Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

bma
New Member

1702 vpn peer to PIX 515

Hi

I have a 1702 route on the branch office and want to use vpn to access main office with PIX. Following is log view message with Cisco client 1.1 on the windows 98:

04:10:24.040 atmel - Initiating IKE Phase 1

04:10:24.150 atmel - SENDING>>>> ISAKMP OAK MM (SA)

04:10:24.420 atmel - RECEIVED<<< ISAKMP OAK MM (SA)

04:10:24.700 atmel - SENDING>>>> ISAKMP OAK MM (KE, NON, VID, VID)

04:10:26.290 atmel - Exceeded 3 re-keying attempts (message id: 14D48ED3)

04:10:26.400 atmel - QM re-keying timed out (message id: 14D48ED3). Discarding IPSec SA negotiation

04:10:39.140 atmel - RECEIVED<<< ISAKMP OAK MM (Retransmission)

04:10:39.250 atmel - Resending last packet.

04:10:39.360 atmel - SENDING>>>> ISAKMP OAK MM (Retransmission)

04:10:39.530 atmel - RECEIVED<<< ISAKMP OAK MM (KE, NON, VID, VID, VID)

04:10:39.750 atmel - SENDING>>>> ISAKMP OAK MM *(ID, HASH)

04:10:54.360 atmel - RECEIVED<<< ISAKMP OAK MM (Retransmission)

04:10:54.410 atmel - Resending last packet.

04:10:54.520 atmel - SENDING>>>> ISAKMP OAK MM *(Retransmission)

04:10:54.630 atmel - RECEIVED<<< ISAKMP OAK MM *(ID, HASH)

04:10:54.740 atmel - Established IKE SA

04:10:54.850 atmel - Initiating IKE Phase 2 with Client IDs (message id: B163C385)

04:10:54.960 Initiator = IP ADDR=10.20.0.2, prot = 0 port = 0

04:10:55.070 Responder = IP SUBNET/MASK=10.30.0.0/255.255.0.0, prot = 0 port = 0

04:10:55.180 atmel - SENDING>>>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID)

04:11:10.340 atmel - QM re-keying timed out (message id: B163C385). Retry count: 1

04:11:10.450 atmel - SENDING>>>> ISAKMP OAK QM *(Retransmission)

04:11:10.730 atmel - RECEIVED<<< ISAKMP OAK TRANS *(HASH, ATTR)

04:11:25.500 atmel - RECEIVED<<< ISAKMP OAK TRANS *(Retransmission)

04:11:26.760 atmel - SENDING>>>> ISAKMP OAK TRANS *(HASH, ATTR)

04:11:40.500 atmel - RECEIVED<<< ISAKMP OAK TRANS *(Retransmission)

04:11:40.610 atmel - Resending last packet.

04:11:40.720 atmel - SENDING>>>> ISAKMP OAK TRANS *(Retransmission)

04:11:40.830 atmel - RECEIVED<<< ISAKMP OAK TRANS *(HASH, ATTR)

04:11:40.940 atmel - SENDING>>>> ISAKMP OAK TRANS *(HASH, ATTR)

04:11:55.770 atmel - RECEIVED<<< ISAKMP OAK TRANS *(HASH, )

........

I cannot ping or build connection. Is it key or config problem? Thanks

ben

1 REPLY
Cisco Employee

Re: 1702 vpn peer to PIX 515

Are you trying to create IPSec tunnel between PIX and 1700? or PIX against 1.1 client?

It looks like IKE never established.

Please check IKE policy matches with each other.

DES/3DES? Auth type MD5/SHA? DH group 1/2?

Thanks

490
Views
0
Helpful
1
Replies
CreatePlease login to create content