no ip address no atm ilmi-keepalive dsl operating-mode auto ! interface ATM0/1/0.1 point-to-point no snmp trap link-status pvc 0/38 encapsulation aal5mux ppp dialer dialer pool-member 1 ! ! interface Dialer0 ip address negotiated ip nat outside ip virtual-reassembly encapsulation ppp dialer pool 1 dialer-group 1 no cdp enable ppp authentication chap pap callin ppp chap hostname 1280823476@btlink.londonlink.net ppp chap password 0 gmr68n9i ppp pap sent-username 1280823476@btlink.londonlink.net password 0 gmr68n9i ppp multilink crypto map MUSGRAVE ! ip route 0.0.0.0 0.0.0.0 Dialer0 ! ! no ip http server no ip http secure-server ip nat inside source static tcp 192.168.6.1 25 interface Dialer0 25 ip nat inside source static tcp 192.168.6.1 80 interface Dialer0 80 ip nat inside source static tcp 192.168.6.1 81 interface Dialer0 81 ip nat inside source static tcp 192.168.6.1 82 interface Dialer0 82 ip nat inside source static tcp 192.168.6.1 3389 interface Dialer0 3389 ip nat inside source static tcp 192.168.6.1 1723 interface Dialer0 1723 ip nat inside source static tcp 192.168.6.1 3001 interface Dialer0 3001 ip nat inside source static tcp 192.168.6.1 1352 interface Dialer0 1352 ip nat inside source static tcp 192.168.6.1 995 interface Dialer0 995 ip nat inside source route-map VPN_1 interface Dialer0 overload ! ip access-list extended Crypto-list permit ip 192.168.6.0 0.0.0.255 3.0.0.0 0.255.255.255 ip access-list extended NAT deny ip 192.168.6.0 0.0.0.255 3.0.0.0 0.255.255.255 permit ip 192.168.6.0 0.0.0.255 any deny ip any 3.0.0.0 0.255.255.255 ! access-list 1 permit 192.168.6.0 0.0.0.255 access-list 100 permit ip 192.168.6.0 0.0.0.255 3.0.0.0 0.255.255.255 access-list 114 permit ip any 3.0.0.0 0.255.255.255 dialer-list 1 protocol ip permit ! ! ! route-map VPN_1 permit 1 PTIME#conf t Enter configuration commands, one per line. End with CNTL/Z. PTIME(config)#no access-list 114 PTIME(config)#$ 114 permit ip 192.168.6.0 0.0.0.255 3.0.0.0 0.255.255.255 PTIME(config)#exit PTIME#debug crypto isakmp sa ^ % Invalid input detected at '^' marker. PTIME#debug crypto ipsec sa ^ % Invalid input detected at '^' marker. PTIME#debug crypto ipsec ? client Client Debug error IPSEC errors ha IPSEC High Availability PTIME#debug crypto ipsec Crypto IPSEC debugging is on PTIME#debug crypto isakmp ? error ISAKMP Errors ha ISAKMP High Availability PTIME#debug crypto isakmp Crypto ISAKMP debugging is on PTIME#term mon PTIME#ping 3.0.3.242 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 3.0.3.242, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) PTIME# *May 14 12:44:23.106: IPSEC(sa_request): , (key eng. msg.) OUTBOUND local= 212.115.54.9, remote= 195.58.69.242, local_proxy= 192.168.6.0/255.255.255.0/0/0 (type=4), remote_proxy= 3.0.0.0/255.0.0.0/0/0 (type=4), protocol= ESP, transform= NONE (Tunnel), lifedur= 1800s and 50000kb, spi= 0x0(0), conn_id= 0, keysize= 256, flags= 0x0 *May 14 12:44:23.106: ISAKMP:(0): SA request profile is (NULL) *May 14 12:44:23.106: ISAKMP: Created a peer struct for 195.58.69.242, peer port 500 *May 14 12:44:23.106: ISAKMP: New peer created peer = 0x480A3F90 peer_handle = 0 x8000033F *May 14 12:44:23.106: ISAKMP: Locking peer struct 0x480A3F90, refcount 1 for isa kmp_initiator *May 14 12:44:23.106: ISAKMP: local port 500, remote port 500 *May 14 12:44:23.106: ISAKMP: set new node 0 to QM_IDLE *May 14 12:44:23.106: insert sa successfully sa = 480A383C *May 14 12:44:23.106: ISAKMP:(0):SA has tunnel attributes set. *May 14 12:44:23.110: ISAKMP:(0): constructed NAT-T vendor-07 ID *May 14 12:44:23.110: ISAKMP:(0): constructed NAT-T vendor-03 ID *May 14 12:44:23.110: ISAKMP:(0): constructed NAT-T vendor-02 ID *May 14 12:44:23.110: ISAKMP:(0):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR *May 14 12:44:23.110: ISAKMP (0:0): ID payload next-payload : 13 type : 1 address : 212.115.54.9 protocol : 17 port : 0 length : 12 *May 14 12:44:23.110: ISAKMP:(0):Total payload length: 12 *May 14 12:44:23.110: ISAKMP:(0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_AM *May 14 12:44:23.110: ISAKMP:(0):Old State = IKE_READY New State = IKE_I_AM1 *May 14 12:44:23.110: ISAKMP:(0): beginning Aggressive Mode exchange *May 14 12:44:23.110: ISAKMP:(0): sending packet to 195.58.69.242 my_port 500 pe er_port 500 (I) AG_INIT_EXCH *May 14 12:44:23.110: ISAKMP:(0):Sending an IKE IPv4 Packet. *May 14 12:44:23.170: ISAKMP (0:0): received packet from 195.58.69.242 dport 500 sport 500 Global (I) AG_INIT_EXCH *May 14 12:44:23.170: ISAKMP:(0): processing SA payload. message ID = 0 *May 14 12:44:23.170: ISAKMP:(0): processing ID payload. message ID = 0 *May 14 12:44:23.170: ISAKMP (0:0): ID payload next-payload : 8 type : 1 address : 195.58.69.242 protocol : 17 port : 500 length : 12 *May 14 12:44:23.170: ISAKMP:(0):: peer matches *none* of the profiles *May 14 12:44:23.170: ISAKMP:(0): processing vendor id payload *May 14 12:44:23.170: ISAKMP:(0): vendor ID seems Unity/DPD but major 86 mismatc h *May 14 12:44:23.170: ISAKMP:(0): processing vendor id payload *May 14 12:44:23.170: ISAKMP:(0): vendor ID is DPD *May 14 12:44:23.170: ISAKMP:(0): processing vendor id payload *May 14 12:44:23.170: ISAKMP:(0): vendor ID seems Unity/DPD but major 102 mismat ch *May 14 12:44:23.174: ISAKMP:(0):SA using tunnel password as pre-shared key. *May 14 12:44:23.174: ISAKMP:(0): local preshared key found *May 14 12:44:23.174: ISAKMP : Scanning profiles for xauth ... *May 14 12:44:23.174: ISAKMP:(0):Checking ISAKMP transform 1 against priority 1 policy *May 14 12:44:23.174: ISAKMP: encryption AES-CBC *May 14 12:44:23.174: ISAKMP: hash SHA *May 14 12:44:23.174: ISAKMP: default group 2 *May 14 12:44:23.174: ISAKMP: auth pre-share *May 14 12:44:23.174: ISAKMP: keylength of 256 *May 14 12:44:23.174: ISAKMP: life type in seconds *May 14 12:44:23.174: ISAKMP: life duration (basic) of 28800 *May 14 12:44:23.174: ISAKMP:(0):atts are acceptable. Next payload is 0 *May 14 12:44:23.174: ISAKMP:(0): processing vendor id payload *May 14 12:44:23.174: ISAKMP:(0): vendor ID seems Unity/DPD but major 86 mismatc h *May 14 12:44:23.174: ISAKMP:(0): processing vendor id payload *May 14 12:44:23.174: ISAKMP:(0): vendor ID is DPD *May 14 12:44:23.174: ISAKMP:(0): processing vendor id payload *May 14 12:44:23.174: ISAKMP:(0): vendor ID seems Unity/DPD but major 102 mismat ch *May 14 12:44:23.174: ISAKMP:(0): processing KE payload. message ID = 0 *May 14 12:44:23.222: ISAKMP:(0): processing NONCE payload. message ID = 0 *May 14 12:44:23.222: ISAKMP:(0):SA using tunnel password as pre-shared key. *May 14 12:44:23.222: ISAKMP:(1099): processing HASH payload. message ID = 0 *May 14 12:44:23.222: ISAKMP:(1099):SA authentication status: authenticated *May 14 12:44:23.222: ISAKMP:(1099):SA has been authenticated with 195.58.69.242 *May 14 12:44:23.222: ISAKMP: Trying to insert a peer 212.115.54.9/195.58.69.242 /500/, and inserted successfully 480A3F90. *May 14 12:44:23.222: ISAKMP:(1099):Send initial contact *May 14 12:44:23.226: ISAKMP:(1099): sending packet to 195.58.69.242 my_port 500 peer_port 500 (I) AG_INIT_EXCH *May 14 12:44:23.226: ISAKMP:(1099):Sending an IKE IPv4 Packet. *May 14 12:44:23.226: ISAKMP:(1099):Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH *May 14 12:44:23.226: ISAKMP:(1099):Old State = IKE_I_AM1 New State = IKE_P1_CO MPLETE *May 14 12:44:23.230: ISAKMP:(1099):beginning Quick Mode exchange, M-ID of -1049 252484 *May 14 12:44:23.230: ISAKMP:(1099):QM Initiator gets spi *May 14 12:44:23.230: ISAKMP:(1099): sending packet to 195.58.69.242 my_port 500 peer_port 500 (I) QM_IDLE *May 14 12:44:23.230: ISAKMP:(1099):Sending an IKE IPv4 Packet. *May 14 12:44:23.234: ISAKMP:(1099):Node -1049252484, Input = IKE_MESG_INTERNAL, IKE_INIT_QM *May 14 12:44:23.234: ISAKMP:(1099):Old State = IKE_QM_READY New State = IKE_QM _I_QM1 *May 14 12:44:23.234: ISAKMP:(1099):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLE TE *May 14 12:44:23.234: ISAKMP:(1099):Old State = IKE_P1_COMPLETE New State = IKE _P1_COMPLETE *May 14 12:44:23.290: ISAKMP (0:1099): received packet from 195.58.69.242 dport 500 sport 500 Global (I) QM_IDLE *May 14 12:44:23.290: ISAKMP:(1099): processing HASH payload. message ID = -1049 252484 *May 14 12:44:23.290: ISAKMP:(1099): processing SA payload. message ID = -104925 2484 *May 14 12:44:23.290: ISAKMP:(1099):Checking IPSec proposal 1 *May 14 12:44:23.290: ISAKMP: transform 1, ESP_AES *May 14 12:44:23.290: ISAKMP: attributes in transform: *May 14 12:44:23.290: ISAKMP: SA life type in seconds *May 14 12:44:23.290: ISAKMP: SA life duration (VPI) of 0x0 0x0 0x7 0x8 *May 14 12:44:23.290: ISAKMP: SA life type in kilobytes *May 14 12:44:23.290: ISAKMP: SA life duration (VPI) of 0x0 0x0 0xC3 0x50 *May 14 12:44:23.290: ISAKMP: encaps is 1 (Tunnel) *May 14 12:44:23.290: ISAKMP: authenticator is HMAC-SHA *May 14 12:44:23.290: ISAKMP: group is 2 *May 14 12:44:23.290: ISAKMP: key length is 256 *May 14 12:44:23.290: ISAKMP:(1099):atts are acceptable. *May 14 12:44:23.290: IPSEC(validate_proposal_request): proposal part #1 *May 14 12:44:23.290: IPSEC(validate_proposal_request): proposal part #1, (key eng. msg.) INBOUND local= 212.115.54.9, remote= 195.58.69.242, local_proxy= 192.168.6.0/255.255.255.0/0/0 (type=4), remote_proxy= 3.0.0.0/255.0.0.0/0/0 (type=4), protocol= ESP, transform= esp-aes 256 esp-sha-hmac (Tunnel), lifedur= 0s and 0kb, spi= 0x0(0), conn_id= 0, keysize= 256, flags= 0x0 *May 14 12:44:23.290: Crypto mapdb : proxy_match src addr : 192.168.6.0 dst addr : 3.0.0.0 protocol : 0 src port : 0 dst port : 0 *May 14 12:44:23.290: ISAKMP:(1099): processing NONCE payload. message ID = -104 9252484 *May 14 12:44:23.294: ISAKMP:(1099): processing KE payload. message ID = -104925 2484 *May 14 12:44:23.338: ISAKMP:(1099): processing ID payload. message ID = -104925 2484 *May 14 12:44:23.338: ISAKMP:(1099): processing ID payload. message ID = -104925 2484 *May 14 12:44:23.338: ISAKMP:(1099): processing NOTIFY RESPONDER_LIFETIME protoc ol 3 spi 3766224261, message ID = -1049252484, sa = 480A383C *May 14 12:44:23.338: ISAKMP:(1099):SA authentication status: authenticated *May 14 12:44:23.342: ISAKMP:(1099): processing responder lifetime *May 14 12:44:23.342: ISAKMP (1099): responder lifetime of 0kb *May 14 12:44:23.342: ISAKMP:(1099): Creating IPSec SAs *May 14 12:44:23.342: inbound SA from 195.58.69.242 to 212.115.54.9 (f/i ) 0/ 0 (proxy 3.0.0.0 to 192.168.6.0) *May 14 12:44:23.342: has spi 0x41050278 and conn_id 0 *May 14 12:44:23.342: lifetime of 1800 seconds *May 14 12:44:23.342: outbound SA from 212.115.54.9 to 195.58.69.242 (f/ i) 0/0 (proxy 192.168.6.0 to 3.0.0.0) *May 14 12:44:23.342: has spi 0xE07C0585 and conn_id 0 *May 14 12:44:23.342: lifetime of 1800 seconds *May 14 12:44:23.342: ISAKMP:(1099): sending packet to 195.58.69.242 my_port 500 peer_port 500 (I) QM_IDLE *May 14 12:44:23.342: ISAKMP:(1099):Sending an IKE IPv4 Packet. *May 14 12:44:23.346: ISAKMP:(1099):deleting node -1049252484 error FALSE reason "No Error" *May 14 12:44:23.346: ISAKMP:(1099):Node -1049252484, Input = IKE_MESG_FROM_PEER , IKE_QM_EXCH *May 14 12:44:23.346: ISAKMP:(1099):Old State = IKE_QM_I_QM1 New State = IKE_QM _PHASE2_COMPLETE *May 14 12:44:23.346: IPSEC(key_engine): got a queue event with 1 KMI message(s) *May 14 12:44:23.346: Crypto mapdb : proxy_match src addr : 192.168.6.0 dst addr : 3.0.0.0 protocol : 0 src port : 0 dst port : 0 *May 14 12:44:23.346: IPSEC(crypto_ipsec_sa_find_ident_head): reconnecting with the same proxies and peer 195.58.69.242 *May 14 12:44:23.346: IPSEC(policy_db_add_ident): src 192.168.6.0, dest 3.0.0.0, dest_port 0 *May 14 12:44:23.346: IPSEC(create_sa): sa created, (sa) sa_dest= 212.115.54.9, sa_proto= 50, sa_spi= 0x41050278(1090847352), sa_trans= esp-aes 256 esp-sha-hmac , sa_conn_id= 2133 *May 14 12:44:23.350: IPSEC(create_sa): sa created, (sa) sa_dest= 195.58.69.242, sa_proto= 50, sa_spi= 0xE07C0585(3766224261), sa_trans= esp-aes 256 esp-sha-hmac , sa_conn_id= 2134 *May 14 12:44:23.350: IPSEC(update_current_outbound_sa): updated peer 195.58.69. 242 current outbound sa to SPI E07C0585 *May 14 12:44:28.622: IPSEC(epa_des_crypt): decrypted packet failed SA identity check *May 14 12:44:34.110: IPSEC(epa_des_crypt): decrypted packet failed SA identity check *May 14 12:44:39.598: IPSEC(epa_des_crypt): decrypted packet failed SA identity check