Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
436
Views
0
Helpful
3
Replies

Cisco VPN Client can't negotiate with 2811 router. "Retransmitting" error

ming
Level 1
Level 1

‎05-09-2007 04:20 AM

Hi All, I configured a 2811 router as EasyVPN server. But the Cisco VPN Client won't connect with it.

The log I got from VPN Client is like this:

Cisco Systems VPN Client Version 5.0.00.0340

Copyright (C) 1998-2006 Cisco Systems, Inc. All Rights Reserved.

Client Type(s): Windows, WinNT

Running on: 5.1.2600 Service Pack 2

4 20:31:24.656 05/09/07 Sev=Info/4 CM/0x63100002

Begin connection process

5 20:31:24.781 05/09/07 Sev=Info/4 CM/0x63100004

Establish secure connection

6 20:31:24.781 05/09/07 Sev=Info/4 CM/0x63100024

Attempt connection with server "A.B.C.D"

7 20:31:24.828 05/09/07 Sev=Info/6 IKE/0x6300003B

Attempting to establish a connection with A.B.C.D.

8 20:31:24.937 05/09/07 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to A.B.C.D

9 20:31:24.953 05/09/07 Sev=Info/4 IPSEC/0x63700008

IPSec driver successfully started

10 20:31:24.953 05/09/07 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

11 20:31:30.203 05/09/07 Sev=Info/4 IKE/0x63000021

Retransmitting last packet!

12 20:31:30.203 05/09/07 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG (Retransmission) to A.B.C.D

13 20:31:35.671 05/09/07 Sev=Info/4 IKE/0x63000021

Retransmitting last packet!

14 20:31:35.671 05/09/07 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG (Retransmission) to A.B.C.D

15 20:31:40.671 05/09/07 Sev=Info/4 IKE/0x63000021

Retransmitting last packet!

16 20:31:40.671 05/09/07 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG (Retransmission) to A.B.C.D

17 20:31:45.671 05/09/07 Sev=Info/4 IKE/0x63000017

Marking IKE SA for deletion (I_Cookie=53741DCE9EB4E799 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING

18 20:31:46.203 05/09/07 Sev=Info/4 IKE/0x6300004B

Discarding IKE SA negotiation (I_Cookie=53741DCE9EB4E799 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING

19 20:31:46.203 05/09/07 Sev=Info/4 CM/0x63100014

Unable to establish Phase 1 SA with server "A.B.C.D" because of "DEL_REASON_PEER_NOT_RESPONDING"

20 20:31:46.203 05/09/07 Sev=Info/5 CM/0x63100025

Initializing CVPNDrv

21 20:31:46.203 05/09/07 Sev=Info/6 CM/0x63100046

Set tunnel established flag in registry to 0.

22 20:31:46.203 05/09/07 Sev=Info/4 IKE/0x63000001

IKE received signal to terminate VPN connection

23 20:31:46.203 05/09/07 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

24 20:31:46.203 05/09/07 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

25 20:31:46.203 05/09/07 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

26 20:31:46.203 05/09/07 Sev=Info/4 IPSEC/0x6370000A

IPSec driver successfully stopped

Labels:
0 Helpful
3 Replies 3

ming
Level 1
Level 1

‎05-09-2007 04:32 AM

Debug from router end(part 1):

May 9 20:32:19.340 ACST: ISAKMP (0:0): received packet from 58.163.89.189 dport 500 sport 3409 Global (N) NEW SA

May 9 20:32:19.340 ACST: ISAKMP: Created a peer struct for 58.163.89.189, peer port 3409

May 9 20:32:19.340 ACST: ISAKMP: New peer created peer = 0x46BC2984 peer_handle = 0x80000018

May 9 20:32:19.340 ACST: ISAKMP: Locking peer struct 0x46BC2984, refcount 1 for crypto_isakmp_process_block

May 9 20:32:19.340 ACST: ISAKMP:(0):Setting client config settings 479AA79C

May 9 20:32:19.340 ACST: ISAKMP:(0):(Re)Setting client xauth list and state

May 9 20:32:19.340 ACST: ISAKMP/xauth: initializing AAA request

May 9 20:32:19.340 ACST: ISAKMP: local port 500, remote port 3409

May 9 20:32:19.340 ACST: insert sa successfully sa = 48906EFC

May 9 20:32:19.340 ACST: ISAKMP:(0): processing SA payload. message ID = 0

May 9 20:32:19.344 ACST: ISAKMP:(0): processing ID payload. message ID = 0

May 9 20:32:19.344 ACST: ISAKMP (0:0): ID payload

next-payload : 13

type : 11

group id : XXXXXX-XXXXXX

protocol : 17

port : 500

length : 22

May 9 20:32:19.344 ACST: ISAKMP:(0):: peer matches *none* of the profiles

May 9 20:32:19.344 ACST: ISAKMP:(0): processing vendor id payload

May 9 20:32:19.344 ACST: ISAKMP:(0): vendor ID seems Unity/DPD but major 215 mismatch

May 9 20:32:19.344 ACST: ISAKMP:(0): vendor ID is XAUTH

May 9 20:32:19.344 ACST: ISAKMP:(0): processing vendor id payload

May 9 20:32:19.344 ACST: ISAKMP:(0): vendor ID is DPD

May 9 20:32:19.344 ACST: ISAKMP:(0): processing vendor id payload

May 9 20:32:19.344 ACST: ISAKMP:(0): vendor ID seems Unity/DPD but major 194 mismatch

May 9 20:32:19.344 ACST: ISAKMP:(0): processing vendor id payload

May 9 20:32:19.344 ACST: ISAKMP:(0): vendor ID seems Unity/DPD but major 123 mismatch

May 9 20:32:19.344 ACST: ISAKMP:(0): vendor ID is NAT-T v2

May 9 20:32:19.344 ACST: ISAKMP:(0): processing vendor id payload

May 9 20:32:19.344 ACST: ISAKMP:(0): vendor ID is Unity

May 9 20:32:19.344 ACST: ISAKMP:(0): Authentication by xauth preshared

May 9 20:32:19.344 ACST: ISAKMP:(0):Checking ISAKMP transform 1 against priority 1 policy

May 9 20:32:19.344 ACST: ISAKMP: encryption AES-CBC

May 9 20:32:19.344 ACST: ISAKMP: hash SHA

May 9 20:32:19.344 ACST: ISAKMP: default group 2

May 9 20:32:19.344 ACST: ISAKMP: auth XAUTHInitPreShared

May 9 20:32:19.344 ACST: ISAKMP: life type in seconds

May 9 20:32:19.344 ACST: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B

May 9 20:32:19.344 ACST: ISAKMP: keylength of 256

May 9 20:32:19.344 ACST: ISAKMP:(0):Encryption algorithm offered does not match policy!

May 9 20:32:19.344 ACST: ISAKMP:(0):atts are not acceptable. Next payload is 3

May 9 20:32:19.344 ACST: ISAKMP:(0):Checking ISAKMP transform 2 against priority 1 policy

May 9 20:32:19.344 ACST: ISAKMP: encryption AES-CBC

May 9 20:32:19.344 ACST: ISAKMP: hash MD5

May 9 20:32:19.344 ACST: ISAKMP: default group 2

May 9 20:32:19.348 ACST: ISAKMP: auth XAUTHInitPreShared

May 9 20:32:19.348 ACST: ISAKMP: life type in seconds

May 9 20:32:19.348 ACST: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B

May 9 20:32:19.348 ACST: ISAKMP: keylength of 256

0 Helpful

ming
Level 1
Level 1
In response to ming

‎05-09-2007 04:35 AM

Debug from router end(part 2):

May 9 20:32:19.348 ACST: ISAKMP:(0):Encryption algorithm offered does not match policy!

May 9 20:32:19.348 ACST: ISAKMP:(0):atts are not acceptable. Next payload is 3

May 9 20:32:19.348 ACST: ISAKMP:(0):Checking ISAKMP transform 3 against priority 1 policy

May 9 20:32:19.348 ACST: ISAKMP: encryption AES-CBC

May 9 20:32:19.348 ACST: ISAKMP: hash SHA

May 9 20:32:19.348 ACST: ISAKMP: default group 2

May 9 20:32:19.348 ACST: ISAKMP: auth pre-share

May 9 20:32:19.348 ACST: ISAKMP: life type in seconds

May 9 20:32:19.348 ACST: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B

May 9 20:32:19.348 ACST: ISAKMP: keylength of 256

May 9 20:32:19.348 ACST: ISAKMP:(0):Encryption algorithm offered does not match policy!

May 9 20:32:19.348 ACST: ISAKMP:(0):atts are not acceptable. Next payload is 3

May 9 20:32:19.348 ACST: ISAKMP:(0):Checking ISAKMP transform 4 against priority 1 policy

May 9 20:32:19.348 ACST: ISAKMP: encryption AES-CBC

May 9 20:32:19.348 ACST: ISAKMP: hash MD5

May 9 20:32:19.348 ACST: ISAKMP: default group 2

May 9 20:32:19.348 ACST: ISAKMP: auth pre-share

May 9 20:32:19.348 ACST: ISAKMP: life type in seconds

May 9 20:32:19.348 ACST: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B

May 9 20:32:19.348 ACST: ISAKMP: keylength of 256

May 9 20:32:19.348 ACST: ISAKMP:(0):Encryption algorithm offered does not match policy!

May 9 20:32:19.348 ACST: ISAKMP:(0):atts are not acceptable. Next payload is 3

May 9 20:32:19.348 ACST: ISAKMP:(0):Checking ISAKMP transform 5 against priority 1 policy

May 9 20:32:19.348 ACST: ISAKMP: encryption AES-CBC

May 9 20:32:19.348 ACST: ISAKMP: hash SHA

May 9 20:32:19.348 ACST: ISAKMP: default group 2

May 9 20:32:19.348 ACST: ISAKMP: auth XAUTHInitPreShared

May 9 20:32:19.348 ACST: ISAKMP: life type in seconds

May 9 20:32:19.348 ACST: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B

May 9 20:32:19.352 ACST: ISAKMP: keylength of 128

May 9 20:32:19.352 ACST: ISAKMP:(0):Encryption algorithm offered does not match policy!

May 9 20:32:19.352 ACST: ISAKMP:(0):atts are not acceptable. Next payload is 3

May 9 20:32:19.352 ACST: ISAKMP:(0):Checking ISAKMP transform 6 against priority 1 policy

May 9 20:32:19.352 ACST: ISAKMP: encryption AES-CBC

May 9 20:32:19.352 ACST: ISAKMP: hash MD5

May 9 20:32:19.352 ACST: ISAKMP: default group 2

May 9 20:32:19.352 ACST: ISAKMP: auth XAUTHInitPreShared

May 9 20:32:19.352 ACST: ISAKMP: life type in seconds

May 9 20:32:19.352 ACST: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B

May 9 20:32:19.352 ACST: ISAKMP: keylength of 128

May 9 20:32:19.352 ACST: ISAKMP:(0):Encryption algorithm offered does not match policy!

May 9 20:32:19.352 ACST: ISAKMP:(0):atts are not acceptable. Next payload is 3

May 9 20:32:19.352 ACST: ISAKMP:(0):Checking ISAKMP transform 7 against priority 1 policy

May 9 20:32:19.352 ACST: ISAKMP: encryption AES-CBC

May 9 20:32:19.352 ACST: ISAKMP: hash SHA

May 9 20:32:19.352 ACST: ISAKMP: default group 2

May 9 20:32:19.352 ACST: ISAKMP: auth pre-share

May 9 20:32:19.352 ACST: ISAKMP: life type in seconds

May 9 20:32:19.352 ACST: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B

May 9 20:32:19.352 ACST: ISAKMP: keylength of 128

0 Helpful

ming
Level 1
Level 1

‎05-09-2007 04:37 AM

Debug from router end(part 3):

May 9 20:32:19.352 ACST: ISAKMP:(0):Encryption algorithm offered does not match policy!

May 9 20:32:19.352 ACST: ISAKMP:(0):atts are not acceptable. Next payload is 3

May 9 20:32:19.352 ACST: ISAKMP:(0):Checking ISAKMP transform 8 against priority 1 policy

May 9 20:32:19.352 ACST: ISAKMP: encryption AES-CBC

May 9 20:32:19.352 ACST: ISAKMP: hash MD5

May 9 20:32:19.352 ACST: ISAKMP: default group 2

May 9 20:32:19.352 ACST: ISAKMP: auth pre-share

May 9 20:32:19.352 ACST: ISAKMP: life type in seconds

May 9 20:32:19.352 ACST: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B

May 9 20:32:19.352 ACST: ISAKMP: keylength of 128

May 9 20:32:19.352 ACST: ISAKMP:(0):Encryption algorithm offered does not match policy!

