Cisco VPN Client can't negotiate with 2811 router. "Retransmitting" error

Unanswered Question

Hi All, I configured a 2811 router as EasyVPN server. But the Cisco VPN Client won't connect with it.


The log I got from VPN Client is like this:

Cisco Systems VPN Client Version 5.0.00.0340

Copyright (C) 1998-2006 Cisco Systems, Inc. All Rights Reserved.

Client Type(s): Windows, WinNT

Running on: 5.1.2600 Service Pack 2


4 20:31:24.656 05/09/07 Sev=Info/4 CM/0x63100002

Begin connection process


5 20:31:24.781 05/09/07 Sev=Info/4 CM/0x63100004

Establish secure connection


6 20:31:24.781 05/09/07 Sev=Info/4 CM/0x63100024

Attempt connection with server "A.B.C.D"


7 20:31:24.828 05/09/07 Sev=Info/6 IKE/0x6300003B

Attempting to establish a connection with A.B.C.D.


8 20:31:24.937 05/09/07 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to A.B.C.D


9 20:31:24.953 05/09/07 Sev=Info/4 IPSEC/0x63700008

IPSec driver successfully started


10 20:31:24.953 05/09/07 Sev=Info/4 IPSEC/0x63700014

Deleted all keys


11 20:31:30.203 05/09/07 Sev=Info/4 IKE/0x63000021

Retransmitting last packet!


12 20:31:30.203 05/09/07 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG (Retransmission) to A.B.C.D


13 20:31:35.671 05/09/07 Sev=Info/4 IKE/0x63000021

Retransmitting last packet!


14 20:31:35.671 05/09/07 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG (Retransmission) to A.B.C.D


15 20:31:40.671 05/09/07 Sev=Info/4 IKE/0x63000021

Retransmitting last packet!


16 20:31:40.671 05/09/07 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG (Retransmission) to A.B.C.D


17 20:31:45.671 05/09/07 Sev=Info/4 IKE/0x63000017

Marking IKE SA for deletion (I_Cookie=53741DCE9EB4E799 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING


18 20:31:46.203 05/09/07 Sev=Info/4 IKE/0x6300004B

Discarding IKE SA negotiation (I_Cookie=53741DCE9EB4E799 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING


19 20:31:46.203 05/09/07 Sev=Info/4 CM/0x63100014

Unable to establish Phase 1 SA with server "A.B.C.D" because of "DEL_REASON_PEER_NOT_RESPONDING"


20 20:31:46.203 05/09/07 Sev=Info/5 CM/0x63100025

Initializing CVPNDrv


21 20:31:46.203 05/09/07 Sev=Info/6 CM/0x63100046

Set tunnel established flag in registry to 0.


22 20:31:46.203 05/09/07 Sev=Info/4 IKE/0x63000001

IKE received signal to terminate VPN connection


23 20:31:46.203 05/09/07 Sev=Info/4 IPSEC/0x63700014

Deleted all keys


24 20:31:46.203 05/09/07 Sev=Info/4 IPSEC/0x63700014

Deleted all keys


25 20:31:46.203 05/09/07 Sev=Info/4 IPSEC/0x63700014

Deleted all keys


26 20:31:46.203 05/09/07 Sev=Info/4 IPSEC/0x6370000A

IPSec driver successfully stopped







  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Debug from router end(part 1):



May 9 20:32:19.340 ACST: ISAKMP (0:0): received packet from 58.163.89.189 dport 500 sport 3409 Global (N) NEW SA

May 9 20:32:19.340 ACST: ISAKMP: Created a peer struct for 58.163.89.189, peer port 3409

May 9 20:32:19.340 ACST: ISAKMP: New peer created peer = 0x46BC2984 peer_handle = 0x80000018

May 9 20:32:19.340 ACST: ISAKMP: Locking peer struct 0x46BC2984, refcount 1 for crypto_isakmp_process_block

