Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Issue with IPSec VPN ISA500 & connection Issues (multiple devices)

I have a Cisco ISA500 that we use for connecting with IPSEC VPN from a couple apple products (MacBook Pro & iPad). We can get it to work randomly once in a while but it for the most part fails negotiating. Anyone have any suggestions on what I can do to make this work? 

I did testing on my Linux box and this failed when I had default settings configured. I had to change the NAT Traversal to CISCO UDP on the Linux box for the connection to work.

014-04-03 20:54:13 - Warning - IPsec VPN: msg="groupname"[48] XXX.XXX.XXX.XXX #59: Quick mode retry fail, please Check if local IKE/Transform/PFS are the same as remote site; (pluto)
2014-04-03 20:54:13 - Warning - IPsec VPN: msg="groupname"[48] XXX.XXX.XXX.XXX #59: max number of retransmissions (2) reached STATE_AGGR_R1; (pluto)
2014-04-03 20:53:30 - Warning - IPsec VPN: msg="groupname"[47] XXX.XXX.XXX.XXX #58: Quick mode retry fail, please Check if local IKE/Transform/PFS are the same as remote site; (pluto)
2014-04-03 20:53:30 - Warning - IPsec VPN: msg="groupname"[47] XXX.XXX.XXX.XXX #58: max number of retransmissions (2) reached STATE_AGGR_R1; (pluto)
2014-04-03 20:53:03 - Warning - IPsec VPN: msg="groupname"[48] XXX.XXX.XXX.XXX #59: STATE_AGGR_R1: sent AR1, expecting AI2; (pluto)
2014-04-03 20:53:03 - Warning - IPsec VPN: msg="groupname"[48] XXX.XXX.XXX.XXX #59: OAKLEY_KEY_LENGTH attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute.  Attribute OAKLEY_KEY_LENGTH; (pluto)
2014-04-03 20:53:03 - Warning - IPsec VPN: msg="groupname"[48] XXX.XXX.XXX.XXX #59: OAKLEY_KEY_LENGTH attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute.  Attribute OAKLEY_KEY_LENGTH; (pluto)
2014-04-03 20:53:03 - Warning - IPsec VPN: msg="groupname"[48] XXX.XXX.XXX.XXX #59: OAKLEY_KEY_LENGTH attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute.  Attribute OAKLEY_KEY_LENGTH; (pluto)
2014-04-03 20:53:03 - Warning - IPsec VPN: msg="groupname"[48] XXX.XXX.XXX.XXX #59: OAKLEY_KEY_LENGTH attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute.  Attribute OAKLEY_KEY_LENGTH; (pluto)
2014-04-03 20:53:03 - Warning - IPsec VPN: msg="groupname"[48] XXX.XXX.XXX.XXX #59: OAKLEY_KEY_LENGTH attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute.  Attribute OAKLEY_KEY_LENGTH; (pluto)
2014-04-03 20:53:03 - Warning - IPsec VPN: msg="groupname"[48] XXX.XXX.XXX.XXX #59: OAKLEY_KEY_LENGTH attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute.  Attribute OAKLEY_KEY_LENGTH; (pluto)
2014-04-03 20:53:03 - Warning - IPsec VPN: msg="groupname"[48] XXX.XXX.XXX.XXX #59: OAKLEY_KEY_LENGTH attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute.  Attribute OAKLEY_KEY_LENGTH; (pluto)
2014-04-03 20:53:03 - Warning - IPsec VPN: msg="groupname"[48] XXX.XXX.XXX.XXX #59: OAKLEY_KEY_LENGTH attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute.  Attribute OAKLEY_KEY_LENGTH; (pluto)
2014-04-03 20:53:03 - Warning - IPsec VPN: msg="groupname"[48] XXX.XXX.XXX.XXX #59: OAKLEY_KEY_LENGTH attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute.  Attribute OAKLEY_KEY_LENGTH; (pluto)
2014-04-03 20:53:03 - Warning - IPsec VPN: msg="groupname"[48] XXX.XXX.XXX.XXX #59: OAKLEY_KEY_LENGTH attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute.  Attribute OAKLEY_KEY_LENGTH; (pluto)
