|
|
Страница 1 из 1
|
[ Сообщений: 15 ] |
|
Автор |
Сообщение |
alex0000007
Зарегистрирован: 27 ноя 2008, 11:36 Сообщения: 311
|
Добрый день. Появилась необходимость построить IPSec туннель с посторонней конторой, какое оборудование на их стороне не знаю. Мы согласовали типы шифрации. Началась странная картина. Туннель ни как не устанавливается, причины понять не могу. Ошибка наверное смешная но понять ее не могу.
Привожу конфу:
version 12.2 service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname gw-astra ! boot system flash no logging monitor aaa new-model aaa authentication password-prompt "password: " aaa authentication username-prompt "login: " aaa authentication login default local aaa authentication login vty local aaa authentication login dialin local aaa authentication login none none aaa authentication ppp default local aaa authorization exec default local none ! username YfiCtrhtn username YfiCtrhtn autocommand ppp default username **EMSI_INQC816 nopassword noescape username **EMSI_INQC816 autocommand telnet 10.11.100.93 60179 /stream username **EMSI_INQC816**EMSI_INQC816q. nopassword noescape username **EMSI_INQC816**EMSI_INQC816q. autocommand telnet 10.11.100.93 60179 /stream username **EMSI_INQC816q nopassword noescape username **EMSI_INQC816q autocommand telnet 10.11.100.93 60179 /stream username **EMSI_TZP16B2 nopassword noescape username **EMSI_TZP16B2 autocommand telnet 10.11.100.93 60179 /stream
clock timezone CHEL 5 clock summer-time CHELS recurring last Sun Mar 2:00 last Sun Oct 3:00 ip subnet-zero ! ! ip domain-name bank.bank ip host modem 2033 10.11.101.2 ip name-server 10.11.100.1 ! ip audit notify log ip audit po max-events 100 ip address-pool local async-bootp dns-server 10.11.100.1 ! x29 profile default 1:1 2:1 3:2 4:2 5:1 6:5 7:21 8:0 9:0 10:0 12:0 13:0 14:0 15:0 16:8 17:24 18:18 19:2 20:248 21:0 22:0 x29 profile westernunion 0:0 ! crypto isakmp policy 1 encr 3des hash md5 authentication pre-share group 2 lifetime 28800 ! crypto isakmp policy 10 encr 3des hash md5 authentication pre-share group 2 crypto isakmp key 1234567890 hostname 91.194.174.10 ! ! crypto ipsec transform-set SAMPLE_SET esp-3des esp-md5-hmac ! crypto map BANK 10 ipsec-isakmp set peer 91.194.174.10 set security-association lifetime seconds 28800 set transform-set SAMPLE_SET set pfs group2 match address 101 ! call rsvp-sync ! ! ! ! ! ! controller E1 0/0 shutdown ! controller E1 0/1 shutdown ! ! location DialIn for Client-Bank ! interface FastEthernet0/0 description Internal Network Trunk no ip address ip route-cache flow no ip mroute-cache duplex auto speed auto ! interface FastEthernet0/0.1 description old Internal Network vlan 1 (10.11.101.2, etc) encapsulation dot1Q 1 native ip address 10.11.21.101 255.255.0.0 ip nat inside no ip mroute-cache ! interface FastEthernet0/0.102 description ASA G0 vlan 102 (10.14.101.2) encapsulation dot1Q 102 ip address 10.14.101.2 255.255.0.0 ip nat inside no ip mroute-cache shutdown no cdp enable ! interface FastEthernet0/0.150 description AS network encapsulation dot1Q 150 ip address 91.194.174.2 255.255.255.240 ip nat outside crypto map BANK ! interface Serial1/0 physical-layer async ip address negotiated ip nat inside encapsulation ppp shutdown dialer in-band dialer string P2680973 dialer-group 1 async mode interactive no fair-queue ppp authentication chap callin ppp chap password 7 141C105C555D ! interface Serial1/1 no ip address no ip mroute-cache shutdown no cdp enable ! interface Serial1/2 no ip address no ip mroute-cache shutdown no cdp enable ! interface Serial1/3 no ip address no ip mroute-cache shutdown no cdp enable ! interface Serial1/4 no ip address no ip mroute-cache shutdown no cdp enable ! interface Serial1/5 no ip address no ip mroute-cache shutdown no cdp enable ! interface Serial1/6 no ip address no ip mroute-cache shutdown no cdp enable ! interface Serial1/7 no ip address no ip mroute-cache shutdown no cdp enable ! interface Ethernet3/0 no ip address no ip mroute-cache shutdown half-duplex no cdp enable ! interface Ethernet3/1 no ip address shutdown half-duplex no cdp enable ! interface Ethernet3/2 no ip address shutdown half-duplex no cdp enable ! interface Ethernet3/3 no ip address shutdown half-duplex no cdp enable ! interface Group-Async1 physical-layer async description DialIn for Client-Bank ip unnumbered FastEthernet0/0 ip nat inside encapsulation slip ip tcp header-compression passive async mode interactive peer default ip address pool pool1 ! ip classless ip route 0.0.0.0 0.0.0.0 91.194.174.1 ip route 192.168.0.0 255.255.255.0 91.194.174.10 ip route 212.57.141.0 255.255.255.0 10.11.101.4 no ip http server ! ! ip access-list extended ACLFOROUTSIDENAT permit ip host 91.194.174.2 host 212.57.141.15 log permit ip host 91.194.174.10 host 212.57.141.15 log permit ip host 91.194.174.10 host 91.194.174.2 log permit ip host 91.194.174.10 host 91.194.174.9 log ip access-list extended inList permit ip any any log ip access-list extended inListAS permit ip any any log ip access-list extended outList permit ip any any log ip access-list extended outListAS permit ip any any log logging trap debugging logging facility local0 logging 10.11.21.12 logging 10.11.21.2 