05-09-2007 04:20 AM
Hi All, I configured a 2811 router as EasyVPN server. But the Cisco VPN Client won't connect with it.
The log I got from VPN Client is like this:
Cisco Systems VPN Client Version 5.0.00.0340
Copyright (C) 1998-2006 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.1.2600 Service Pack 2
4 20:31:24.656 05/09/07 Sev=Info/4 CM/0x63100002
Begin connection process
5 20:31:24.781 05/09/07 Sev=Info/4 CM/0x63100004
Establish secure connection
6 20:31:24.781 05/09/07 Sev=Info/4 CM/0x63100024
Attempt connection with server "A.B.C.D"
7 20:31:24.828 05/09/07 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with A.B.C.D.
8 20:31:24.937 05/09/07 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to A.B.C.D
9 20:31:24.953 05/09/07 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started
10 20:31:24.953 05/09/07 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
11 20:31:30.203 05/09/07 Sev=Info/4 IKE/0x63000021
Retransmitting last packet!
12 20:31:30.203 05/09/07 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to A.B.C.D
13 20:31:35.671 05/09/07 Sev=Info/4 IKE/0x63000021
Retransmitting last packet!
14 20:31:35.671 05/09/07 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to A.B.C.D
15 20:31:40.671 05/09/07 Sev=Info/4 IKE/0x63000021
Retransmitting last packet!
16 20:31:40.671 05/09/07 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (Retransmission) to A.B.C.D
17 20:31:45.671 05/09/07 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=53741DCE9EB4E799 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING
18 20:31:46.203 05/09/07 Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=53741DCE9EB4E799 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING
19 20:31:46.203 05/09/07 Sev=Info/4 CM/0x63100014
Unable to establish Phase 1 SA with server "A.B.C.D" because of "DEL_REASON_PEER_NOT_RESPONDING"
20 20:31:46.203 05/09/07 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
21 20:31:46.203 05/09/07 Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 0.
22 20:31:46.203 05/09/07 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection
23 20:31:46.203 05/09/07 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
24 20:31:46.203 05/09/07 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
25 20:31:46.203 05/09/07 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
26 20:31:46.203 05/09/07 Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped
05-09-2007 04:32 AM
Debug from router end(part 1):
May 9 20:32:19.340 ACST: ISAKMP (0:0): received packet from 58.163.89.189 dport 500 sport 3409 Global (N) NEW SA
May 9 20:32:19.340 ACST: ISAKMP: Created a peer struct for 58.163.89.189, peer port 3409
May 9 20:32:19.340 ACST: ISAKMP: New peer created peer = 0x46BC2984 peer_handle = 0x80000018
May 9 20:32:19.340 ACST: ISAKMP: Locking peer struct 0x46BC2984, refcount 1 for crypto_isakmp_process_block
May 9 20:32:19.340 ACST: ISAKMP:(0):Setting client config settings 479AA79C
May 9 20:32:19.340 ACST: ISAKMP:(0):(Re)Setting client xauth list and state
May 9 20:32:19.340 ACST: ISAKMP/xauth: initializing AAA request
May 9 20:32:19.340 ACST: ISAKMP: local port 500, remote port 3409
May 9 20:32:19.340 ACST: insert sa successfully sa = 48906EFC
May 9 20:32:19.340 ACST: ISAKMP:(0): processing SA payload. message ID = 0
May 9 20:32:19.344 ACST: ISAKMP:(0): processing ID payload. message ID = 0
May 9 20:32:19.344 ACST: ISAKMP (0:0): ID payload
next-payload : 13
type : 11
group id : XXXXXX-XXXXXX
protocol : 17
port : 500
length : 22
May 9 20:32:19.344 ACST: ISAKMP:(0):: peer matches *none* of the profiles
May 9 20:32:19.344 ACST: ISAKMP:(0): processing vendor id payload
May 9 20:32:19.344 ACST: ISAKMP:(0): vendor ID seems Unity/DPD but major 215 mismatch
May 9 20:32:19.344 ACST: ISAKMP:(0): vendor ID is XAUTH
May 9 20:32:19.344 ACST: ISAKMP:(0): processing vendor id payload
May 9 20:32:19.344 ACST: ISAKMP:(0): vendor ID is DPD
May 9 20:32:19.344 ACST: ISAKMP:(0): processing vendor id payload
May 9 20:32:19.344 ACST: ISAKMP:(0): vendor ID seems Unity/DPD but major 194 mismatch
May 9 20:32:19.344 ACST: ISAKMP:(0): processing vendor id payload
May 9 20:32:19.344 ACST: ISAKMP:(0): vendor ID seems Unity/DPD but major 123 mismatch
May 9 20:32:19.344 ACST: ISAKMP:(0): vendor ID is NAT-T v2
May 9 20:32:19.344 ACST: ISAKMP:(0): processing vendor id payload
May 9 20:32:19.344 ACST: ISAKMP:(0): vendor ID is Unity
May 9 20:32:19.344 ACST: ISAKMP:(0): Authentication by xauth preshared
May 9 20:32:19.344 ACST: ISAKMP:(0):Checking ISAKMP transform 1 against priority 1 policy
May 9 20:32:19.344 ACST: ISAKMP: encryption AES-CBC
May 9 20:32:19.344 ACST: ISAKMP: hash SHA
May 9 20:32:19.344 ACST: ISAKMP: default group 2
May 9 20:32:19.344 ACST: ISAKMP: auth XAUTHInitPreShared
May 9 20:32:19.344 ACST: ISAKMP: life type in seconds
May 9 20:32:19.344 ACST: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
May 9 20:32:19.344 ACST: ISAKMP: keylength of 256
May 9 20:32:19.344 ACST: ISAKMP:(0):Encryption algorithm offered does not match policy!
May 9 20:32:19.344 ACST: ISAKMP:(0):atts are not acceptable. Next payload is 3
May 9 20:32:19.344 ACST: ISAKMP:(0):Checking ISAKMP transform 2 against priority 1 policy
May 9 20:32:19.344 ACST: ISAKMP: encryption AES-CBC
May 9 20:32:19.344 ACST: ISAKMP: hash MD5
May 9 20:32:19.344 ACST: ISAKMP: default group 2
May 9 20:32:19.348 ACST: ISAKMP: auth XAUTHInitPreShared
May 9 20:32:19.348 ACST: ISAKMP: life type in seconds
May 9 20:32:19.348 ACST: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
May 9 20:32:19.348 ACST: ISAKMP: keylength of 256
05-09-2007 04:35 AM
Debug from router end(part 2):
May 9 20:32:19.348 ACST: ISAKMP:(0):Encryption algorithm offered does not match policy!
May 9 20:32:19.348 ACST: ISAKMP:(0):atts are not acceptable. Next payload is 3
May 9 20:32:19.348 ACST: ISAKMP:(0):Checking ISAKMP transform 3 against priority 1 policy
May 9 20:32:19.348 ACST: ISAKMP: encryption AES-CBC
May 9 20:32:19.348 ACST: ISAKMP: hash SHA
May 9 20:32:19.348 ACST: ISAKMP: default group 2
May 9 20:32:19.348 ACST: ISAKMP: auth pre-share
May 9 20:32:19.348 ACST: ISAKMP: life type in seconds
May 9 20:32:19.348 ACST: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
May 9 20:32:19.348 ACST: ISAKMP: keylength of 256
May 9 20:32:19.348 ACST: ISAKMP:(0):Encryption algorithm offered does not match policy!
