snow leopard built in vpn client not working

Unanswered Question
Sep 13th, 2010
User Badges:

Hi,


on my MAC, snow leopard built in vpn client no connecting with Cisco router acting as VPN server,


here is error log i get, can any one help? though i have these policies confgured on my router, but still it fails:S


Sep 13 16:04:03.211: ISAKMP (0:191): Checking ISAKMP transform 1 against priority 99 policy
Sep 13 16:04:03.211: ISAKMP:      life type in seconds
Sep 13 16:04:03.211: ISAKMP:      life duration (basic) of 3600
Sep 13 16:04:03.211: ISAKMP:      encryption AES-CBC
Sep 13 16:04:03.211: ISAKMP:      keylength of 256
Sep 13 16:04:03.211: ISAKMP:      auth XAUTHInitPreShared
Sep 13 16:04:03.211: ISAKMP:      hash SHA
Sep 13 16:04:03.211: ISAKMP:      default group 2
Sep 13 16:04:03.211: ISAKMP (0:191): Hash algorithm offered does not match policy!
Sep 13 16:04:03.211: ISAKMP (0:191): atts are not acceptable. Next payload is 3
Sep 13 16:04:03.211: ISAKMP (0:191): Checking ISAKMP transform 2 against priority 99 policy
Sep 13 16:04:03.211: ISAKMP:      life type in seconds
Sep 13 16:04:03.211: ISAKMP:      life duration (basic) of 3600
Sep 13 16:04:03.211: ISAKMP:      encryption AES-CBC
Sep 13 16:04:03.211: ISAKMP:      keylength of 128
Sep 13 16:04:03.211: ISAKMP:      auth XAUTHInitPreShared
Sep 13 16:04:03.211: ISAKMP:      hash SHA
Sep 13 16:04:03.211: ISAKMP:      default group 2
Sep 13 16:04:03.215: ISAKMP (0:191): Hash algorithm offered does not match policy!
Sep 13 16:04:03.215: ISAKMP (0:191): atts are not acceptable. Next payload is 3
Sep 13 16:04:03.215: ISAKMP (0:191): Checking ISAKMP transform 3 against priority 99 policy
Sep 13 16:04:03.215: ISAKMP:      life type in seconds
Sep 13 16:04:03.215: ISAKMP:      life duration (basic) of 3600
Sep 13 16:04:03.215: ISAKMP:      encryption AES-CBC
Sep 13 16:04:03.215: ISAKMP:      keylength of 256
Sep 13 16:04:03.215: ISAKMP:      auth XAUTHInitPreShared
Sep 13 16:04:03.215: ISAKMP:      hash MD5
Sep 13 16:04:03.215: ISAKMP:      default group 2
Sep 13 16:04:03.215: ISAKMP (0:191): Xauth authentication by pre-shared key offered but does not match policy!
Sep 13 16:04:03.215: ISAKMP (0:191): atts are not acceptable. Next payload is 3
Sep 13 16:04:03.215: ISAKMP (0:191): Checking ISAKMP transform 4 against priority 99 policy
Sep 13 16:04:03.215: ISAKMP:      life type in seconds
Sep 13 16:04:03.215: ISAKMP:      life duration (basic) of 3600
Sep 13 16:04:03.215: ISAKMP:      encryption AES-CBC
Sep 13 16:04:03.215: ISAKMP:      keylength of 128
Sep 13 16:04:03.215: ISAKMP:      auth XAUTHInitPreShared
Sep 13 16:04:03.215: ISAKMP:      hash MD5
Sep 13 16:04:03.215: ISAKMP:      default group 2
Sep 13 16:04:03.215: ISAKMP (0:191): Proposed key length does not match policy
Sep 13 16:04:03.215: ISAKMP (0:191): atts are not acceptable. Next payload is 3
Sep 13 16:04:03.215: ISAKMP (0:191): Checking ISAKMP transform 5 against priority 99 policy
Sep 13 16:04:03.215: ISAKMP:      life type in seconds
Sep 13 16:04:03.215: ISAKMP:      life duration (basic) of 3600
Sep 13 16:04:03.215: ISAKMP:      encryption 3DES-CBC
Sep 13 16:04:03.215: ISAKMP:      auth XAUTHInitPreShared
Sep 13 16:04:03.215: ISAKMP:      hash SHA
Sep 13 16:04:03.215: ISAKMP:      default group 2
Sep 13 16:04:03.215: ISAKMP (0:191): Encryption algorithm offered does not match policy!
Sep 13 16:04:03.215: ISAKMP (0:191): atts are not acceptable. Next payload is 3
Sep 13 16:04:03.215: ISAKMP (0:191): Checking ISAKMP transform 6 against priority 99 policy
Sep 13 16:04:03.215: ISAKMP:      life type in seconds
Sep 13 16:04:03.215: ISAKMP:      life duration (basic) of 3600
Sep 13 16:04:03.215: ISAKMP:      encryption 3DES-CBC
Sep 13 16:04:03.215: ISAKMP:      auth XAUTHInitPreShared
Sep 13 16:04:03.215: ISAKMP:      hash MD5
Sep 13 16:04:03.215: ISAKMP:      default group 2
Sep 13 16:04:03.215: ISAKMP (0:191): Encryption algorithm offered does not match policy!
Sep 13 16:04:03.215: ISAKMP (0:191): atts are not acceptable. Next payload is 3
Sep 13 16:04:03.215: ISAKMP (0:191): Checking ISAKMP transform 7 against priority 99 policy
Sep 13 16:04:03.215: ISAKMP:      life type in seconds
Sep 13 16:04:03.215: ISAKMP:      life duration (basic) of 3600
Sep 13 16:04:03.215: ISAKMP:      encryption DES-CBC
Sep 13 16:04:03.215: ISAKMP:      auth XAUTHInitPreShared
Sep 13 16:04:03.215: ISAKMP:      hash SHA
Sep 13 16:04:03.215: ISAKMP:      default group 2
Sep 13 16:04:03.215: ISAKMP (0:191): Encryption algorithm offered does not match policy!
Sep 13 16:04:03.215: ISAKMP (0:191): atts are not acceptable. Next payload is 3
Sep 13 16:04:03.215: ISAKMP (0:191): Checking ISAKMP transform 8 against priority 99 policy
Sep 13 16:04:03.215: ISAKMP:      life type in seconds
Sep 13 16:04:03.215: ISAKMP:      life duration (basic) of 3600
Sep 13 16:04:03.215: ISAKMP:      encryption DES-CBC
Sep 13 16:04:03.215: ISAKMP:      auth XAUTHInitPreShared
Sep 13 16:04:03.215: ISAKMP:      hash MD5
Sep 13 16:04:03.215: ISAKMP:      default group 2
Sep 13 16:04:03.215: ISAKMP (0:191): Encryption algorithm offered does not match policy!
Sep 13 16:04:03.215: ISAKMP (0:191): atts are not acceptable. Next payload is 0




ROUTER

crypto isakmp policy 99
encr aes 256
hash md5
authentication pre-share
group 2

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Yudong Wu Mon, 09/13/2010 - 09:46
User Badges:
  • Gold, 750 points or more

The issue is related to "Xauth authentication by pre-shared key offered but does not match policy!"

Can you paste your configuration?

b.julin Mon, 09/13/2010 - 12:43
User Badges:
  • Bronze, 100 points or more

It is likely that your Cisco is configured for L2TP/IPSec, not IPSec-ra with xauth, so you need to configure the OSX client that way too.


(Or is that log from the client?  In which case, vice-versa.)

Actions

This Discussion