09-13-2010 09:13 AM
Hi,
on my MAC, snow leopard built in vpn client no connecting with Cisco router acting as VPN server,
here is error log i get, can any one help? though i have these policies confgured on my router, but still it fails:S
Sep 13 16:04:03.211: ISAKMP (0:191): Checking ISAKMP transform 1 against priority 99 policy
Sep 13 16:04:03.211: ISAKMP: life type in seconds
Sep 13 16:04:03.211: ISAKMP: life duration (basic) of 3600
Sep 13 16:04:03.211: ISAKMP: encryption AES-CBC
Sep 13 16:04:03.211: ISAKMP: keylength of 256
Sep 13 16:04:03.211: ISAKMP: auth XAUTHInitPreShared
Sep 13 16:04:03.211: ISAKMP: hash SHA
Sep 13 16:04:03.211: ISAKMP: default group 2
Sep 13 16:04:03.211: ISAKMP (0:191): Hash algorithm offered does not match policy!
Sep 13 16:04:03.211: ISAKMP (0:191): atts are not acceptable. Next payload is 3
Sep 13 16:04:03.211: ISAKMP (0:191): Checking ISAKMP transform 2 against priority 99 policy
Sep 13 16:04:03.211: ISAKMP: life type in seconds
Sep 13 16:04:03.211: ISAKMP: life duration (basic) of 3600
Sep 13 16:04:03.211: ISAKMP: encryption AES-CBC
Sep 13 16:04:03.211: ISAKMP: keylength of 128
Sep 13 16:04:03.211: ISAKMP: auth XAUTHInitPreShared
Sep 13 16:04:03.211: ISAKMP: hash SHA
Sep 13 16:04:03.211: ISAKMP: default group 2
Sep 13 16:04:03.215: ISAKMP (0:191): Hash algorithm offered does not match policy!
Sep 13 16:04:03.215: ISAKMP (0:191): atts are not acceptable. Next payload is 3
Sep 13 16:04:03.215: ISAKMP (0:191): Checking ISAKMP transform 3 against priority 99 policy
Sep 13 16:04:03.215: ISAKMP: life type in seconds
Sep 13 16:04:03.215: ISAKMP: life duration (basic) of 3600
Sep 13 16:04:03.215: ISAKMP: encryption AES-CBC
Sep 13 16:04:03.215: ISAKMP: keylength of 256
Sep 13 16:04:03.215: ISAKMP: auth XAUTHInitPreShared
Sep 13 16:04:03.215: ISAKMP: hash MD5
Sep 13 16:04:03.215: ISAKMP: default group 2
Sep 13 16:04:03.215: ISAKMP (0:191): Xauth authentication by pre-shared key offered but does not match policy!
Sep 13 16:04:03.215: ISAKMP (0:191): atts are not acceptable. Next payload is 3
Sep 13 16:04:03.215: ISAKMP (0:191): Checking ISAKMP transform 4 against priority 99 policy
Sep 13 16:04:03.215: ISAKMP: life type in seconds
Sep 13 16:04:03.215: ISAKMP: life duration (basic) of 3600
Sep 13 16:04:03.215: ISAKMP: encryption AES-CBC
Sep 13 16:04:03.215: ISAKMP: keylength of 128
Sep 13 16:04:03.215: ISAKMP: auth XAUTHInitPreShared
Sep 13 16:04:03.215: ISAKMP: hash MD5
Sep 13 16:04:03.215: ISAKMP: default group 2
Sep 13 16:04:03.215: ISAKMP (0:191): Proposed key length does not match policy
Sep 13 16:04:03.215: ISAKMP (0:191): atts are not acceptable. Next payload is 3
Sep 13 16:04:03.215: ISAKMP (0:191): Checking ISAKMP transform 5 against priority 99 policy
Sep 13 16:04:03.215: ISAKMP: life type in seconds
Sep 13 16:04:03.215: ISAKMP: life duration (basic) of 3600
Sep 13 16:04:03.215: ISAKMP: encryption 3DES-CBC
Sep 13 16:04:03.215: ISAKMP: auth XAUTHInitPreShared
Sep 13 16:04:03.215: ISAKMP: hash SHA
Sep 13 16:04:03.215: ISAKMP: default group 2
Sep 13 16:04:03.215: ISAKMP (0:191): Encryption algorithm offered does not match policy!
Sep 13 16:04:03.215: ISAKMP (0:191): atts are not acceptable. Next payload is 3
Sep 13 16:04:03.215: ISAKMP (0:191): Checking ISAKMP transform 6 against priority 99 policy
Sep 13 16:04:03.215: ISAKMP: life type in seconds
Sep 13 16:04:03.215: ISAKMP: life duration (basic) of 3600
Sep 13 16:04:03.215: ISAKMP: encryption 3DES-CBC
Sep 13 16:04:03.215: ISAKMP: auth XAUTHInitPreShared
Sep 13 16:04:03.215: ISAKMP: hash MD5
Sep 13 16:04:03.215: ISAKMP: default group 2
Sep 13 16:04:03.215: ISAKMP (0:191): Encryption algorithm offered does not match policy!
Sep 13 16:04:03.215: ISAKMP (0:191): atts are not acceptable. Next payload is 3
Sep 13 16:04:03.215: ISAKMP (0:191): Checking ISAKMP transform 7 against priority 99 policy
Sep 13 16:04:03.215: ISAKMP: life type in seconds
Sep 13 16:04:03.215: ISAKMP: life duration (basic) of 3600
Sep 13 16:04:03.215: ISAKMP: encryption DES-CBC
Sep 13 16:04:03.215: ISAKMP: auth XAUTHInitPreShared
Sep 13 16:04:03.215: ISAKMP: hash SHA
Sep 13 16:04:03.215: ISAKMP: default group 2
Sep 13 16:04:03.215: ISAKMP (0:191): Encryption algorithm offered does not match policy!
Sep 13 16:04:03.215: ISAKMP (0:191): atts are not acceptable. Next payload is 3
Sep 13 16:04:03.215: ISAKMP (0:191): Checking ISAKMP transform 8 against priority 99 policy
Sep 13 16:04:03.215: ISAKMP: life type in seconds
Sep 13 16:04:03.215: ISAKMP: life duration (basic) of 3600
Sep 13 16:04:03.215: ISAKMP: encryption DES-CBC
Sep 13 16:04:03.215: ISAKMP: auth XAUTHInitPreShared
Sep 13 16:04:03.215: ISAKMP: hash MD5
Sep 13 16:04:03.215: ISAKMP: default group 2
Sep 13 16:04:03.215: ISAKMP (0:191): Encryption algorithm offered does not match policy!
Sep 13 16:04:03.215: ISAKMP (0:191): atts are not acceptable. Next payload is 0
ROUTER
crypto isakmp policy 99
encr aes 256
hash md5
authentication pre-share
group 2
09-13-2010 09:46 AM
The issue is related to "Xauth authentication by pre-shared key offered but does not match policy!"
Can you paste your configuration?
09-13-2010 12:43 PM
It is likely that your Cisco is configured for L2TP/IPSec, not IPSec-ra with xauth, so you need to configure the OSX client that way too.
(Or is that log from the client? In which case, vice-versa.)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide