Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1317
Views
5
Helpful
3
Replies

IPsec LAN to LAN Tunnel on VPN 3030 Concentrator with router Config for DH

sr1482613
Level 4
Level 4

‎01-28-2008 08:48 AM - edited ‎02-21-2020 03:30 PM

hi.

this is tom.

my site is two VPN device.

one device is VPN Concentrator 3030.

other deivce is 1712 IOS Router

and 1712 Router assigned Public dhcp IP Address(ADSL). VPN Concentrator with SSL VPN Config and SSL VPN User authentication is SDI Server

Concentrator's Base Group is Default SSL VPN Group

Router with Remote Access config connect VPN Concentrator

Connection fail.and debug router error message..

Labels:
Preview file
11 KB
0 Helpful
3 Replies 3

ajagadee
Cisco Employee
Cisco Employee

‎01-28-2008 09:16 AM

Do you have a copy of the ISAKMP and IPSEC logs from the VPN3000 at the same time the logs were captured from the router. From the debugs, it looks like the router is getting stuck at Key Exchange. Could be an issue with pre-shared keys not matching or the VPN3000 receiving the packet and dropping it or maybe a firewall inbetween that is blocking traffic.

Regards,

Arul

** Please rate all helpful posts **

sr1482613
Level 4
Level 4
In response to ajagadee

‎01-29-2008 07:55 AM

VPN 3000 Concentrator log Message..

1 01/28/2008 08:48:08.150 SEV=5 IKE/172 RPT=17 211.193.56.197

Group [VPNC_Base_Group]

Automatic NAT Detection Status:

Remote end is NOT behind a NAT device

This end is NOT behind a NAT device

5 01/28/2008 08:48:08.250 SEV=4 IKE/127 RPT=25 211.193.56.197

Group [VPNC_Base_Group]

Xauth required but selected Proposal does not support xauth,

Check priorities of ike xauth proposals in ike proposal list

8 01/28/2008 08:48:08.250 SEV=5 IKE/194 RPT=26 211.193.56.197

Group [VPNC_Base_Group]

Sending IKE Delete With Reason message: No Reason Provided.

10 01/28/2008 08:52:13.570 SEV=4 CONFIG/17 RPT=21

Done writing configuration file, Success.

11 01/28/2008 08:52:18.690 SEV=5 IKE/172 RPT=18 211.193.56.197

Group [VPNC_Base_Group]

Automatic NAT Detection Status:

Remote end is NOT behind a NAT device

This end is NOT behind a NAT device

15 01/28/2008 08:52:18.800 SEV=4 IKE/127 RPT=26 211.193.56.197

Group [VPNC_Base_Group]

Xauth required but selected Proposal does not support xauth,

Check priorities of ike xauth proposals in ike proposal list

0 Helpful

sr1482613
Level 4
Level 4
In response to sr1482613

‎01-30-2008 09:09 AM

Cisco Router Config - add attachments

Cisco VPN Concentrator log message

2 01/30/2008 06:14:52.250 SEV=4 IKE/48 RPT=162 116.88.39.5

Error processing payload: Payload ID: 1

3 01/30/2008 06:15:02.240 SEV=4 IKE/48 RPT=163 116.88.39.5

Error processing payload: Payload ID: 1

4 01/30/2008 06:15:12.240 SEV=4 IKE/48 RPT=164 116.88.39.5

Error processing payload: Payload ID: 1

5 01/30/2008 06:15:22.240 SEV=4 IKE/48 RPT=165 116.88.39.5

Error processing payload: Payload ID: 1

6 01/30/2008 06:15:32.260 SEV=4 IKE/48 RPT=166 116.88.39.5

Error processing payload: Payload ID: 1

7 01/30/2008 06:15:42.250 SEV=4 IKE/48 RPT=167 116.88.39.5

Error processing payload: Payload ID: 1

Preview file
3 KB
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents