VPN Concentrator 3020 - Problem with LAN-to-LAN tunnel

bkoot1980 · ‎01-29-2007

Hello,

I'm trying to build a LAN-to-LAN tunnel using my Cisco VPN Concentrator 3020 and another piece of hardware (used the free Linux distribution IPCop and an Instagate). I can get the tunnel be build, but then the tunnel is being disconnected and I can't get a clue what is going wrong. I hope somebody here can help me a little bit.

I will take the IPCop (which should work before 1 feb this year) as example.

am using the following settings:

VPN Concentrator

Authentication ESP/MD5/HMAC-128

Encryption 3DES-168

IKE Proposal IKE-3DES-MD5

IPCop

IKE Encryption: 3DES

IKE Integrity: MD5

IKE Grouptype: MODP-1024

ESP Encryption: 3DES

ESP Integrity: MD5

ESP Grouptype: MODP-1024

This is what the Concentrator gives in his log files:

[quote]

5736 01/29/2007 11:20:25.660 SEV=4 IKE/41 RPT=93 <REMOTE IP>

IKE Initiator: New Phase 1, Intf 2, IKE Peer <REMOTE IP>

local Proxy Address 10.50.0.0, remote Proxy Address 192.168.0.0,

SA (L2L: Test)

5738 01/29/2007 11:20:26.140 SEV=4 IKE/119 RPT=7322 <REMOTE IP>

Group [<REMOTE IP>]

PHASE 1 COMPLETED

5739 01/29/2007 11:20:26.140 SEV=4 AUTH/22 RPT=7240

User [<REMOTE IP>] Group [<REMOTE IP>] connected, Session Type: IPSec/LAN-to

-LAN

5741 01/29/2007 11:20:26.140 SEV=4 AUTH/84 RPT=228

LAN-to-LAN tunnel to headend device <REMOTE IP> connected

5742 01/29/2007 11:20:26.280 SEV=5 IKE/68 RPT=418 <REMOTE IP>

Group [<REMOTE IP>]

Received non-routine Notify message: Invalid ID info (18)

5744 01/29/2007 11:20:34.210 SEV=5 IKE/68 RPT=419 <REMOTE IP>

Group [<REMOTE IP>]

Received non-routine Notify message: Invalid message id (9)

5746 01/29/2007 11:20:42.200 SEV=5 IKE/68 RPT=420 <REMOTE IP>

Group [<REMOTE IP>]

Received non-routine Notify message: Invalid message id (9)

5748 01/29/2007 11:20:44.380 SEV=5 IKE/35 RPT=270 <REMOTE IP>

Group [<REMOTE IP>]

Received remote IP Proxy Subnet data in ID Payload:

Address 192.168.0.0, Mask 255.255.255.0, Protocol 0, Port 0

5751 01/29/2007 11:20:44.380 SEV=5 IKE/34 RPT=8016 <REMOTE IP>

Group [<REMOTE IP>]

Received local IP Proxy Subnet data in ID Payload:

Address 10.50.0.0, Mask 255.255.0.0, Protocol 0, Port 0

5754 01/29/2007 11:20:44.380 SEV=5 IKE/66 RPT=8003 <REMOTE IP>

Group [<REMOTE IP>]

IKE Remote Peer configured for SA: L2L: Test

5755 01/29/2007 11:20:44.520 SEV=5 IKE/68 RPT=421 <REMOTE IP>

Group [<REMOTE IP>]

Received non-routine Notify message: Invalid ID info (18)

5756 01/29/2007 11:20:50.210 SEV=5 IKE/68 RPT=422 <REMOTE IP>

Group [<REMOTE IP>]

Received non-routine Notify message: Invalid message id (9)

5758 01/29/2007 11:20:52.520 SEV=5 IKE/68 RPT=423 <REMOTE IP>

Group [<REMOTE IP>]

Received non-routine Notify message: Invalid ID info (18)

5759 01/29/2007 11:20:54.660 SEV=5 IKE/68 RPT=424 <REMOTE IP>

Group [<REMOTE IP>]

Received non-routine Notify message: Invalid ID info (18)

5760 01/29/2007 11:20:58.140 SEV=4 IKEDBG/97 RPT=318 <REMOTE IP>

Group [<REMOTE IP>]

QM FSM error (P2 struct &0xaaefc18, mess id 0xf508de2d)!

5761 01/29/2007 11:21:02.660 SEV=5 IKE/68 RPT=425 <REMOTE IP>

Group [<REMOTE IP>]

Received non-routine Notify message: Invalid ID info (18)

5762 01/29/2007 11:21:10.520 SEV=4 IKEDBG/97 RPT=319 <REMOTE IP>

Group [<REMOTE IP>]

QM FSM error (P2 struct &0xadb027c, mess id 0x530bcfc5)!

5763 01/29/2007 11:21:10.530 SEV=4 AUTH/23 RPT=230 <REMOTE IP>

User [<REMOTE IP>] Group [<REMOTE IP>] disconnected: duration: 0:00:44

5764 01/29/2007 11:21:10.530 SEV=4 AUTH/85 RPT=228

LAN-to-LAN tunnel to headend device <REMOTE IP> disconnected: duration: 0:00:44

[/quote]

(I removed the IP's for safety).

I hope somebody who knows more of this stuff can take a look at this. Thanks a lot!

bkoot1980 · ‎01-30-2007

Nobody with experience who can help me a little bit??