Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
833
Views
0
Helpful
3
Replies

VPN remote-access without encryption and hashing

gaboughanem
Level 1
Level 1

‎05-30-2012 05:51 AM - edited ‎02-21-2020 06:06 PM

Hello,

I am trying to setup a remote-access vpn (client device is an iphone or PC) on asa 8.0 with a transform-set without encryption and without hashing ( crypto ipsec transform-set noenc esp-null esp-none ).  In this scenario, it does not work and all gives me "phase 2 mismatch" ...below is the debug of isakmp and ipsec.

Has anyone done this before or any idea if it works with and empty transform-set.? Can this be done?

i tried to change the transform set by using hashing without encryption (crypto ipsec transform-set myset esp-null esp-sha-hmac). it worked on the PC but not the iphone. my target is for the iphone to work.

Any feedback is much appreciated.

Regards,

George

ciscoasa# sh cry
ciscoasa# sh crypto isa sa

There are no isakmp sas
ciscoasa# ter mon
ciscoasa# May 29 23:33:44 [IKEv1]: IP = 91.232.100.3, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 741
May 29 23:33:44 [IKEv1 DEBUG]: IP = 91.232.100.3, processing SA payload
May 29 23:33:44 [IKEv1 DEBUG]: IP = 91.232.100.3, processing ke payload
May 29 23:33:44 [IKEv1 DEBUG]: IP = 91.232.100.3, processing ISA_KE payload
May 29 23:33:44 [IKEv1 DEBUG]: IP = 91.232.100.3, processing nonce payload
May 29 23:33:44 [IKEv1 DEBUG]: IP = 91.232.100.3, processing ID payload
May 29 23:33:44 [IKEv1 DEBUG]: IP = 91.232.100.3, processing VID payload
May 29 23:33:44 [IKEv1 DEBUG]: IP = 91.232.100.3, Received NAT-Traversal RFC VID
May 29 23:33:44 [IKEv1 DEBUG]: IP = 91.232.100.3, processing VID payload
May 29 23:33:44 [IKEv1 DEBUG]: IP = 91.232.100.3, processing VID payload
May 29 23:33:44 [IKEv1 DEBUG]: IP = 91.232.100.3, processing VID payload
May 29 23:33:44 [IKEv1 DEBUG]: IP = 91.232.100.3, processing VID payload
May 29 23:33:44 [IKEv1 DEBUG]: IP = 91.232.100.3, processing VID payload
May 29 23:33:44 [IKEv1 DEBUG]: IP = 91.232.100.3, processing VID payload
May 29 23:33:44 [IKEv1 DEBUG]: IP = 91.232.100.3, processing VID payload
May 29 23:33:44 [IKEv1 DEBUG]: IP = 91.232.100.3, Received NAT-Traversal ver 03 VID
May 29 23:33:44 [IKEv1 DEBUG]: IP = 91.232.100.3, processing VID payload
May 29 23:33:44 [IKEv1 DEBUG]: IP = 91.232.100.3, processing VID payload
May 29 23:33:44 [IKEv1 DEBUG]: IP = 91.232.100.3, Received NAT-Traversal ver 02 VID
May 29 23:33:44 [IKEv1 DEBUG]: IP = 91.232.100.3, processing VID payload
May 29 23:33:44 [IKEv1 DEBUG]: IP = 91.232.100.3, Received xauth V6 VID
May 29 23:33:44 [IKEv1 DEBUG]: IP = 91.232.100.3, processing VID payload
May 29 23:33:44 [IKEv1 DEBUG]: IP = 91.232.100.3, Received Cisco Unity client VID
May 29 23:33:44 [IKEv1 DEBUG]: IP = 91.232.100.3, processing VID payload
May 29 23:33:44 [IKEv1 DEBUG]: IP = 91.232.100.3, Received DPD VID
May 29 23:33:44 [IKEv1]: IP = 91.232.100.3, Connection landed on tunnel_group iPh0neVpn
May 29 23:33:44 [IKEv1 DEBUG]: Group = iPh0neVpn, IP = 91.232.100.3, processing IKE SA payload
May 29 23:33:44 [IKEv1 DEBUG]: Group = iPh0neVpn, IP = 91.232.100.3, IKE SA Proposal # 1, Transform # 2 acceptable  Matches global IKE entry # 1
May 29 23:33:44 [IKEv1 DEBUG]: Group = iPh0neVpn, IP = 91.232.100.3, constructing ISAKMP SA payload
May 29 23:33:44 [IKEv1 DEBUG]: Group = iPh0neVpn, IP = 91.232.100.3, constructing ke payload
May 29 23:33:44 [IKEv1 DEBUG]: Group = iPh0neVpn, IP = 91.232.100.3, constructing nonce payload
May 29 23:33:44 [IKEv1 DEBUG]: Group = iPh0neVpn, IP = 91.232.100.3, Generating keys for Responder...
May 29 23:33:44 [IKEv1 DEBUG]: Group = iPh0neVpn, IP = 91.232.100.3, constructing ID payload
May 29 23:33:44 [IKEv1 DEBUG]: Group = iPh0neVpn, IP = 91.232.100.3, constructing hash payload
May 29 23:33:44 [IKEv1 DEBUG]: Group = iPh0neVpn, IP = 91.232.100.3, Computing hash for ISAKMP
May 29 23:33:44 [IKEv1 DEBUG]: Group = iPh0neVpn, IP = 91.232.100.3, constructing Cisco Unity VID payload
May 29 23:33:44 [IKEv1 DEBUG]: Group = iPh0neVpn, IP = 91.232.100.3, constructing xauth V6 VID payload
May 29 23:33:44 [IKEv1 DEBUG]: Group = iPh0neVpn, IP = 91.232.100.3, constructing dpd vid payload
May 29 23:33:44 [IKEv1 DEBUG]: Group = iPh0neVpn, IP = 91.232.100.3, constructing NAT-Traversal VID ver 02 payload
May 29 23:33:44 [IKEv1 DEBUG]: Group = iPh0neVpn, IP = 91.232.100.3, constructing NAT-Discovery payload
May 29 23:33:44 [IKEv1 DEBUG]: Group = iPh0neVpn, IP = 91.232.100.3, computing NAT Discovery hash
May 29 23:33:44 [IKEv1 DEBUG]: Group = iPh0neVpn, IP = 91.232.100.3, constructing NAT-Discovery payload
May 29 23:33:44 [IKEv1 DEBUG]: Group = iPh0neVpn, IP = 91.232.100.3, computing NAT Discovery hash
May 29 23:33:44 [IKEv1 DEBUG]: Group = iPh0neVpn, IP = 91.232.100.3, constructing Fragmentation VID + extended capabilities payload
May 29 23:33:44 [IKEv1 DEBUG]: Group = iPh0neVpn, IP = 91.232.100.3, constructing VID payload
May 29 23:33:44 [IKEv1 DEBUG]: Group = iPh0neVpn, IP = 91.232.100.3, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
May 29 23:33:44 [IKEv1]: IP = 91.232.100.3, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + HASH (8) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (130) + NAT-D (130) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 440
May 29 23:33:45 [IKEv1]: IP = 91.232.100.3, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + HASH (8) + NAT-D (130) + NAT-D (130) + NOTIFY (11) + NONE (0) total length : 128
May 29 23:33:45 [IKEv1 DEBUG]: Group = iPh0neVpn, IP = 91.232.100.3, processing hash payload
May 29 23:33:45 [IKEv1 DEBUG]: Group = iPh0neVpn, IP = 91.232.100.3, Computing hash for ISAKMP
May 29 23:33:45 [IKEv1 DEBUG]: Group = iPh0neVpn, IP = 91.232.100.3, processing NAT-Discovery payload
May 29 23:33:45 [IKEv1 DEBUG]: Group = iPh0neVpn, IP = 91.232.100.3, computing NAT Discovery hash
May 29 23:33:45 [IKEv1 DEBUG]: Group = iPh0neVpn, IP = 91.232.100.3, processing NAT-Discovery payload
May 29 23:33:45 [IKEv1 DEBUG]: Group = iPh0neVpn, IP = 91.232.100.3, computing NAT Discovery hash
May 29 23:33:45 [IKEv1 DEBUG]: Group = iPh0neVpn, IP = 91.232.100.3, processing notify payload
May 29 23:33:45 [IKEv1]: Group = iPh0neVpn, IP = 91.232.100.3, Automatic NAT Detection Status:     Remote end   IS   behind a NAT device     This   end   IS   behind a NAT device
May 29 23:33:45 [IKEv1 DEBUG]: Group = iPh0neVpn, IP = 91.232.100.3, constructing blank hash payload
May 29 23:33:45 [IKEv1 DEBUG]: Group = iPh0neVpn, IP = 91.232.100.3, constructing qm hash payload
May 29 23:33:45 [IKEv1]: IP = 91.232.100.3, IKE_DECODE SENDING Message (msgid=f7ddcfb) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 72
May 29 23:33:52 [IKEv1]: IP = 91.232.100.3, IKE_DECODE RECEIVED Message (msgid=f7ddcfb) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 78
May 29 23:33:52 [IKEv1 DEBUG]: Group = iPh0neVpn, IP = 91.232.100.3, process_attr(): Enter!
May 29 23:33:52 [IKEv1 DEBUG]: Group = iPh0neVpn, IP = 91.232.100.3, Processing MODE_CFG Reply attributes.
May 29 23:33:52 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, IKEGetUserAttributes: primary DNS = cleared
May 29 23:33:52 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, IKEGetUserAttributes: secondary DNS = cleared
May 29 23:33:52 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, IKEGetUserAttributes: primary WINS = cleared
May 29 23:33:52 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, IKEGetUserAttributes: secondary WINS = cleared
May 29 23:33:52 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, IKEGetUserAttributes: split tunneling list = split
May 29 23:33:52 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, IKEGetUserAttributes: default domain = dcgroup.com
May 29 23:33:52 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, IKEGetUserAttributes: split DNS list = 192.168.2.20,
May 29 23:33:52 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, IKEGetUserAttributes: IP Compression = disabled
May 29 23:33:52 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, IKEGetUserAttributes: Split Tunneling Policy = Split Network
May 29 23:33:52 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, IKEGetUserAttributes: Browser Proxy Setting = no-modify
May 29 23:33:52 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, IKEGetUserAttributes: Browser Proxy Bypass Local = disable
May 29 23:33:52 [IKEv1]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, User (roger) authenticated.
May 29 23:33:52 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, constructing blank hash payload
May 29 23:33:52 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, constructing qm hash payload
May 29 23:33:52 [IKEv1]: IP = 91.232.100.3, IKE_DECODE SENDING Message (msgid=aea46bcb) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 64
May 29 23:33:53 [IKEv1]: IP = 91.232.100.3, IKE_DECODE RECEIVED Message (msgid=aea46bcb) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 64
May 29 23:33:53 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, process_attr(): Enter!
May 29 23:33:53 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, Processing cfg ACK attributes
May 29 23:33:53 [IKEv1]: IP = 91.232.100.3, IKE_DECODE RECEIVED Message (msgid=e0f72707) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 164
May 29 23:33:53 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, process_attr(): Enter!
May 29 23:33:53 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, Processing cfg Request attributes
May 29 23:33:53 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, MODE_CFG: Received request for IPV4 address!
May 29 23:33:53 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, MODE_CFG: Received request for IPV4 net mask!
May 29 23:33:53 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, MODE_CFG: Received request for DNS server address!
May 29 23:33:53 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, MODE_CFG: Received request for WINS server address!
May 29 23:33:53 [IKEv1]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, Received unsupported transaction mode attribute: 5
May 29 23:33:53 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, MODE_CFG: Received request for Application Version!
May 29 23:33:53 [IKEv1]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, Client Type: iPhone OS  Client Application Version: 5.1.1
May 29 23:33:53 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, MODE_CFG: Received request for Banner!
May 29 23:33:53 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, MODE_CFG: Received request for Default Domain Name!
May 29 23:33:53 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, MODE_CFG: Received request for Split DNS!
May 29 23:33:53 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, MODE_CFG: Received request for Split Tunnel List!
May 29 23:33:53 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, MODE_CFG: Received request for Local LAN Include!
May 29 23:33:53 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, MODE_CFG: Received request for PFS setting!
May 29 23:33:53 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, MODE_CFG: Received request for Save PW setting!
