Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco VPN Client can't negotiate with 2811 router. "Retransmitting" error

Hi All, I configured a 2811 router as EasyVPN server. But the Cisco VPN Client won't connect with it.

The log I got from VPN Client is like this:

Cisco Systems VPN Client Version 5.0.00.0340

Copyright (C) 1998-2006 Cisco Systems, Inc. All Rights Reserved.

Client Type(s): Windows, WinNT

Running on: 5.1.2600 Service Pack 2

4 20:31:24.656 05/09/07 Sev=Info/4 CM/0x63100002

Begin connection process

5 20:31:24.781 05/09/07 Sev=Info/4 CM/0x63100004

Establish secure connection

6 20:31:24.781 05/09/07 Sev=Info/4 CM/0x63100024

Attempt connection with server "A.B.C.D"

7 20:31:24.828 05/09/07 Sev=Info/6 IKE/0x6300003B

Attempting to establish a connection with A.B.C.D.

8 20:31:24.937 05/09/07 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to A.B.C.D

9 20:31:24.953 05/09/07 Sev=Info/4 IPSEC/0x63700008

IPSec driver successfully started

10 20:31:24.953 05/09/07 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

11 20:31:30.203 05/09/07 Sev=Info/4 IKE/0x63000021

Retransmitting last packet!

12 20:31:30.203 05/09/07 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG (Retransmission) to A.B.C.D

13 20:31:35.671 05/09/07 Sev=Info/4 IKE/0x63000021

Retransmitting last packet!

14 20:31:35.671 05/09/07 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG (Retransmission) to A.B.C.D

15 20:31:40.671 05/09/07 Sev=Info/4 IKE/0x63000021

Retransmitting last packet!

16 20:31:40.671 05/09/07 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG (Retransmission) to A.B.C.D

17 20:31:45.671 05/09/07 Sev=Info/4 IKE/0x63000017

Marking IKE SA for deletion (I_Cookie=53741DCE9EB4E799 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING

18 20:31:46.203 05/09/07 Sev=Info/4 IKE/0x6300004B

Discarding IKE SA negotiation (I_Cookie=53741DCE9EB4E799 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING

19 20:31:46.203 05/09/07 Sev=Info/4 CM/0x63100014

Unable to establish Phase 1 SA with server "A.B.C.D" because of "DEL_REASON_PEER_NOT_RESPONDING"

20 20:31:46.203 05/09/07 Sev=Info/5 CM/0x63100025

Initializing CVPNDrv

21 20:31:46.203 05/09/07 Sev=Info/6 CM/0x63100046

Set tunnel established flag in registry to 0.

22 20:31:46.203 05/09/07 Sev=Info/4 IKE/0x63000001

IKE received signal to terminate VPN connection

23 20:31:46.203 05/09/07 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

24 20:31:46.203 05/09/07 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

25 20:31:46.203 05/09/07 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

26 20:31:46.203 05/09/07 Sev=Info/4 IPSEC/0x6370000A

IPSec driver successfully stopped

3 REPLIES
New Member

Re: Cisco VPN Client can't negotiate with 2811 router. "Retransm

Debug from router end(part 1):

May 9 20:32:19.340 ACST: ISAKMP (0:0): received packet from 58.163.89.189 dport 500 sport 3409 Global (N) NEW SA

May 9 20:32:19.340 ACST: ISAKMP: Created a peer struct for 58.163.89.189, peer port 3409

May 9 20:32:19.340 ACST: ISAKMP: New peer created peer = 0x46BC2984 peer_handle = 0x80000018

May 9 20:32:19.340 ACST: ISAKMP: Locking peer struct 0x46BC2984, refcount 1 for crypto_isakmp_process_block

