Building configuration... Current configuration : 4875 bytes ! version 12.3 no service pad service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname avnrichmond ! boot-start-marker boot-end-marker ! enable secret 5 $1$hMf4$qDFgQf8QoBq2u8FrbGmtK/ ! username CRWS_Giri privilege 15 password 7 074B700879581F24531D5A03370F3B25706264724A554557 username CRWS_Bijoy privilege 15 password 7 0242551F3C570900084158163632020A5D50787D717F66637245 username CRWS_Gayatri privilege 15 password 7 041F5A4238704A6F4D165418212E1C057B737D7F6A6471405445 username avnrichmond password 7 107D59170C1447 username CRWS_Kannan privilege 15 password 7 114D484120430D2D40257A2B1B1625234253415554020A0A0701 aaa new-model ! ! aaa authentication login vpn-client-grp local aaa authorization network vpn-client-grp local aaa session-id common ip subnet-zero ip dhcp excluded-address 10.10.10.1 ! ip dhcp pool CLIENT import all network 10.10.10.0 255.255.255.0 default-router 10.10.10.1 lease 0 2 ! ! ip inspect name myfw cuseeme timeout 3600 ip inspect name myfw ftp timeout 3600 ip inspect name myfw rcmd timeout 3600 ip inspect name myfw realaudio timeout 3600 ip inspect name myfw smtp timeout 3600 ip inspect name myfw tftp timeout 30 ip inspect name myfw udp timeout 15 ip inspect name myfw tcp timeout 3600 ip inspect name myfw h323 timeout 3600 ip audit notify log ip audit po max-events 100 ip ssh break-string no ftp-server write-enable no scripting tcl init no scripting tcl encdir ! ! ! ! crypto isakmp policy 2 hash md5 authentication pre-share ! crypto isakmp policy 10 encr 3des authentication pre-share group 2 crypto isakmp key xxxxxxxxx address 66.135.108.139 crypto isakmp client configuration address-pool local loc-pool ! crypto isakmp client configuration group xxxxxx key $rogers77! domain avn.ca pool loc-pool acl 150 ! ! crypto ipsec transform-set trans-set-1 esp-3des esp-md5-hmac crypto ipsec transform-set TS-MME esp-3des esp-sha-hmac ! crypto dynamic-map dyn-map 1 set transform-set trans-set-1 ! ! crypto map dyn-map isakmp authorization list vpn-server-grp crypto map dyn-map client configuration address initiate crypto map dyn-map client configuration address respond crypto map dyn-map 1 ipsec-isakmp dynamic dyn-map crypto map dyn-map 10 ipsec-isakmp set peer 66.135.108.139 set security-association lifetime seconds 28800 set transform-set TS-MME match address 130 ! ! ! ! ! interface Ethernet0 ip address 10.10.10.1 255.255.255.0 ip access-group 122 out ip nat inside no cdp enable hold-queue 32 in ! interface Ethernet1 ip address dhcp client-id Ethernet1 ip access-group 111 in ip nat outside ip inspect myfw in duplex auto no cdp enable crypto map dyn-map ! interface FastEthernet1 no ip address duplex auto speed auto ! interface FastEthernet2 no ip address duplex auto speed auto ! interface FastEthernet3 no ip address duplex auto speed auto ! interface FastEthernet4 no ip address duplex auto speed auto ! ip local pool loc-pool 10.100.100.1 10.100.100.100 ip nat inside source list 102 interface Ethernet1 overload ip classless ip route 172.20.0.0 255.255.255.0 Ethernet1 ip http server no ip http secure-server ! ! access-list 102 deny ip 10.10.10.0 0.0.0.255 host 172.20.0.1 access-list 102 permit ip 10.10.10.0 0.0.0.255 any access-list 111 permit tcp any any eq telnet access-list 111 permit tcp any any eq www access-list 111 permit tcp any any eq ftp access-list 111 permit tcp any any eq 443 access-list 111 permit icmp any any access-list 111 permit icmp any any echo access-list 111 permit icmp any any echo-reply access-list 111 permit icmp any any packet-too-big access-list 111 permit icmp any any time-exceeded access-list 111 permit icmp any any traceroute access-list 111 permit icmp any any unreachable access-list 111 permit udp any eq bootps any eq bootpc access-list 111 permit udp any eq bootps any eq bootps access-list 111 permit udp any eq domain any access-list 111 permit esp any any access-list 111 permit udp any any eq isakmp access-list 111 permit udp any any eq 10000 access-list 111 permit tcp any any eq 1723 access-list 111 permit tcp any any eq 139 access-list 111 permit udp any any eq netbios-ns access-list 111 permit udp any any eq netbios-dgm access-list 111 permit gre any any access-list 111 deny ip any any access-list 122 deny tcp any any eq telnet access-list 122 permit ip any any access-list 130 permit ip 10.10.10.0 0.0.0.255 172.20.0.0 0.0.0.255 access-list 150 permit ip 10.10.10.0 0.0.0.255 10.100.100.0 0.0.0.255 ! control-plane ! ! line con 0 exec-timeout 120 0 no modem enable transport preferred all transport output all stopbits 1 line aux 0 transport preferred all transport output all line vty 0 4 exec-timeout 120 0 length 0 transport preferred all transport input all transport output all ! scheduler max-task-time 5000 ! end 4d22h: ISAKMP: keylength of 128 4d22h: ISAKMP:(0:2:HW:2):Encryption algorithm offered does not match policy! 