May 9 20:32:19.348 ACST: ISAKMP:(0):atts are not acceptable. Next payload is 3
May 9 20:32:19.348 ACST: ISAKMP:(0):Checking ISAKMP transform 4 against priority 1 policy
May 9 20:32:19.348 ACST: ISAKMP: encryption AES-CBC
May 9 20:32:19.348 ACST: ISAKMP: hash MD5
May 9 20:32:19.348 ACST: ISAKMP: default group 2
May 9 20:32:19.348 ACST: ISAKMP: auth pre-share
May 9 20:32:19.348 ACST: ISAKMP: life type in seconds
May 9 20:32:19.348 ACST: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
May 9 20:32:19.348 ACST: ISAKMP: keylength of 256
May 9 20:32:19.348 ACST: ISAKMP:(0):Encryption algorithm offered does not match policy!
May 9 20:32:19.348 ACST: ISAKMP:(0):atts are not acceptable. Next payload is 3
May 9 20:32:19.348 ACST: ISAKMP:(0):Checking ISAKMP transform 5 against priority 1 policy
May 9 20:32:19.348 ACST: ISAKMP: encryption AES-CBC
May 9 20:32:19.348 ACST: ISAKMP: hash SHA
May 9 20:32:19.348 ACST: ISAKMP: default group 2
May 9 20:32:19.348 ACST: ISAKMP: auth XAUTHInitPreShared
May 9 20:32:19.348 ACST: ISAKMP: life type in seconds
May 9 20:32:19.348 ACST: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
May 9 20:32:19.352 ACST: ISAKMP: keylength of 128
May 9 20:32:19.352 ACST: ISAKMP:(0):Encryption algorithm offered does not match policy!
May 9 20:32:19.352 ACST: ISAKMP:(0):atts are not acceptable. Next payload is 3
May 9 20:32:19.352 ACST: ISAKMP:(0):Checking ISAKMP transform 6 against priority 1 policy
May 9 20:32:19.352 ACST: ISAKMP: encryption AES-CBC
May 9 20:32:19.352 ACST: ISAKMP: hash MD5
May 9 20:32:19.352 ACST: ISAKMP: default group 2
May 9 20:32:19.352 ACST: ISAKMP: auth XAUTHInitPreShared
May 9 20:32:19.352 ACST: ISAKMP: life type in seconds
May 9 20:32:19.352 ACST: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
May 9 20:32:19.352 ACST: ISAKMP: keylength of 128
May 9 20:32:19.352 ACST: ISAKMP:(0):Encryption algorithm offered does not match policy!
May 9 20:32:19.352 ACST: ISAKMP:(0):atts are not acceptable. Next payload is 3
May 9 20:32:19.352 ACST: ISAKMP:(0):Checking ISAKMP transform 7 against priority 1 policy
May 9 20:32:19.352 ACST: ISAKMP: encryption AES-CBC
May 9 20:32:19.352 ACST: ISAKMP: hash SHA
May 9 20:32:19.352 ACST: ISAKMP: default group 2
May 9 20:32:19.352 ACST: ISAKMP: auth pre-share
May 9 20:32:19.352 ACST: ISAKMP: life type in seconds
May 9 20:32:19.352 ACST: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
May 9 20:32:19.352 ACST: ISAKMP: keylength of 128
05-09-2007 04:37 AM
Debug from router end(part 3):
May 9 20:32:19.352 ACST: ISAKMP:(0):Encryption algorithm offered does not match policy!
May 9 20:32:19.352 ACST: ISAKMP:(0):atts are not acceptable. Next payload is 3
May 9 20:32:19.352 ACST: ISAKMP:(0):Checking ISAKMP transform 8 against priority 1 policy
May 9 20:32:19.352 ACST: ISAKMP: encryption AES-CBC
May 9 20:32:19.352 ACST: ISAKMP: hash MD5
May 9 20:32:19.352 ACST: ISAKMP: default group 2
May 9 20:32:19.352 ACST: ISAKMP: auth pre-share
May 9 20:32:19.352 ACST: ISAKMP: life type in seconds
May 9 20:32:19.352 ACST: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
May 9 20:32:19.352 ACST: ISAKMP: keylength of 128
May 9 20:32:19.352 ACST: ISAKMP:(0):Encryption algorithm offered does not match policy!
