Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3673
Views
0
Helpful
5
Replies

L2TP/IPSEC VPN - Android to Cisco Router

daniel.carlton
Level 1
Level 1

‎01-29-2014 05:39 AM - edited ‎02-21-2020 07:28 PM

I am having issues getting an Android device to connect using the native L2TP/IPSEC VPN client.

With an iOS device, it connects fine. I have followed all of the online config guidance I can find but nothing seems to help on the Android side.

Here is my config:

vpdn enable

vpdn-group l2tpvpn

! Default L2TP VPDN group

accept-dialin

  protocol l2tp

  virtual-template 1

lcp renegotiation always

l2tp tunnel hello 15

no l2tp tunnel authentication

l2tp tunnel receive-window 1024

l2tp ip udp checksum

ip pmtu

ip mtu adjust

username dan privilege 15 password dan

crypto isakmp policy 1

encr 3des

group 2

authentication pre-share

lifetime 3600

crypto isakmp key cisco address 0.0.0.0 0.0.0.0 no-xauth

crypto isakmp fragmentation

!

!

crypto ipsec transform-set L2TP-TS esp-3des esp-sha-hmac

mode transport require

crypto ipsec transform-set L2TP-TS1 esp-aes esp-sha-hmac

mode transport require

crypto ipsec transform-set L2TP-TS2 ah-sha-hmac esp-3des

mode transport

crypto ipsec transform-set L2TP-TS3 ah-md5-hmac esp-3des

mode transport

crypto ipsec transform-set L2TP-TS4 ah-md5-hmac esp-aes

mode transport

crypto ipsec transform-set L2TP-TS5 ah-sha-hmac esp-aes

mode transport

!

crypto dynamic-map dynvpn 1

set nat demux

set security-association lifetime seconds 28800

set transform-set L2TP-TS1

crypto map clientmap 30 ipsec-isakmp dynamic dynvpn

interface FastEthernet0/0

description Internet Connection

ip address <INTERNET>

duplex auto

speed auto

crypto map clientmap

interface FastEthernet0/0/3

!

interface Virtual-Template1

ip unnumbered Vlan8

ip mtu 1398

peer default ip address pool VPN

keepalive 5

ppp mtu adaptive

ppp authentication pap ms-chap ms-chap-v2 chap

ip local pool VPN 10.1.8.201 10.1.8.221

ip route 0.0.0.0 0.0.0.0 <INTERNET>

Add some debug (crypto isakamp and crypto ipsec):

local_proxy= <INTERNET>/255.255.255.255/17/1701 (type=1),

    remote_proxy= <ANDROID>/255.255.255.255/17/0 (type=1),

    protocol= ESP, transform= NONE  (Transport-UDP),

    lifedur= 0s and 0kb,

    spi= 0x0(0), conn_id= 0, keysize= 256, flags= 0x0

*Jan 29 01:33:06.425: IPSEC(ipsec_process_proposal): transform proposal not supported for identity:

    {esp-aes 256 esp-md5-hmac }

*Jan 29 01:33:06.425: ISAKMP:(1243): IPSec policy invalidated proposal with error 256

*Jan 29 01:33:06.425: IPSEC(validate_proposal_request): proposal part #1

*Jan 29 01:33:06.425: IPSEC(validate_proposal_request): proposal part #1,

  (key eng. msg.) INBOUND local= <INTERNET>, remote= <ANDROID>,

    local_proxy= <INTERNET>/255.255.255.255/17/1701 (type=1),

    remote_proxy= <ANDROID>/255.255.255.255/17/0 (type=1),

    protocol= ESP, transform= NONE  (Transport-UDP),

    lifedur= 0s and 0kb,

    spi= 0x0(0), conn_id= 0, keysize= 128, flags= 0x0

*Jan 29 01:33:06.425: ISAKMP:(1243): processing NONCE payload. message ID = -2100912043

*Jan 29 01:33:06.425: ISAKMP:(1243): processing ID payload. message ID = -2100912043

*Jan 29 01:33:06.425: ISAKMP:(1243): processing ID payload. message ID = -2100912043

*Jan 29 01:33:06.429: ISAKMP:(1243):QM Responder gets spi

*Jan 29 01:33:06.429: ISAKMP:(1243):Node -2100912043, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH

*Jan 29 01:33:06.429: ISAKMP:(1243):Old State = IKE_QM_READY  New State = IKE_QM_SPI_STARVE

*Jan 29 01:33:06.429: ISAKMP:(1243): Creating IPSec SAs

*Jan 29 01:33:06.429:         inbound SA from <ANDROID> to <INTERNET> (f/i)  0/ 0

        (proxy <ANDROID> to <INTERNET>)

*Jan 29 01:33:06.429:         has spi 0x9A969C5 and conn_id 0

*Jan 29 01:33:06.429:         lifetime of 28800 seconds

*Jan 29 01:33:06.429:         outbound SA from <INTERNET> to <ANDROID> (f/i) 0/0

        (proxy <INTERNET> to <ANDROID>)

*Jan 29 01:33:06.429:         has spi  0xB59BEB and conn_id 0

*Jan 29 01:33:06.429:         lifetime of 28800 seconds

*Jan 29 01:33:06.429: ISAKMP:(1243): sending packet to <ANDROID> my_port 4500 peer_port 4500 (R) QM_IDLE

*Jan 29 01:33:06.429: ISAKMP:(1243):Sending an IKE IPv4 Packet.

*Jan 29 01:33:06.429: ISAKMP:(1243):Node -2100912043, Input = IKE_MESG_INTERNAL, IKE_GOT_SPI

*Jan 29 01:33:06.433: ISAKMP:(1243):Old State = IKE_QM_SPI_STARVE  New State = IKE_QM_R_QM2

*Jan 29 01:33:06.433: IPSEC(key_engine): got a queue event with 1 KMI message(s)

*Jan 29 01:33:06.433: IPSEC(policy_db_add_ident): src <INTERNET>, dest <ANDROID>, dest_port 4500

*Jan 29 01:33:06.433: IPSEC(create_sa): sa created,

  (sa) sa_dest= <INTERNET>, sa_proto= 50,

    sa_spi= 0x9A969C5(162097605),

    sa_trans= esp-aes esp-sha-hmac , sa_conn_id= 2053

*Jan 29 01:33:06.433: IPSEC(create_sa): sa created,

  (sa) sa_dest= <ANDROID>, sa_proto= 50,

    sa_spi= 0xB59BEB(11901931),

    sa_trans= esp-aes esp-sha-hmac , sa_conn_id= 2054

*Jan 29 01:33:06.601: ISAKMP (0:1243): received packet from <ANDROID> dport 4500 sport 4500 Global (R) QM_IDLE

*Jan 29 01:33:06.601: ISAKMP:(1243):deleting node -2100912043 error FALSE reason "QM done (await)"

*Jan 29 01:33:06.601: ISAKMP:(1243):Node -2100912043, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH

*Jan 29 01:33:06.601: ISAKMP:(1243):Old State = IKE_QM_R_QM2  New State = IKE_QM_PHASE2_COMPLETE

*Jan 29 01:33:06.601: IPSEC(key_engine): got a queue event with 1 KMI message(s)

*Jan 29 01:33:06.601: IPSEC(key_engine_enable_outbound): rec'd enable notify from ISAKMP

*Jan 29 01:33:06.601: IPSEC(key_engine_enable_outbound): enable SA with spi 11901931/50

*Jan 29 01:33:06.601: IPSEC(update_current_outbound_sa): updated peer <ANDROID> current outbound sa to SPI B59BEB

*Jan 29 01:33:08.245: %INTERFACE_API-3-NODESTROYSUBBLOCK: The SWIDB subblock named SW FIB PENDING EVENT was not removed,  -Traceback= 0x60BB69F0 0x60365A1C 0x6036612C

*Jan 29 01:33:15.921: ISAKMP:(1241):purging SA., sa=63FDEA00, delme=63FDEA00

*Jan 29 01:33:56.405: ISAKMP:(1243):purging node -120856731

*Jan 29 01:33:56.417: ISAKMP:(1242):purging node -1787951035

*Jan 29 01:33:56.417: ISAKMP:(1242):purging node -1229870867

*Jan 29 01:33:56.601: ISAKMP:(1243):purging node -2100912043

*Jan 29 01:34:06.417: ISAKMP:(1242):purging SA., sa=653E1810, delme=653E1810

eRecharge-VPN-RTR1#

eRecharge-VPN-RTR1#

*Jan 29 01:35:29.625: ISAKMP (0:0): received packet from <ANDROID> dport 500 sport 500 Global (N) NEW SA

*Jan 29 01:35:29.625: ISAKMP: Created a peer struct for <ANDROID>, peer port 500

*Jan 29 01:35:29.625: ISAKMP: New peer created peer = 0x653EE3F0 peer_handle = 0x80000A91

*Jan 29 01:35:29.625: ISAKMP: Locking peer struct 0x653EE3F0, refcount 1 for crypto_isakmp_process_block

*Jan 29 01:35:29.629: ISAKMP: local port 500, remote port 500

*Jan 29 01:35:29.629: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 640A5FD8

*Jan 29 01:35:29.629: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH

*Jan 29 01:35:29.629: ISAKMP:(0):Old State = IKE_READY  New State = IKE_R_MM1

*Jan 29 01:35:29.629: ISAKMP:(0): processing SA payload. message ID = 0

*Jan 29 01:35:29.629: ISAKMP:(0): processing vendor id payload

*Jan 29 01:35:29.629: ISAKMP:(0): vendor ID seems Unity/DPD but major 69 mismatch

*Jan 29 01:35:29.629: ISAKMP (0:0): vendor ID is NAT-T RFC 3947

*Jan 29 01:35:29.629: ISAKMP:(0): processing vendor id payload

*Jan 29 01:35:29.629: ISAKMP:(0): vendor ID seems Unity/DPD but major 164 mismatch

*Jan 29 01:35:29.629: ISAKMP:(0): processing vendor id payload

*Jan 29 01:35:29.629: ISAKMP:(0): vendor ID seems Unity/DPD but major 123 mismatch

*Jan 29 01:35:29.629: ISAKMP:(0): vendor ID is NAT-T v2

*Jan 29 01:35:29.629: ISAKMP:(0): processing vendor id payload

*Jan 29 01:35:29.629: ISAKMP:(0): vendor ID seems Unity/DPD but major 221 mismatch

*Jan 29 01:35:29.629: ISAKMP:(0): processing vendor id payload

*Jan 29 01:35:29.629: ISAKMP:(0): processing IKE frag vendor id payload

*Jan 29 01:35:29.629: ISAKMP:(0): vendor ID is IKE Fragmentation

*Jan 29 01:35:29.629: ISAKMP:(0): MM Fragmentation supported

*Jan 29 01:35:29.629: ISAKMP:(0): processing vendor id payload

*Jan 29 01:35:29.629: ISAKMP:(0): vendor ID is DPD

*Jan 29 01:35:29.629: ISAKMP:(0):found peer pre-shared key matching <ANDROID>

*Jan 29 01:35:29.633: ISAKMP:(0): local preshared key found

*Jan 29 01:35:29.633: ISAKMP : Scanning profiles for xauth ...

*Jan 29 01:35:29.633: ISAKMP:(0):Checking ISAKMP transform 1 against priority 1 policy

*Jan 29 01:35:29.633: ISAKMP:      life type in seconds

*Jan 29 01:35:29.633: ISAKMP:      life duration (basic) of 28800

*Jan 29 01:35:29.633: ISAKMP:      encryption AES-CBC

*Jan 29 01:35:29.633: ISAKMP:      keylength of 256

*Jan 29 01:35:29.633: ISAKMP:      auth pre-share

*Jan 29 01:35:29.633: ISAKMP:      hash SHA

*Jan 29 01:35:29.633: ISAKMP:      default group 2

*Jan 29 01:35:29.633: ISAKMP:(0):Encryption algorithm offered does not match policy!

*Jan 29 01:35:29.633: ISAKMP:(0):atts are not acceptable. Next payload is 3

*Jan 29 01:35:29.633: ISAKMP:(0):Checking ISAKMP transform 2 against priority 1 policy

*Jan 29 01:35:29.633: ISAKMP:      life type in seconds

*Jan 29 01:35:29.633: ISAKMP:      life duration (basic) of 28800

*Jan 29 01:35:29.633: ISAKMP:      encryption AES-CBC

*Jan 29 01:35:29.633: ISAKMP:      keylength of 256

*Jan 29 01:35:29.633: ISAKMP:      auth pre-share

*Jan 29 01:35:29.633: ISAKMP:      hash MD5

*Jan 29 01:35:29.633: ISAKMP:      default group 2

*Jan 29 01:35:29.633: ISAKMP:(0):Encryption algorithm offered does not match policy!

*Jan 29 01:35:29.633: ISAKMP:(0):atts are not acceptable. Next payload is 3

*Jan 29 01:35:29.633: ISAKMP:(0):Checking ISAKMP transform 3 against priority 1 policy

*Jan 29 01:35:29.633: ISAKMP:      life type in seconds

*Jan 29 01:35:29.633: ISAKMP:      life duration (basic) of 28800

*Jan 29 01:35:29.633: ISAKMP:      encryption AES-CBC

*Jan 29 01:35:29.633: ISAKMP:      keylength of 128

*Jan 29 01:35:29.633: ISAKMP:      auth pre-share

*Jan 29 01:35:29.633: ISAKMP:      hash SHA

*Jan 29 01:35:29.633: ISAKMP:      default group 2

*Jan 29 01:35:29.633: ISAKMP:(0):Encryption algorithm offered does not match policy!

*Jan 29 01:35:29.633: ISAKMP:(0):atts are not acceptable. Next payload is 3

*Jan 29 01:35:29.633: ISAKMP:(0):Checking ISAKMP transform 4 against priority 1 policy

*Jan 29 01:35:29.633: ISAKMP:      life type in seconds

*Jan 29 01:35:29.633: ISAKMP:      life duration (basic) of 28800

*Jan 29 01:35:29.633: ISAKMP:      encryption AES-CBC

*Jan 29 01:35:29.633: ISAKMP:      keylength of 128

*Jan 29 01:35:29.633: ISAKMP:      auth pre-share

*Jan 29 01:35:29.633: ISAKMP:      hash MD5

*Jan 29 01:35:29.633: ISAKMP:      default group 2

*Jan 29 01:35:29.633: ISAKMP:(0):Encryption algorithm offered does not match policy!

*Jan 29 01:35:29.633: ISAKMP:(0):atts are not acceptable. Next payload is 3

*Jan 29 01:35:29.633: ISAKMP:(0):Checking ISAKMP transform 5 against priority 1 policy

*Jan 29 01:35:29.633: ISAKMP:      life type in seconds

*Jan 29 01:35:29.633: ISAKMP:      life duration (basic) of 28800

*Jan 29 01:35:29.633: ISAKMP:      encryption 3DES-CBC

*Jan 29 01:35:29.633: ISAKMP:      auth pre-share

*Jan 29 01:35:29.633: ISAKMP:      hash SHA

*Jan 29 01:35:29.633: ISAKMP:      default group 2

*Jan 29 01:35:29.633: ISAKMP:(0):atts are acceptable. Next payload is 3

*Jan 29 01:35:29.637: ISAKMP:(0):Acceptable atts:actual life: 3600

*Jan 29 01:35:29.637: ISAKMP:(0):Acceptable atts:life: 0

*Jan 29 01:35:29.637: ISAKMP:(0):Basic life_in_seconds:28800

*Jan 29 01:35:29.637: ISAKMP:(0):Returning Actual lifetime: 3600

*Jan 29 01:35:29.637: ISAKMP:(0)::Started lifetime timer: 3600.

*Jan 29 01:35:29.637: ISAKMP:(0): processing vendor id payload

*Jan 29 01:35:29.637: ISAKMP:(0): vendor ID seems Unity/DPD but major 69 mismatch

*Jan 29 01:35:29.637: ISAKMP (0:0): vendor ID is NAT-T RFC 3947

*Jan 29 01:35:29.637: ISAKMP:(0): processing vendor id payload

*Jan 29 01:35:29.637: ISAKMP:(0): vendor ID seems Unity/DPD but major 164 mismatch

*Jan 29 01:35:29.637: ISAKMP:(0): processing vendor id payload

*Jan 29 01:35:29.637: ISAKMP:(0): vendor ID seems Unity/DPD but major 123 mismatch

*Jan 29 01:35:29.637: ISAKMP:(0): vendor ID is NAT-T v2

*Jan 29 01:35:29.637: ISAKMP:(0): processing vendor id payload

*Jan 29 01:35:29.637: ISAKMP:(0): vendor ID seems Unity/DPD but major 221 mismatch

*Jan 29 01:35:29.637: ISAKMP:(0): processing vendor id payload

*Jan 29 01:35:29.637: ISAKMP:(0): processing IKE frag vendor id payload

*Jan 29 01:35:29.637: ISAKMP:(0): vendor ID is IKE Fragmentation

*Jan 29 01:35:29.637: ISAKMP:(0): MM Fragmentation supported

*Jan 29 01:35:29.637: ISAKMP:(0): processing vendor id payload

*Jan 29 01:35:29.637: ISAKMP:(0): vendor ID is DPD

*Jan 29 01:35:29.637: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE

*Jan 29 01:35:29.637: ISAKMP:(0):Old State = IKE_R_MM1  New State = IKE_R_MM1

*Jan 29 01:35:29.641: ISAKMP:(0):sending IKE_FRAG vendor ID

*Jan 29 01:35:29.641: ISAKMP:(0): constructed NAT-T vendor-rfc3947 ID

*Jan 29 01:35:29.641: ISAKMP:(0): sending packet to <ANDROID> my_port 500 peer_port 500 (R) MM_SA_SETUP

*Jan 29 01:35:29.641: ISAKMP:(0):Sending an IKE IPv4 Packet.

*Jan 29 01:35:29.641: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE

*Jan 29 01:35:29.641: ISAKMP:(0):Old State = IKE_R_MM1  New State = IKE_R_MM2

*Jan 29 01:35:29.869: ISAKMP (0:0): received packet from <ANDROID> dport 500 sport 500 Global (R) MM_SA_SETUP

*Jan 29 01:35:29.869: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH

*Jan 29 01:35:29.869: ISAKMP:(0):Old State = IKE_R_MM2  New State = IKE_R_MM3

*Jan 29 01:35:29.869: ISAKMP:(0): processing KE payload. message ID = 0

*Jan 29 01:35:29.953: ISAKMP:(0): processing NONCE payload. message ID = 0

*Jan 29 01:35:29.953: ISAKMP:(0):found peer pre-shared key matching <ANDROID>

*Jan 29 01:35:29.953: ISAKMP:received payload type 20

*Jan 29 01:35:29.953: ISAKMP:received payload type 20

*Jan 29 01:35:29.953: ISAKMP (0:1244): NAT found, the node outside NAT

*Jan 29 01:35:29.957: ISAKMP:(1244):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE

*Jan 29 01:35:29.957: ISAKMP:(1244):Old State = IKE_R_MM3  New State = IKE_R_MM3

*Jan 29 01:35:29.957: ISAKMP:(1244): sending packet to <ANDROID> my_port 500 peer_port 500 (R) MM_KEY_EXCH

*Jan 29 01:35:29.957: ISAKMP:(1244):Sending an IKE IPv4 Packet.

*Jan 29 01:35:29.957: ISAKMP:(1244):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE

*Jan 29 01:35:29.957: ISAKMP:(1244):Old State = IKE_R_MM3  New State = IKE_R_MM4

*Jan 29 01:35:30.249: ISAKMP (0:1244): received packet from <ANDROID> dport 4500 sport 4500 Global (R) MM_KEY_EXCH

*Jan 29 01:35:30.249: ISAKMP:(1244):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH

*Jan 29 01:35:30.249: ISAKMP:(1244):Old State = IKE_R_MM4  New State = IKE_R_MM5

*Jan 29 01:35:30.253: ISAKMP:(1244): processing ID payload. message ID = 0

*Jan 29 01:35:30.253: ISAKMP (0:1244): ID payload

        next-payload : 8

        type         : 1

        address      : 192.170.100.113

        protocol     : 17

        port         : 500

        length       : 12

*Jan 29 01:35:30.253: ISAKMP:(0):: peer matches *none* of the profiles

*Jan 29 01:35:30.253: ISAKMP:(1244): processing HASH payload. message ID = 0

*Jan 29 01:35:30.253: ISAKMP:(1244):SA authentication status:

        authenticated

*Jan 29 01:35:30.253: ISAKMP:(1244):SA has been authenticated with <ANDROID>

*Jan 29 01:35:30.253: ISAKMP:(1244):Detected port floating to port = 4500

*Jan 29 01:35:30.253: ISAKMP: Trying to insert a peer <INTERNET>/<ANDROID>/4500/,  and found existing one 64B90268 to reuse, free 653EE3F0

*Jan 29 01:35:30.253: ISAKMP: Unlocking peer struct 0x653EE3F0 Reuse existing peer, count 0

*Jan 29 01:35:30.253: ISAKMP: Deleting peer node by peer_reap for <ANDROID>: 653EE3F0

*Jan 29 01:35:30.253: ISAKMP: Locking peer struct 0x64B90268, refcount 2 for Reuse existing peer

*Jan 29 01:35:30.253: ISAKMP:(1244):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE

*Jan 29 01:35:30.253: ISAKMP:(1244):Old State = IKE_R_MM5  New State = IKE_R_MM5

*Jan 29 01:35:30.253: IPSEC(key_engine): got a queue event with 1 KMI message(s)

*Jan 29 01:35:30.257: ISAKMP:(1244):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR

*Jan 29 01:35:30.257: ISAKMP (0:1244): ID payload

        next-payload : 8

        type         : 1

        address      : <INTERNET>

        protocol     : 17

        port         : 0

        length       : 12

*Jan 29 01:35:30.257: ISAKMP:(1244):Total payload length: 12

*Jan 29 01:35:30.257: ISAKMP:(1244): sending packet to <ANDROID> my_port 4500 peer_port 4500 (R) MM_KEY_EXCH

*Jan 29 01:35:30.257: ISAKMP:(1244):Sending an IKE IPv4 Packet.

*Jan 29 01:35:30.257: ISAKMP:(1244):Returning Actual lifetime: 3600

*Jan 29 01:35:30.257: ISAKMP: set new node 1108379192 to QM_IDLE

*Jan 29 01:35:30.257: ISAKMP:(1244):Sending NOTIFY RESPONDER_LIFETIME protocol 1

        spi 1688401496, message ID = 1108379192

*Jan 29 01:35:30.257: ISAKMP:(1244): sending packet to <ANDROID> my_port 4500 peer_port 4500 (R) MM_KEY_EXCH

*Jan 29 01:35:30.257: ISAKMP:(1244):Sending an IKE IPv4 Packet.

*Jan 29 01:35:30.257: ISAKMP:(1244):purging node 1108379192

*Jan 29 01:35:30.257: ISAKMP: Sending phase 1 responder lifetime 3600

*Jan 29 01:35:30.257: ISAKMP:(1244):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE

*Jan 29 01:35:30.261: ISAKMP:(1244):Old State = IKE_R_MM5  New State = IKE_P1_COMPLETE

*Jan 29 01:35:30.261: ISAKMP:(1244):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE

*Jan 29 01:35:30.261: ISAKMP:(1244):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE

*Jan 29 01:35:30.493: ISAKMP (0:1244): received packet from <ANDROID> dport 4500 sport 4500 Global (R) QM_IDLE

*Jan 29 01:35:30.493: ISAKMP: set new node -182504280 to QM_IDLE

*Jan 29 01:35:30.493: ISAKMP:(1244): processing HASH payload. message ID = -182504280

*Jan 29 01:35:30.493: ISAKMP:(1244): processing NOTIFY INITIAL_CONTACT protocol 1

        spi 0, message ID = -182504280, sa = 640A5FD8

*Jan 29 01:35:30.493: ISAKMP:(1244):SA authentication status:

        authenticated

*Jan 29 01:35:30.493: ISAKMP:(1244): Process initial contact,

bring down existing phase 1 and 2 SA's with local <INTERNET> remote <ANDROID> remote port 4500

*Jan 29 01:35:30.493: ISAKMP:(1243):received initial contact, deleting SA

*Jan 29 01:35:30.497: ISAKMP:(1243):peer does not do paranoid keepalives.

*Jan 29 01:35:30.497: ISAKMP:(1243):deleting SA reason "Receive initial contact" state (R) QM_IDLE       (peer <ANDROID>)

*Jan 29 01:35:30.497: ISAKMP:(1244):deleting node -182504280 error FALSE reason "Informational (in) state 1"

*Jan 29 01:35:30.497: ISAKMP:(1244):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY

*Jan 29 01:35:30.497: ISAKMP:(1244):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE

*Jan 29 01:35:30.497: IPSEC(key_engine): got a queue event with 1 KMI message(s)

*Jan 29 01:35:30.497: Delete IPsec SA by IC, local <INTERNET> remote <ANDROID> peer port 4500

*Jan 29 01:35:30.497: IPSEC(delete_sa): deleting SA,

  (sa) sa_dest= <INTERNET>, sa_proto= 50,

    sa_spi= 0x9A969C5(162097605),

    sa_trans= esp-aes esp-sha-hmac , sa_conn_id= 2053,

  (identity) local= <INTERNET>, remote= <ANDROID>,

    local_proxy= <INTERNET>/255.255.255.255/17/1701 (type=1),

    remote_proxy= <ANDROID>/255.255.255.255/17/4500 (type=1)

*Jan 29 01:35:30.497: IPSEC(update_current_outbound_sa): updated peer <ANDROID> current outbound sa to SPI 0

*Jan 29 01:35:30.497: IPSEC(delete_sa): deleting SA,

  (sa) sa_dest= <ANDROID>, sa_proto= 50,

    sa_spi= 0xB59BEB(11901931),

    sa_trans= esp-aes esp-sha-hmac , sa_conn_id= 2054,

  (identity) local= <INTERNET>, remote= <ANDROID>,

    local_proxy= <INTERNET>/255.255.255.255/17/1701 (type=1),

    remote_proxy= <ANDROID>/255.255.255.255/17/4500 (type=1)

*Jan 29 01:35:30.501: ISAKMP: set new node -1196491908 to QM_IDLE

*Jan 29 01:35:30.501: ISAKMP:(1243):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL

*Jan 29 01:35:30.501: ISAKMP:(1243):Old State = IKE_P1_COMPLETE  New State = IKE_DEST_SA

*Jan 29 01:35:30.501: ISAKMP (0:1244): received packet from <ANDROID> dport 4500 sport 4500 Global (R) QM_IDLE

*Jan 29 01:35:30.501: ISAKMP: set new node -849535221 to QM_IDLE

*Jan 29 01:35:30.501: ISAKMP:(1244): processing HASH payload. message ID = -849535221

*Jan 29 01:35:30.505: ISAKMP:(1244): processing SA payload. message ID = -849535221

*Jan 29 01:35:30.505: ISAKMP:(1244):Checking IPSec proposal 1

*Jan 29 01:35:30.505: ISAKMP: transform 1, ESP_AES

*Jan 29 01:35:30.505: ISAKMP:   attributes in transform:

*Jan 29 01:35:30.505: ISAKMP:      SA life type in seconds

*Jan 29 01:35:30.505: ISAKMP:      SA life duration (basic) of 28800

*Jan 29 01:35:30.505: ISAKMP:      encaps is 4 (Transport-UDP)

*Jan 29 01:35:30.505: ISAKMP:      key length is 256

*Jan 29 01:35:30.505: ISAKMP:      authenticator is HMAC-SHA

*Jan 29 01:35:30.505: ISAKMP:(1244):atts are acceptable.

*Jan 29 01:35:30.505: ISAKMP:(1244):Checking IPSec proposal 1

*Jan 29 01:35:30.505: ISAKMP: transform 2, ESP_AES

*Jan 29 01:35:30.505: ISAKMP:   attributes in transform:

*Jan 29 01:35:30.505: ISAKMP:      SA life type in seconds

*Jan 29 01:35:30.505: ISAKMP:      SA life duration (basic) of 28800

*Jan 29 01:35:30.505: ISAKMP:      encaps is 4 (Transport-UDP)

*Jan 29 01:35:30.505: ISAKMP:      key length is 256

*Jan 29 01:35:30.505: ISAKMP:      authenticator is HMAC-MD5

*Jan 29 01:35:30.505: ISAKMP:(1244):atts are acceptable.

*Jan 29 01:35:30.505: ISAKMP:(1244):Checking IPSec proposal 1

*Jan 29 01:35:30.505: ISAKMP: transform 3, ESP_AES

*Jan 29 01:35:30.505: ISAKMP:   attributes in transform:

*Jan 29 01:35:30.505: ISAKMP:      SA life type in seconds

*Jan 29 01:35:30.505: ISAKMP:      SA life duration (basic) of 28800

*Jan 29 01:35:30.505: ISAKMP:      encaps is 4 (Transport-UDP)

*Jan 29 01:35:30.505: ISAKMP:      key length is 128

*Jan 29 01:35:30.505: ISAKMP:      authenticator is HMAC-SHA

*Jan 29 01:35:30.505: ISAKMP:(1244):atts are acceptable.

*Jan 29 01:35:30.505: ISAKMP:(1244):Checking IPSec proposal 1

*Jan 29 01:35:30.505: ISAKMP: transform 4, ESP_AES

*Jan 29 01:35:30.505: ISAKMP:   attributes in transform:

*Jan 29 01:35:30.505: ISAKMP:      SA life type in seconds

*Jan 29 01:35:30.505: ISAKMP:      SA life duration (basic) of 28800

*Jan 29 01:35:30.505: ISAKMP:      encaps is 4 (Transport-UDP)

*Jan 29 01:35:30.505: ISAKMP:      key length is 128

*Jan 29 01:35:30.505: ISAKMP:      authenticator is HMAC-MD5

*Jan 29 01:35:30.505: ISAKMP:(1244):atts are acceptable.

*Jan 29 01:35:30.505: ISAKMP:(1244):Checking IPSec proposal 1

*Jan 29 01:35:30.505: ISAKMP: transform 5, ESP_3DES

*Jan 29 01:35:30.505: ISAKMP:   attributes in transform:

*Jan 29 01:35:30.505: ISAKMP:      SA life type in seconds

*Jan 29 01:35:30.505: ISAKMP:      SA life duration (basic) of 28800

*Jan 29 01:35:30.505: ISAKMP:      encaps is 4 (Transport-UDP)

*Jan 29 01:35:30.505: ISAKMP:      authenticator is HMAC-SHA

*Jan 29 01:35:30.505: ISAKMP:(1244):atts are acceptable.

*Jan 29 01:35:30.505: ISAKMP:(1244):Checking IPSec proposal 1

*Jan 29 01:35:30.505: ISAKMP: transform 6, ESP_3DES

*Jan 29 01:35:30.505: ISAKMP:   attributes in transform:

*Jan 29 01:35:30.505: ISAKMP:      SA life type in seconds

*Jan 29 01:35:30.509: ISAKMP:      SA life duration (basic) of 28800

*Jan 29 01:35:30.509: ISAKMP:      encaps is 4 (Transport-UDP)

*Jan 29 01:35:30.509: ISAKMP:      authenticator is HMAC-MD5

*Jan 29 01:35:30.509: ISAKMP:(1244):atts are acceptable.

*Jan 29 01:35:30.509: ISAKMP:(1244):Checking IPSec proposal 1

*Jan 29 01:35:30.509: ISAKMP: transform 7, ESP_DES

*Jan 29 01:35:30.509: ISAKMP:   attributes in transform:

*Jan 29 01:35:30.509: ISAKMP:      SA life type in seconds

*Jan 29 01:35:30.509: ISAKMP:      SA life duration (basic) of 28800

*Jan 29 01:35:30.509: ISAKMP:      encaps is 4 (Transport-UDP)

*Jan 29 01:35:30.509: ISAKMP:      authenticator is HMAC-SHA

*Jan 29 01:35:30.509: ISAKMP:(1244):atts are acceptable.

*Jan 29 01:35:30.509: ISAKMP:(1244):Checking IPSec proposal 1

*Jan 29 01:35:30.509: ISAKMP: transform 8, ESP_DES

*Jan 29 01:35:30.509: ISAKMP:   attributes in transform:

*Jan 29 01:35:30.509: ISAKMP:      SA life type in seconds

*Jan 29 01:35:30.509: ISAKMP:      SA life duration (basic) of 28800

*Jan 29 01:35:30.509: ISAKMP:      encaps is 4 (Transport-UDP)

*Jan 29 01:35:30.509: ISAKMP:      authenticator is HMAC-MD5

*Jan 29 01:35:30.509: ISAKMP:(1244):atts are acceptable.

*Jan 29 01:35:30.509: IPSEC(validate_proposal_request): proposal part #1

*Jan 29 01:35:30.509: IPSEC(validate_proposal_request): proposal part #1,

  (key eng. msg.) INBOUND local= <INTERNET>, remote= <ANDROID>,

    local_proxy= <INTERNET>/255.255.255.255/17/1701 (type=1),

    remote_proxy= <ANDROID>/255.255.255.255/17/0 (type=1),

    protocol= ESP, transform= NONE  (Transport-UDP),

    lifedur= 0s and 0kb,

    spi= 0x0(0), conn_id= 0, keysize= 256, flags= 0x0

*Jan 29 01:35:30.509: IPSEC(ipsec_process_proposal): transform proposal not supported for identity:

    {esp-aes 256 esp-sha-hmac }

*Jan 29 01:35:30.509: ISAKMP:(1244): IPSec policy invalidated proposal with error 256

*Jan 29 01:35:30.509: IPSEC(validate_proposal_request): proposal part #1

*Jan 29 01:35:30.509: IPSEC(validate_proposal_request): proposal part #1,

  (key eng. msg.) INBOUND local= <INTERNET>, remote= <ANDROID>,

    local_proxy= <INTERNET>/255.255.255.255/17/1701 (type=1),

    remote_proxy= <ANDROID>/255.255.255.255/17/0 (type=1),

    protocol= ESP, transform= NONE  (Transport-UDP),

    lifedur= 0s and 0kb,

    spi= 0x0(0), conn_id= 0, keysize= 256, flags= 0x0

*Jan 29 01:35:30.509: IPSEC(ipsec_process_proposal): transform proposal not supported for identity:

    {esp-aes 256 esp-md5-hmac }

*Jan 29 01:35:30.509: ISAKMP:(1244): IPSec policy invalidated proposal with error 256

*Jan 29 01:35:30.509: IPSEC(validate_proposal_request): proposal part #1

*Jan 29 01:35:30.509: IPSEC(validate_proposal_request): proposal part #1,

  (key eng. msg.) INBOUND local= <INTERNET>, remote= <ANDROID>,

    local_proxy= <INTERNET>/255.255.255.255/17/1701 (type=1),

    remote_proxy= <ANDROID>/255.255.255.255/17/0 (type=1),

    protocol= ESP, transform= NONE  (Transport-UDP),

    lifedur= 0s and 0kb,

    spi= 0x0(0), conn_id= 0, keysize= 128, flags= 0x0

*Jan 29 01:35:30.513: ISAKMP:(1244): processing NONCE payload. message ID = -849535221

*Jan 29 01:35:30.513: ISAKMP:(1244): processing ID payload. message ID = -849535221

*Jan 29 01:35:30.513: ISAKMP:(1244): processing ID payload. message ID = -849535221

*Jan 29 01:35:30.513: ISAKMP:(1244):QM Responder gets spi

*Jan 29 01:35:30.513: ISAKMP:(1244):Node -849535221, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH

*Jan 29 01:35:30.513: ISAKMP:(1244):Old State = IKE_QM_READY  New State = IKE_QM_SPI_STARVE

*Jan 29 01:35:30.513: ISAKMP:(1244): Creating IPSec SAs

*Jan 29 01:35:30.513:         inbound SA from <ANDROID> to <INTERNET> (f/i)  0/ 0

        (proxy <ANDROID> to <INTERNET>)

*Jan 29 01:35:30.513:         has spi 0x4878E485 and conn_id 0

*Jan 29 01:35:30.513:         lifetime of 28800 seconds

*Jan 29 01:35:30.513:         outbound SA from <INTERNET> to <ANDROID> (f/i) 0/0

        (proxy <INTERNET> to <ANDROID>)

*Jan 29 01:35:30.513:         has spi  0xEB65E76 and conn_id 0

*Jan 29 01:35:30.513:         lifetime of 28800 seconds

*Jan 29 01:35:30.517: ISAKMP:(1244): sending packet to <ANDROID> my_port 4500 peer_port 4500 (R) QM_IDLE

*Jan 29 01:35:30.517: ISAKMP:(1244):Sending an IKE IPv4 Packet.