2014-04-03 20:53:03 - Warning - IPsec VPN: msg="groupname"[48] XXX.XXX.XXX.XXX #59: OAKLEY_KEY_LENGTH attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute.  Attribute OAKLEY_KEY_LENGTH; (pluto)
2014-04-03 20:53:03 - Warning - IPsec VPN: msg="groupname"[48] XXX.XXX.XXX.XXX #59: OAKLEY_KEY_LENGTH attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute.  Attribute OAKLEY_KEY_LENGTH; (pluto)
2014-04-03 20:53:03 - Warning - IPsec VPN: msg=packet from XXX.XXX.XXX.XXX:43810: received Vendor ID payload [Dead Peer Detection]; (pluto)
2014-04-03 20:53:03 - Warning - IPsec VPN: msg=packet from XXX.XXX.XXX.XXX:43810: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]; (pluto)
2014-04-03 20:53:03 - Warning - IPsec VPN: msg=packet from XXX.XXX.XXX.XXX:43810: ignoring unknown Vendor ID payload [16f6ca16e4a4066d83821a0f0aeaa862]; (pluto)
2014-04-03 20:53:03 - Warning - IPsec VPN: msg=packet from XXX.XXX.XXX.XXX:43810: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109; (pluto)
2014-04-03 20:53:03 - Warning - IPsec VPN: msg=packet from XXX.XXX.XXX.XXX:43810: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109; (pluto)
2014-04-03 20:53:03 - Warning - IPsec VPN: msg=packet from XXX.XXX.XXX.XXX:43810: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109; (pluto)
2014-04-03 20:53:03 - Warning - IPsec VPN: msg=packet from XXX.XXX.XXX.XXX:43810: received Vendor ID payload [RFC 3947] method set to=109 ; (pluto)
2014-04-03 20:53:03 - Warning - IPsec VPN: msg=packet from XXX.XXX.XXX.XXX:43810: received Vendor ID payload [Cisco-Unity]; (pluto)
2014-04-03 20:53:03 - Warning - IPsec VPN: msg=packet from XXX.XXX.XXX.XXX:43810: received Vendor ID payload [XAUTH]; (pluto)
2014-04-03 20:52:20 - Warning - IPsec VPN: msg="groupname"[47] XXX.XXX.XXX.XXX #58: STATE_AGGR_R1: sent AR1, expecting AI2; (pluto)
2014-04-03 20:52:20 - Warning - IPsec VPN: msg="groupname"[47] XXX.XXX.XXX.XXX #58: OAKLEY_KEY_LENGTH attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute.  Attribute OAKLEY_KEY_LENGTH; (pluto)
2014-04-03 20:52:20 - Warning - IPsec VPN: msg="groupname"[47] XXX.XXX.XXX.XXX #58: OAKLEY_KEY_LENGTH attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute.  Attribute OAKLEY_KEY_LENGTH; (pluto)
2014-04-03 20:52:20 - Warning - IPsec VPN: msg="groupname"[47] XXX.XXX.XXX.XXX #58: OAKLEY_KEY_LENGTH attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute.  Attribute OAKLEY_KEY_LENGTH; (pluto)
2014-04-03 20:52:20 - Warning - IPsec VPN: msg="groupname"[47] XXX.XXX.XXX.XXX #58: OAKLEY_KEY_LENGTH attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute.  Attribute OAKLEY_KEY_LENGTH; (pluto)
2014-04-03 20:52:20 - Warning - IPsec VPN: msg="groupname"[47] XXX.XXX.XXX.XXX #58: OAKLEY_KEY_LENGTH attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute.  Attribute OAKLEY_KEY_LENGTH; (pluto)
2014-04-03 20:52:20 - Warning - IPsec VPN: msg="groupname"[47] XXX.XXX.XXX.XXX #58: OAKLEY_KEY_LENGTH attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute.  Attribute OAKLEY_KEY_LENGTH; (pluto)
2014-04-03 20:52:20 - Warning - IPsec VPN: msg="groupname"[47] XXX.XXX.XXX.XXX #58: OAKLEY_KEY_LENGTH attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute.  Attribute OAKLEY_KEY_LENGTH; (pluto)