logging 10.11.21.5 access-list 51 permit 10.11.21.5 access-list 51 permit 10.11.21.2 access-list 51 deny any access-list 101 permit ip 10.11.21.0 0.0.0.255 192.168.0.0 0.0.0.255 access-list 101 deny ip any any snmp-server community IgbjY RO 50 snmp-server community AleX RW 51 snmp-server location Engelsa 26 Main Server Room snmp-server enable traps tty snmp-server host 10.11.21.13 IgbjY ! dial-peer cor custom ! ! ! ! banner motd ^CC Bank Snezhinskiy - Chelyabinsk AstraST gateway ^C ! line con 0 speed 115200 line 33 modem InOut modem autoconfigure type usr_courier transport input telnet transport output none autoselect ppp stopbits 1 speed 1200 flowcontrol hardware line aux 0 line vty 0 4 transport input telnet ssh line vty 5 871 transport input telnet ssh ! ntp clock-period 17179916 ntp server 10.11.100.1 end
И вот еще логи. 1.Лог когда мы пытаемся поднять туннель с нашей стороны:
08.05.2009 10:50 10.11.21.101 Debug 1192: 18:01:26: CryptoEngine0: delete connection 1 08.05.2009 10:50 10.11.21.101 Debug 1191: 18:01:26: ISAKMP (0:1): purging SA., sa=629D4FE4, delme=629D4FE4 08.05.2009 10:50 10.11.21.101 Debug 1190: 18:01:19: CRYPTO_ENGINE: key process suspended and continued 08.05.2009 10:50 10.11.21.101 Debug 1189: 18:01:19: CRYPTO_ENGINE: key process suspended and continued 08.05.2009 10:50 10.11.21.101 Debug 1188: 18:01:19: CRYPTO_ENGINE: key process suspended and continued 08.05.2009 10:50 10.11.21.101 Debug 1187: 18:01:18: CRYPTO_ENGINE: key process suspended and continued 08.05.2009 10:50 10.11.21.101 Debug 1186: 18:01:18: CRYPTO_ENGINE: key process suspended and continued 08.05.2009 10:50 10.11.21.101 Debug 1185: 18:01:18: CRYPTO_ENGINE: key process suspended and continued 08.05.2009 10:50 10.11.21.101 Debug 1184: 18:01:18: CRYPTO_ENGINE: key process suspended and continued 08.05.2009 10:50 10.11.21.101 Debug 1183: 18:01:18: CRYPTO_ENGINE: key process suspended and continued 08.05.2009 10:50 10.11.21.101 Debug 1182: 18:01:17: CRYPTO_ENGINE: key process suspended and continued 08.05.2009 10:50 10.11.21.101 Debug 1181: 18:01:17: CRYPTO_ENGINE: key process suspended and continued 08.05.2009 10:50 10.11.21.101 Debug 1180: 18:01:17: CRYPTO_ENGINE: key process suspended and continued 08.05.2009 10:50 10.11.21.101 Debug 1179: 18:01:17: CRYPTO_ENGINE: key process suspended and continued 08.05.2009 10:50 10.11.21.101 Debug 1178: 18:01:16: CRYPTO_ENGINE: key process suspended and continued 08.05.2009 10:50 10.11.21.101 Debug 1177: 18:01:16: ISAKMP (0:1): purging node -2075240952 08.05.2009 10:50 10.11.21.101 Debug 1176: 18:01:16: ISAKMP (0:1): purging node 194667289 08.05.2009 10:50 10.11.21.101 Debug 1175: 18:01:16: ISAKMP (0:1): purging node -478879984 08.05.2009 10:50 10.11.21.101 Debug 1174: 18:01:16: ISAKMP (0:1): purging node 734001570 08.05.2009 10:50 10.11.21.101 Debug 1173: 18:01:16: ISAKMP (0:1): purging node 1298460604 08.05.2009 10:50 10.11.21.101 Debug 1172: 18:01:16: ISAKMP (0:1): purging node -849228394 08.05.2009 10:50 10.11.21.101 Debug 1171: 18:01:16: CRYPTO_ENGINE: key process suspended and continued 08.05.2009 10:50 10.11.21.101 Debug 1170: 18:01:16: CRYPTO_ENGINE: key process suspended and continued 08.05.2009 10:50 10.11.21.101 Debug 1169: 18:01:16: CRYPTO_ENGINE: key process suspended and continued 08.05.2009 10:50 10.11.21.101 Debug 1168: 18:01:16: CRYPTO_ENGINE: key process suspended and continued 08.05.2009 10:50 10.11.21.101 Debug 1167: 18:01:15: CRYPTO_ENGINE: key process suspended and continued 08.05.2009 10:50 10.11.21.101 Debug 1166: 18:01:15: CRYPTO_ENGINE: key process suspended and continued 08.05.2009 10:50 10.11.21.101 Debug 1165: 18:01:15: CRYPTO_ENGINE: key process suspended and continued 08.05.2009 10:50 10.11.21.101 Debug 1164: 18:01:15: CryptoEngine0: CRYPTO_GEN_KEY_PAIR 08.05.2009 10:50 10.11.21.101 Debug 1163: 18:01:15: CryptoEngine0: generate key pair 08.05.2009 10:49 10.11.21.101 Debug 1162: 18:00:26: ISAKMP (0:1): deleting node -2075240952 error TRUE reason "QM_TIMER expired" 08.05.2009 10:49 10.11.21.101 Debug 1161: 18:00:26: ISAKMP (0:1): deleting node 194667289 error TRUE reason "QM_TIMER expired" 08.05.2009 10:49 10.11.21.101 Debug 1160: 18:00:26: ISAKMP (0:1): deleting node -478879984 error TRUE reason "QM_TIMER expired" 08.05.2009 10:49 10.11.21.101 Debug 1159: 18:00:26: ISAKMP (0:1): deleting node 734001570 error TRUE reason "QM_TIMER expired" 08.05.2009 10:49 10.11.21.101 Debug 1158: 18:00:26: ISAKMP (0:1): deleting node 1298460604 error TRUE reason "QM_TIMER expired" 08.05.2009 10:49 10.11.21.101 Debug 1157: 18:00:26: ISAKMP (0:1): deleting node -849228394 error TRUE reason "QM_TIMER expired" 08.05.2009 10:49 10.11.21.101 Debug 1156: 18:00:26: ISAKMP (0:1): deleting SA reason "QM_TIMER expired" state (I) MM_NO_STATE (peer 91.194.174.10) input queue 0 08.05.2009 10:49 10.11.21.101 Debug 1155: 08.05.2009 10:49 10.11.21.101 Debug 1154: 18:00:26: ISAKMP (0:1): peer does not do paranoid keepalives. 08.05.2009 10:49 10.11.21.101 Debug 1153: 18:00:26: ISAKMP: quick mode timer expired. 08.05.2009 10:49 10.11.21.101 Debug 1152: 18:00:02: ISAKMP (0:1): ignoring request to send delete notify (sa not authenticated) src 91.194.174.2 dst 91.194.174.10 08.05.2009 10:49 10.11.21.101 Debug 1151: 18:00:02: ISAKMP: received ke message (3/1) 08.05.2009 10:49 10.11.21.101 Debug 1150: remote_proxy= 192.168.0.0/255.255.255.0/0/0 (type=4) 08.05.2009 10:49 10.11.21.101 Debug 1149: local_proxy= 10.11.21.0/255.255.255.0/0/0 (type=4), 08.05.2009 10:49 10.11.21.101 Debug 1148: (identity) local= 91.194.174.2, remote= 91.194.174.10, 08.05.2009 10:49 10.11.21.101 Debug 1147: 18:00:02: IPSEC(key_engine): request timer fired: count = 2, 08.05.2009 10:49 10.11.21.101 Debug 1146: 17:59:32: ISAKMP (0:1): SA is still budding. Attached new ipsec request to it. 08.05.2009 10:49 10.11.21.101 Debug 1145: 17:59:32: ISAKMP: received ke message (1/1) 08.05.2009 10:49 10.11.21.101 Debug 1144: spi= 0x4FFE2E7B(1342058107), conn_id= 0, keysize= 0, flags= 0x400D 08.05.2009 10:49 10.11.21.101 Debug 1143: lifedur= 28800s and 4608000kb, 08.05.2009 10:49 10.11.21.101 Debug 1142: protocol= ESP, transform= esp-3des esp-md5-hmac , 08.05.2009 10:49 10.11.21.101 Debug 1141: remote_proxy= 192.168.0.0/255.255.255.0/0/0 (type=4), 08.05.2009 10:49 10.11.21.101 Debug 1140: local_proxy= 10.11.21.0/255.255.255.0/0/0 (type=4), 08.05.2009 10:49 10.11.21.101 Debug 1139: (key eng. msg.) OUTBOUND local= 91.194.174.2, remote= 91.194.174.10, 08.05.2009 10:49 10.11.21.101 Debug 1138: 17:59:32: IPSEC(sa_request): , 08.05.2009 10:49 10.11.21.101 Debug 1137: remote_proxy= 192.168.0.0/255.255.255.0/0/0 (type=4) 08.05.2009 10:49 10.11.21.101 Debug 1136: local_proxy= 10.11.21.0/255.255.255.0/0/0 (type=4), 08.05.2009 10:49 10.11.21.101 Debug 1135: (identity) local= 91.194.174.2, remote= 91.194.174.10, 08.05.2009 10:49 10.11.21.101 Debug 1134: 17:59:32: IPSEC(key_engine): request timer fired: count = 1, 08.05.2009 10:48 10.11.21.101 Debug 1133: 17:59:02: ISAKMP (0:1): SA is still budding. Attached new ipsec request to it. 08.05.2009 10:48 10.11.21.101 Debug 1132: 17:59:02: ISAKMP: received ke message (1/1) 08.05.2009 10:48 10.11.21.101 Debug 1131: spi= 0x5F6EE3B2(1601102770), conn_id= 0, keysize= 0, flags= 0x400D 08.05.2009 10:48 10.11.21.101 Debug 1130: lifedur= 28800s and 4608000kb, 08.05.2009 10:48 10.11.21.101 Debug 1129: protocol= ESP, transform= esp-3des esp-md5-hmac , 08.05.2009 10:48 10.11.21.101 Debug 1128: , 08.05.2009 10:48 10.11.21.101 Debug 1127: remote_proxy= 192.168.0.0/255.255.255.0/0/0 (type=4) 08.05.2009 10:48 10.11.21.101 Debug 1126: local_proxy= 10.11.21.0/255.255.255.0/0/0 (type=4), 08.05.2009 10:48 10.11.21.101 Debug 1125: (key eng. msg.) OUTBOUND local= 91.194.174.2, remote= 91.194.174.10, 08.05.2009 10:48 10.11.21.101 Debug 1124: 17:59:02: IPSEC(sa_request): , 08.05.2009 10:48 10.11.21.101 Debug 1123: 17:59:02: ISAKMP (0:1): ignoring request to send delete notify (sa not authenticated) src 91.194.174.2 dst 91.194.174.10 08.05.2009 10:48 10.11.21.101 Debug 1122: 17:59:02: ISAKMP: received ke message (3/1) 08.05.2009 10:48 10.11.21.101 Debug 1121: remote_proxy= 192.168.0.0/255.255.255.0/0/0 (type=4) 08.05.2009 10:48 10.11.21.101 Debug 1120: local_proxy= 10.11.21.0/255.255.255.0/0/0 (type=4), 08.05.2009 10:48 10.11.21.101 Debug 1119: (identity) local= 91.194.174.2, remote= 91.194.174.10, 08.05.2009 10:48 10.11.21.101 Debug 1118: 17:59:02: IPSEC(key_engine): request timer fired: count = 2, 08.05.2009 10:48 10.11.21.101 Debug 1117: 17:58:32: ISAKMP (0:1): SA is still budding. Attached new ipsec request to it. 08.05.2009 10:48 10.11.21.101 Debug 1116: 17:58:32: ISAKMP: received ke message (1/1) 08.05.2009 10:48 10.11.21.101 Debug 1115: spi= 0x8C326DFF(2352115199), conn_id= 0, keysize= 0, flags= 0x400D 08.05.2009 10:48 10.11.21.101 Debug 1114: lifedur= 28800s and 4608000kb, 08.05.2009 10:48 10.11.21.101 Debug 1113: protocol= ESP, transform= esp-3des esp-md5-hmac , 08.05.2009 10:48 10.11.21.101 Debug 1112: remote_proxy= 192.168.0.0/255.255.255.0/0/0 (type=4), 08.05.2009 10:48 10.11.21.101 Debug 1111: local_proxy= 10.11.21.0/255.255.255.0/0/0 (type=4), 08.05.2009 10:48 10.11.21.101 Debug 1110: (key eng. msg.) OUTBOUND local= 91.194.174.2, remote= 91.194.174.10, 08.05.2009 10:48 10.11.21.101 Debug 1109: 17:58:32: IPSEC(sa_request): , 08.05.2009 10:48 10.11.21.101 Debug 1108: remote_proxy= 192.168.0.0/255.255.255.0/0/0 (type=4) 08.05.2009 10:48 10.11.21.101 Debug 1107: local_proxy= 10.11.21.0/255.255.255.0/0/0 (type=4), 08.05.2009 10:48 10.11.21.101 Debug 1106: (identity) local= 91.194.174.2, remote= 91.194.174.10, 08.05.2009 10:48 10.11.21.101 Debug 1105: 17:58:32: IPSEC(key_engine): request timer fired: count = 1, 08.05.2009 10:47 10.11.21.101 Debug 1104: 17:58:02: ISAKMP (0:1): SA is still budding. Attached new ipsec request to it. 08.05.2009 10:47 10.11.21.101 Debug 1103: 17:58:02: ISAKMP: received ke message (1/1) 08.05.2009 10:47 10.11.21.101 Debug 1102: spi= 0xE0C02CBD(3770690749), conn_id= 0, keysize= 0, flags= 0x400D 08.05.2009 10:47 10.11.21.101 Debug 1101: lifedur= 28800s and 4608000kb, 08.05.2009 10:47 10.11.21.101 Debug 1100: protocol= ESP, transform= esp-3des esp-md5-hmac , 08.05.2009 10:47 10.11.21.101 Debug 1099: , 08.05.2009 10:47 10.11.21.101 Debug 1098: remote_proxy= 192.168.0.0/255.255.255.0/0/0 (type=4) 08.05.2009 10:47 10.11.21.101 Debug 1097: local_proxy= 10.11.21.0/255.255.255.0/0/0 (type=4), 08.05.2009 10:47 10.11.21.101 Debug 1096: (key eng. msg.) OUTBOUND local= 91.194.174.2, remote= 91.194.174.10, 08.05.2009 10:47 10.11.21.101 Debug 1095: 17:58:02: IPSEC(sa_request): , 08.05.2009 10:47 10.11.21.101 Debug 1094: 17:58:01: ISAKMP (0:1): ignoring request to send delete notify (sa not authenticated) src 91.194.174.2 dst 91.194.174.10 08.05.2009 10:47 10.11.21.101 Debug 1093: 17:58:01: ISAKMP: received ke message (3/1) 08.05.2009 10:47 10.11.21.101 Debug 1092: remote_proxy= 192.168.0.0/255.255.255.0/0/0 (type=4) 08.05.2009 10:47 10.11.21.101 Debug 1091: local_proxy= 10.11.21.0/255.255.255.0/0/0 (type=4), 08.05.2009 10:47 10.11.21.101 Debug 1090: (identity) local= 91.194.174.2, remote= 91.194.174.10, 08.05.2009 10:47 10.11.21.101 Debug 1089: 17:58:01: IPSEC(key_engine): request timer fired: count = 2, 08.05.2009 10:47 10.11.21.101 Debug 1088: 17:57:31: ISAKMP (0:1): SA is still budding. Attached new ipsec request to it. 08.05.2009 10:47 10.11.21.101 Debug 1087: 17:57:31: ISAKMP: received ke message (1/1) 08.05.2009 10:47 10.11.21.101 Debug 1086: spi= 0x80E452B8(2162447032), conn_id= 0, keysize= 0, flags= 0x400D 08.05.2009 10:47 10.11.21.101 Debug 1085: lifedur= 28800s and 4608000kb, 08.05.2009 10:47 10.11.21.101 Debug 1084: protocol= ESP, transform= esp-3des esp-md5-hmac , 08.05.2009 10:47 10.11.21.101 Debug 1083: remote_proxy= 192.168.0.0/255.255.255.0/0/0 (type=4), 08.05.2009 10:47 10.11.21.101 Debug 1082: local_proxy= 10.11.21.0/255.255.255.0/0/0 (type=4), 08.05.2009 10:47 10.11.21.101 Debug 1081: (key eng. msg.) OUTBOUND local= 91.194.174.2, remote= 91.194.174.10, 08.05.2009 10:47 10.11.21.101 Debug 1080: 17:57:31: IPSEC(sa_request): , 08.05.2009 10:47 10.11.21.101 Debug 1079: remote_proxy= 192.168.0.0/255.255.255.0/0/0 (type=4) 08.05.2009 10:47 10.11.21.101 Debug 1078: local_proxy= 10.11.21.0/255.255.255.0/0/0 (type=4), 08.05.2009 10:47 10.11.21.101 Debug 1077: (identity) local= 91.194.174.2, remote= 91.194.174.10, 08.05.2009 10:47 10.11.21.101 Debug 1076: 17:57:31: IPSEC(key_engine): request timer fired: count = 1, 08.05.2009 10:46 10.11.21.101 Info 1075: 17:57:01: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Informational mode failed with peer at 91.194.174.10 08.05.2009 10:46 10.11.21.101 Debug 1074: 17:57:01: ISAKMP (0:1): Notify has no hash. Rejected. 08.05.2009 10:46 10.11.21.101 Debug 1073: 17:57:01: ISAKMP (0:1): received packet from 91.194.174.10 (I) MM_NO_STATE 08.05.2009 10:46 10.11.21.101 Debug 1072: 17:57:01: ISAKMP (0:1): sending packet to 91.194.174.10 (I) MM_NO_STATE 08.05.2009 10:46 10.11.21.101 Debug 1071: 17:57:01: ISAKMP (0:1): beginning Main Mode exchange 08.05.2009 10:46 10.11.21.101 Debug 1070: 17:57:01: ISAKMP: local port 500, remote port 500 08.05.2009 10:46 10.11.21.101 Debug 1069: 17:57:01: ISAKMP: received ke message (1/1) 08.05.2009 10:46 10.11.21.101 Debug 1068: spi= 0x82E17A04(2195814916), conn_id= 0, keysize= 0, flags= 0x400D 08.05.2009 10:46 10.11.21.101 Debug 1067: lifedur= 28800s and 4608000kb, 08.05.2009 10:46 10.11.21.101 Debug 1066: protocol= ESP, transform= esp-3des esp-md5-hmac , 08.05.2009 10:46 10.11.21.101 Debug 1065: remote_proxy= 192.168.0.0/255.255.255.0/0/0 (type=4), 08.05.2009 10:46 10.11.21.101 Debug 1064: local_proxy= 10.11.21.0/255.255.255.0/0/0 (type=4), 08.05.2009 10:46 10.11.21.101 Debug 1063: (key eng. msg.) OUTBOUND local= 91.194.174.2, remote= 91.194.174.10, 08.05.2009 10:46 10.11.21.101 Debug 1062: 17:57:01: IPSEC(sa_request): ,
2.Лог когда устанавливаем с их стороны:
08.05.2009 11:06 10.11.21.101 Debug 1399: 18:16:37: ISAKMP (0:1): no outgoing phase 1 packet to retransmit. MM_NO_STATE 08.05.2009 11:06 10.11.21.101 Debug 1398: 18:16:37: ISAKMP (0:1): incrementing error counter on sa: retransmit phase 1 08.05.2009 11:06 10.11.21.101 Debug 1397: 18:16:37: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE... 08.05.2009 11:06 10.11.21.101 Debug 1396: 18:16:37: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE... 08.05.2009 11:06 10.11.21.101 Debug 1395: 18:16:37: ISAKMP (0:1): retransmitting due to retransmit phase 1 08.05.2009 11:06 10.11.21.101 Debug 1394: 18:16:37: ISAKMP (0:1): phase 1 packet is a duplicate of a previous packet. 08.05.2009 11:06 10.11.21.101 Debug 1393: 18:16:37: ISAKMP (0:1): received packet from 91.194.174.10 (R) MM_NO_STATE 08.05.2009 11:05 10.11.21.101 Debug 1392: 18:15:57: ISAKMP (0:1): no outgoing phase 1 packet to retransmit. MM_NO_STATE 08.05.2009 11:05 10.11.21.101 Debug 1391: 18:15:57: ISAKMP (0:1): incrementing error counter on sa: retransmit phase 1 08.05.2009 11:05 10.11.21.101 Debug 1390: 18:15:57: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE... 08.05.2009 11:05 10.11.21.101 Debug 1389: 18:15:57: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE... 08.05.2009 11:05 10.11.21.101 Debug 1388: 18:15:57: ISAKMP (0:1): retransmitting due to retransmit phase 1 08.05.2009 11:05 10.11.21.101 Debug 1387: 18:15:57: ISAKMP (0:1): phase 1 packet is a duplicate of a previous packet. 08.05.2009 11:05 10.11.21.101 Debug 1386: 18:15:57: ISAKMP (0:1): received packet from 91.194.174.10 (R) MM_NO_STATE 08.05.2009 11:04 10.11.21.101 Debug 1385: 18:15:17: ISAKMP (0:1): no outgoing phase 1 packet to retransmit. MM_NO_STATE 08.05.2009 11:04 10.11.21.101 Debug 1384: 18:15:17: ISAKMP (0:1): incrementing error counter on sa: retransmit phase 1 08.05.2009 11:04 10.11.21.101 Debug 1383: 18:15:17: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE... 08.05.2009 11:04 10.11.21.101 Debug 1382: 18:15:17: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE... 08.05.2009 11:04 10.11.21.101 Debug 1381: 18:15:17: ISAKMP (0:1): retransmitting due to retransmit phase 1 08.05.2009 11:04 10.11.21.101 Debug 1380: 18:15:17: ISAKMP (0:1): phase 1 packet is a duplicate of a previous packet. 08.05.2009 11:04 10.11.21.101 Debug 1379: 18:15:17: ISAKMP (0:1): received packet from 91.194.174.10 (R) MM_NO_STATE 08.05.2009 11:04 10.11.21.101 Debug 1378: 18:14:37: ISAKMP (0:1): sending packet to 91.194.174.10 (R) MM_NO_STATE 08.05.2009 11:04 10.11.21.101 Info 1377: 18:14:37: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Main mode failed with peer at 91.194.174.10 08.05.2009 11:04 10.11.21.101 Debug 1376: 18:14:37: ISAKMP (0:1): incrementing error counter on sa: construct_fail_ag_init 08.05.2009 11:04 10.11.21.101 Debug 1375: 18:14:37: ISAKMP (0:1): phase 1 SA not acceptable! 08.05.2009 11:04 10.11.21.101 Debug 1374: 18:14:37: ISAKMP (0:1): no offers accepted! 08.05.2009 11:04 10.11.21.101 Debug 1373: 18:14:37: ISAKMP (0:1): atts are not acceptable. Next payload is 0 08.05.2009 11:04 10.11.21.101 Debug 1372: 18:14:37: ISAKMP (0:1): Encryption algorithm offered does not match policy! 08.05.2009 11:04 10.11.21.101 Debug 1371: 18:14:37: ISAKMP: default group 2 08.05.2009 11:04 10.11.21.101 Debug 1370: 18:14:37: ISAKMP: auth pre-share 08.05.2009 11:04 10.11.21.101 Debug 1369: 18:14:37: ISAKMP: hash MD5 08.05.2009 11:04 10.11.21.101 Debug 1368: 18:14:37: ISAKMP: encryption 3DES-CBC 08.05.2009 11:04 10.11.21.101 Debug 1367: 18:14:37: ISAKMP: life duration (basic) of 28800 08.05.2009 11:04 10.11.21.101 Debug 1366: 18:14:37: ISAKMP: life type in seconds 08.05.2009 11:04 10.11.21.101 Debug 1365: 18:14:37: ISAKMP (0:1): Checking ISAKMP transform 0 against priority 65535 policy 08.05.2009 11:04 10.11.21.101 Debug 1364: 18:14:37: ISAKMP (0:1): atts are not acceptable. Next payload is 0 08.05.2009 11:04 10.11.21.101 Debug 1363: 18:14:37: ISAKMP (0:1): Preshared authentication offered but does not match policy! 08.05.2009 11:04 10.11.21.101 Debug 1362: 18:14:37: ISAKMP: default group 2 08.05.2009 11:04 10.11.21.101 Debug 1361: 18:14:37: ISAKMP: auth pre-share 08.05.2009 11:04 10.11.21.101 Debug 1360: 18:14:37: ISAKMP: hash MD5 08.05.2009 11:04 10.11.21.101 Debug 1359: 18:14:37: ISAKMP: encryption 3DES-CBC 08.05.2009 11:04 10.11.21.101 Debug 1358: 18:14:37: ISAKMP: life duration (basic) of 28800 08.05.2009 11:04 10.11.21.101 Debug 1357: 18:14:37: ISAKMP: life type in seconds 08.05.2009 11:04 10.11.21.101 Debug 1356: 18:14:37: ISAKMP (0:1): Checking ISAKMP transform 0 against priority 10 policy 08.05.2009 11:04 10.11.21.101 Debug 1355: 18:14:37: ISAKMP (0:1): atts are not acceptable. Next payload is 0 08.05.2009 11:04 10.11.21.101 Debug 1354: 18:14:37: ISAKMP (0:1): Preshared authentication offered but does not match policy! 08.05.2009 11:04 10.11.21.101 Debug 1353: 18:14:37: ISAKMP: default group 2 08.05.2009 11:04 10.11.21.101 Debug 1352: 18:14:37: ISAKMP: auth pre-share 08.05.2009 11:04 10.11.21.101 Debug 1351: 18:14:37: ISAKMP: hash MD5 08.05.2009 11:04 10.11.21.101 Debug 1350: 18:14:37: ISAKMP: encryption 3DES-CBC 08.05.2009 11:04 10.11.21.101 Debug 1349: 18:14:37: ISAKMP: life duration (basic) of 28800 08.05.2009 11:04 10.11.21.101 Debug 1348: 18:14:37: ISAKMP: life type in seconds 08.05.2009 11:04 10.11.21.101 Debug 1347: 18:14:37: ISAKMP (0:1): Checking ISAKMP transform 0 against priority 1 policy 08.05.2009 11:04 10.11.21.101 Debug 1346: 18:14:37: ISAKMP (0:1): No pre-shared key with 91.194.174.10! 08.05.2009 11:04 10.11.21.101 Debug 1345: 18:14:37: ISAKMP (0:1): processing SA payload. message ID = 0 08.05.2009 11:04 10.11.21.101 Debug 1344: 18:14:37: ISAKMP: local port 500, remote port 500 08.05.2009 11:04 10.11.21.101 Debug 1343: 18:14:37: ISAKMP (0:0): received packet from 91.194.174.10 (N) NEW SA 08.05.2009 11:03 10.11.21.101 Debug 1342: 18:14:17: CryptoEngine0: delete connection 1 08.05.2009 11:03 10.11.21.101 Debug 1341: 18:14:17: ISAKMP (0:1): purging SA., sa=625C1520, delme=625C1520 08.05.2009 11:03 10.11.21.101 Debug 1340: 18:13:56: ISAKMP (0:1): received packet from 91.194.174.10 (R) MM_NO_STATE 08.05.2009 11:02 10.11.21.101 Debug 1339: 18:13:17: ISAKMP (0:1): deleting SA reason "death by retransmission P1" state (R) MM_NO_STATE (peer 91.194.174.10) input queue 0 08.05.2009 11:02 10.11.21.101 Debug 1338: 08.05.2009 11:02 10.11.21.101 Debug 1337: 18:13:17: ISAKMP (0:1): peer does not do paranoid keepalives. 08.05.2009 11:02 10.11.21.101 Debug 1336: 18:13:17: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE... 08.05.2009 11:02 10.11.21.101 Debug 1335: 18:13:16: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE... 08.05.2009 11:02 10.11.21.101 Debug 1334: 18:13:16: ISAKMP (0:1): retransmitting due to retransmit phase 1 08.05.2009 11:02 10.11.21.101 Debug 1333: 18:13:16: ISAKMP (0:1): phase 1 packet is a duplicate of a previous packet. 08.05.2009 11:02 10.11.21.101 Debug 1332: 18:13:16: ISAKMP (0:1): received packet from 91.194.174.10 (R) MM_NO_STATE 08.05.2009 11:02 10.11.21.101 Debug 1331: 18:12:37: ISAKMP (0:1): no outgoing phase 1 packet to retransmit. MM_NO_STATE 08.05.2009 11:02 10.11.21.101 Debug 1330: 18:12:37: ISAKMP (0:1): incrementing error counter on sa: retransmit phase 1 08.05.2009 11:02 10.11.21.101 Debug 1329: 18:12:37: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE... 08.05.2009 11:02 10.11.21.101 Debug 1328: 18:12:36: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE... 08.05.2009 11:02 10.11.21.101 Debug 1327: 18:12:36: ISAKMP (0:1): retransmitting due to retransmit phase 1 08.05.2009 11:02 10.11.21.101 Debug 1326: 18:12:36: ISAKMP (0:1): phase 1 packet is a duplicate of a previous packet. 08.05.2009 11:02 10.11.21.101 Debug 1325: 18:12:36: ISAKMP (0:1): received packet from 91.194.174.10 (R) MM_NO_STATE 08.05.2009 11:01 10.11.21.101 Debug 1324: 18:11:57: ISAKMP (0:1): no outgoing phase 1 packet to retransmit. MM_NO_STATE 08.05.2009 11:01 10.11.21.101 Debug 1323: 18:11:57: ISAKMP (0:1): incrementing error counter on sa: retransmit phase 1 08.05.2009 11:01 10.11.21.101 Debug 1322: 18:11:57: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE... 08.05.2009 11:01 10.11.21.101 Debug 1321: 18:11:56: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE... 08.05.2009 11:01 10.11.21.101 Debug 1320: 18:11:56: ISAKMP (0:1): retransmitting due to retransmit phase 1 08.05.2009 11:01 10.11.21.101 Debug 1319: 18:11:56: ISAKMP (0:1): phase 1 packet is a duplicate of a previous packet. 08.05.2009 11:01 10.11.21.101 Debug 1318: 18:11:56: ISAKMP (0:1): received packet from 91.194.174.10 (R) MM_NO_STATE 08.05.2009 11:00 10.11.21.101 Debug 1317: 18:11:17: ISAKMP (0:1): no outgoing phase 1 packet to retransmit. MM_NO_STATE 08.05.2009 11:00 10.11.21.101 Debug 1316: 18:11:17: ISAKMP (0:1): incrementing error counter on sa: retransmit phase 1 08.05.2009 11:00 10.11.21.101 Debug 1315: 18:11:17: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE... 08.05.2009 11:00 10.11.21.101 Debug 1314: 18:11:16: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE... 08.05.2009 11:00 10.11.21.101 Debug 1313: 18:11:16: ISAKMP (0:1): retransmitting due to retransmit phase 1 08.05.2009 11:00 10.11.21.101 Debug 1312: 18:11:16: ISAKMP (0:1): phase 1 packet is a duplicate of a previous packet. 08.05.2009 11:00 10.11.21.101 Debug 1311: 18:11:16: ISAKMP (0:1): received packet from 91.194.174.10 (R) MM_NO_STATE 08.05.2009 11:00 10.11.21.101 Debug 1310: 18:10:37: ISAKMP (0:1): no outgoing phase 1 packet to retransmit. MM_NO_STATE 08.05.2009 11:00 10.11.21.101 Debug 1309: 18:10:37: ISAKMP (0:1): incrementing error counter on sa: retransmit phase 1 08.05.2009 11:00 10.11.21.101 Debug 1308: 18:10:37: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE... 08.05.2009 11:00 10.11.21.101 Debug 1307: 18:10:36: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE... 08.05.2009 11:00 10.11.21.101 Debug 1306: 18:10:36: ISAKMP (0:1): retransmitting due to retransmit phase 1 08.05.2009 11:00 10.11.21.101 Debug 1305: 18:10:36: ISAKMP (0:1): phase 1 packet is a duplicate of a previous packet. 08.05.2009 11:00 10.11.21.101 Debug 1304: 18:10:36: ISAKMP (0:1): received packet from 91.194.174.10 (R) MM_NO_STATE 08.05.2009 10:59 10.11.21.101 Debug 1303: 18:09:56: ISAKMP (0:1): sending packet to 91.194.174.10 (R) MM_NO_STATE 08.05.2009 10:59 10.11.21.101 Info 1302: 18:09:56: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Main mode failed with peer at 91.194.174.10 08.05.2009 10:59 10.11.21.101 Debug 1301: 18:09:56: ISAKMP (0:1): incrementing error counter on sa: construct_fail_ag_init 08.05.2009 10:59 10.11.21.101 Debug 1300: 18:09:56: ISAKMP (0:1): phase 1 SA not acceptable! 08.05.2009 10:59 10.11.21.101 Debug 1299: 18:09:56: ISAKMP (0:1): no offers accepted! 08.05.2009 10:59 10.11.21.101 Debug 1298: 18:09:56: ISAKMP (0:1): atts are not acceptable. Next payload is 0 08.05.2009 10:59 10.11.21.101 Debug 1297: 18:09:56: ISAKMP (0:1): Encryption algorithm offered does not match policy! 08.05.2009 10:59 10.11.21.101 Debug 1296: 18:09:56: ISAKMP: default group 2 08.05.2009 10:59 10.11.21.101 Debug 1295: 18:09:56: ISAKMP: auth pre-share 08.05.2009 10:59 10.11.21.101 Debug 1294: 18:09:56: ISAKMP: hash MD5 08.05.2009 10:59 10.11.21.101 Debug 1293: 18:09:56: ISAKMP: encryption 3DES-CBC 08.05.2009 10:59 10.11.21.101 Debug 1292: 18:09:56: ISAKMP: life duration (basic) of 28800 08.05.2009 10:59 10.11.21.101 Debug 1291: 18:09:56: ISAKMP: life type in seconds 08.05.2009 10:59 10.11.21.101 Debug 1290: 18:09:56: ISAKMP (0:1): Checking ISAKMP transform 0 against priority 65535 policy 08.05.2009 10:59 10.11.21.101 Debug 1289: 18:09:56: ISAKMP (0:1): atts are not acceptable. Next payload is 0 08.05.2009 10:59 10.11.21.101 Debug 1288: 18:09:56: ISAKMP (0:1): Preshared authentication offered but does not match policy! 08.05.2009 10:59 10.11.21.101 Debug 1287: 18:09:56: ISAKMP: default group 2 08.05.2009 10:59 10.11.21.101 Debug 1286: 18:09:56: ISAKMP: auth pre-share 08.05.2009 10:59 10.11.21.101 Debug 1285: 18:09:56: ISAKMP: hash MD5 08.05.2009 10:59 10.11.21.101 Debug 1284: 18:09:56: ISAKMP: encryption 3DES-CBC 08.05.2009 10:59 10.11.21.101 Debug 1283: 18:09:56: ISAKMP: life duration (basic) of 28800 08.05.2009 10:59 10.11.21.101 Debug 1282: 18:09:56: ISAKMP: life type in seconds 08.05.2009 10:59 10.11.21.101 Debug 1281: 18:09:56: ISAKMP (0:1): Checking ISAKMP transform 0 against priority 10 policy 08.05.2009 10:59 10.11.21.101 Debug 1280: 18:09:56: ISAKMP (0:1): atts are not acceptable. Next payload is 0 08.05.2009 10:59 10.11.21.101 Debug 1279: 18:09:56: ISAKMP (0:1): Preshared authentication offered but does not match policy! 08.05.2009 10:59 10.11.21.101 Debug 1278: 18:09:56: ISAKMP: default group 2 08.05.2009 10:59 10.11.21.101 Debug 1277: 18:09:56: ISAKMP: auth pre-share 08.05.2009 10:59 10.11.21.101 Debug 1276: 18:09:56: ISAKMP: hash MD5 08.05.2009 10:59 10.11.21.101 Debug 1275: 18:09:56: ISAKMP: encryption 3DES-CBC 08.05.2009 10:59 10.11.21.101 Debug 1274: 18:09:56: ISAKMP: life duration (basic) of 28800 08.05.2009 10:59 10.11.21.101 Debug 1273: 18:09:56: ISAKMP: life type in seconds 08.05.2009 10:59 10.11.21.101 Debug 1272: 18:09:56: ISAKMP (0:1): Checking ISAKMP transform 0 against priority 1 policy 08.05.2009 10:59 10.11.21.101 Debug 1271: 18:09:56: ISAKMP (0:1): No pre-shared key with 91.194.174.10! 08.05.2009 10:59 10.11.21.101 Debug 1270: 18:09:56: ISAKMP (0:1): processing SA payload. message ID = 0 08.05.2009 10:59 10.11.21.101 Debug 1269: 18:09:56: ISAKMP: local port 500, remote port 500 08.05.2009 10:59 10.11.21.101 Debug 1268: 18:09:56: ISAKMP (0:0): received packet from 91.194.174.10 (N) NEW SA 08.05.2009 10:59 10.11.21.101 Debug 1267: 18:09:37: CryptoEngine0: delete connection 1 08.05.2009 10:59 10.11.21.101 Debug 1266: 18:09:37: ISAKMP (0:1): purging SA., sa=629D4FE4, delme=629D4FE4 08.05.2009 10:58 10.11.21.101 Debug 1265: 18:09:16: ISAKMP (0:1): received packet from 91.194.174.10 (R) MM_NO_STATE 08.05.2009 10:58 10.11.21.101 Debug 1264: 18:08:37: ISAKMP (0:1): deleting SA reason "death by retransmission P1" state (R) MM_NO_STATE (peer 91.194.174.10) input queue 0 08.05.2009 10:58 10.11.21.101 Debug 1263: 08.05.2009 10:58 10.11.21.101 Debug 1262: 18:08:37: ISAKMP (0:1): peer does not do paranoid keepalives. 08.05.2009 10:58 10.11.21.101 Debug 1261: 18:08:37: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE... 08.05.2009 10:58 10.11.21.101 Debug 1260: 18:08:36: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE... 08.05.2009 10:58 10.11.21.101 Debug 1259: 18:08:36: ISAKMP (0:1): retransmitting due to retransmit phase 1 08.05.2009 10:58 10.11.21.101 Debug 1258: 18:08:36: ISAKMP (0:1): phase 1 packet is a duplicate of a previous packet. 08.05.2009 10:58 10.11.21.101 Debug 1257: 18:08:36: ISAKMP (0:1): received packet from 91.194.174.10 (R) MM_NO_STATE 08.05.2009 10:57 10.11.21.101 Debug 1256: 18:07:57: ISAKMP (0:1): no outgoing phase 1 packet to retransmit. MM_NO_STATE 08.05.2009 10:57 10.11.21.101 Debug 1255: 18:07:57: ISAKMP (0:1): incrementing error counter on sa: retransmit phase 1 08.05.2009 10:57 10.11.21.101 Debug 1254: 18:07:57: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE... 08.05.2009 10:57 10.11.21.101 Debug 1253: 18:07:56: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE... 08.05.2009 10:57 10.11.21.101 Debug 1252: 18:07:56: ISAKMP (0:1): retransmitting due to retransmit phase 1 08.05.2009 10:57 10.11.21.101 Debug 1251: 18:07:56: ISAKMP (0:1): phase 1 packet is a duplicate of a previous packet. 08.05.2009 10:57 10.11.21.101 Debug 1250: 18:07:56: ISAKMP (0:1): received packet from 91.194.174.10 (R) MM_NO_STATE 08.05.2009 10:56 10.11.21.101 Debug 1249: 18:07:17: ISAKMP (0:1): no outgoing phase 1 packet to retransmit. MM_NO_STATE 08.05.2009 10:56 10.11.21.101 Debug 1248: 18:07:17: ISAKMP (0:1): incrementing error counter on sa: retransmit phase 1 08.05.2009 10:56 10.11.21.101 Debug 1247: 18:07:17: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE... 08.05.2009 10:56 10.11.21.101 Debug 1246: 18:07:16: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE... 08.05.2009 10:56 10.11.21.101 Debug 1245: 18:07:16: ISAKMP (0:1): retransmitting due to retransmit phase 1 08.05.2009 10:56 10.11.21.101 Debug 1244: 18:07:16: ISAKMP (0:1): phase 1 packet is a duplicate of a previous packet. 08.05.2009 10:56 10.11.21.101 Debug 1243: 18:07:16: ISAKMP (0:1): received packet from 91.194.174.10 (R) MM_NO_STATE 08.05.2009 10:56 10.11.21.101 Debug 1242: 18:06:37: ISAKMP (0:1): no outgoing phase 1 packet to retransmit. MM_NO_STATE 08.05.2009 10:56 10.11.21.101 Debug 1241: 18:06:37: ISAKMP (0:1): incrementing error counter on sa: retransmit phase 1 08.05.2009 10:56 10.11.21.101 Debug 1240: 18:06:37: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE... 08.05.2009 10:56 10.11.21.101 Debug 1239: 18:06:36: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE... 08.05.2009 10:56 10.11.21.101 Debug 1238: 18:06:36: ISAKMP (0:1): retransmitting due to retransmit phase 1 08.05.2009 10:56 10.11.21.101 Debug 1237: 18:06:36: ISAKMP (0:1): phase 1 packet is a duplicate of a previous packet. 