May 9 20:32:19.340 ACST: ISAKMP:(0):Setting client config settings 479AA79C

May 9 20:32:19.340 ACST: ISAKMP:(0):(Re)Setting client xauth list and state

May 9 20:32:19.340 ACST: ISAKMP/xauth: initializing AAA request

May 9 20:32:19.340 ACST: ISAKMP: local port 500, remote port 3409

May 9 20:32:19.340 ACST: insert sa successfully sa = 48906EFC

May 9 20:32:19.340 ACST: ISAKMP:(0): processing SA payload. message ID = 0

May 9 20:32:19.344 ACST: ISAKMP:(0): processing ID payload. message ID = 0

May 9 20:32:19.344 ACST: ISAKMP (0:0): ID payload

next-payload : 13

type : 11

group id : XXXXXX-XXXXXX

protocol : 17

port : 500

length : 22

May 9 20:32:19.344 ACST: ISAKMP:(0):: peer matches *none* of the profiles

May 9 20:32:19.344 ACST: ISAKMP:(0): processing vendor id payload

May 9 20:32:19.344 ACST: ISAKMP:(0): vendor ID seems Unity/DPD but major 215 mismatch

May 9 20:32:19.344 ACST: ISAKMP:(0): vendor ID is XAUTH

May 9 20:32:19.344 ACST: ISAKMP:(0): processing vendor id payload

May 9 20:32:19.344 ACST: ISAKMP:(0): vendor ID is DPD

May 9 20:32:19.344 ACST: ISAKMP:(0): processing vendor id payload

May 9 20:32:19.344 ACST: ISAKMP:(0): vendor ID seems Unity/DPD but major 194 mismatch

May 9 20:32:19.344 ACST: ISAKMP:(0): processing vendor id payload

May 9 20:32:19.344 ACST: ISAKMP:(0): vendor ID seems Unity/DPD but major 123 mismatch

May 9 20:32:19.344 ACST: ISAKMP:(0): vendor ID is NAT-T v2

May 9 20:32:19.344 ACST: ISAKMP:(0): processing vendor id payload

May 9 20:32:19.344 ACST: ISAKMP:(0): vendor ID is Unity

May 9 20:32:19.344 ACST: ISAKMP:(0): Authentication by xauth preshared

May 9 20:32:19.344 ACST: ISAKMP:(0):Checking ISAKMP transform 1 against priority 1 policy

May 9 20:32:19.344 ACST: ISAKMP: encryption AES-CBC

May 9 20:32:19.344 ACST: ISAKMP: hash SHA

May 9 20:32:19.344 ACST: ISAKMP: default group 2

May 9 20:32:19.344 ACST: ISAKMP: auth XAUTHInitPreShared

May 9 20:32:19.344 ACST: ISAKMP: life type in seconds

May 9 20:32:19.344 ACST: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B

May 9 20:32:19.344 ACST: ISAKMP: keylength of 256

May 9 20:32:19.344 ACST: ISAKMP:(0):Encryption algorithm offered does not match policy!

May 9 20:32:19.344 ACST: ISAKMP:(0):atts are not acceptable. Next payload is 3

May 9 20:32:19.344 ACST: ISAKMP:(0):Checking ISAKMP transform 2 against priority 1 policy

May 9 20:32:19.344 ACST: ISAKMP: encryption AES-CBC

May 9 20:32:19.344 ACST: ISAKMP: hash MD5

May 9 20:32:19.344 ACST: ISAKMP: default group 2

May 9 20:32:19.348 ACST: ISAKMP: auth XAUTHInitPreShared

May 9 20:32:19.348 ACST: ISAKMP: life type in seconds

May 9 20:32:19.348 ACST: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B

May 9 20:32:19.348 ACST: ISAKMP: keylength of 256

New Member

Re: Cisco VPN Client can't negotiate with 2811 router. "Retransm

Debug from router end(part 2):

May 9 20:32:19.348 ACST: ISAKMP:(0):Encryption algorithm offered does not match policy!

May 9 20:32:19.348 ACST: ISAKMP:(0):atts are not acceptable. Next payload is 3

May 9 20:32:19.348 ACST: ISAKMP:(0):Checking ISAKMP transform 3 against priority 1 policy

May 9 20:32:19.348 ACST: ISAKMP: encryption AES-CBC

May 9 20:32:19.348 ACST: ISAKMP: hash SHA

May 9 20:32:19.348 ACST: ISAKMP: default group 2

May 9 20:32:19.348 ACST: ISAKMP: auth pre-share

May 9 20:32:19.348 ACST: ISAKMP: life type in seconds

May 9 20:32:19.348 ACST: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B

May 9 20:32:19.348 ACST: ISAKMP: keylength of 256

May 9 20:32:19.348 ACST: ISAKMP:(0):Encryption algorithm offered does not match policy!

May 9 20:32:19.348 ACST: ISAKMP:(0):atts are not acceptable. Next payload is 3

May 9 20:32:19.348 ACST: ISAKMP:(0):Checking ISAKMP transform 4 against priority 1 policy

May 9 20:32:19.348 ACST: ISAKMP: encryption AES-CBC

May 9 20:32:19.348 ACST: ISAKMP: hash MD5

May 9 20:32:19.348 ACST: ISAKMP: default group 2

May 9 20:32:19.348 ACST: ISAKMP: auth pre-share

May 9 20:32:19.348 ACST: ISAKMP: life type in seconds

May 9 20:32:19.348 ACST: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B

May 9 20:32:19.348 ACST: ISAKMP: keylength of 256

May 9 20:32:19.348 ACST: ISAKMP:(0):Encryption algorithm offered does not match policy!

May 9 20:32:19.348 ACST: ISAKMP:(0):atts are not acceptable. Next payload is 3

May 9 20:32:19.348 ACST: ISAKMP:(0):Checking ISAKMP transform 5 against priority 1 policy

May 9 20:32:19.348 ACST: ISAKMP: encryption AES-CBC

May 9 20:32:19.348 ACST: ISAKMP: hash SHA

May 9 20:32:19.348 ACST: ISAKMP: default group 2

May 9 20:32:19.348 ACST: ISAKMP: auth XAUTHInitPreShared

May 9 20:32:19.348 ACST: ISAKMP: life type in seconds

May 9 20:32:19.348 ACST: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B

May 9 20:32:19.352 ACST: ISAKMP: keylength of 128

May 9 20:32:19.352 ACST: ISAKMP:(0):Encryption algorithm offered does not match policy!

May 9 20:32:19.352 ACST: ISAKMP:(0):atts are not acceptable. Next payload is 3

May 9 20:32:19.352 ACST: ISAKMP:(0):Checking ISAKMP transform 6 against priority 1 policy

May 9 20:32:19.352 ACST: ISAKMP: encryption AES-CBC

May 9 20:32:19.352 ACST: ISAKMP: hash MD5

May 9 20:32:19.352 ACST: ISAKMP: default group 2

May 9 20:32:19.352 ACST: ISAKMP: auth XAUTHInitPreShared

May 9 20:32:19.352 ACST: ISAKMP: life type in seconds

May 9 20:32:19.352 ACST: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B

May 9 20:32:19.352 ACST: ISAKMP: keylength of 128

May 9 20:32:19.352 ACST: ISAKMP:(0):Encryption algorithm offered does not match policy!

May 9 20:32:19.352 ACST: ISAKMP:(0):atts are not acceptable. Next payload is 3

May 9 20:32:19.352 ACST: ISAKMP:(0):Checking ISAKMP transform 7 against priority 1 policy

May 9 20:32:19.352 ACST: ISAKMP: encryption AES-CBC

May 9 20:32:19.352 ACST: ISAKMP: hash SHA

May 9 20:32:19.352 ACST: ISAKMP: default group 2

May 9 20:32:19.352 ACST: ISAKMP: auth pre-share

May 9 20:32:19.352 ACST: ISAKMP: life type in seconds

May 9 20:32:19.352 ACST: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B

May 9 20:32:19.352 ACST: ISAKMP: keylength of 128

New Member

Re: Cisco VPN Client can't negotiate with 2811 router. "Retransm

Debug from router end(part 3):

May 9 20:32:19.352 ACST: ISAKMP:(0):Encryption algorithm offered does not match policy!

May 9 20:32:19.352 ACST: ISAKMP:(0):atts are not acceptable. Next payload is 3

May 9 20:32:19.352 ACST: ISAKMP:(0):Checking ISAKMP transform 8 against priority 1 policy

May 9 20:32:19.352 ACST: ISAKMP: encryption AES-CBC

May 9 20:32:19.352 ACST: ISAKMP: hash MD5

May 9 20:32:19.352 ACST: ISAKMP: default group 2

May 9 20:32:19.352 ACST: ISAKMP: auth pre-share

May 9 20:32:19.352 ACST: ISAKMP: life type in seconds

May 9 20:32:19.352 ACST: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B

May 9 20:32:19.352 ACST: ISAKMP: keylength of 128

May 9 20:32:19.352 ACST: ISAKMP:(0):Encryption algorithm offered does not match policy!

