×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

RV 120W VPN Issue (Remote Config)

Document

Mon, 11/08/2010 - 04:45
Oct 31st, 2010
User Badges:

Hello!


I'm trying to get the IPhone / IPad connected to the Router vie VPN cause we're using these devices with custom apps.

The big Problem is, that i get stuck while connection process.


While checking the router log file - I found a couple of errors:


  • 2010-10-31 21:29:36: [routerFCAFB6] [IKE] INFO:  Configuration found for XXX.XXX.XXX.XXX[27627].
    2010-10-31 21:29:36: [routerFCAFB6] [IKE] INFO:  Received request for new phase 1 negotiation: XXX.XXX.XXX.XXX[500]<=>XXX.XXX.XXX.XXX[27627]
    2010-10-31 21:29:36: [routerFCAFB6] [IKE] INFO:  Beginning Identity Protection mode.
    2010-10-31 21:29:36: [routerFCAFB6] [IKE] INFO:  Received Vendor ID: RFC 3947
    2010-10-31 21:29:36: [routerFCAFB6] [IKE] INFO:  Received unknown Vendor ID
    2010-10-31 21:29:36: [routerFCAFB6] [IKE] INFO:  Received unknown Vendor ID
    2010-10-31 21:29:36: [routerFCAFB6] [IKE] INFO:  Received unknown Vendor ID
    2010-10-31 21:29:36: [routerFCAFB6] [IKE] INFO:  Received unknown Vendor ID
    2010-10-31 21:29:36: [routerFCAFB6] [IKE] INFO:  Received unknown Vendor ID
    2010-10-31 21:29:36: [routerFCAFB6] [IKE] INFO:  Received unknown Vendor ID
    2010-10-31 21:29:36: [routerFCAFB6] [IKE] INFO:  Received unknown Vendor ID
    2010-10-31 21:29:36: [routerFCAFB6] [IKE] INFO:  Received unknown Vendor ID
    2010-10-31 21:29:36: [routerFCAFB6] [IKE] INFO:  Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02

    2010-10-31 21:29:36: [routerFCAFB6] [IKE] INFO:  Received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
    2010-10-31 21:29:36: [routerFCAFB6] [IKE] INFO:  Received Vendor ID: CISCO-UNITY
    2010-10-31 21:29:36: [routerFCAFB6] [IKE] INFO:  Received Vendor ID: DPD
    2010-10-31 21:29:36: [routerFCAFB6] [IKE] INFO:  For 213.162.68.29[27627], Selected NAT-T version: RFC 3947
    2010-10-31 21:29:37: [routerFCAFB6] [IKE] INFO:  NAT-D payload matches for XXX.XXX.XXX.XXX[500]
    2010-10-31 21:29:37: [routerFCAFB6] [IKE] INFO:  NAT-D payload does not match for XXX.XXX.XXX.XXX[27627]
    2010-10-31 21:29:37: [routerFCAFB6] [IKE] INFO:  NAT detected: PEER
    2010-10-31 21:29:37: [routerFCAFB6] [IKE] INFO:  Floating ports for NAT-T with peerXXX.XXX.XXX.XXX[24682]
    2010-10-31 21:29:37: [routerFCAFB6] [IKE] WARNING:  Ignore INITIAL-CONTACT notification from XXX.XXX.XXX.XXX[24682] because it is only accepted after phase1.
    2010-10-31 21:29:37: [routerFCAFB6] [IKE] INFO:  Sending Xauth request to XXX.XXX.XXX.XXX[24682]
    2010-10-31 21:29:37: [routerFCAFB6] [IKE] INFO:  ISAKMP-SA established for XXX.XXX.XXX.XXX[4500]-XXX.XXX.XXX.XXX[24682] with spi:b75d3xc2bbxxxb2ae5e5:a5b35x1757xxx987b25a
    2010-10-31 21:29:38: [routerFCAFB6] [IKE] INFO:  Received attribute type "ISAKMP_CFG_REPLY" fromXXX.XXX.XXX.XXX[24682]
    2010-10-31 21:29:38: [routerFCAFB6] [IKE] INFO:  Login succeeded for user "xxxxxx"
    2010-10-31 21:29:38: [routerFCAFB6] [IKE] INFO:  Received attribute type "ISAKMP_CFG_REQUEST" from XXX.XXX.XXX.XXX[24682]
    2010-10-31 21:29:38: [routerFCAFB6] [IKE] ERROR:  Local configuration for XXX.XXX.XXX.XXX[24682] does not have mode config
    2010-10-31 21:29:38: [routerFCAFB6] [IKE] ERROR:  Local configuration for XXX.XXX.XXX.XXX[24682] does not have mode config
    2010-10-31 21:29:38: [routerFCAFB6] [IKE] ERROR:  Local configuration for XXX.XXX.XXX.XXX[24682] does not have mode config
    2010-10-31 21:29:38: [routerFCAFB6] [IKE] ERROR:  Local configuration for XXX.XXX.XXX.XXX[24682] does not have mode config
    2010-10-31 21:29:38: [routerFCAFB6] [IKE] WARNING:  Ignored attribute 5
    2010-10-31 21:29:38: [routerFCAFB6] [IKE] ERROR:  Local configuration for XXX.XXX.XXX.XXX[24682] does not have mode config
    2010-10-31 21:29:38: [routerFCAFB6] [IKE] ERROR:  Local configuration for XXX.XXX.XXX.XXX[24682] does not have mode config
    2010-10-31 21:29:38: [routerFCAFB6] [IKE] ERROR:  Local configuration for XXX.XXX.XXX.XXX[24682] does not have mode config
    2010-10-31 21:29:38: [routerFCAFB6] [IKE] ERROR:  Local configuration for XXX.XXX.XXX.XXX[24682] does not have mode config
    2010-10-31 21:29:38: [routerFCAFB6] [IKE] WARNING:  Ignored attribute 28678


Does anyone have a hint how to get the connection to work?


Greetings Luke

Loading.
ibondar Thu, 11/04/2010 - 01:24
User Badges:

Hello Luke,


iPhone and iPad require form the IPSec gateway (in this case RV 120W) to support Mode-Config - an Internet Key Exchange (IKE) extension that enables the IPSec VPN gateway                                                          to provide LAN configuration to the remote user's machine (i.e. IPSec VPN Client).


This feature currently is supported only in Cisco Enterprise routers.

lschaufler Mon, 11/08/2010 - 04:45
User Badges:

Thanks for your information.


Bad to hear that news - hopefully IPhone Support will be better in future small business products since other manufactures like Draytech, etc. support them in their low cost segment hardware.

Actions

This Document

Related Content