Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN Safenet Softremote Client IPSEC Phase II Fail

Dear All,

I have configured my pix 515E version 6.3(5) to setup a vpn tunnel with a Safenet Softremote client10.8.7(Build6).

The Phase I is ok, the vpn client recieve the ip address and create the virtual adapter but then the phase II fail.

Do you have any ideas ? Above the debug isakmp and debug ipesec. I am working in a test enviroment all the ip are private.

The 172.20.87.251 is the pix, 172.20.87.220 is a XP box where is istalled the Safenet vpnclient.The 172.26.0.0/22 is the destination network where the vpn client must arrive.

crypto_isakmp_process_block:src:172.20.87.220, dest:172.20.87.251 spt:500 dpt:500

OAK_MM exchange

ISAKMP (0): processing SA payload. message ID = 0

ISAKMP (0): Checking ISAKMP transform 1 against priority 20 policy

ISAKMP:      encryption 3DES-CBC

ISAKMP:      hash SHA

ISAKMP:      default group 1

ISAKMP:      auth pre-share

ISAKMP:      life type in seconds

ISAKMP:      life duration (VPI) of  0x0 0x1 0x43 0x70

ISAKMP (0): atts are acceptable. Next payload is 0

ISAKMP (0): processing vendor id payload

ISAKMP (0): processing vendor id payload

ISAKMP (0:0): vendor ID is NAT-T

ISAKMP (0): SA is doing pre-shared key authentication using id type ID_IPV4_ADDR

ISAKMP (0:0): sending NAT-T vendor ID - rev 2 & 3

ISAKMP (0:0): Detected port floating

return status is IKMP_NO_ERROR

crypto_isakmp_process_block:src:172.20.87.220, dest:172.20.87.251 spt:500 dpt:500

OAK_MM exchange

ISAKMP (0): processing KE payload. message ID = 0

ISAKMP (0): processing NONCE payload. message ID = 0

ISAKMP (0:0): Detected NAT-D payload

ISAKMP (0:0): NAT match MINE hash

ISAKMP (0:0): Detected NAT-D payload

ISAKMP (0:0): NAT match HIS hash

ISAKMP (0): processing vendor id payload

ISAKMP (0): processing vendor id payload

ISAKMP (0): processing vendor id payload

ISAKMP (0): remote peer supports dead peer detection

ISAKMP (0): processing vendor id payload

ISAKMP (0): received xauth v6 vendor id

ISAKMP (0:0): constructed HIS NAT-D

ISAKMP (0:0): constructed MINE NAT-D

return status is IKMP_NO_ERROR

crypto_isakmp_process_block:src:172.20.87.220, dest:172.20.87.251 spt:500 dpt:500

OAK_MM exchange

ISAKMP (0): processing ID payload. message ID = 0

ISAKMP (0): processing HASH payload. message ID = 0

ISAKMP (0): processing NOTIFY payload 24577 protocol 1

        spi 0, message ID = 0

ISAKMP (0): processing NOTIFY payload 24578 protocol 1

        spi 0, message ID = 0

ISAKMP (0): processing notify INITIAL_CONTACTIPSEC(key_engine): got a queue event...

IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP

IPSEC(key_engine_delete_sas): delete all SAs shared with   172.20.87.220

ISADB: reaper checking SA 0x3ff0a14, conn_id = 0

ISAKMP (0): SA has been authenticated

ISAKMP: Created a peer struct for 172.20.87.220, peer port 62465

ISAKMP (0): ID payload

        next-payload : 8

        type         : 1

        protocol     : 17

        port         : 500

        length       : 8

ISAKMP (0): Total payload length: 12

return status is IKMP_NO_ERROR

VPN Peer: ISAKMP: Added new peer: ip:172.20.87.220/500 Total VPN Peers:1

VPN Peer: ISAKMP: Peer ip:172.20.87.220/500 Ref cnt incremented to:1 Total VPN Peers:1

crypto_isakmp_process_block:src:172.20.87.220, dest:172.20.87.251 spt:500 dpt:500

OAK_QM exchange

ISAKMP (0:0): Need config/address

ISAKMP (0:0): initiating peer config to 172.20.87.220. ID = 1691322853 (0x64cf89e5)

return status is IKMP_NO_ERROR

crypto_isakmp_process_block:src:172.20.87.220, dest:172.20.87.251 spt:500 dpt:500

ISAKMP_TRANSACTION exchange

ISAKMP (0:0): processing transaction payload from 172.20.87.220. message ID = 61538972

ISAKMP: Config payload CFG_ACK

ISAKMP (0:0):        Unknown Attr: 2

return status is IKMP_ERR_NO_RETRANS

crypto_isakmp_process_block:src:172.20.87.220, dest:172.20.87.251 spt:500 dpt:500

OAK_QM exchange

ISAKMP (0:0): Need config/address

ISAKMP (0:0): initiating peer config to 172.20.87.220. ID = 2347200995 (0x8be771e3)

return status is IKMP_NO_ERROR

crypto_isakmp_process_block:src:172.20.87.220, dest:172.20.87.251 spt:500 dpt:500

ISAKMP: phase 2 packet is a duplicate of a previous packet

ISAKMP: resending last response

crypto_isakmp_process_block:src:172.20.87.220, dest:172.20.87.251 spt:500 dpt:500

ISAKMP_TRANSACTION exchange

ISAKMP (0:0): processing transaction payload from 172.20.87.220. message ID = 61538972

ISAKMP: Config payload CFG_ACK

ISAKMP (0:0):        Unknown Attr: 2

return status is IKMP_ERR_NO_RETRANS

ISAKMP (0): retransmitting Config Mode Request...

Everyone's tags (3)
991
Views
0
Helpful
0
Replies