May 9 20:32:19.340 ACST: ISAKMP:(0):Setting client config settings 479AA79C

May 9 20:32:19.340 ACST: ISAKMP:(0):(Re)Setting client xauth list and state

May 9 20:32:19.340 ACST: ISAKMP/xauth: initializing AAA request

May 9 20:32:19.340 ACST: ISAKMP: local port 500, remote port 3409

May 9 20:32:19.340 ACST: insert sa successfully sa = 48906EFC

May 9 20:32:19.340 ACST: ISAKMP:(0): processing SA payload. message ID = 0

May 9 20:32:19.344 ACST: ISAKMP:(0): processing ID payload. message ID = 0

May 9 20:32:19.344 ACST: ISAKMP (0:0): ID payload

next-payload : 13

type : 11

group id : XXXXXX-XXXXXX

protocol : 17

port : 500

length : 22

May 9 20:32:19.344 ACST: ISAKMP:(0):: peer matches *none* of the profiles

May 9 20:32:19.344 ACST: ISAKMP:(0): processing vendor id payload

May 9 20:32:19.344 ACST: ISAKMP:(0): vendor ID seems Unity/DPD but major 215 mismatch

May 9 20:32:19.344 ACST: ISAKMP:(0): vendor ID is XAUTH

May 9 20:32:19.344 ACST: ISAKMP:(0): processing vendor id payload

May 9 20:32:19.344 ACST: ISAKMP:(0): vendor ID is DPD

May 9 20:32:19.344 ACST: ISAKMP:(0): processing vendor id payload

May 9 20:32:19.344 ACST: ISAKMP:(0): vendor ID seems Unity/DPD but major 194 mismatch

May 9 20:32:19.344 ACST: ISAKMP:(0): processing vendor id payload

May 9 20:32:19.344 ACST: ISAKMP:(0): vendor ID seems Unity/DPD but major 123 mismatch

May 9 20:32:19.344 ACST: ISAKMP:(0): vendor ID is NAT-T v2

May 9 20:32:19.344 ACST: ISAKMP:(0): processing vendor id payload

May 9 20:32:19.344 ACST: ISAKMP:(0): vendor ID is Unity

May 9 20:32:19.344 ACST: ISAKMP:(0): Authentication by xauth preshared

May 9 20:32:19.344 ACST: ISAKMP:(0):Checking ISAKMP transform 1 against priority 1 policy

May 9 20:32:19.344 ACST: ISAKMP: encryption AES-CBC

May 9 20:32:19.344 ACST: ISAKMP: hash SHA

May 9 20:32:19.344 ACST: ISAKMP: default group 2

May 9 20:32:19.344 ACST: ISAKMP: auth XAUTHInitPreShared

May 9 20:32:19.344 ACST: ISAKMP: life type in seconds

May 9 20:32:19.344 ACST: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B

May 9 20:32:19.344 ACST: ISAKMP: keylength of 256

May 9 20:32:19.344 ACST: ISAKMP:(0):Encryption algorithm offered does not match policy!

May 9 20:32:19.344 ACST: ISAKMP:(0):atts are not acceptable. Next payload is 3

May 9 20:32:19.344 ACST: ISAKMP:(0):Checking ISAKMP transform 2 against priority 1 policy

May 9 20:32:19.344 ACST: ISAKMP: encryption AES-CBC

May 9 20:32:19.344 ACST: ISAKMP: hash MD5

May 9 20:32:19.344 ACST: ISAKMP: default group 2

May 9 20:32:19.348 ACST: ISAKMP: auth XAUTHInitPreShared

May 9 20:32:19.348 ACST: ISAKMP: life type in seconds

May 9 20:32:19.348 ACST: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B

May 9 20:32:19.348 ACST: ISAKMP: keylength of 256

Debug from router end(part 2):


May 9 20:32:19.348 ACST: ISAKMP:(0):Encryption algorithm offered does not match policy!

May 9 20:32:19.348 ACST: ISAKMP:(0):atts are not acceptable. Next payload is 3

May 9 20:32:19.348 ACST: ISAKMP:(0):Checking ISAKMP transform 3 against priority 1 policy

May 9 20:32:19.348 ACST: ISAKMP: encryption AES-CBC

May 9 20:32:19.348 ACST: ISAKMP: hash SHA

May 9 20:32:19.348 ACST: ISAKMP: default group 2

May 9 20:32:19.348 ACST: ISAKMP: auth pre-share

May 9 20:32:19.348 ACST: ISAKMP: life type in seconds

May 9 20:32:19.348 ACST: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B

May 9 20:32:19.348 ACST: ISAKMP: keylength of 256

May 9 20:32:19.348 ACST: ISAKMP:(0):Encryption algorithm offered does not match policy!

May 9 20:32:19.348 ACST: ISAKMP:(0):atts are not acceptable. Next payload is 3

May 9 20:32:19.348 ACST: ISAKMP:(0):Checking ISAKMP transform 4 against priority 1 policy

May 9 20:32:19.348 ACST: ISAKMP: encryption AES-CBC

May 9 20:32:19.348 ACST: ISAKMP: hash MD5

May 9 20:32:19.348 ACST: ISAKMP: default group 2

May 9 20:32:19.348 ACST: ISAKMP: auth pre-share

May 9 20:32:19.348 ACST: ISAKMP: life type in seconds

May 9 20:32:19.348 ACST: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B

May 9 20:32:19.348 ACST: ISAKMP: keylength of 256

May 9 20:32:19.348 ACST: ISAKMP:(0):Encryption algorithm offered does not match policy!

May 9 20:32:19.348 ACST: ISAKMP:(0):atts are not acceptable. Next payload is 3

May 9 20:32:19.348 ACST: ISAKMP:(0):Checking ISAKMP transform 5 against priority 1 policy

May 9 20:32:19.348 ACST: ISAKMP: encryption AES-CBC

May 9 20:32:19.348 ACST: ISAKMP: hash SHA

May 9 20:32:19.348 ACST: ISAKMP: default group 2

May 9 20:32:19.348 ACST: ISAKMP: auth XAUTHInitPreShared

May 9 20:32:19.348 ACST: ISAKMP: life type in seconds

May 9 20:32:19.348 ACST: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B

May 9 20:32:19.352 ACST: ISAKMP: keylength of 128

May 9 20:32:19.352 ACST: ISAKMP:(0):Encryption algorithm offered does not match policy!

May 9 20:32:19.352 ACST: ISAKMP:(0):atts are not acceptable. Next payload is 3

May 9 20:32:19.352 ACST: ISAKMP:(0):Checking ISAKMP transform 6 against priority 1 policy

May 9 20:32:19.352 ACST: ISAKMP: encryption AES-CBC

May 9 20:32:19.352 ACST: ISAKMP: hash MD5

May 9 20:32:19.352 ACST: ISAKMP: default group 2

May 9 20:32:19.352 ACST: ISAKMP: auth XAUTHInitPreShared

May 9 20:32:19.352 ACST: ISAKMP: life type in seconds

May 9 20:32:19.352 ACST: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B

May 9 20:32:19.352 ACST: ISAKMP: keylength of 128

May 9 20:32:19.352 ACST: ISAKMP:(0):Encryption algorithm offered does not match policy!

May 9 20:32:19.352 ACST: ISAKMP:(0):atts are not acceptable. Next payload is 3

May 9 20:32:19.352 ACST: ISAKMP:(0):Checking ISAKMP transform 7 against priority 1 policy

May 9 20:32:19.352 ACST: ISAKMP: encryption AES-CBC

May 9 20:32:19.352 ACST: ISAKMP: hash SHA

May 9 20:32:19.352 ACST: ISAKMP: default group 2

May 9 20:32:19.352 ACST: ISAKMP: auth pre-share

May 9 20:32:19.352 ACST: ISAKMP: life type in seconds

May 9 20:32:19.352 ACST: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B

May 9 20:32:19.352 ACST: ISAKMP: keylength of 128

Debug from router end(part 3):


May 9 20:32:19.352 ACST: ISAKMP:(0):Encryption algorithm offered does not match policy!

May 9 20:32:19.352 ACST: ISAKMP:(0):atts are not acceptable. Next payload is 3

May 9 20:32:19.352 ACST: ISAKMP:(0):Checking ISAKMP transform 8 against priority 1 policy

May 9 20:32:19.352 ACST: ISAKMP: encryption AES-CBC

May 9 20:32:19.352 ACST: ISAKMP: hash MD5

May 9 20:32:19.352 ACST: ISAKMP: default group 2

May 9 20:32:19.352 ACST: ISAKMP: auth pre-share

May 9 20:32:19.352 ACST: ISAKMP: life type in seconds

May 9 20:32:19.352 ACST: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B

May 9 20:32:19.352 ACST: ISAKMP: keylength of 128

May 9 20:32:19.352 ACST: ISAKMP:(0):Encryption algorithm offered does not match policy!