May 29 23:33:53 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, MODE_CFG: Received request for FWTYPE!
May 29 23:33:53 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, MODE_CFG: Received request for backup ip-sec peer list!
May 29 23:33:53 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, MODE_CFG: Received request for Client Browser Proxy Setting!
May 29 23:33:53 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, Obtained IP addr (172.16.23.1) prior to initiating Mode Cfg (XAuth enabled)
May 29 23:33:53 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, Sending subnet mask (255.255.255.0) to remote client
May 29 23:33:53 [IKEv1]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, Assigned private IP address 172.16.23.1 to remote user
May 29 23:33:53 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, constructing blank hash payload
May 29 23:33:53 [IKEv1]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, Forcing iPhone to host mask.
May 29 23:33:53 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, construct_cfg_set: default domain = xxx.com
May 29 23:33:53 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, construct_cfg_set: split DNS list = 192.168.2.20,
May 29 23:33:53 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, Send Client Browser Proxy Attributes!
May 29 23:33:53 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, Browser Proxy set to No-Modify. Browser Proxy data will NOT be included in the mode-cfg reply
May 29 23:33:53 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, constructing qm hash payload
May 29 23:33:53 [IKEv1]: IP = 91.232.100.3, IKE_DECODE SENDING Message (msgid=e0f72707) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 223
May 29 23:33:57 [IKEv1]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, Duplicate Phase 2 packet detected.  Retransmitting last packet.
May 29 23:33:58 [IKEv1 DECODE]: IP = 91.232.100.3, IKE Responder starting QM: msg id = 4ccbed5f
May 29 23:33:58 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, Delay Quick Mode processing, Cert/Trans Exch/RM DSID in progress
May 29 23:33:58 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, Resume Quick Mode processing, Cert/Trans Exch/RM DSID completed
May 29 23:33:58 [IKEv1]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, PHASE 1 COMPLETED
May 29 23:33:58 [IKEv1]: IP = 91.232.100.3, Keep-alive type for this connection: DPD
May 29 23:33:58 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, Starting P1 rekey timer: 3420 seconds.
May 29 23:33:58 [IKEv1]: IP = 91.232.100.3, IKE_DECODE RECEIVED Message (msgid=4ccbed5f) with payloads : HDR + HASH (8) + SA (1) + NONCE (10) + ID (5) + ID (5) + NONE (0) total length : 284
May 29 23:33:58 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, processing hash payload
May 29 23:33:58 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, processing SA payload
May 29 23:33:58 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, processing nonce payload
May 29 23:33:58 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, processing ID payload
May 29 23:33:58 [IKEv1 DECODE]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, ID_IPV4_ADDR ID received
172.16.23.1
May 29 23:33:58 [IKEv1]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, Received remote Proxy Host data in ID Payload:  Address 172.16.23.1, Protocol 0, Port 0
May 29 23:33:58 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, processing ID payload
May 29 23:33:58 [IKEv1 DECODE]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, ID_IPV4_ADDR_SUBNET ID received--192.168.0.0--255.255.0.0
May 29 23:33:58 [IKEv1]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, Received local IP Proxy Subnet data in ID Payload:   Address 192.168.0.0, Mask 255.255.0.0, Protocol 0, Port 0
May 29 23:33:58 [IKEv1]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, QM IsRekeyed old sa not found by addr
May 29 23:33:58 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, Selecting only UDP-Encapsulated-Tunnel and  UDP-Encapsulated-Transport modes defined by NAT-Traversal
May 29 23:33:58 [IKEv1]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, IKE Remote Peer configured for crypto map: dynmap
May 29 23:33:58 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, processing IPSec SA payload
May 29 23:33:58 [IKEv1]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, All IPSec SA proposals found unacceptable!
May 29 23:33:58 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, sending notify message
May 29 23:33:58 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, constructing blank hash payload
May 29 23:33:58 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, constructing ipsec notify payload for msg id 4ccbed5f
May 29 23:33:58 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, constructing qm hash payload
May 29 23:33:58 [IKEv1]: IP = 91.232.100.3, IKE_DECODE SENDING Message (msgid=32feac3b) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
May 29 23:33:58 [IKEv1]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, QM FSM error (P2 struct &0xd6442f68, mess id 0x4ccbed5f)!
May 29 23:33:58 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, IKE QM Responder FSM error history (struct &0xd6442f68)  <state>, <event>:  QM_DONE, EV_ERROR-->QM_BLD_MSG2, EV_NEGO_SA-->QM_BLD_MSG2, EV_IS_REKEY-->QM_BLD_MSG2, EV_CONFIRM_SA-->QM_BLD_MSG2, EV_PROC_MSG-->QM_BLD_MSG2, EV_HASH_OK-->QM_BLD_MSG2, NullEvent-->QM_BLD_MSG2, EV_COMP_HASH
May 29 23:33:58 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, sending delete/delete with reason message
May 29 23:33:58 [IKEv1]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, Removing peer from correlator table failed, no match!
May 29 23:33:58 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, IKE SA AM:9f891a3a rcv'd Terminate: state AM_ACTIVE  flags 0x0841c041, refcnt 1, tuncnt 0
May 29 23:33:58 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, IKE SA AM:9f891a3a terminating:  flags 0x0941c001, refcnt 0, tuncnt 0
May 29 23:33:58 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, sending delete/delete with reason message
May 29 23:33:58 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, constructing blank hash payload
May 29 23:33:58 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, constructing IKE delete payload
May 29 23:33:58 [IKEv1 DEBUG]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, constructing qm hash payload
May 29 23:33:58 [IKEv1]: IP = 91.232.100.3, IKE_DECODE SENDING Message (msgid=7f968af1) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 80
May 29 23:33:58 [IKEv1]: Group = iPh0neVpn, Username = roger, IP = 91.232.100.3, Session is being torn down. Reason: Phase 2 Mismatch
May 29 23:33:58 [IKEv1]: Ignoring msg to mark SA with dsID 610304 dead because SA deleted

ciscoasa#
ciscoasa#

Labels:
0 Helpful
3 Replies 3

Jennifer Halim
Cisco Employee
Cisco Employee

‎05-30-2012 06:02 AM

Unfortunately NULL is not supported by iPhone.

As per Apple, here is the supported transform-set:

http://help.apple.com/iosdeployment-vpn/#app36c95bff

0 Helpful

gaboughanem
Level 1
Level 1
In response to Jennifer Halim

‎05-30-2012 06:11 AM

Thank you Jennifer.

Regards,

0 Helpful

Jennifer Halim
Cisco Employee
Cisco Employee
In response to gaboughanem

‎05-30-2012 06:19 AM

Cheers, pls kindly mark the post answered so others can learn from your post. Thanks.

0 Helpful
Customers Also Viewed These Support Documents