May 9 20:32:19.352 ACST: ISAKMP:(0):atts are not acceptable. Next payload is 3

May 9 20:32:19.352 ACST: ISAKMP:(0):Checking ISAKMP transform 9 against priority 1 policy

May 9 20:32:19.356 ACST: ISAKMP: encryption 3DES-CBC

May 9 20:32:19.356 ACST: ISAKMP: hash SHA

May 9 20:32:19.356 ACST: ISAKMP: default group 2

May 9 20:32:19.356 ACST: ISAKMP: auth XAUTHInitPreShared

May 9 20:32:19.356 ACST: ISAKMP: life type in seconds

May 9 20:32:19.356 ACST: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B

May 9 20:32:19.356 ACST: ISAKMP:(0):Hash algorithm offered does not match policy!

May 9 20:32:19.356 ACST: ISAKMP:(0):atts are not acceptable. Next payload is 3

May 9 20:32:19.356 ACST: ISAKMP:(0):Checking ISAKMP transform 10 against priority 1 policy

May 9 20:32:19.356 ACST: ISAKMP: encryption 3DES-CBC

May 9 20:32:19.356 ACST: ISAKMP: hash MD5

May 9 20:32:19.356 ACST: ISAKMP: default group 2

May 9 20:32:19.356 ACST: ISAKMP: auth XAUTHInitPreShared

May 9 20:32:19.356 ACST: ISAKMP: life type in seconds

May 9 20:32:19.356 ACST: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B

May 9 20:32:19.356 ACST: ISAKMP:(0):atts are acceptable. Next payload is 3

May 9 20:32:19.356 ACST: ISAKMP:(0): processing KE payload. message ID = 0

May 9 20:32:19.404 ACST: ISAKMP:(0): processing NONCE payload. message ID = 0

May 9 20:32:19.404 ACST: ISAKMP:(0): vendor ID is NAT-T v2

May 9 20:32:19.404 ACST: ISAKMP:(0):peer does not do paranoid keepalives.

May 9 20:32:19.404 ACST: ISAKMP:(0):deleting SA reason "IKMP_ERR_NO_RETRANS" state (R) AG_NO_STATE (peer 58.163.89.189)

May 9 20:32:19.404 ACST: ISAKMP (0:0): Unknown Input IKE_MESG_FROM_PEER, IKE_AM_EXCH: state = IKE_READY

May 9 20:32:19.404 ACST: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH

May 9 20:32:19.404 ACST: ISAKMP:(0):Old State = IKE_READY New State = IKE_READY

May 9 20:32:19.404 ACST: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode failed with peer at 58.163.89.189

May 9 20:32:19.408 ACST: ISAKMP:(0):deleting SA reason "IKMP_ERR_NO_RETRANS" state (R) AG_NO_STATE (peer 58.163.89.189)

May 9 20:32:19.408 ACST: ISAKMP: Unlocking peer struct 0x46BC2984 for isadb_mark_sa_deleted(), count 0

May 9 20:32:19.408 ACST: ISAKMP: Deleting peer node by peer_reap for 58.163.89.189: 46BC2984

May 9 20:32:19.408 ACST: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL

May 9 20:32:19.408 ACST: ISAKMP:(0):Old State = IKE_READY New State = IKE_DEST_SA

May 9 20:32:19.408 ACST: IPSEC(key_engine): got a queue event with 1 KMI message(s)

May 9 20:32:24.608 ACST: ISAKMP (0:0): received packet from 58.163.89.189 dport 500 sport 3409 Global (R) MM_NO_STATE

May 9 20:32:30.052 ACST: ISAKMP (0:0): received packet from 58.163.89.189 dport 500 sport 3409 Global (R) MM_NO_STATE

May 9 20:32:35.072 ACST: ISAKMP (0:0): received packet from 58.163.89.189 dport 500 sport 3409 Global (R) MM_NO_STATE

May 9 20:33:19.408 ACST: ISAKMP:(0):purging SA., sa=48906EFC, delme=48906EFC

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents