[VPN] Help - Problem VPN Cisco Pix 515E

Siddhartha Jain losttoy2000 at yahoo.co.uk
Tue Oct 7 08:29:37 EDT 2003 

Your phase-I seems to be ok. Could it be that your
peer isn't getting your reply regarding phase-II
proposal? One reason could be that your or your peer's
ISP is blocking IPSec? So while ISAKMP (UDP 500) goes
thru but phase-II IPSec (protocol ID 50 and 51) dont
go thru??

Just guessing.


 --- lennonjs <lennonjs at uol.com.br> wrote: > Dear
friends,
> 
> I have a problem, I am trying to establish a tunnel
> with
> other company that possesses a firewall same to mine
> - Cisco
> Pix 515, but I don't get, the presented message is
> the
> following:
> 
> crypto_isakmp_process_block: src x.x.x.2, dest
> x.x.x.131
> OAK_QM exchange
> oakley_process_quick_mode:
> OAK_QM_IDLE
> ISAKMP (0): processing SA payload. message ID =
> 3011867608
> 
> ISAKMP : Checking IPSec proposal 1
> 
> ISAKMP: transform 1, ESP_3DES
> ISAKMP:   attributes in transform:
> ISAKMP:      encaps is 1
> ISAKMP:      SA life type in seconds
> ISAKMP:      SA life duration (basic) of 28800
> ISAKMP:      SA life type in kilobytes
> ISAKMP:      SA life duration (VPI) of  0x0 0x46
> 0x50 0x0
> ISAKMP:      authenticator is HMAC-MD5
> ISAKMP:      group is 2
> ISAKMP (0): atts not acceptable. Next payload is 0
> ISAKMP (0): SA not acceptable!
> ISAKMP (0): sending NOTIFY message 14 protocol 0
> return status is IKMP_ERR_NO_RETRANS**
> crypto_isakmp_process_block: src x.x.x.2, dest
> x.x.x.131
> ISAKMP (0:0): phase 2 packet is a duplicate of a
> previous
> packet.
> crypto_isakmp_process_block: x.x.x.2, dest x.x.x.131
> ISAKMP (0:0): phase 2 packet is a duplicate of a
> previous
> packet.
> crypto_isakmp_process_block: src x.x.x.2, dest
> x.x.x.131
> ISAKMP (0:0): phase 2 packet is a duplicate of a
> previous
> packet.
> crypto_isakmp_process_block: src x.x.x.2, dest
> x.x.x.131
> ISAKMP (0:0): phase 2 packet is a duplicate of a
> previous
> packet.
> crypto_isakmp_process_block: src x.x.x.2, dest
> x.x.x.131
> VPN Peer: ISAKMP: Peer ip:200.182.223.2 Ref cnt
> incremented
> to:2 Total VPN Peers
> :2
> OAK_MM exchange
> ISAKMP (0): processing SA payload. message ID = 0
> 
> ISAKMP (0): Checking ISAKMP transform 1 against
> priority 1
> policy
> ISAKMP:      encryption 3DES-CBC
> ISAKMP:      hash MD5
> ISAKMP:      default group 2
> ISAKMP:      auth pre-share
> ISAKMP:      life type in seconds
> ISAKMP:      life duration (basic) of 7200
> ISAKMP (0): atts are acceptable. Next payload is 3
> ISAKMP (0): SA is doing pre-shared key
> authentication using
> id type ID_IPV4_ADDR
> return status is IKMP_NO_ERROR
> crypto_isakmp_process_block: src x.x.x.2, dest
> x.x.x.131
> OAK_MM exchange
> ISAKMP (0): processing KE payload. message ID = 0
> 
> ISAKMP (0): processing NONCE payload. message ID = 0
> 
> ISAKMP (0): processing vendor id payload
> 
> ISAKMP (0): processing vendor id payload
> 
> ISAKMP (0): remote peer supports dead peer detection
> 
> ISAKMP (0): processing vendor id payload
> 
> ISAKMP (0): speaking to another IOS box!
> 
> return status is IKMP_NO_ERROR
> crypto_isakmp_process_block: src x.x.x.2, dest
> x.x.x.131
> OAK_MM exchange
> ISAKMP (0): processing ID payload. message ID = 0
> ISAKMP (0): processing HASH payload. message ID = 0
> ISAKMP (0): SA has been authenticated
> 
> ISAKMP (0): ID payload
>         next-payload : 8
>         type         : 1
>         protocol     : 17
>         port         : 500
>         length       : 8
> ISAKMP (0): Total payload length: 12
> return status is IKMP_NO_ERROR
> crypto_isakmp_process_block: src x.x.x.2, dest
> x.x.x.131
> OAK_QM exchange
> oakley_process_quick_mode:
> OAK_QM_IDLE
> ISAKMP (0): processing SA payload. message ID =
> 1458594770
> 
> ISAKMP : Checking IPSec proposal 1
> 
> ISAKMP: transform 1, ESP_3DES
> ISAKMP:   attributes in transform:
> ISAKMP:      encaps is 1
> ISAKMP:      SA life type in seconds
> ISAKMP:      SA life duration (basic) of 28800
> ISAKMP:      SA life type in kilobytes
> ISAKMP:      SA life duration (VPI) of  0x0 0x46
> 0x50 0x0
> ISAKMP:      authenticator is HMAC-MD5
> ISAKMP:      group is 2
> ISAKMP (0): atts not acceptable. Next payload is 0
> ISAKMP (0): SA not acceptable!
> ISAKMP (0): sending NOTIFY message 14 protocol 0
> return status is IKMP_ERR_NO_RETRANS
> crypto_isakmp_process_block: src x.x.x.2, dest
> x.x.x.131
> ISAKMP (0): processing DELETE payload. message ID =
> 3302399666
> ISAKMP (0): deleting SA: src x.x.x.2, dst x.x.x.131
> return status is IKMP_NO_ERR_NO_TRANS
> crypto_isakmp_process_block: src x.x.x.2, dest
> x.x.x.131
> ISAKMP (0): processing NOTIFY payload 24578 protocol
> 1
>         spi 0, message ID = 1981775628
> ISAKMP (0): processing notify INITIAL_CONTACT
> return status is IKMP_NO_ERR_NO_TRANS
> ISADB: reaper checking SA 0x8161af60, conn_id = 0
> ISADB: reaper checking SA 0x81530c78, conn_id = 0 
> DELETE IT!
> 
> VPN Peer: ISAKMP: Peer ip:x.x.x.2 Ref cnt
> decremented to:1
> Total VPN Peers
> :2
> ISADB: reaper checking SA 0x8161af60, conn_id = 0
> ISADB: reaper checking SA 0x81617f48, conn_id = 0
> crypto_isakmp_process_block: src x.x.x.2, dest
> x.x.x.131
> ISAKMP (0:0): phase 2 packet is a duplicate of a
> previous
> packet.
> crypto_isakmp_process_block: src x.x.x.2, dest
> x.x.x.131
> OAK_QM exchange
> oakley_process_quick_mode:
> OAK_QM_IDLE
> ISAKMP (0): processing SA payload. message ID =
> 933563993
> 
> 
> Please, does anybody know him what this can be?
> 
> 
> Thanks
> 
> Lennon
> 
> 
> ---
> Acabe com aquelas janelinhas que pulam na sua tela.
> AntiPop-up UOL - É grátis!
> http://antipopup.uol.com.br
> 
> _______________________________________________
> VPN mailing list
> VPN at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/vpn 

________________________________________________________________________
Want to chat instantly with your online friends?  Get the FREE Yahoo!
Messenger http://mail.messenger.yahoo.co.uk

More information about the VPN mailing list