VPN PIX Firewall 6.3(5) issue

Unanswered Question
Mar 3rd, 2008

Hi


Im trying to configure a VPN lan-to-lan in 2 locations.


but this VPN Tunnel is not working, these are the details of the VPN Tunel


crypto map:

Transform-Set 3des, sha, group2, lifetime 3600,the peer, and an access-list (host-to-host)


isakmp pre-share, 3des, sha, df group 2, lifetime 86400.


im getting this in the debug crypto isakmp, could someone know if i am missing some details in the configuration?.


Debug ISAKMP:


ISAKMP (0): processing SA payload. message ID = 0


ISAKMP (0): Checking ISAKMP transform 1 against priority 1 policy

ISAKMP: encryption 3DES-CBC

ISAKMP: hash SHA

ISAKMP: default group 2

ISAKMP: auth pre-share

ISAKMP: life type in seconds

ISAKMP: life duration (basic) of 3600

ISAKMP (0): atts are acceptable. Next payload is 0

ISAKMP (0): processing vendor id payload


ISAKMP (0): SA is doing pre-shared key authentication using id type ID_IPV4_ADDR

return status is IKMP_NO_ERROR

crypto_isakmp_process_block:src:xxx.xxx.xxx.xxx, dest:xxx.xxx.xxx.xxx spt:500 dpt:500

OAK_MM exchange

ISAKMP (0): processing KE payload. message ID = 0


ISAKMP (0): processing NONCE payload. message ID = 0


ISAKMP (0): processing vendor id payload


ISAKMP (0): processing vendor id payload


ISAKMP (0): received xauth v6 vendor id


ISAKMP (0): processing vendor id payload


ISAKMP (0): speaking to another IOS box!


ISAKMP (0): processing vendor id payload


ISAKMP (0): speaking to a VPN3000 concentrator


ISAKMP (0): ID payload

next-payload : 8

type : 1

protocol : 17

port : 500

length : 8

ISAKMP (0): Total payload length: 12

return status is IKMP_NO_ERROR

crypto_isakmp_process_block:src:xxx.xxx.xxx.xxx, dest:xxx.xxx.xxx.xxx spt:500 dpt:500

OAK_MM exchange

ISAKMP (0): processing ID payload. message ID = 0

ISAKMP (0): processing HASH payload. message ID = 0

ISAKMP (0): processing vendor id payload


ISAKMP (0): remote peer supports dead peer detection


ISAKMP (0): SA has been authenticated


ISAKMP (0): beginning Quick Mode exchange, M-ID of 426085703:19658d47

return status is IKMP_NO_ERROR

crypto_isakmp_process_block:src:xxx.xxx.xxx.xxx, dest:xxx.xxx.xxx.xxx spt:500 dpt:500

ISAKMP (0): processing NOTIFY payload 18 protocol 1

spi 0, message ID = 2277627688

return status is IKMP_NO_ERR_NO_TRANS

crypto_isakmp_process_block:src:xxx.xxx.xxx.xxx, dest:xxx.xxx.xxx.xxx spt:500 dpt:500

ISAKMP (0): processing DELETE payload. message ID = 2920063985, spi size = 16

ISAKMP (0): deleting SA: src xxx.xxx.xxx.xxx, dst xxx.xxx.xxx.xxx

return status is IKMP_NO_ERR_NO_TRANS

ISADB: reaper checking SA 0x13ab0cc, conn_id = 0 DELETE IT!


VPN Peer:ISAKMP: Peer Info for xxx.xxx.xxx.xxx/500 not found - peers:2


ISADB: reaper checking SA 0x12095cc, conn_id = 0

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
qr_israel Tue, 03/04/2008 - 10:55

The cause of the issue was the remote peer, the parameters of phase 2 were wrong

Actions

This Discussion