*Jan 29 01:35:30.517: ISAKMP:(1244):Node -849535221, Input = IKE_MESG_INTERNAL, IKE_GOT_SPI

*Jan 29 01:35:30.517: ISAKMP:(1244):Old State = IKE_QM_SPI_STARVE  New State = IKE_QM_R_QM2

*Jan 29 01:35:30.517: ISAKMP: set new node -34372654 to QM_IDLE

*Jan 29 01:35:30.517: ISAKMP:(1244): sending packet to <ANDROID> my_port 4500 peer_port 4500 (R) QM_IDLE

*Jan 29 01:35:30.517: ISAKMP:(1244):Sending an IKE IPv4 Packet.

*Jan 29 01:35:30.517: ISAKMP:(1244):purging node -34372654

*Jan 29 01:35:30.517: ISAKMP:(1244):Input = IKE_MESG_FROM_IPSEC, IKE_PHASE2_DEL

*Jan 29 01:35:30.517: ISAKMP:(1244):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE

*Jan 29 01:35:30.517: IPSEC(key_engine): got a queue event with 1 KMI message(s)

*Jan 29 01:35:30.521: IPSEC(policy_db_add_ident): src <INTERNET>, dest <ANDROID>, dest_port 4500

*Jan 29 01:35:30.521: IPSEC(create_sa): sa created,

  (sa) sa_dest= <INTERNET>, sa_proto= 50,

    sa_spi= 0x4878E485(1215882373),

    sa_trans= esp-aes esp-sha-hmac , sa_conn_id= 2055

*Jan 29 01:35:30.521: IPSEC(create_sa): sa created,

  (sa) sa_dest= <ANDROID>, sa_proto= 50,

    sa_spi= 0xEB65E76(246832758),

    sa_trans= esp-aes esp-sha-hmac , sa_conn_id= 2056

*Jan 29 01:35:30.521: ISAKMP:(1243):deleting SA reason "Receive initial contact" state (R) QM_IDLE       (peer <ANDROID>)

*Jan 29 01:35:30.521: ISAKMP:(0):Can't decrement IKE Call Admission Control stat incoming_active since it's already 0.

*Jan 29 01:35:30.521: ISAKMP: Unlocking peer struct 0x64B90268 for isadb_mark_sa_deleted(), count 1

*Jan 29 01:35:30.521: ISAKMP:(1243):deleting node -1196491908 error FALSE reason "IKE deleted"

*Jan 29 01:35:30.521: ISAKMP:(1243):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH

*Jan 29 01:35:30.521: ISAKMP:(1243):Old State = IKE_DEST_SA  New State = IKE_DEST_SA

*Jan 29 01:35:30.693: ISAKMP (0:1244): received packet from <ANDROID> dport 4500 sport 4500 Global (R) QM_IDLE

*Jan 29 01:35:30.693: ISAKMP:(1244):deleting node -849535221 error FALSE reason "QM done (await)"

*Jan 29 01:35:30.693: ISAKMP:(1244):Node -849535221, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH

*Jan 29 01:35:30.693: ISAKMP:(1244):Old State = IKE_QM_R_QM2  New State = IKE_QM_PHASE2_COMPLETE

*Jan 29 01:35:30.693: IPSEC(key_engine): got a queue event with 1 KMI message(s)

*Jan 29 01:35:30.693: IPSEC(key_engine_enable_outbound): rec'd enable notify from ISAKMP

*Jan 29 01:35:30.693: IPSEC(key_engine_enable_outbound): enable SA with spi 246832758/50

*Jan 29 01:35:30.693: IPSEC(update_current_outbound_sa): updated peer <ANDROID> current outbound sa to SPI EB65E76

*Jan 29 01:35:32.493: %INTERFACE_API-3-NODESTROYSUBBLOCK: The SWIDB subblock named SW FIB PENDING EVENT was not removed,  -Traceback= 0x60BB69F0 0x60365A1C 0x6036612C

Labels:
0 Helpful
5 Replies 5

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎01-29-2014 09:08 AM

Two things:

    protocol= ESP, transform= NONE  (Transport-UDP),
    lifedur= 0s and 0kb,
    spi= 0x0(0), conn_id= 0, keysize= 256, flags= 0x0
*Jan 29 01:33:06.425: IPSEC(ipsec_process_proposal): transform proposal not supported for identity:
    {esp-aes 256 esp-md5-hmac }

That does not look like a transform set you configured as the one to be used.

Second 

 %INTERFACE_API-3-NODESTROYSUBBLOCK: The SWIDB subblock named SW FIB PENDING EVENT was not removed,  -Traceback= 0x60BB69F0 0x60365A1C 0x6036612C

Does not appear to be healthy. Try a new version see if this messasge keeps popping up, open a TAC case.

0 Helpful

daniel.carlton
Level 1
Level 1
In response to Marcin Latosiewicz

‎01-29-2014 09:17 AM

Thanks. I fixed that transform set issue but still no lick. The proposals are chosen now:

*Jan 29 15:43:45.982: ISAKMP (0:0): received packet from dport 500 sport 500 Global (N) NEW SA

*Jan 29 15:43:45.982: ISAKMP: Created a peer struct for , peer port 500

*Jan 29 15:43:45.982: ISAKMP: New peer created peer = 0x63FCE984 peer_handle = 0x80000B6C

*Jan 29 15:43:45.986: ISAKMP: Locking peer struct 0x63FCE984, refcount 1 for crypto_isakmp_process_block

*Jan 29 15:43:45.986: ISAKMP: local port 500, remote port 500

*Jan 29 15:43:45.986: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 6409866C

*Jan 29 15:43:45.986: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH

*Jan 29 15:43:45.986: ISAKMP:(0):Old State = IKE_READY  New State = IKE_R_MM1

*Jan 29 15:43:45.986: ISAKMP:(0): processing SA payload. message ID = 0

*Jan 29 15:43:45.986: ISAKMP:(0): processing vendor id payload

*Jan 29 15:43:45.986: ISAKMP:(0): vendor ID seems Unity/DPD but major 69 mismatch

*Jan 29 15:43:45.986: ISAKMP (0:0): vendor ID is NAT-T RFC 3947

*Jan 29 15:43:45.986: ISAKMP:(0): processing vendor id payload

*Jan 29 15:43:45.986: ISAKMP:(0): vendor ID seems Unity/DPD but major 164 mismatch

*Jan 29 15:43:45.986: ISAKMP:(0): processing vendor id payload

*Jan 29 15:43:45.986: ISAKMP:(0): vendor ID seems Unity/DPD but major 123 mismatch

*Jan 29 15:43:45.986: ISAKMP:(0): vendor ID is NAT-T v2

*Jan 29 15:43:45.986: ISAKMP:(0): processing vendor id payload

*Jan 29 15:43:45.986: ISAKMP:(0): vendor ID seems Unity/DPD but major 221 mismatch

*Jan 29 15:43:45.986: ISAKMP:(0): processing vendor id payload

*Jan 29 15:43:45.986: ISAKMP:(0): processing IKE frag vendor id payload

*Jan 29 15:43:45.986: ISAKMP:(0): vendor ID is IKE Fragmentation

*Jan 29 15:43:45.986: ISAKMP:(0): MM Fragmentation supported

*Jan 29 15:43:45.986: ISAKMP:(0): processing vendor id payload

*Jan 29 15:43:45.986: ISAKMP:(0): vendor ID is DPD

*Jan 29 15:43:45.990: ISAKMP:(0):found peer pre-shared key matching

*Jan 29 15:43:45.990: ISAKMP:(0): local preshared key found

*Jan 29 15:43:45.990: ISAKMP : Scanning profiles for xauth ...

*Jan 29 15:43:45.990: ISAKMP:(0):Checking ISAKMP transform 1 against priority 1 policy

*Jan 29 15:43:45.990: ISAKMP:      life type in seconds

*Jan 29 15:43:45.990: ISAKMP:      life duration (basic) of 28800

*Jan 29 15:43:45.990: ISAKMP:      encryption AES-CBC

*Jan 29 15:43:45.990: ISAKMP:      keylength of 256

*Jan 29 15:43:45.990: ISAKMP:      auth pre-share

*Jan 29 15:43:45.990: ISAKMP:      hash SHA

*Jan 29 15:43:45.990: ISAKMP:      default group 2

*Jan 29 15:43:45.990: ISAKMP:(0):Encryption algorithm offered does not match policy!

*Jan 29 15:43:45.990: ISAKMP:(0):atts are not acceptable. Next payload is 3

*Jan 29 15:43:45.990: ISAKMP:(0):Checking ISAKMP transform 2 against priority 1 policy

*Jan 29 15:43:45.990: ISAKMP:      life type in seconds

*Jan 29 15:43:45.990: ISAKMP:      life duration (basic) of 28800

*Jan 29 15:43:45.990: ISAKMP:      encryption AES-CBC

*Jan 29 15:43:45.990: ISAKMP:      keylength of 256

*Jan 29 15:43:45.990: ISAKMP:      auth pre-share

*Jan 29 15:43:45.990: ISAKMP:      hash MD5

*Jan 29 15:43:45.990: ISAKMP:      default group 2

*Jan 29 15:43:45.990: ISAKMP:(0):Encryption algorithm offered does not match policy!

*Jan 29 15:43:45.990: ISAKMP:(0):atts are not acceptable. Next payload is 3

*Jan 29 15:43:45.990: ISAKMP:(0):Checking ISAKMP transform 3 against priority 1 policy

*Jan 29 15:43:45.990: ISAKMP:      life type in seconds

*Jan 29 15:43:45.990: ISAKMP:      life duration (basic) of 28800

*Jan 29 15:43:45.990: ISAKMP:      encryption AES-CBC

*Jan 29 15:43:45.990: ISAKMP:      keylength of 128

*Jan 29 15:43:45.990: ISAKMP:      auth pre-share

*Jan 29 15:43:45.990: ISAKMP:      hash SHA

*Jan 29 15:43:45.990: ISAKMP:      default group 2

*Jan 29 15:43:45.990: ISAKMP:(0):Encryption algorithm offered does not match policy!

*Jan 29 15:43:45.990: ISAKMP:(0):atts are not acceptable. Next payload is 3

*Jan 29 15:43:45.990: ISAKMP:(0):Checking ISAKMP transform 4 against priority 1 policy

*Jan 29 15:43:45.990: ISAKMP:      life type in seconds

*Jan 29 15:43:45.990: ISAKMP:      life duration (basic) of 28800

*Jan 29 15:43:45.990: ISAKMP:      encryption AES-CBC

*Jan 29 15:43:45.990: ISAKMP:      keylength of 128

*Jan 29 15:43:45.990: ISAKMP:      auth pre-share

*Jan 29 15:43:45.990: ISAKMP:      hash MD5

*Jan 29 15:43:45.990: ISAKMP:      default group 2

*Jan 29 15:43:45.990: ISAKMP:(0):Encryption algorithm offered does not match policy!

*Jan 29 15:43:45.990: ISAKMP:(0):atts are not acceptable. Next payload is 3

*Jan 29 15:43:45.990: ISAKMP:(0):Checking ISAKMP transform 5 against priority 1 policy

*Jan 29 15:43:45.990: ISAKMP:      life type in seconds

*Jan 29 15:43:45.990: ISAKMP:      life duration (basic) of 28800

*Jan 29 15:43:45.990: ISAKMP:      encryption 3DES-CBC

*Jan 29 15:43:45.990: ISAKMP:      auth pre-share

*Jan 29 15:43:45.990: ISAKMP:      hash SHA

*Jan 29 15:43:45.994: ISAKMP:      default group 2

*Jan 29 15:43:45.994: ISAKMP:(0):atts are acceptable. Next payload is 3

*Jan 29 15:43:45.994: ISAKMP:(0):Acceptable atts:actual life: 3600

*Jan 29 15:43:45.994: ISAKMP:(0):Acceptable atts:life: 0

*Jan 29 15:43:45.994: ISAKMP:(0):Basic life_in_seconds:28800

*Jan 29 15:43:45.994: ISAKMP:(0):Returning Actual lifetime: 3600

*Jan 29 15:43:45.994: ISAKMP:(0)::Started lifetime timer: 3600.

*Jan 29 15:43:45.994: ISAKMP:(0): processing vendor id payload

*Jan 29 15:43:45.994: ISAKMP:(0): vendor ID seems Unity/DPD but major 69 mismatch

*Jan 29 15:43:45.994: ISAKMP (0:0): vendor ID is NAT-T RFC 3947

*Jan 29 15:43:45.994: ISAKMP:(0): processing vendor id payload

*Jan 29 15:43:45.994: ISAKMP:(0): vendor ID seems Unity/DPD but major 164 mismatch

*Jan 29 15:43:45.994: ISAKMP:(0): processing vendor id payload

*Jan 29 15:43:45.994: ISAKMP:(0): vendor ID seems Unity/DPD but major 123 mismatch

*Jan 29 15:43:45.994: ISAKMP:(0): vendor ID is NAT-T v2

*Jan 29 15:43:45.994: ISAKMP:(0): processing vendor id payload

*Jan 29 15:43:45.994: ISAKMP:(0): vendor ID seems Unity/DPD but major 221 mismatch

*Jan 29 15:43:45.994: ISAKMP:(0): processing vendor id payload

*Jan 29 15:43:45.994: ISAKMP:(0): processing IKE frag vendor id payload

*Jan 29 15:43:45.994: ISAKMP:(0): vendor ID is IKE Fragmentation

*Jan 29 15:43:45.994: ISAKMP:(0): MM Fragmentation supported

*Jan 29 15:43:45.994: ISAKMP:(0): processing vendor id payload

*Jan 29 15:43:45.994: ISAKMP:(0): vendor ID is DPD

*Jan 29 15:43:45.994: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE

*Jan 29 15:43:45.994: ISAKMP:(0):Old State = IKE_R_MM1  New State = IKE_R_MM1

*Jan 29 15:43:45.998: ISAKMP:(0):sending IKE_FRAG vendor ID

*Jan 29 15:43:45.998: ISAKMP:(0): constructed NAT-T vendor-rfc3947 ID

*Jan 29 15:43:45.998: ISAKMP:(0): sending packet to my_port 500 peer_port 500 (R) MM_SA_SETUP

*Jan 29 15:43:45.998: ISAKMP:(0):Sending an IKE IPv4 Packet.

*Jan 29 15:43:45.998: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE

*Jan 29 15:43:45.998: ISAKMP:(0):Old State = IKE_R_MM1  New State = IKE_R_MM2

*Jan 29 15:43:46.194: ISAKMP (0:0): received packet from dport 500 sport 500 Global (R) MM_SA_SETUP

*Jan 29 15:43:46.194: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH

*Jan 29 15:43:46.194: ISAKMP:(0):Old State = IKE_R_MM2  New State = IKE_R_MM3

*Jan 29 15:43:46.194: ISAKMP:(0): processing KE payload. message ID = 0

*Jan 29 15:43:46.262: ISAKMP:(0): processing NONCE payload. message ID = 0

*Jan 29 15:43:46.262: ISAKMP:(0):found peer pre-shared key matching

*Jan 29 15:43:46.262: ISAKMP:received payload type 20

*Jan 29 15:43:46.262: ISAKMP:received payload type 20

*Jan 29 15:43:46.266: ISAKMP (0:1299): NAT found, the node outside NAT

*Jan 29 15:43:46.266: ISAKMP:(1299):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE

*Jan 29 15:43:46.266: ISAKMP:(1299):Old State = IKE_R_MM3  New State = IKE_R_MM3

*Jan 29 15:43:46.266: ISAKMP:(1299): sending packet to my_port 500 peer_port 500 (R) MM_KEY_EXCH

*Jan 29 15:43:46.266: ISAKMP:(1299):Sending an IKE IPv4 Packet.

*Jan 29 15:43:46.266: ISAKMP:(1299):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE

*Jan 29 15:43:46.266: ISAKMP:(1299):Old State = IKE_R_MM3  New State = IKE_R_MM4

*Jan 29 15:43:46.450: ISAKMP (0:1299): received packet from dport 4500 sport 4500 Global (R) MM_KEY_EXCH

*Jan 29 15:43:46.454: ISAKMP:(1299):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH

*Jan 29 15:43:46.454: ISAKMP:(1299):Old State = IKE_R_MM4  New State = IKE_R_MM5

*Jan 29 15:43:46.454: ISAKMP:(1299): processing ID payload. message ID = 0

*Jan 29 15:43:46.454: ISAKMP (0:1299): ID payload

        next-payload : 8

        type         : 1

        address      : 192.170.100.113

        protocol     : 17

        port         : 500

        length       : 12

*Jan 29 15:43:46.454: ISAKMP:(0):: peer matches *none* of the profiles

*Jan 29 15:43:46.454: ISAKMP:(1299): processing HASH payload. message ID = 0

*Jan 29 15:43:46.454: ISAKMP:(1299):SA authentication status:

        authenticated

*Jan 29 15:43:46.454: ISAKMP:(1299):SA has been authenticated with

*Jan 29 15:43:46.454: ISAKMP:(1299):Detected port floating to port = 4500

*Jan 29 15:43:46.454: ISAKMP: Trying to insert a peer //4500/,  and found existing one 655D4AF4 to reuse, free 63FCE984

*Jan 29 15:43:46.454: ISAKMP: Unlocking peer struct 0x63FCE984 Reuse existing peer, count 0

*Jan 29 15:43:46.454: ISAKMP: Deleting peer node by peer_reap for : 63FCE984

*Jan 29 15:43:46.454: ISAKMP: Locking peer struct 0x655D4AF4, refcount 2 for Reuse existing peer

*Jan 29 15:43:46.454: ISAKMP:(1299):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE

*Jan 29 15:43:46.454: ISAKMP:(1299):Old State = IKE_R_MM5  New State = IKE_R_MM5

*Jan 29 15:43:46.454: IPSEC(key_engine): got a queue event with 1 KMI message(s)

*Jan 29 15:43:46.458: ISAKMP:(1299):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR

*Jan 29 15:43:46.458: ISAKMP (0:1299): ID payload

        next-payload : 8

        type         : 1

        address      :

        protocol     : 17

        port         : 0

        length       : 12

*Jan 29 15:43:46.458: ISAKMP:(1299):Total payload length: 12

*Jan 29 15:43:46.458: ISAKMP:(1299): sending packet to my_port 4500 peer_port 4500 (R) MM_KEY_EXCH

*Jan 29 15:43:46.458: ISAKMP:(1299):Sending an IKE IPv4 Packet.

*Jan 29 15:43:46.458: ISAKMP:(1299):Returning Actual lifetime: 3600

*Jan 29 15:43:46.458: ISAKMP: set new node -2086118910 to QM_IDLE

*Jan 29 15:43:46.458: ISAKMP:(1299):Sending NOTIFY RESPONDER_LIFETIME protocol 1

        spi 1688401496, message ID = -2086118910

*Jan 29 15:43:46.458: ISAKMP:(1299): sending packet to my_port 4500 peer_port 4500 (R) MM_KEY_EXCH

*Jan 29 15:43:46.458: ISAKMP:(1299):Sending an IKE IPv4 Packet.

*Jan 29 15:43:46.458: ISAKMP:(1299):purging node -2086118910

*Jan 29 15:43:46.462: ISAKMP: Sending phase 1 responder lifetime 3600

*Jan 29 15:43:46.462: ISAKMP:(1299):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE

*Jan 29 15:43:46.462: ISAKMP:(1299):Old State = IKE_R_MM5  New State = IKE_P1_COMPLETE

*Jan 29 15:43:46.462: ISAKMP:(1299):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE

*Jan 29 15:43:46.462: ISAKMP:(1299):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE

*Jan 29 15:43:46.590: ISAKMP (0:1299): received packet from dport 4500 sport 4500 Global (R) QM_IDLE

*Jan 29 15:43:46.590: ISAKMP: set new node -825415819 to QM_IDLE

*Jan 29 15:43:46.590: ISAKMP:(1299): processing HASH payload. message ID = -825415819

*Jan 29 15:43:46.590: ISAKMP:(1299): processing NOTIFY INITIAL_CONTACT protocol 1

        spi 0, message ID = -825415819, sa = 6409866C

*Jan 29 15:43:46.590: ISAKMP:(1299):SA authentication status:

        authenticated

*Jan 29 15:43:46.590: ISAKMP:(1299): Process initial contact,

bring down existing phase 1 and 2 SA's with local remote remote port 4500

*Jan 29 15:43:46.590: ISAKMP:(1298):received initial contact, deleting SA

*Jan 29 15:43:46.590: ISAKMP:(1298):peer does not do paranoid keepalives.

*Jan 29 15:43:46.590: ISAKMP:(1298):deleting SA reason "Receive initial contact" state (R) QM_IDLE       (peer )

*Jan 29 15:43:46.594: ISAKMP:(1299):deleting node -825415819 error FALSE reason "Informational (in) state 1"

*Jan 29 15:43:46.594: ISAKMP:(1299):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY

*Jan 29 15:43:46.594: ISAKMP:(1299):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE

*Jan 29 15:43:46.594: IPSEC(key_engine): got a queue event with 1 KMI message(s)

*Jan 29 15:43:46.594: Delete IPsec SA by IC, local remote peer port 4500

*Jan 29 15:43:46.594: IPSEC(delete_sa): deleting SA,

  (sa) sa_dest= , sa_proto= 50,

    sa_spi= 0x1195A763(295020387),

    sa_trans= esp-aes 256 esp-sha-hmac , sa_conn_id= 2093,

  (identity) local= , remote= ,

    local_proxy= /255.255.255.255/17/1701 (type=1),

    remote_proxy= /255.255.255.255/17/4500 (type=1)

*Jan 29 15:43:46.594: IPSEC(update_current_outbound_sa): updated peer current outbound sa to SPI 0

*Jan 29 15:43:46.594: IPSEC(delete_sa): deleting SA,

  (sa) sa_dest= , sa_proto= 50,

    sa_spi= 0x33196AE(53581486),

    sa_trans= esp-aes 256 esp-sha-hmac , sa_conn_id= 2094,

  (identity) local= , remote= ,

    local_proxy= /255.255.255.255/17/1701 (type=1),

    remote_proxy= /255.255.255.255/17/4500 (type=1)

*Jan 29 15:43:46.598: ISAKMP: set new node -1056199272 to QM_IDLE

*Jan 29 15:43:46.598: ISAKMP:(1298):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL

*Jan 29 15:43:46.598: ISAKMP:(1298):Old State = IKE_P1_COMPLETE  New State = IKE_DEST_SA

*Jan 29 15:43:46.598: ISAKMP: set new node -167706179 to QM_IDLE

*Jan 29 15:43:46.598: ISAKMP:(1299): sending packet to my_port 4500 peer_port 4500 (R) QM_IDLE

*Jan 29 15:43:46.598: ISAKMP:(1299):Sending an IKE IPv4 Packet.

*Jan 29 15:43:46.598: ISAKMP:(1299):purging node -167706179

*Jan 29 15:43:46.598: ISAKMP:(1299):Input = IKE_MESG_FROM_IPSEC, IKE_PHASE2_DEL

*Jan 29 15:43:46.598: ISAKMP:(1299):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE

*Jan 29 15:43:46.602: ISAKMP:(1298):deleting SA reason "Receive initial contact" state (R) QM_IDLE       (peer )

*Jan 29 15:43:46.602: ISAKMP:(0):Can't decrement IKE Call Admission Control stat incoming_active since it's already 0.

*Jan 29 15:43:46.602: ISAKMP: Unlocking peer struct 0x655D4AF4 for isadb_mark_sa_deleted(), count 1

*Jan 29 15:43:46.602: ISAKMP:(1298):deleting node -1056199272 error FALSE reason "IKE deleted"

*Jan 29 15:43:46.602: ISAKMP:(1298):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH

*Jan 29 15:43:46.602: ISAKMP:(1298):Old State = IKE_DEST_SA  New State = IKE_DEST_SA

*Jan 29 15:43:47.750: ISAKMP (0:1299): received packet from dport 4500 sport 4500 Global (R) QM_IDLE

*Jan 29 15:43:47.750: ISAKMP: set new node -930304950 to QM_IDLE

*Jan 29 15:43:47.750: ISAKMP:(1299): processing HASH payload. message ID = -930304950

*Jan 29 15:43:47.750: ISAKMP:(1299): processing SA payload. message ID = -930304950

*Jan 29 15:43:47.750: ISAKMP:(1299):Checking IPSec proposal 1

*Jan 29 15:43:47.750: ISAKMP: transform 1, ESP_AES

*Jan 29 15:43:47.750: ISAKMP:   attributes in transform:

*Jan 29 15:43:47.750: ISAKMP:      SA life type in seconds

*Jan 29 15:43:47.750: ISAKMP:      SA life duration (basic) of 28800

*Jan 29 15:43:47.750: ISAKMP:      encaps is 4 (Transport-UDP)

*Jan 29 15:43:47.750: ISAKMP:      key length is 256

*Jan 29 15:43:47.750: ISAKMP:      authenticator is HMAC-SHA

*Jan 29 15:43:47.750: ISAKMP:(1299):atts are acceptable.

*Jan 29 15:43:47.750: ISAKMP:(1299):Checking IPSec proposal 1

*Jan 29 15:43:47.750: ISAKMP: transform 2, ESP_AES

*Jan 29 15:43:47.750: ISAKMP:   attributes in transform:

*Jan 29 15:43:47.750: ISAKMP:      SA life type in seconds

*Jan 29 15:43:47.750: ISAKMP:      SA life duration (basic) of 28800

*Jan 29 15:43:47.750: ISAKMP:      encaps is 4 (Transport-UDP)

*Jan 29 15:43:47.750: ISAKMP:      key length is 256

*Jan 29 15:43:47.750: ISAKMP:      authenticator is HMAC-MD5

*Jan 29 15:43:47.754: ISAKMP:(1299):atts are acceptable.

*Jan 29 15:43:47.754: ISAKMP:(1299):Checking IPSec proposal 1

*Jan 29 15:43:47.754: ISAKMP: transform 3, ESP_AES

*Jan 29 15:43:47.754: ISAKMP:   attributes in transform:

*Jan 29 15:43:47.754: ISAKMP:      SA life type in seconds

*Jan 29 15:43:47.754: ISAKMP:      SA life duration (basic) of 28800

*Jan 29 15:43:47.754: ISAKMP:      encaps is 4 (Transport-UDP)

*Jan 29 15:43:47.754: ISAKMP:      key length is 128

*Jan 29 15:43:47.754: ISAKMP:      authenticator is HMAC-SHA

*Jan 29 15:43:47.754: ISAKMP:(1299):atts are acceptable.

