Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ipsec vpn vpn client - cisco1720

im having a problem with my vpn connection it usaly gives me the following error :

inconsistent private ip address ignored

and it establishes the vpn tunnel but i cant do any thing with it, theres no comuniucation.

i tried to change the pool for the local vpn client and the first time i tried to connect it worked but after that it gives me the same error.

I tried rebooting my windows, erase the connections and reconfired everything on the vpn client but with no success.

can anyone help me with this?

2 REPLIES
Cisco Employee

Re: ipsec vpn vpn client - cisco1720

What version of the client and IOS code are you using? If you turn on at least debugs for isakmp and ipsec what do you get on the router?

New Member

Re: ipsec vpn vpn client - cisco1720

my ios is c1700-k8o3sy-mz.122-3

ill post here all th e dubug output from debug ipsec, debug isakmp and debug engine, because i cant spot any thing out of the normal.

5d18h: ISAKMP (0:0): received packet from 195.22.11.140 (N) NEW SA

5d18h: ISAKMP: local port 500, remote port 500

5d18h: ISAKMP (0:1): Setting client config settings 81359AC0

5d18h: ISAKMP: Created a peer node for 195.22.11.140

5d18h: ISAKMP: Locking struct 81359AC0 from crypto_ikmp_config_initialize_sa

5d18h: ISAKMP (0:1): processing SA payload. message ID = 0

5d18h: ISAKMP (0:1): found peer pre-shared key matching 195.22.11.140

5d18h: ISAKMP (0:1): Checking ISAKMP transform 1 against priority 10 policy

5d18h: ISAKMP: encryption DES-CBC

5d18h: ISAKMP: hash MD5

5d18h: ISAKMP: default group 1

5d18h: ISAKMP: auth pre-share

5d18h: ISAKMP (0:1): atts are acceptable. Next payload is 0

5d18h: CryptoEngine0: generate alg parameter

5d18h: CRYPTO_ENGINE: Dh phase 1 status: 0

5d18h: CRYPTO_ENGINE: Dh phase 1 status: 0

5d18h: ISAKMP (0:1): SA is doing pre-shared key authentication using id type ID_IPV4_ADDR

5d18h: ISAKMP (0:1): sending packet to 195.22.11.140 (R) MM_SA_SETUP

5d18h: ISAKMP (0:1): received packet from 195.22.11.140 (R) MM_SA_SETUP

5d18h: ISAKMP (0:1): processing KE payload. message ID = 0

5d18h: CryptoEngine0: generate alg parameter

5d18h: ISAKMP (0:1): processing NONCE payload. message ID = 0

5d18h: ISAKMP (0:1): found peer pre-shared key matching 195.22.11.140

5d18h: CryptoEngine0: create ISAKMP SKEYID for conn id 1

5d18h: ISAKMP (0:1): SKEYID state generated

5d18h: ISAKMP (0:1): processing vendor id payload

5d18h: ISAKMP (0:1): processing vendor id payload

5d18h: ISAKMP (0:1): sending packet to 195.22.11.140 (R) MM_KEY_EXCH

5d18h: ISAKMP (0:1): received packet from 195.22.11.140 (R) MM_KEY_EXCH

5d18h: ISAKMP (0:1): processing ID payload. message ID = 0

5d18h: ISAKMP (0:1): processing HASH payload. message ID = 0

5d18h: CryptoEngine0: generate hmac context for conn id 1

5d18h: ISAKMP (0:1): processing NOTIFY INITIAL_CONTACT protocol 1

spi 0, message ID = 0, sa = 81359554

5d18h: ISAKMP (0:1): SA has been authenticated with 195.22.11.140

5d18h: ISAKMP (1): ID payload

next-payload : 8

type : 1

protocol : 17

port : 500

length : 8

5d18h: ISAKMP (1): Total payload length: 12

5d18h: CryptoEngine0: generate hmac context for conn id 1

5d18h: CryptoEngine0: clear dh number for conn id 1

5d18h: ISAKMP (0:1): sending packet to 195.22.11.140 (R) CONF_ADDR

5d18h: ISAKMP (0:1): received packet from 195.22.11.140 (R) CONF_ADDR

5d18h: ISAKMP (0:1): Need config/address

5d18h: ISAKMP (0:1): allocating address 192.168.10.7

5d18h: CryptoEngine0: generate hmac context for conn id 1

5d18h: ISAKMP (0:1): initiating peer config to 195.22.11.140. ID = -355362332

5d18h: ISAKMP (0:1): sending packet to 195.22.11.140 (R) CONF_ADDR

5d18h: ISAKMP (0:1): received packet from 195.22.11.140 (R) CONF_ADDR

5d18h: ISAKMP (0:1): processing transaction payload from 195.22.11.140. message ID = -355362332

5d18h: CryptoEngine0: generate hmac context for conn id 1

5d18h: ISAKMP: Config payload ACK

5d18h: ISAKMP (0:1): returning IP addr to the address pool: 192.168.10.7

5d18h: ISAKMP (0:1): returning address 192.168.10.7 to pool

5d18h: ISAKMP (0:1): deleting node -355362332 error FALSE reason "done with transaction"

5d18h: ISAKMP (0:1): processing saved QM.

5d18h: CryptoEngine0: generate hmac context for conn id 1

5d18h: ISAKMP (0:1): processing HASH payload. message ID = 1165015067

5d18h: ISAKMP (0:1): processing SA payload. message ID = 1165015067

5d18h: ISAKMP (0:1): Checking IPSec proposal 1

5d18h: ISAKMP: transform 1, ESP_DES

5d18h: ISAKMP: attributes in transform:

5d18h: ISAKMP: authenticator is HMAC-MD5

5d18h: ISAKMP: encaps is 1

5d18h: validate proposal 0

5d18h: ISAKMP (0:1): atts are acceptable.

5d18h: IPSEC(validate_proposal_request): proposal part #1,

(key eng. msg.) dest= 195.22.13.166, src= 195.22.11.140,

dest_proxy= 199.6.84.0/255.255.255.0/0/0 (type=4),

src_proxy= 192.168.10.1/255.255.255.255/0/0 (type=1),

protocol= ESP, transform= esp-des esp-md5-hmac ,

lifedur= 0s and 0kb,

spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4

5d18h: validate proposal request 0

5d18h: ISAKMP (0:1): processing NONCE payload. message ID = 1165015067

5d18h: ISAKMP (0:1): processing ID payload. message ID = 1165015067

5d18h: ISAKMP (1): ID_IPV4_ADDR src 192.168.10.1 prot 0 port 0

5d18h: ISAKMP (0:1): processing ID payload. message ID = 1165015067

5d18h: ISAKMP (1): ID_IPV4_ADDR_SUBNET dst 199.6.84.0/255.255.255.0 prot 0 port 0

5d18h: ISAKMP (0:1): asking for 1 spis from ipsec

5d18h: IPSEC(key_engine): got a queue event...

5d18h: IPSEC(spi_response): getting spi 125446639 for SA

from 195.22.11.140 to 195.22.13.166 for prot 3

5d18h: ISAKMP: received ke message (2/1)

5d18h: CryptoEngine0: generate hmac context for conn id 1

5d18h: ISAKMP (0:1): sending packet to 195.22.11.140 (R) QM_IDLE

5d18h: ISAKMP (0:1): received packet from 195.22.11.140 (R) QM_IDLE

5d18h: CryptoEngine0: generate hmac context for conn id 1

5d18h: ipsec allocate flow 0

5d18h: ipsec allocate flow 0

5d18h: ISAKMP (0:1): Creating IPSec SAs

5d18h: inbound SA from 195.22.11.140 to 195.22.13.166

(proxy 192.168.10.1 to 199.6.84.0)

5d18h: has spi 0x77A29EF and conn_id 2000 and flags 4

5d18h: outbound SA from 195.22.13.166 to 195.22.11.140 (proxy 199.6.84.0 to 192.168.10.1 )

5d18h: has spi -758838188 and conn_id 2001 and flags 4

5d18h: ISAKMP (0:1): deleting node 1165015067 error FALSE reason "quick mode done (await()"

5d18h: IPSEC(key_engine): got a queue event...

5d18h: IPSEC(initialize_sas): ,

(key eng. msg.) dest= 195.22.13.166, src= 195.22.11.140,

dest_proxy= 199.6.84.0/255.255.255.0/0/0 (type=4),

src_proxy= 192.168.10.1/0.0.0.0/0/0 (type=1),

protocol= ESP, transform= esp-des esp-md5-hmac ,

lifedur= 0s and 0kb,

spi= 0x77A29EF(125446639), conn_id= 2000, keysize= 0, flags= 0x4

5d18h: IPSEC(initialize_sas): ,

(key eng. msg.) src= 195.22.13.166, dest= 195.22.11.140,

src_proxy= 199.6.84.0/255.255.255.0/0/0 (type=4),

dest_proxy= 192.168.10.1/0.0.0.0/0/0 (type=1),

protocol= ESP, transform= esp-des esp-md5-hmac ,

lifedur= 0s and 0kb,

spi= 0xD2C50C54(3536129108), conn_id= 2001, keysize= 0, flags= 0x4

5d18h: IPSEC(create_sa): sa created,

(sa) sa_dest= 195.22.13.166, sa_prot= 50,

sa_spi= 0x77A29EF(125446639),

sa_trans= esp-des esp-md5-hmac , sa_conn_id= 2000

5d18h: IPSEC(create_sa): sa created,

(sa) sa_dest= 195.22.11.140, sa_prot= 50,

sa_spi= 0xD2C50C54(3536129108),

sa_trans= esp-des esp-md5-hmac , sa_conn_id= 2001

5d18h: ISAKMP: received ke message (4/1)

5d18h: ISAKMP: Locking struct 81359AC0 for IPSEC

5d18h: ISAKMP (0:1): purging node -355362332

5d18h: ISAKMP (0:1): purging node 1165015067

thanks in advance

184
Views
0
Helpful
2
Replies
CreatePlease to create content