Remote peer no longer responding -- please help
in [Cisco]
|
From: soup_or_power on 16 Dec 2006 18:48 Also are there any other VPN clients to connect to a fairly old PIX? I tried the network wizard on Windows XP and it didn't do the connection. If you know of any 3rd party VPN clients kindly drop me a word. Thanks soup_or_power(a)yahoo.com wrote: > I downloaded the GreenBow VPN client and tested the encryption. The PIX > expects DES and MD5 for encryption and authentication respectively. The > GreenBow VPN client passed the phase 1 and phase 2 but alas, it doesn't > connect when a password is challenged. I have to make extensive changes > on the PIX to make the GreenBow VPN client work. It is not a viable > option to me. Also the GreenBow VPN client is not free. Now if I can > replicate the limited success I had with GreenBow VPN client using > Cisco VPN Client 4.0.5 that will be great. Can anyone please tell me > what are the encryption and authentication schemes for the Cisco 4.0.5 > VPN client? How can I set the options on Cisco 4.0.5. VPN client? > Kindly note that the PIX firewall is very old and there is no way to > change the encryption and authentication schemes. > > Many thanks for your kind help. > > soup_or_power(a)yahoo.com wrote: > > Here is the debug from the PIX. I'd appreciate if Walter or someone > > can comment. > > > > Thanks > > > > > > crypto_isakmp_process_block: src 72.79.125.235, dest 209.178.198.242 > > VPN Peer: ISAKMP: Added new peer: ip:72.79.125.235 Total VPN Peers:1 > > VPN Peer: ISAKMP: Peer ip:72.79.125.235 Ref cnt incremented to:1 Total > > VPN Peers:1 > > OAK_AG exchange > > ISAKMP (0): processing SA payload. message ID = 0 > > > > ISAKMP (0): Checking ISAKMP transform 1 against priority 1 policy > > ISAKMP: encryption... What? 7? > > ISAKMP: hash SHA > > ISAKMP: default group 2 > > ISAKMP: extended auth pre-share > > ISAKMP: life type in seconds > > ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b > > ISAKMP: attribute 3584 > > ISAKMP (0): atts are not acceptable. Next payload is 3 > > ISAKMP (0): Checking ISAKMP transform 2 against priority 1 policy > > ISAKMP: encryption... What? 7? > > ISAKMP: hash MD5 > > ISAKMP: default group 2 > > ISAKMP: extended auth pre-share > > ISAKMP: life type in seconds > > ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b > > ISAKMP: attribute 3584 > > ISAKMP (0): atts are not acceptable. Next payload is 3 > > ISAKMP (0): Checking ISAKMP transform 3 against priority 1 policy > > ISAKMP: encryption... What? 7? > > ISAKMP: hash SHA > > ISAKMP: default group 2 > > ISAKMP: auth pre-share > > ISAKMP: life type in seconds > > ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b > > ISAKMP: attribute 3584 > > ISAKMP (0): atts are not acceptable. Next payload is 3 > > ISAKMP (0): Checking ISAKMP transform 4 against priority 1 policy > > ISAKMP: encryption... What? 7? > > ISAKMP: hash MD5 > > ISAKMP: default group 2 > > ISAKMP: auth pre-share > > ISAKMP: life type in seconds > > ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b > > ISAKMP: attribute 3584 > > ISAKMP (0): atts are not acceptable. Next payload is 3 > > ISAKMP (0): Checking ISAKMP transform 5 against priority 1 policy > > ISAKMP: encryption... What? 7? > > ISAKMP: hash SHA > > ISAKMP: default group 2 > > ISAKMP: extended auth pre-share > > ISAKMP: life type in seconds > > ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b > > ISAKMP: attribute 3584 > > ISAKMP (0): atts are not acceptable. Next payload is 3 > > ISAKMP (0): Checking ISAKMP transform 6 against priority 1 policy > > ISAKMP: encryption... What? 7? > > ISAKMP: hash MD5 > > ISAKMP: default group 2 > > ISAKMP: extended auth pre-share > > ISAKMP: life type in seconds > > ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b > > ISAKMP: attribute 3584 > > ISAKMP (0): atts are not acceptable. Next payload is 3 > > ISAKMP (0): Checking ISAKMP transform 7 against priority 1 policy > > ISAKMP: encryption... What? 7? > > ISAKMP: hash SHA > > ISAKMP: default group 2 > > ISAKMP: auth pre-share > > ISAKMP: life type in seconds > > ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b > > ISAKMP: attribute 3584 > > ISAKMP (0): atts are not acceptable. Next payload is 3 > > ISAKMP (0): Checking ISAKMP transform 8 against priority 1 policy > > ISAKMP: encryption... What? 7? > > ISAKMP: hash MD5 > > ISAKMP: default group 2 > > ISAKMP: auth pre-share > > ISAKMP: life type in seconds > > ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b > > ISAKMP: attribute 3584 > > ISAKMP (0): atts are not acceptable. Next payload is 3 > > ISAKMP (0): Checking ISAKMP transform 9 against priority 1 policy > > ISAKMP: encryption 3DES-CBC > > ISAKMP: hash SHA > > ISAKMP: default group 2 > > ISAKMP: extended auth pre-share > > ISAKMP: life type in seconds > > ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 > > crypto_isakmp_process_block: src 72.79.125.235, dest 209.178.198.242 > > OAK_AG exchange > > ISAKMP (0): processing HASH payload. message ID = 0 > > ISAKMP (0): processing NOTIFY payload 24578 protocol 1 > > spi 0, message ID = 0 > > ISAKMP (0): processing notify INITIAL_CONTACTIPSEC(key_engine): got a > > queue event... > > IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP > > IPSEC(key_engine_delete_sas): delete all SAs shared with > > 72.79.125.235 > > > > ISAKMP (0): processing vendor id payload > > > > ISAKMP (0): speaking to another IOS box! > > > > ISAKMP (0): processing vendor id payload > > > > ISAKMP (0): speaking to a Unity client > > > > ISAKMP (0): SA has been authenticated > > return status is IKMP_NO_ERROR > > crypto_isakmp_process_block: src 72.79.125.235, dest 209.178.198.242 > > ISAKMP_TRANSACTION exchange > > ISAKMP (0:0): processing transaction payload from 72.79.125.235. > > message ID = 0 > > ISAKMP: Config payload CFG_REQUEST > > ISAKMP (0:0): checking request: > > ISAKMP: attribute IP4_ADDRESS (1) > > ISAKMP: attribute IP4_NETMASK (2) > > ISAKMP: attribute IP4_DNS (3) > > ISAKMP: attribute IP4_NBNS (4) > > ISAKMP: attribute ADDRESS_EXPIRY (5) > > Unsupported Attr: 5 > > ISAKMP: attribute UNKNOWN (28672) > > Unsupported Attr: 28672 > > ISAKMP: attribute UNKNOWN (28673) > > Unsupported Attr: 28673 > > ISAKMP: attribute UNKNOWN (28674) > > ISAKMP: attribute UNKNOWN (28676) > > ISAKMP: attribute UNKNOWN (28675) > > Unsupported Attr: 28675 > > ISAKMP: attribute UNKNOWN (28679) > > Unsupported Attr: 28679 > > ISAKMP: attribute UNKNOWN (28681) > > Unsupported Attr: 28681 > > ISAKMP: attribute APPLICATION_VERSION (7) > > Unsupported Attr: 7 > > ISAKMP: attribute UNKNOWN (28680) > > Unsupported Attr: 28680 > > ISAKMP: attribute UNKNOWN (28682) > > Unsupported Attr: 28682 > > ISAKMP: attribute UNKNOWN (28677) > > Unsupported Attr: 28677 > > ISAKMP: attribute UNKNOWN (28678) > > Unsupported Attr: 28678 > > ISAKMP (0:0): responding to peer config from 72.79.125.235. ID = > > 3561348378 > > return status is IKMP_NO_ERROR > > crypto_isakmp_process_block: src 72.79.125.235, dest 209.178.198.242 > > OAK_QM exchange > > oakley_process_quick_mode: > > OAK_QM_IDLE > > ISAKMP (0): processing SA payload. message ID = 3146087570 > > > > ISAKMP : Checking IPSec proposal 1 > > > > ISAKMP: unknown ESP transform! > > ISAKMP: attributes in transform: > > ISAKMP: authenticator is HMAC-MD5 > > ISAKMP: key length is 256 > > ISAKMP: encaps is 1 > > ISAKMP: SA life type in seconds > > ISAKMP: SA life duration (VPI) of 0x0 0x20 0xc4 0x9b > > IPSEC(validate_proposal): invalid local address 209.178.198.242 > > > > ISAKMP (0): atts not acceptable. Next payload is 0 > > ISAKMP (0): skipping next ANDed proposal (1) > > ISAKMP : Checking IPSec proposal 2 > > > > ISAKMP: unknown ESP transform! > > ISAKMP: attributes in transform: > > ISAKMP: authenticator is HMAC-SHA > > ISAKMP: key length is 256 > > ISAKMP: encaps is 1 > > ISAKMP: SA life type in seconds > > ISAKMP: SA life duration (VPI) of 0x0 0x20 0xc4 0x9b > > IPSEC(validate_proposal): invalid local address 209.178.198.242 > > > > ISAKMP (0): atts not acceptable. Next payload is 0 > > ISAKMP (0): skipping next ANDed proposal (2) > > ISAKMP : Checking IPSec proposal 3 > > > > ISAKMP: unknown ESP transform! > > ISAKMP: attributes in transform: > > ISAKMP: authenticator is HMAC-MD5 > > ISAKMP: key length is 128 > > ISAKMP: encaps is 1 > > ISAKMP: SA life type in seconds > > ISAKMP: SA life duration (VPI) of 0x0 0x20 0xc4 0x9b > > IPSEC(validate_proposal): invalid local address 209.178.198.242 > > > > ISAKMP (0): atts not