*Jan 29 15:43:47.754: ISAKMP:(1299):Checking IPSec proposal 1

*Jan 29 15:43:47.754: ISAKMP: transform 4, ESP_AES

*Jan 29 15:43:47.754: ISAKMP:   attributes in transform:

*Jan 29 15:43:47.754: ISAKMP:      SA life type in seconds

*Jan 29 15:43:47.754: ISAKMP:      SA life duration (basic) of 28800

*Jan 29 15:43:47.754: ISAKMP:      encaps is 4 (Transport-UDP)

*Jan 29 15:43:47.754: ISAKMP:      key length is 128

*Jan 29 15:43:47.754: ISAKMP:      authenticator is HMAC-MD5

*Jan 29 15:43:47.754: ISAKMP:(1299):atts are acceptable.

*Jan 29 15:43:47.754: ISAKMP:(1299):Checking IPSec proposal 1

*Jan 29 15:43:47.754: ISAKMP: transform 5, ESP_3DES

*Jan 29 15:43:47.754: ISAKMP:   attributes in transform:

*Jan 29 15:43:47.754: ISAKMP:      SA life type in seconds

*Jan 29 15:43:47.754: ISAKMP:      SA life duration (basic) of 28800

*Jan 29 15:43:47.754: ISAKMP:      encaps is 4 (Transport-UDP)

*Jan 29 15:43:47.754: ISAKMP:      authenticator is HMAC-SHA

*Jan 29 15:43:47.754: ISAKMP:(1299):atts are acceptable.

*Jan 29 15:43:47.754: ISAKMP:(1299):Checking IPSec proposal 1

*Jan 29 15:43:47.754: ISAKMP: transform 6, ESP_3DES

*Jan 29 15:43:47.754: ISAKMP:   attributes in transform:

*Jan 29 15:43:47.754: ISAKMP:      SA life type in seconds

*Jan 29 15:43:47.754: ISAKMP:      SA life duration (basic) of 28800

*Jan 29 15:43:47.754: ISAKMP:      encaps is 4 (Transport-UDP)

*Jan 29 15:43:47.754: ISAKMP:      authenticator is HMAC-MD5

*Jan 29 15:43:47.754: ISAKMP:(1299):atts are acceptable.

*Jan 29 15:43:47.754: ISAKMP:(1299):Checking IPSec proposal 1

*Jan 29 15:43:47.754: ISAKMP: transform 7, ESP_DES

*Jan 29 15:43:47.754: ISAKMP:   attributes in transform:

*Jan 29 15:43:47.754: ISAKMP:      SA life type in seconds

*Jan 29 15:43:47.754: ISAKMP:      SA life duration (basic) of 28800

*Jan 29 15:43:47.754: ISAKMP:      encaps is 4 (Transport-UDP)

*Jan 29 15:43:47.754: ISAKMP:      authenticator is HMAC-SHA

*Jan 29 15:43:47.754: ISAKMP:(1299):atts are acceptable.

*Jan 29 15:43:47.754: ISAKMP:(1299):Checking IPSec proposal 1

*Jan 29 15:43:47.754: ISAKMP: transform 8, ESP_DES

*Jan 29 15:43:47.754: ISAKMP:   attributes in transform:

*Jan 29 15:43:47.754: ISAKMP:      SA life type in seconds

*Jan 29 15:43:47.754: ISAKMP:      SA life duration (basic) of 28800

*Jan 29 15:43:47.754: ISAKMP:      encaps is 4 (Transport-UDP)

*Jan 29 15:43:47.754: ISAKMP:      authenticator is HMAC-MD5

*Jan 29 15:43:47.754: ISAKMP:(1299):atts are acceptable.

*Jan 29 15:43:47.758: IPSEC(validate_proposal_request): proposal part #1

*Jan 29 15:43:47.758: IPSEC(validate_proposal_request): proposal part #1,

  (key eng. msg.) INBOUND local= , remote= ,

    local_proxy= /255.255.255.255/17/1701 (type=1),

    remote_proxy= /255.255.255.255/17/0 (type=1),

    protocol= ESP, transform= NONE  (Transport-UDP),

    lifedur= 0s and 0kb,

    spi= 0x0(0), conn_id= 0, keysize= 256, flags= 0x0

*Jan 29 15:43:47.758: ISAKMP:(1299): processing NONCE payload. message ID = -930304950

*Jan 29 15:43:47.758: ISAKMP:(1299): processing ID payload. message ID = -930304950

*Jan 29 15:43:47.758: ISAKMP:(1299): processing ID payload. message ID = -930304950

*Jan 29 15:43:47.758: ISAKMP:(1299):QM Responder gets spi

*Jan 29 15:43:47.758: ISAKMP:(1299):Node -930304950, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH

*Jan 29 15:43:47.758: ISAKMP:(1299):Old State = IKE_QM_READY  New State = IKE_QM_SPI_STARVE

*Jan 29 15:43:47.758: ISAKMP:(1299): Creating IPSec SAs

*Jan 29 15:43:47.762:         inbound SA from to (f/i)  0/ 0

        (proxy to )

*Jan 29 15:43:47.762:         has spi 0x9E62C88A and conn_id 0

*Jan 29 15:43:47.762:         lifetime of 28800 seconds

*Jan 29 15:43:47.762:         outbound SA from to (f/i) 0/0

        (proxy to )

*Jan 29 15:43:47.762:         has spi  0x560114E and conn_id 0

*Jan 29 15:43:47.762:         lifetime of 28800 seconds

*Jan 29 15:43:47.762: ISAKMP:(1299): sending packet to my_port 4500 peer_port 4500 (R) QM_IDLE

*Jan 29 15:43:47.762: ISAKMP:(1299):Sending an IKE IPv4 Packet.

*Jan 29 15:43:47.762: ISAKMP:(1299):Node -930304950, Input = IKE_MESG_INTERNAL, IKE_GOT_SPI

*Jan 29 15:43:47.762: ISAKMP:(1299):Old State = IKE_QM_SPI_STARVE  New State = IKE_QM_R_QM2

*Jan 29 15:43:47.762: IPSEC(key_engine): got a queue event with 1 KMI message(s)

*Jan 29 15:43:47.762: IPSEC(policy_db_add_ident): src , dest , dest_port 4500

*Jan 29 15:43:47.762: IPSEC(create_sa): sa created,

  (sa) sa_dest= , sa_proto= 50,

    sa_spi= 0x9E62C88A(2657273994),

    sa_trans= esp-aes 256 esp-sha-hmac , sa_conn_id= 2095

*Jan 29 15:43:47.762: IPSEC(create_sa): sa created,

  (sa) sa_dest= , sa_proto= 50,

    sa_spi= 0x560114E(90181966),

    sa_trans= esp-aes 256 esp-sha-hmac , sa_conn_id= 2096

*Jan 29 15:43:47.886: ISAKMP (0:1299): received packet from dport 4500 sport 4500 Global (R) QM_IDLE

*Jan 29 15:43:47.890: ISAKMP:(1299):deleting node -930304950 error FALSE reason "QM done (await)"

*Jan 29 15:43:47.890: ISAKMP:(1299):Node -930304950, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH

*Jan 29 15:43:47.890: ISAKMP:(1299):Old State = IKE_QM_R_QM2  New State = IKE_QM_PHASE2_COMPLETE

*Jan 29 15:43:47.890: IPSEC(key_engine): got a queue event with 1 KMI message(s)

*Jan 29 15:43:47.890: IPSEC(key_engine_enable_outbound): rec'd enable notify from ISAKMP

*Jan 29 15:43:47.890: IPSEC(key_engine_enable_outbound): enable SA with spi 90181966/50

*Jan 29 15:43:47.890: IPSEC(update_current_outbound_sa): updated peer current outbound sa to SPI 560114E

*Jan 29 15:44:10.598: ISAKMP:(1296):purging node -1355843683

*Jan 29 15:44:10.598: ISAKMP:(1296):purging node 547877735

*Jan 29 15:44:10.598: ISAKMP:(1296):purging node -1647095265

*Jan 29 15:44:20.598: ISAKMP:(1296):purging SA., sa=640A43BC, delme=640A43BC

0 Helpful

Marcin Latosiewicz
Cisco Employee
Cisco Employee
In response to daniel.carlton

‎01-29-2014 09:28 AM

TBH, doesn't look like there's anything wrong with IPsec on this end (I'm stressing out _IPsec_ and _this_ end).

0 Helpful

daniel.carlton
Level 1
Level 1
In response to Marcin Latosiewicz

‎01-29-2014 09:36 AM

Yeah, that is why I am stumped. And iOS devices work fine.

0 Helpful

GEC
Level 1
Level 1
In response to daniel.carlton

‎10-06-2017 08:12 PM

I have exactly the same problem with Android 8.0 connecting Cisco ISR 4000, IOS XE version 16.6 while Windows 10 and iPhone/iPad IOS 11.0.2 work perfectly. I managed to find an old Android 4.1 for testing the connection. No luck either. Seems Android phones don't fit Cisco routers L2TP/IPSec tunnel at all.

0 Helpful
Customers Also Viewed These Support Documents