Can someone tell me what does the attached debug output statement entail? I tried to configure a VPN connection from Windows 2000 client using the native L2TP/IPSec to connect to the PIX via transport mode. I also configured the PIX to use IKE with pre-share key, dynamic map to assign IP addresses to remote clients, and local authentication. I don't know where in the process did it fail to connect, and i was hoping someone can tell me from the debug statement. Was my phase 1 IKE successful or not? What about phase 2? How far did the VPN process go it terminated? Any help is greatly appreciated. Thanks.
crypto_isakmp_process_block: src 22.214.171.124, dest 126.96.36.199
VPN Peer: ISAKMP: Added new peer: ip:188.8.131.52 Total VPN Peers:1
indicate your Phase 1 parameters don't match what the PC is sending, and therefore they failed. The PC is sending this:
ISAKMP: encryption DES-CBC
ISAKMP: hash MD5
ISAKMP: default group 2
ISAKMP: auth RSA sig
which shows it's trying to use certs (RSA-SIG), not the pre-shared key that you might have setup. If you follow this (http://www.cisco.com/warp/public/471/vpn3k_l2tp.html) you'll see you have to make a registry change on the PC to force it to use the pre-shared key, even if you put it in its configuration. Note that this sample config is for L2TP/IPSec to a VPN3000, but the client setup is the same which seems to be where your problem lies at this point.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...