acceptable. Next payload is 0 > > ISAKMP (0): skipping next ANDed proposal (3) > > ISAKMP : Checking IPSec proposal 4 > > > > ISAKMP: unknown ESP transform! > > ISAKMP: attributes in transform: > > ISAKMP: authenticator is HMAC-SHA > > ISAKMP: key length is 128 > > ISAKMP: encaps is 1 > > ISAKMP: SA life type in seconds > > ISAKMP: SA life duration (VPI) of 0x0 0x20 0xc4 0x9b > > IPSEC(validate_proposal): invalid local address 209.178.198.242 > > > > ISAKMP (0): atts not acceptable. Next payload is 0 > > ISAKMP (0): skipping next ANDed proposal (4) > > ISAKMP : Checking IPSec proposal 5 > > > > ISAKMP: unknown ESP transform! > > ISAKMP: attributes in transform: > > ISAKMP: authenticator is HMAC-MD5 > > ISAKMP: key length is 256 > > ISAKMP: encaps is 1 > > ISAKMP: SA life type in seconds > > ISAKMP: SA life duration (VPI) of 0x0 0x20 0xc4 0x9b > > IPSEC(validate_proposal): invalid local address 209.178.198.242 > > > > ISAKMP (0): atts not acceptable. Next payload is 0 > > ISAKMP : Checking IPSec proposal 6 > > > > ISAKMP: unknown ESP transform! > > ISAKMP: attributes in transform: > > ISAKMP: authenticator is HMAC-SHA > > ISAKMP: key length is 256 > > ISAKMP: encaps is 1 > > ISAKMP: SA life type in seconds > > ISAKMP: SA life duration (VPI) of 0x0 0x20 0xc4 0x9b > > IPSEC(validate_proposal): invalid local address 209.178.198.242 > > > > ISAKMP (0): atts not acceptable. Next payload is 0 > > ISAKMP : Checking IPSec proposal 7 > > > > ISAKMP: unknown ESP transform! > > ISAKMP: attributes in transform: > > ISAKMP: authenticator is HMAC-MD5 > > ISAKMP: key length is 128 > > ISAKMP: encaps is 1 > > ISAKMP: SA life type in seconds > > ISAKMP: SA life duration (VPI) of 0x0 0x20 0xc4 0x9b > > IPSEC(validate_proposal): invalid local address 209.178.198.242 > > > > ISAKMP (0): atts not acceptable. Next payload is 0 > > ISAKMP : Checking IPSec proposal 8 > > > > ISAKMP: unknown ESP transform! > > ISAKMP: attributes in transform: > > ISAKMP: authenticator is HMAC-SHA > > ISAKMP: key length is 128 > > ISAKMP: encaps is 1 > > ISAKMP: SA life type in seconds > > ISAKMP: SA life duration (VPI) of 0x0 0x20 0xc4 0x9b > > IPSEC(validate_proposal): invalid local address 209.178.198.242 > > crypto_isakmp_process_block: src 72.79.125.235, dest 209.178.198.242 > > ISAKMP (0:0): phase 2 packet is a duplicate of a previous packet. > > crypto_isakmp_process_block: src 72.79.125.235, dest 209.178.198.242 > > ISAKMP (0:0): phase 2 packet is a duplicate of a previous packet. > > crypto_isakmp_process_block: src 72.79.125.235, dest 209.178.198.242 > > ISAKMP (0:0): phase 2 packet is a duplicate of a previous packet. > > crypto_isakmp_process_block: src 72.79.125.235, dest 209.178.198.242 > > ISAKMP (0): processing NOTIFY payload 36136 protocol 1 > > spi 0, message ID = 4224895108 > > ISAMKP (0): received DPD_R_U_THERE from peer 72.79.125.235 > > ISAKMP (0): sending NOTIFY message 36137 protocol 1 > > return status is IKMP_NO_ERR_NO_TRANS > > crypto_isakmp_process_block: src 72.79.125.235, dest 209.178.198.242 > > ISAKMP (0): processing DELETE payload. message ID = > > 2699998900IPSEC(key_engine): got a queue event... > > IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP > > > > return status is IKMP_NO_ERR_NO_TRANS > > crypto_isakmp_process_block: src 72.79.125.235, dest 209.178.198.242 > > ISAKMP (0): processing DELETE payload. message ID = 3651836985 > > ISAKMP (0): deleting SA: src 72.79.125.235, dst 209.178.198.242 > > ISAKMP (0): deleting IPSEC SAs with peer at > > 72.79.125.235IPSEC(key_engine): got a queue event... > > IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP > > IPSEC(key_engine_delete_sas): delete all SAs shared with > > 72.79.125.235 > > > > return status is IKMP_NO_ERR_NO_TRANS > > ISADB: reaper checking SA 0x80c91590, conn_id = 0 DELETE IT! > > > > VPN Peer: ISAKMP: Peer ip:72.79.125.235 Ref cnt decremented to:0 Total > > VPN Peers:1 > > VPN Peer: ISAKMP: Deleted peer: ip:72.79.125.235 Total VPN > > peers:0IPSEC(key_engine): got a queue event... > > IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP > > IPSEC(key_engine_delete_sas): delete all SAs shared with 72.79.125.235
First
|
Prev
|
Pages: 1 2 Prev: PIX vs. Nokia Mobile VPN Client Next: 2924 Switch: where is the CVSM ? |