VPN

vinoth.kumar · ‎05-09-2008

Hi,

Iam establishing a tunnel between our remote location but its giving some error

i have attached log entry of the tunnel please let me know the root cause and how to track that

May 09 17:03:53 1210332833 pluto [5731]: "NortelVPN-1" #163: received Delete SA payload: deleting ISAKMP State #163

May 09 17:04:13 1210332853 pluto[5731]: "NortelVPN-1" #166: initiating Main Mode May 09 17:04:13 1210332853 pluto[5731]: "NortelVPN-1" #166: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2

May 09 17:04:13 1210332853 pluto[5731]: "NortelVPN-1" #166: STATE_MAIN_I2: sentMI2, expecting MR2

May 09 17:04:13 1210332853 pluto[5731]: "NortelVPN-1" #166: received Vendor ID payload [XAUTH]

May 09 17:04:13 1210332853 pluto[5731]: "NortelVPN-1" #166: received Vendor ID payload [Dead Peer Detection]

May 09 17:04:13 1210332853 pluto[5731]: "NortelVPN-1" #166: received Vendor ID payload [Cisco-Unity]

May 09 17:04:13 1210332853 pluto[5731]: "NortelVPN-1" #166: ignoring unknown Vendor ID payload [f87d3e2ec7ccf7955c5a7ca9ec804388]

May 09 17:04:13 1210332853 pluto[5731]: "NortelVPN-1" #166: I did not send a certificate because I do not have one.

May 09 17:04:13 1210332853 pluto[5731]: "NortelVPN-1" #166: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3

May 09 17:04:13 1210332853 pluto[5731]: "NortelVPN-1" #166: STATE_MAIN_I3: sentMI3, expecting MR3

May 09 17:04:13 1210332853 pluto[5731]: "NortelVPN-1" #166: Main mode peer ID is ID_IPV4_ADDR:

May 09 17:04:13 1210332853 pluto[5731]: "NortelVPN-1" #166: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4

May 09 17:04:13 1210332853 pluto[5731]: "NortelVPN-1" #166: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1024}

May 09 17:04:13 1210332853 pluto[5731]: "NortelVPN-1" #166: Dead Peer Detection(RFC 3706): enabled

May 09 17:04:13 1210332853 pluto[5731]: "NortelVPN-1" #167: initiating Quick Mode PSK+ENCRYPT+COMPRESS+TUNNEL+UP+failureDROP {using isakmp#166}

May 09 17:04:13 1210332853 pluto[5731]: "NortelVPN-1" #166: ignoring informational payload, type IPSEC_INITIAL_CONTACT

May 09 17:04:13 1210332853 pluto[5731]: "NortelVPN-1" #166: received and ignored informational message

May 09 17:04:14 1210332854 pluto[5731]: "NortelVPN-1" #166: ignoring informational payload, type NO_PROPOSAL_CHOSEN

May 09 17:04:14 1210332854 pluto[5731]: "NortelVPN-1" #166: received and ignored informational message

May 09 17:04:37 1210332877 pluto[5731]: "NortelVPN-1" #165: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal

May 09 17:04:37 1210332877 pluto[5731]: "NortelVPN-1" #165: starting keying attempt 3 of at most 3

May 09 17:04:37 1210332877 pluto[5731]: "NortelVPN-1" #168: initiating Quick Mode PSK+ENCRYPT+COMPRESS+TUNNEL+UP+failureDROP to replace #165 {using isakmp#166}

May 09 17:04:37 1210332877 pluto [5731]: "NortelVPN-1" #166: ignoring informational payload, type NO_PROPOSAL_CHOSEN

May 09 17:04:37 1210332877 pluto[5731]: "NortelVPN-1" #166: received and ignored informational message

May 09 17:04:43 1210332883 pluto[5731]: "NortelVPN-1" #166: DPD: Warning: R_U_THERE_ACK has invalid cookie

May 09 17:04:43 1210332883 pluto [5731]: "NortelVPN-1" #166: DPD: Warning: R_U_THERE_ACK has invalid cookie

Regards,

Vinoth

andrew.prince · ‎05-10-2008

Vinoth,

Looks like you cannot negotiate Phase 1 settings. I would double check your IKE settings at both ends.

HTH.