May 9 20:32:19.352 ACST: ISAKMP:(0):atts are not acceptable. Next payload is 3

May 9 20:32:19.352 ACST: ISAKMP:(0):Checking ISAKMP transform 9 against priority 1 policy

May 9 20:32:19.356 ACST: ISAKMP: encryption 3DES-CBC

May 9 20:32:19.356 ACST: ISAKMP: hash SHA

May 9 20:32:19.356 ACST: ISAKMP: default group 2

May 9 20:32:19.356 ACST: ISAKMP: auth XAUTHInitPreShared

May 9 20:32:19.356 ACST: ISAKMP: life type in seconds

May 9 20:32:19.356 ACST: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B

May 9 20:32:19.356 ACST: ISAKMP:(0):Hash algorithm offered does not match policy!

May 9 20:32:19.356 ACST: ISAKMP:(0):atts are not acceptable. Next payload is 3

May 9 20:32:19.356 ACST: ISAKMP:(0):Checking ISAKMP transform 10 against priority 1 policy

May 9 20:32:19.356 ACST: ISAKMP: encryption 3DES-CBC

May 9 20:32:19.356 ACST: ISAKMP: hash MD5

May 9 20:32:19.356 ACST: ISAKMP: default group 2

May 9 20:32:19.356 ACST: ISAKMP: auth XAUTHInitPreShared

May 9 20:32:19.356 ACST: ISAKMP: life type in seconds

May 9 20:32:19.356 ACST: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B

May 9 20:32:19.356 ACST: ISAKMP:(0):atts are acceptable. Next payload is 3

May 9 20:32:19.356 ACST: ISAKMP:(0): processing KE payload. message ID = 0

May 9 20:32:19.404 ACST: ISAKMP:(0): processing NONCE payload. message ID = 0

May 9 20:32:19.404 ACST: ISAKMP:(0): vendor ID is NAT-T v2

May 9 20:32:19.404 ACST: ISAKMP:(0):peer does not do paranoid keepalives.


May 9 20:32:19.404 ACST: ISAKMP:(0):deleting SA reason "IKMP_ERR_NO_RETRANS" state (R) AG_NO_STATE (peer 58.163.89.189)

May 9 20:32:19.404 ACST: ISAKMP (0:0): Unknown Input IKE_MESG_FROM_PEER, IKE_AM_EXCH: state = IKE_READY

May 9 20:32:19.404 ACST: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH

May 9 20:32:19.404 ACST: ISAKMP:(0):Old State = IKE_READY New State = IKE_READY


May 9 20:32:19.404 ACST: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode failed with peer at 58.163.89.189

May 9 20:32:19.408 ACST: ISAKMP:(0):deleting SA reason "IKMP_ERR_NO_RETRANS" state (R) AG_NO_STATE (peer 58.163.89.189)

May 9 20:32:19.408 ACST: ISAKMP: Unlocking peer struct 0x46BC2984 for isadb_mark_sa_deleted(), count 0

May 9 20:32:19.408 ACST: ISAKMP: Deleting peer node by peer_reap for 58.163.89.189: 46BC2984

May 9 20:32:19.408 ACST: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL

May 9 20:32:19.408 ACST: ISAKMP:(0):Old State = IKE_READY New State = IKE_DEST_SA


May 9 20:32:19.408 ACST: IPSEC(key_engine): got a queue event with 1 KMI message(s)

May 9 20:32:24.608 ACST: ISAKMP (0:0): received packet from 58.163.89.189 dport 500 sport 3409 Global (R) MM_NO_STATE

May 9 20:32:30.052 ACST: ISAKMP (0:0): received packet from 58.163.89.189 dport 500 sport 3409 Global (R) MM_NO_STATE

May 9 20:32:35.072 ACST: ISAKMP (0:0): received packet from 58.163.89.189 dport 500 sport 3409 Global (R) MM_NO_STATE

May 9 20:33:19.408 ACST: ISAKMP:(0):purging SA., sa=48906EFC, delme=48906EFC



Actions

This Discussion