4d22h: ISAKMP:(0:2:HW:2):atts are not acceptable. Next payload is 3 4d22h: ISAKMP:(0:2:HW:2):Checking ISAKMP transform 9 against priority 10 policy 4d22h: ISAKMP: encryption 3DES-CBC 4d22h: ISAKMP: hash SHA 4d22h: ISAKMP: default group 2 4d22h: ISAKMP: auth XAUTHInitPreShared 4d22h: ISAKMP: life type in seconds 4d22h: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B 4d22h: ISAKMP:(0:2:HW:2):Xauth authentication by pre-shared key offered but does not match policy! 4d22h: ISAKMP:(0:2:HW:2):atts are not acceptable. Next payload is 3 4d22h: ISAKMP:(0:2:HW:2):Checking ISAKMP transform 10 against priority 10 policy 4d22h: ISAKMP: encryption 3DES-CBC 4d22h: ISAKMP: hash MD5 4d22h: ISAKMP: default group 2 4d22h: ISAKMP: auth XAUTHInitPreShared 4d22h: ISAKMP: life type in seconds 4d22h: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B 4d22h: ISAKMP:(0:2:HW:2):Hash algorithm offered does not match policy! 4d22h: ISAKMP:(0:2:HW:2):atts are not acceptable. Next payload is 3 4d22h: ISAKMP:(0:2:HW:2):Checking ISAKMP transform 11 against priority 10 policy 4d22h: ISAKMP: encryption 3DES-CBC 4d22h: ISAKMP: hash SHA 4d22h: ISAKMP: default group 2 4d22h: ISAKMP: auth pre-share 4d22h: ISAKMP: life type in seconds 4d22h: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B 4d22h: ISAKMP:(0:2:HW:2):atts are acceptable. Next payload is 3 4d22h: ISAKMP:(0:2:HW:2): processing KE payload. message ID = 0 4d22h: ISAKMP:(0:2:HW:2): processing NONCE payload. message ID = 0 4d22h: ISAKMP:(0:2:HW:2): vendor ID is NAT-T v2 4d22h: ISAKMP:(0:2:HW:2):Unknown Input: state = IKE_READY, major, minor = IKE_MESG_FROM_PEER, IKE_AM_EXCH 4d22h: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode failed with peer at 70.50.136.113 4d22h: ISAKMP (0:268435458): received packet from 70.50.136.113 dport 500 sport 500 Global (R) AG_NO_STATE 4d22h: ISAKMP:(0:2:HW:2): phase 1 packet is a duplicate of a previous packet. 4d22h: ISAKMP:(0:2:HW:2): retransmitting due to retransmit phase 1 4d22h: ISAKMP:(0:2:HW:2): retransmitting phase 1 AG_NO_STATE... 4d22h: ISAKMP:(0:2:HW:2): retransmitting phase 1 AG_NO_STATE... 4d22h: ISAKMP:(0:2:HW:2):incrementing error counter on sa: retransmit phase 1 4d22h: ISAKMP:(0:2:HW:2): no outgoing phase 1 packet to retransmit. AG_NO_STATE 4d22h: ISAKMP (0:268435458): received packet from 70.50.136.113 dport 500 sport 500 Global (R) AG_NO_STATE 4d22h: ISAKMP:(0:2:HW:2): phase 1 packet is a duplicate of a previous packet. 4d22h: ISAKMP:(0:2:HW:2): retransmitting due to retransmit phase 1 4d22h: ISAKMP:(0:2:HW:2): retransmitting phase 1 AG_NO_STATE... 4d22h: ISAKMP:(0:2:HW:2): retransmitting phase 1 AG_NO_STATE... 4d22h: ISAKMP:(0:2:HW:2):incrementing error counter on sa: retransmit phase 1 4d22h: ISAKMP:(0:2:HW:2): no outgoing phase 1 packet to retransmit. AG_NO_STATE 4d22h: ISAKMP: quick mode timer expired. 4d22h: ISAKMP:(0:1:HW:2):src 70.50.136.113 dst 24.85.162.136, SA is not authenticated 4d22h: ISAKMP:(0:1:HW:2):peer does not do paranoid keepalives. 4d22h: ISAKMP:(0:1:HW:2):deleting SA reason "QM_TIMER expired" state (R) AG_NO_STATE (peer 70.50.136.113) input queue 0 4d22h: ISAKMP:(0:1:HW:2):deleting SA reason "QM_TIMER expired" state (R) AG_NO_STATE (peer 70.50.136.113) input queue 0 4d22h: ISAKMP: Unlocking IKE struct 0x818F80D8 for isadb_mark_sa_deleted(), count 0 4d22h: ISAKMP: Deleting peer node by peer_reap for 70.50.136.113: 818F80D8 4d22h: ISAKMP: Deleted node doesn't match node to be deleted! 4d22h: ISAKMP:(0:1:HW:2):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL 4d22h: ISAKMP:(0:1:HW:2):Old State = IKE_READY New State = IKE_DEST_SA 4d22h: ISAKMP (0:268435458): received packet from 70.50.136.113 dport 500 sport 500 Global (R) AG_NO_STATE 4d22h: ISAKMP:(0:2:HW:2): phase 1 packet is a duplicate of a previous packet. 4d22h: ISAKMP:(0:2:HW:2): retransmitting due to retransmit phase 1 4d22h: ISAKMP:(0:2:HW:2): retransmitting phase 1 AG_NO_STATE... 4d22h: ISAKMP:(0:2:HW:2): retransmitting phase 1 AG_NO_STATE... 4d22h: ISAKMP:(0:2:HW:2):incrementing error counter on sa: retransmit phase 1 4d22h: ISAKMP:(0:2:HW:2): no outgoing phase 1 packet to retransmit. AG_NO_STATE 4d22h: ISAKMP:(0:1:HW:2):purging SA., sa=818FB76C, delme=818FB76C