May 9 20:32:19.352 ACST: ISAKMP:(0):atts are not acceptable. Next payload is 3

May 9 20:32:19.352 ACST: ISAKMP:(0):Checking ISAKMP transform 9 against priority 1 policy

May 9 20:32:19.356 ACST: ISAKMP: encryption 3DES-CBC

May 9 20:32:19.356 ACST: ISAKMP: hash SHA

May 9 20:32:19.356 ACST: ISAKMP: default group 2

May 9 20:32:19.356 ACST: ISAKMP: auth XAUTHInitPreShared

May 9 20:32:19.356 ACST: ISAKMP: life type in seconds

May 9 20:32:19.356 ACST: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B

May 9 20:32:19.356 ACST: ISAKMP:(0):Hash algorithm offered does not match policy!

May 9 20:32:19.356 ACST: ISAKMP:(0):atts are not acceptable. Next payload is 3

May 9 20:32:19.356 ACST: ISAKMP:(0):Checking ISAKMP transform 10 against priority 1 policy

May 9 20:32:19.356 ACST: ISAKMP: encryption 3DES-CBC

May 9 20:32:19.356 ACST: ISAKMP: hash MD5

May 9 20:32:19.356 ACST: ISAKMP: default group 2

May 9 20:32:19.356 ACST: ISAKMP: auth XAUTHInitPreShared

May 9 20:32:19.356 ACST: ISAKMP: life type in seconds

May 9 20:32:19.356 ACST: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B

May 9 20:32:19.356 ACST: ISAKMP:(0):atts are acceptable. Next payload is 3

May 9 20:32:19.356 ACST: ISAKMP:(0): processing KE payload. message ID = 0

May 9 20:32:19.404 ACST: ISAKMP:(0): processing NONCE payload. message ID = 0

May 9 20:32:19.404 ACST: ISAKMP:(0): vendor ID is NAT-T v2

May 9 20:32:19.404 ACST: ISAKMP:(0):peer does not do paranoid keepalives.

May 9 20:32:19.404 ACST: ISAKMP:(0):deleting SA reason "IKMP_ERR_NO_RETRANS" state (R) AG_NO_STATE (peer 58.163.89.189)

May 9 20:32:19.404 ACST: ISAKMP (0:0): Unknown Input IKE_MESG_FROM_PEER, IKE_AM_EXCH: state = IKE_READY

May 9 20:32:19.404 ACST: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH

May 9 20:32:19.404 ACST: ISAKMP:(0):Old State = IKE_READY New State = IKE_READY

May 9 20:32:19.404 ACST: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode failed with peer at 58.163.89.189

May 9 20:32:19.408 ACST: ISAKMP:(0):deleting SA reason "IKMP_ERR_NO_RETRANS" state (R) AG_NO_STATE (peer 58.163.89.189)

May 9 20:32:19.408 ACST: ISAKMP: Unlocking peer struct 0x46BC2984 for isadb_mark_sa_deleted(), count 0

May 9 20:32:19.408 ACST: ISAKMP: Deleting peer node by peer_reap for 58.163.89.189: 46BC2984

May 9 20:32:19.408 ACST: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL

May 9 20:32:19.408 ACST: ISAKMP:(0):Old State = IKE_READY New State = IKE_DEST_SA

May 9 20:32:19.408 ACST: IPSEC(key_engine): got a queue event with 1 KMI message(s)

May 9 20:32:24.608 ACST: ISAKMP (0:0): received packet from 58.163.89.189 dport 500 sport 3409 Global (R) MM_NO_STATE

May 9 20:32:30.052 ACST: ISAKMP (0:0): received packet from 58.163.89.189 dport 500 sport 3409 Global (R) MM_NO_STATE

May 9 20:32:35.072 ACST: ISAKMP (0:0): received packet from 58.163.89.189 dport 500 sport 3409 Global (R) MM_NO_STATE

May 9 20:33:19.408 ACST: ISAKMP:(0):purging SA., sa=48906EFC, delme=48906EFC

248
Views
0
Helpful
3
Replies
CreatePlease to create content