Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

WRV210 to Pix-501 VPN

I am trying to set up a site-to-site VPN between a WRV210 Version 2.0.0.11 and a PIX-501 Version 6.3(5) but cannot get an IPSec connection.

Here is teh log from the WRV210:

    000   [MON 15:49:11]  "TunnelA" #64: R_U_THERE_ACK has invalid icookie
001   [MON 15:49:11]  "TunnelA" #64: R_U_THERE_ACK has invalid rcookie (tolerated)
002   [MON 15:49:51]  "TunnelA" #65: [WRV210 Response:] Can't establish IPSec SA. This might be the asymmetric Secure Group setting.
003   [MON 15:49:51]  "TunnelA" #65: [WRV210 Response:] Please check your Local Secure Group, Remote Secure Group, and PFS setting of this tunnel.
004   [MON 15:49:51]  "TunnelA" #65: max number of retransmissions (2) reached STATE_QUICK_I1.  No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
005   [MON 15:49:51]  "TunnelA" #65: starting keying attempt 2 of at most 5, but releasing whack
006   [MON 15:49:51]  "TunnelA" #66: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP to replace #65 {using isakmp#64}
007   [MON 15:49:51]  "TunnelA" #64: ignoring informational payload, type NO_PROPOSAL_CHOSEN
008   [MON 15:49:51]  "TunnelA" #64: received and ignored informational message
009   [MON 15:49:51]  forgetting secrets
010   [MON 15:49:51]  loading secrets from "/etc/ipsec.secrets"
011   [MON 15:51:01]  "TunnelA" #66: [WRV210 Response:] Can't establish IPSec SA. This might be the asymmetric Secure Group setting.
012   [MON 15:51:01]  "TunnelA" #66: [WRV210 Response:] Please check your Local Secure Group, Remote Secure Group, and PFS setting of this tunnel.
013   [MON 15:51:01]  "TunnelA" #66: max number of retransmissions (2) reached STATE_QUICK_I1.  No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
014   [MON 15:51:01]  "TunnelA" #66: starting keying attempt 3 of at most 5
015   [MON 15:51:01]  "TunnelA" #67: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP to replace #66 {using isakmp#64}
016   [MON 15:51:01]  "TunnelA" #64: ignoring informational payload, type NO_PROPOSAL_CHOSEN
017   [MON 15:51:01]  "TunnelA" #64: received and ignored informational message
018   [MON 15:51:01]  forgetting secrets
019   [MON 15:51:01]  loading secrets from "/etc/ipsec.secrets"
020   [MON 15:52:11]  "TunnelA" #67: [WRV210 Response:] Can't establish IPSec SA. This might be the asymmetric Secure Group setting.
021   [MON 15:52:11]  "TunnelA" #67: [WRV210 Response:] Please check your Local Secure Group, Remote Secure Group, and PFS setting of this tunnel.
022   [MON 15:52:11]  "TunnelA" #67: max number of retransmissions (2) reached STATE_QUICK_I1.  No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
023   [MON 15:52:11]  "TunnelA" #67: starting keying attempt 4 of at most 5
024   [MON 15:52:11]  "TunnelA" #68: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP to replace #67 {using isakmp#64}
025   [MON 15:52:11]  "TunnelA" #64: ignoring informational payload, type NO_PROPOSAL_CHOSEN
026   [MON 15:52:11]  "TunnelA" #64: received and ignored informational message
027   [MON 15:52:12]  forgetting secrets
028   [MON 15:52:12]  loading secrets from "/etc/ipsec.secrets"
029   [MON 15:53:21]  "TunnelA" #68: [WRV210 Response:] Can't establish IPSec SA. This might be the asymmetric Secure Group setting.
030   [MON 15:53:21]  "TunnelA" #68: [WRV210 Response:] Please check your Local Secure Group, Remote Secure Group, and PFS setting of this tunnel.
031   [MON 15:53:21]  "TunnelA" #68: max number of retransmissions (2) reached STATE_QUICK_I1.  No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
032   [MON 15:53:21]  "TunnelA" #68: starting keying attempt 5 of at most 5
033   [MON 15:53:21]  "TunnelA" #69: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP to replace #68 {using isakmp#64}
034   [MON 15:53:21]  "TunnelA" #64: ignoring informational payload, type NO_PROPOSAL_CHOSEN
035   [MON 15:53:21]  "TunnelA" #64: received and ignored informational message
036   [MON 15:53:21]  forgetting secrets
037   [MON 15:53:21]  loading secrets from "/etc/ipsec.secrets"
038   [MON 15:54:31]  "TunnelA" #69: [WRV210 Response:] Can't establish IPSec SA. This might be the asymmetric Secure Group setting.
039   [MON 15:54:31]  "TunnelA" #69: [WRV210 Response:] Please check your Local Secure Group, Remote Secure Group, and PFS setting of this tunnel.
040   [MON 15:54:31]  "TunnelA" #69: max number of retransmissions (2) reached STATE_QUICK_I1.  No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
041   [MON 15:54:31]  forgetting secrets
042   [MON 15:54:31]  loading secrets from "/etc/ipsec.secrets"
043   [MON 15:58:39]  "TunnelA" #64: received Delete SA payload: deleting ISAKMP State #64
044   [MON 15:58:39]  packet from 142.177.37.154:500: received and ignored informational message
045   [MON 16:00:06]  forgetting secrets
046   [MON 16:00:06]  loading secrets from "/etc/ipsec.secrets"
047   [MON 16:00:06]  "TunnelA": deleting connection
048   [MON 16:00:08]  added connection description "TunnelA"
049   [MON 16:00:08]  "TunnelA" #70: initiating Main Mode
050   [MON 16:00:08]  "TunnelA" #70: [WRV210 Response:] ISAKMP SA (Main Mode) Initiation
051   [MON 16:00:08]  "TunnelA" #70: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
052   [MON 16:00:08]  "TunnelA" #70: STATE_MAIN_I2: sent MI2, expecting MR2
053   [MON 16:00:09]  "TunnelA" #70: received Vendor ID payload [XAUTH]
054   [MON 16:00:09]  "TunnelA" #70: received Vendor ID payload [Dead Peer Detection]
055   [MON 16:00:09]  "TunnelA" #70: received Vendor ID payload [Cisco-Unity]
056   [MON 16:00:09]  "TunnelA" #70: ignoring unknown Vendor ID payload [13a2c2d456cf50ae2c953c7f79ea6270]
057   [MON 16:00:09]  "TunnelA" #70: I did not send a certificate because I do not have one.
058   [MON 16:00:09]  "TunnelA" #70: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
059   [MON 16:00:09]  "TunnelA" #70: STATE_MAIN_I3: sent MI3, expecting MR3
060   [MON 16:00:09]  "TunnelA" #70: Main mode peer ID is ID_IPV4_ADDR: '142.177.37.154'
061   [MON 16:00:09]  "TunnelA" #70: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
062   [MON 16:00:09]  "TunnelA" #70: [WRV210 Response:] ISAKMP SA established
063   [MON 16:00:09]  "TunnelA" #70: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1024}
064   [MON 16:00:09]  "TunnelA" #70: Dead Peer Detection (RFC 3706): enabled
065   [MON 16:00:09]  "TunnelA" #71: [WRV210 Response:] IPSec SA (Quick Mode) Initiation
066   [MON 16:00:09]  "TunnelA" #71: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP {using isakmp#70}
067   [MON 16:00:09]  "TunnelA" #70: ignoring informational payload, type IPSEC_INITIAL_CONTACT
068   [MON 16:00:09]  "TunnelA" #70: received and ignored informational message
069   [MON 16:00:09]  "TunnelA" #70: ignoring informational payload, type NO_PROPOSAL_CHOSEN
070   [MON 16:00:09]  "TunnelA" #70: received and ignored informational message
071   [MON 16:00:39]  "TunnelA" #70: R_U_THERE_ACK has invalid icookie
072   [MON 16:00:39]  "TunnelA" #70: R_U_THERE_ACK has invalid rcookie (tolerated)
073   [MON 16:01:19]  "TunnelA" #71: [WRV210 Response:] Can't establish IPSec SA. This might be the asymmetric Secure Group setting.
074   [MON 16:01:19]  "TunnelA" #71: [WRV210 Response:] Please check your Local Secure Group, Remote Secure Group, and PFS setting of this tunnel.
075   [MON 16:01:19]  "TunnelA" #71: max number of retransmissions (2) reached STATE_QUICK_I1.  No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
076   [MON 16:01:19]  "TunnelA" #71: starting keying attempt 2 of at most 5, but releasing whack
077   [MON 16:01:19]  "TunnelA" #72: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP to replace #71 {using isakmp#70}
078   [MON 16:01:20]  "TunnelA" #70: ignoring informational payload, type NO_PROPOSAL_CHOSEN
079   [MON 16:01:20]  "TunnelA" #70: received and ignored informational message
080   [MON 16:01:20]  forgetting secrets
081   [MON 16:01:20]  loading secrets from "/etc/ipsec.secrets"
082   [MON 16:01:43]  forgetting secrets
083   [MON 16:01:43]  loading secrets from "/etc/ipsec.secrets"
084   [MON 16:01:43]  "TunnelA": deleting connection
085   [MON 16:01:43]  "TunnelA" #72: deleting state (STATE_QUICK_I1)
086   [MON 16:01:43]  "TunnelA" #70: deleting state (STATE_MAIN_I4)
087   [MON 16:01:45]  added connection description "TunnelA"
088   [MON 16:01:45]  "TunnelA" #73: initiating Main Mode
089   [MON 16:01:45]  "TunnelA" #73: [WRV210 Response:] ISAKMP SA (Main Mode) Initiation
090   [MON 16:01:46]  "TunnelA" #73: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
091   [MON 16:01:46]  "TunnelA" #73: STATE_MAIN_I2: sent MI2, expecting MR2
092   [MON 16:01:47]  "TunnelA" #73: received Vendor ID payload [XAUTH]
093   [MON 16:01:47]  "TunnelA" #73: received Vendor ID payload [Dead Peer Detection]
094   [MON 16:01:47]  "TunnelA" #73: received Vendor ID payload [Cisco-Unity]
095   [MON 16:01:47]  "TunnelA" #73: ignoring unknown Vendor ID payload [13a2c2d4dbaf2e52a0c979b9e12bf9bc]
096   [MON 16:01:47]  "TunnelA" #73: I did not send a certificate because I do not have one.
097   [MON 16:01:47]  "TunnelA" #73: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
098   [MON 16:01:47]  "TunnelA" #73: STATE_MAIN_I3: sent MI3, expecting MR3
099   [MON 16:01:47]  "TunnelA" #73: Main mode peer ID is ID_IPV4_ADDR: '142.177.37.154'
100   [MON 16:01:47]  "TunnelA" #73: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
101   [MON 16:01:47]  "TunnelA" #73: [WRV210 Response:] ISAKMP SA established
102   [MON 16:01:47]  "TunnelA" #73: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1024}
103   [MON 16:01:47]  "TunnelA" #73: Dead Peer Detection (RFC 3706): enabled
104   [MON 16:01:47]  "TunnelA" #74: [WRV210 Response:] IPSec SA (Quick Mode) Initiation
105   [MON 16:01:47]  "TunnelA" #74: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP {using isakmp#73}
106   [MON 16:01:47]  "TunnelA" #73: ignoring informational payload, type IPSEC_INITIAL_CONTACT
107   [MON 16:01:47]  "TunnelA" #73: received and ignored informational message
108   [MON 16:01:47]  "TunnelA" #73: ignoring informational payload, type NO_PROPOSAL_CHOSEN
109   [MON 16:01:47]  "TunnelA" #73: received and ignored informational message
110   [MON 16:02:17]  "TunnelA" #73: R_U_THERE_ACK has invalid icookie
111   [MON 16:02:17]  "TunnelA" #73: R_U_THERE_ACK has invalid rcookie (tolerated)
112   [MON 16:02:57]  "TunnelA" #74: [WRV210 Response:] Can't establish IPSec SA. This might be the asymmetric Secure Group setting.
113   [MON 16:02:57]  "TunnelA" #74: [WRV210 Response:] Please check your Local Secure Group, Remote Secure Group, and PFS setting of this tunnel.
114   [MON 16:02:57]  "TunnelA" #74: max number of retransmissions (2) reached STATE_QUICK_I1.  No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
115   [MON 16:02:57]  "TunnelA" #74: starting keying attempt 2 of at most 5, but releasing whack
116   [MON 16:02:57]  "TunnelA" #75: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP to replace #74 {using isakmp#73}
117   [MON 16:02:57]  "TunnelA" #73: ignoring informational payload, type NO_PROPOSAL_CHOSEN
118   [MON 16:02:57]  "TunnelA" #73: received and ignored informational message
119   [MON 16:02:57]  forgetting secrets
120   [MON 16:02:57]  loading secrets from "/etc/ipsec.secrets"
121   [MON 16:04:07]  "TunnelA" #75: [WRV210 Response:] Can't establish IPSec SA. This might be the asymmetric Secure Group setting.
122   [MON 16:04:07]  "TunnelA" #75: [WRV210 Response:] Please check your Local Secure Group, Remote Secure Group, and PFS setting of this tunnel.
123   [MON 16:04:07]  "TunnelA" #75: max number of retransmissions (2) reached STATE_QUICK_I1.  No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
124   [MON 16:04:08]  "TunnelA" #75: starting keying attempt 3 of at most 5
125   [MON 16:04:08]  "TunnelA" #76: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP to replace #75 {using isakmp#73}
126   [MON 16:04:08]  "TunnelA" #73: ignoring informational payload, type NO_PROPOSAL_CHOSEN
127   [MON 16:04:08]  "TunnelA" #73: received and ignored informational message
128   [MON 16:04:08]  forgetting secrets
129   [MON 16:04:08]  loading secrets from "/etc/ipsec.secrets"
130   [MON 16:05:18]  "TunnelA" #76: [WRV210 Response:] Can't establish IPSec SA. This might be the asymmetric Secure Group setting.
131   [MON 16:05:18]  "TunnelA" #76: [WRV210 Response:] Please check your Local Secure Group, Remote Secure Group, and PFS setting of this tunnel.
132   [MON 16:05:18]  "TunnelA" #76: max number of retransmissions (2) reached STATE_QUICK_I1.  No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
133   [MON 16:05:18]  "TunnelA" #76: starting keying attempt 4 of at most 5
134   [MON 16:05:18]  "TunnelA" #77: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP to replace #76 {using isakmp#73}
135   [MON 16:05:18]  "TunnelA" #73: ignoring informational payload, type NO_PROPOSAL_CHOSEN
136   [MON 16:05:18]  "TunnelA" #73: received and ignored informational message
137   [MON 16:05:18]  forgetting secrets
138   [MON 16:05:18]  loading secrets from "/etc/ipsec.secrets"
139   [MON 16:06:28]  "TunnelA" #77: [WRV210 Response:] Can't establish IPSec SA. This might be the asymmetric Secure Group setting.
140   [MON 16:06:28]  "TunnelA" #77: [WRV210 Response:] Please check your Local Secure Group, Remote Secure Group, and PFS setting of this tunnel.
141   [MON 16:06:28]  "TunnelA" #77: max number of retransmissions (2) reached STATE_QUICK_I1.  No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
142   [MON 16:06:28]  "TunnelA" #77: starting keying attempt 5 of at most 5
143   [MON 16:06:28]  "TunnelA" #78: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP to replace #77 {using isakmp#73}
144   [MON 16:06:28]  "TunnelA" #73: ignoring informational payload, type NO_PROPOSAL_CHOSEN
145   [MON 16:06:28]  "TunnelA" #73: received and ignored informational message
146   [MON 16:06:29]  forgetting secrets
147   [MON 16:06:29]  loading secrets from "/etc/ipsec.secrets"
148   [MON 16:07:38]  "TunnelA" #78: [WRV210 Response:] Can't establish IPSec SA. This might be the asymmetric Secure Group setting.
149   [MON 16:07:38]  "TunnelA" #78: [WRV210 Response:] Please check your Local Secure Group, Remote Secure Group, and PFS setting of this tunnel.
150   [MON 16:07:38]  "TunnelA" #78: max number of retransmissions (2) reached STATE_QUICK_I1.  No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
151   [MON 16:07:38]  forgetting secrets
152   [MON 16:07:38]  loading secrets from "/etc/ipsec.secrets"
153   [MON 16:11:44]  "TunnelA" #73: received Delete SA payload: deleting ISAKMP State #73
154   [MON 16:11:44]  packet from 142.177.37.154:500: received and ignored informational message

PFS is off on both devices and I double checked the Local and Rmote Secure groups.

I am not real familiar with the PIX so any help would be appreciated.

1259
Views
0
Helpful
0
Replies
CreatePlease to create content