130: Group = <group>, Username = <user>, IP =
    <ip>(unresolved), Received unsupported transaction mode attribute: 5
    4:15:31 PM %PIX-6-713184: Group = <group>, Username = <user>, IP =
    <ip>(unresolved), Client Type: iPhone OS Client Application Version:
    2.2
    4:15:31 PM %PIX-5-713131: Group = <group>, Username = <user>, IP =
    <ip>(unresolved), Received unknown transaction mode attribute: 28683
    4:15:31 PM %PIX-6-713228: Group = <group>, Username = <user>, IP =
    <ip>(unresolved), Assigned private IP address <IpSecIP>(unresolved) to
    remote user
     
    scooter133, Nov 27, 2008
    #1
    1. Advertisements

  2. scooter133

    News Reader Guest

    Did a quick search on Google for the term "iphone ipsec transforms" and
    received plenty of results.

    The first link looked interesting in terms of identifying transform
    limitations of the iPhone:

    http://www.networkworld.com/community/node/23023

    Perhaps you'll find what you are looking for in that document, or one of
    the others within the search results.

    Best Regards,
    News Reader
     
    News Reader, Nov 27, 2008
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.