2014-04-03 20:52:20 - Warning - IPsec VPN: msg="groupname"[47] XXX.XXX.XXX.XXX #58: OAKLEY_KEY_LENGTH attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute.  Attribute OAKLEY_KEY_LENGTH; (pluto)
2014-04-03 20:52:20 - Warning - IPsec VPN: msg="groupname"[47] XXX.XXX.XXX.XXX #58: OAKLEY_KEY_LENGTH attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute.  Attribute OAKLEY_KEY_LENGTH; (pluto)
2014-04-03 20:52:20 - Warning - IPsec VPN: msg="groupname"[47] XXX.XXX.XXX.XXX #58: OAKLEY_KEY_LENGTH attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute.  Attribute OAKLEY_KEY_LENGTH; (pluto)
2014-04-03 20:52:20 - Warning - IPsec VPN: msg="groupname"[47] XXX.XXX.XXX.XXX #58: OAKLEY_KEY_LENGTH attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute.  Attribute OAKLEY_KEY_LENGTH; (pluto)
2014-04-03 20:52:20 - Warning - IPsec VPN: msg="groupname"[47] XXX.XXX.XXX.XXX #58: OAKLEY_KEY_LENGTH attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute.  Attribute OAKLEY_KEY_LENGTH; (pluto)
2014-04-03 20:52:20 - Warning - IPsec VPN: msg=packet from XXX.XXX.XXX.XXX:58320: received Vendor ID payload [Dead Peer Detection]; (pluto)
2014-04-03 20:52:20 - Warning - IPsec VPN: msg=packet from XXX.XXX.XXX.XXX:58320: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]; (pluto)
2014-04-03 20:52:20 - Warning - IPsec VPN: msg=packet from XXX.XXX.XXX.XXX:58320: ignoring unknown Vendor ID payload [16f6ca16e4a4066d83821a0f0aeaa862]; (pluto)
2014-04-03 20:52:20 - Warning - IPsec VPN: msg=packet from XXX.XXX.XXX.XXX:58320: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109; (pluto)
2014-04-03 20:52:20 - Warning - IPsec VPN: msg=packet from XXX.XXX.XXX.XXX:58320: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109; (pluto)
2014-04-03 20:52:20 - Warning - IPsec VPN: msg=packet from XXX.XXX.XXX.XXX:58320: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109; (pluto)
2014-04-03 20:52:20 - Warning - IPsec VPN: msg=packet from XXX.XXX.XXX.XXX:58320: received Vendor ID payload [RFC 3947] method set to=109 ; (pluto)
2014-04-03 20:52:20 - Warning - IPsec VPN: msg=packet from XXX.XXX.XXX.XXX:58320: received Vendor ID payload [Cisco-Unity]; (pluto)
2014-04-03 20:52:20 - Warning - IPsec VPN: msg=packet from XXX.XXX.XXX.XXX:58320: received Vendor ID payload [XAUTH]; (pluto)

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Hi Rich,What firmware version

Hi Rich,

What firmware version were you using before you upgraded?  Did you upgrade to 1.2.19 and now it's working?

Thanks,

Brandon

3 REPLIES

I'd rather use anyconnect

I'd rather use anyconnect which is also available for Mac

Michael Please rate all helpful posts
New Member

This doesn't work on the

This doesn't work on the iPads because it says you need to have the mobile client or something like that. Also anyconnect on the Mac is vulnerable to the heart bleed issue. After updating to the newest firmware, I haven't had a complaint yet but I don't know why this would fix this specific issue since the release notes didn't say anything about vpn that I saw.
Cisco Employee

Hi Rich,What firmware version

Hi Rich,

What firmware version were you using before you upgraded?  Did you upgrade to 1.2.19 and now it's working?

Thanks,

Brandon

492
Views
2
Helpful
3
Replies