May 9 20:32:19.352 ACST: ISAKMP:(0):atts are not acceptable. Next payload is 3
May 9 20:32:19.352 ACST: ISAKMP:(0):Checking ISAKMP transform 9 against priority 1 policy
May 9 20:32:19.356 ACST: ISAKMP: encryption 3DES-CBC
May 9 20:32:19.356 ACST: ISAKMP: hash SHA
May 9 20:32:19.356 ACST: ISAKMP: default group 2
May 9 20:32:19.356 ACST: ISAKMP: auth XAUTHInitPreShared
May 9 20:32:19.356 ACST: ISAKMP: life type in seconds
May 9 20:32:19.356 ACST: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
May 9 20:32:19.356 ACST: ISAKMP:(0):Hash algorithm offered does not match policy!
May 9 20:32:19.356 ACST: ISAKMP:(0):atts are not acceptable. Next payload is 3
May 9 20:32:19.356 ACST: ISAKMP:(0):Checking ISAKMP transform 10 against priority 1 policy
May 9 20:32:19.356 ACST: ISAKMP: encryption 3DES-CBC
May 9 20:32:19.356 ACST: ISAKMP: hash MD5
May 9 20:32:19.356 ACST: ISAKMP: default group 2
May 9 20:32:19.356 ACST: ISAKMP: auth XAUTHInitPreShared
May 9 20:32:19.356 ACST: ISAKMP: life type in seconds
May 9 20:32:19.356 ACST: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
May 9 20:32:19.356 ACST: ISAKMP:(0):atts are acceptable. Next payload is 3
May 9 20:32:19.356 ACST: ISAKMP:(0): processing KE payload. message ID = 0
May 9 20:32:19.404 ACST: ISAKMP:(0): processing NONCE payload. message ID = 0
May 9 20:32:19.404 ACST: ISAKMP:(0): vendor ID is NAT-T v2
May 9 20:32:19.404 ACST: ISAKMP:(0):peer does not do paranoid keepalives.
May 9 20:32:19.404 ACST: ISAKMP:(0):deleting SA reason "IKMP_ERR_NO_RETRANS" state (R) AG_NO_STATE (peer 58.163.89.189)
May 9 20:32:19.404 ACST: ISAKMP (0:0): Unknown Input IKE_MESG_FROM_PEER, IKE_AM_EXCH: state = IKE_READY
May 9 20:32:19.404 ACST: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH
May 9 20:32:19.404 ACST: ISAKMP:(0):Old State = IKE_READY New State = IKE_READY
May 9 20:32:19.404 ACST: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode failed with peer at 58.163.89.189
May 9 20:32:19.408 ACST: ISAKMP:(0):deleting SA reason "IKMP_ERR_NO_RETRANS" state (R) AG_NO_STATE (peer 58.163.89.189)
May 9 20:32:19.408 ACST: ISAKMP: Unlocking peer struct 0x46BC2984 for isadb_mark_sa_deleted(), count 0
May 9 20:32:19.408 ACST: ISAKMP: Deleting peer node by peer_reap for 58.163.89.189: 46BC2984
May 9 20:32:19.408 ACST: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
May 9 20:32:19.408 ACST: ISAKMP:(0):Old State = IKE_READY New State = IKE_DEST_SA
May 9 20:32:19.408 ACST: IPSEC(key_engine): got a queue event with 1 KMI message(s)
May 9 20:32:24.608 ACST: ISAKMP (0:0): received packet from 58.163.89.189 dport 500 sport 3409 Global (R) MM_NO_STATE
May 9 20:32:30.052 ACST: ISAKMP (0:0): received packet from 58.163.89.189 dport 500 sport 3409 Global (R) MM_NO_STATE
May 9 20:32:35.072 ACST: ISAKMP (0:0): received packet from 58.163.89.189 dport 500 sport 3409 Global (R) MM_NO_STATE
May 9 20:33:19.408 ACST: ISAKMP:(0):purging SA., sa=48906EFC, delme=48906EFC
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: