Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Please help on SOHO 91

I have recently been trying set up a site-to-site connectction, using a Cisco SOHO 91 to an Intel NetStructure VPN Gateway, using IPSec/Isakmp.

As you all can figure, it doesn't work, otherwise I didn't have to post this :-)

In the debug of the SOHO, it seems like everything is working smoothly, until I get this output:

---------------

19:07:26: ISAKMP (0:2): Send initial contact

19:07:26: ISAKMP (0:2): SA is doing pre-shared key authentication using id type

ID_IPV4_ADDR

19:07:26: ISAKMP (2): ID payload

next-payload : 8

type : 1

addr : x.x.x.x

protocol : 17

port : 0

length : 8

19:07:26: ISAKMP (2): Total payload length: 12

19:07:26: CryptoEngine0: generate hmac context for conn id 2

19:07:26: ISAKMP (0:2): sending packet to y.y.y.y my_port 500 peer_port 50

0 (I) MM_KEY_EXCH

19:07:26: ISAKMP (0:2): Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE

19:07:26: ISAKMP (0:2): Old State = IKE_I_MM4 New State = IKE_I_MM5

19:07:26: ISAKMP (0:2): received packet from y.y.y.y dport 500 sport 500 (

I) MM_KEY_EXCH

19:07:26: ISAKMP: set new node 1574635723 to QM_IDLE

19:07:26: CryptoEngine0: generate hmac context for conn id 2

19:07:26: ISAKMP (0:2): processing HASH payload. message ID = 1574635723

19:07:26: ISAKMP (0:2): processing NOTIFY INVALID_ID_INFO protocol 1

spi 0, message ID = 1574635723, sa = 810D739C

19:07:26: ISAKMP (0:2): peer does not do paranoid keepalives.

19:07:26: ISAKMP (0:2): deleting SA reason "recevied fatal informational" state

(I) MM_KEY_EXCH (peer y.y.y.y) input queue 0

19:07:26: ISAKMP (0:2): deleting node 1574635723 error FALSE reason "information

al (in) state 1"

------------

The ID Payload says Protocol 17, port 0. I think that's what causes the messages about not doing "paranoid keepalives" and "fatal informational"

Anyway, I can't get the VPN to work.

I have tried to lower the encryption. I have tried 3des and des (the Intel NetStructure does not support other than des and 3des). I have tried hash md5 and sha, Ihave tried tunnel and transport mode.

There are one firewall along the way, but it is configured to pass through 500/udp and protocol 50. As far as I can see, there is nothing that should block the communication.

I don't think the communication is blocked either, but the ID payload is comuted wrongly.

Does any of you out there have a clue to the problem?

Does the SOHO 91 support such VPN configuration?

Any suggestion is appreciated.

186
Views
0
Helpful
0
Replies
CreatePlease to create content