08.05.2009 10:56 10.11.21.101 Debug 1236: 18:06:36: ISAKMP (0:1): received packet from 91.194.174.10 (R) MM_NO_STATE 08.05.2009 10:55 10.11.21.101 Debug 1235: 18:06:17: ISAKMP (0:1): no outgoing phase 1 packet to retransmit. MM_NO_STATE 08.05.2009 10:55 10.11.21.101 Debug 1234: 18:06:17: ISAKMP (0:1): incrementing error counter on sa: retransmit phase 1 08.05.2009 10:55 10.11.21.101 Debug 1233: 18:06:17: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE... 08.05.2009 10:55 10.11.21.101 Debug 1232: 18:06:16: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE... 08.05.2009 10:55 10.11.21.101 Debug 1231: 18:06:16: ISAKMP (0:1): retransmitting due to retransmit phase 1 08.05.2009 10:55 10.11.21.101 Debug 1230: 18:06:16: ISAKMP (0:1): phase 1 packet is a duplicate of a previous packet. 08.05.2009 10:55 10.11.21.101 Debug 1229: 18:06:16: ISAKMP (0:1): received packet from 91.194.174.10 (R) MM_NO_STATE 08.05.2009 10:55 10.11.21.101 Debug 1228: 18:06:06: ISAKMP (0:1): sending packet to 91.194.174.10 (R) MM_NO_STATE 08.05.2009 10:55 10.11.21.101 Info 1227: 18:06:06: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Main mode failed with peer at 91.194.174.10 08.05.2009 10:55 10.11.21.101 Debug 1226: 18:06:06: ISAKMP (0:1): incrementing error counter on sa: construct_fail_ag_init 08.05.2009 10:55 10.11.21.101 Debug 1225: 18:06:06: ISAKMP (0:1): phase 1 SA not acceptable! 08.05.2009 10:55 10.11.21.101 Debug 1224: 18:06:06: ISAKMP (0:1): no offers accepted! 08.05.2009 10:55 10.11.21.101 Debug 1223: 18:06:06: ISAKMP (0:1): atts are not acceptable. Next payload is 0 08.05.2009 10:55 10.11.21.101 Debug 1222: 18:06:06: ISAKMP (0:1): Encryption algorithm offered does not match policy! 08.05.2009 10:55 10.11.21.101 Debug 1221: 18:06:06: ISAKMP: default group 2 08.05.2009 10:55 10.11.21.101 Debug 1220: 18:06:06: ISAKMP: auth pre-share 08.05.2009 10:55 10.11.21.101 Debug 1219: 18:06:06: ISAKMP: hash MD5 08.05.2009 10:55 10.11.21.101 Debug 1218: 18:06:06: ISAKMP: encryption 3DES-CBC 08.05.2009 10:55 10.11.21.101 Debug 1217: 18:06:06: ISAKMP: life duration (basic) of 28800 08.05.2009 10:55 10.11.21.101 Debug 1216: 18:06:06: ISAKMP: life type in seconds 08.05.2009 10:55 10.11.21.101 Debug 1215: 18:06:06: ISAKMP (0:1): Checking ISAKMP transform 0 against priority 65535 policy 08.05.2009 10:55 10.11.21.101 Debug 1214: 18:06:06: ISAKMP (0:1): atts are not acceptable. Next payload is 0 08.05.2009 10:55 10.11.21.101 Debug 1213: 18:06:06: ISAKMP (0:1): Preshared authentication offered but does not match policy! 08.05.2009 10:55 10.11.21.101 Debug 1212: 18:06:06: ISAKMP: default group 2 08.05.2009 10:55 10.11.21.101 Debug 1211: 18:06:06: ISAKMP: auth pre-share 08.05.2009 10:55 10.11.21.101 Debug 1210: 18:06:06: ISAKMP: hash MD5 08.05.2009 10:55 10.11.21.101 Debug 1209: 18:06:06: ISAKMP: encryption 3DES-CBC 08.05.2009 10:55 10.11.21.101 Debug 1208: 18:06:06: ISAKMP: life duration (basic) of 28800 08.05.2009 10:55 10.11.21.101 Debug 1207: 18:06:06: ISAKMP: life type in seconds 08.05.2009 10:55 10.11.21.101 Debug 1206: 18:06:06: ISAKMP (0:1): Checking ISAKMP transform 0 against priority 10 policy 08.05.2009 10:55 10.11.21.101 Debug 1205: 18:06:06: ISAKMP (0:1): atts are not acceptable. Next payload is 0 08.05.2009 10:55 10.11.21.101 Debug 1204: 18:06:06: ISAKMP (0:1): Preshared authentication offered but does not match policy! 08.05.2009 10:55 10.11.21.101 Debug 1203: 18:06:06: ISAKMP: default group 2 08.05.2009 10:55 10.11.21.101 Debug 1202: 18:06:06: ISAKMP: auth pre-share 08.05.2009 10:55 10.11.21.101 Debug 1201: 18:06:06: ISAKMP: hash MD5 08.05.2009 10:55 10.11.21.101 Debug 1200: 18:06:06: ISAKMP: encryption 3DES-CBC 08.05.2009 10:55 10.11.21.101 Debug 1199: 18:06:06: ISAKMP: life duration (basic) of 28800 08.05.2009 10:55 10.11.21.101 Debug 1198: 18:06:06: ISAKMP: life type in seconds 08.05.2009 10:55 10.11.21.101 Debug 1197: 18:06:06: ISAKMP (0:1): Checking ISAKMP transform 0 against priority 1 policy 08.05.2009 10:55 10.11.21.101 Debug 1196: 18:06:06: ISAKMP (0:1): No pre-shared key with 91.194.174.10! 08.05.2009 10:55 10.11.21.101 Debug 1195: 18:06:06: ISAKMP (0:1): processing SA payload. message ID = 0 08.05.2009 10:55 10.11.21.101 Debug 1194: 18:06:06: ISAKMP: local port 500, remote port 500 08.05.2009 10:55 10.11.21.101 Debug 1193: 18:06:06: ISAKMP (0:0): received packet from 91.194.174.10 (N) NEW SA
|
12 май 2009, 12:03 |
|
|
Fedia
Супермодератор
Зарегистрирован: 01 окт 2008, 12:24 Сообщения: 4434
|
Для начала поменяйте вот это crypto isakmp key 1234567890 hostname 91.194.174.10
вот на это crypto isakmp key 1234567890 address 91.194.174.10 no-xauth
и добавьте на всякий случай (вообще должно по дефолту идти) crypto isakmp identity address
И расскажите, что изменилось
|
12 май 2009, 14:30 |
|
|
alex0000007
Зарегистрирован: 27 ноя 2008, 11:36 Сообщения: 311
|
Извините за молчание, немного был в отъезде.
После того как применил ваши команды, имею следующую картину:
Когда инициализирую канал с нашей стороны всё в порядке, он поднимается и всё работает.
Когда же они пытаются сделать это со своей стороны в логах получаю ошибку: 15.05.2009 16:07 10.11.21.101 Debug 8932: 1w0d: IPSEC(decapsulate): error in decapsulation crypto_ipsec_sa_exists 15.05.2009 16:07 10.11.21.101 Debug 8931: 1w0d: ISAKMP: ignoring request to send delete notify (no ISAKMP sa) src 91.194.174.2 dst 91.194.174.10 for SPI 0x659250A6 15.05.2009 16:07 10.11.21.101 Debug 8930: 1w0d: ISAKMP: received ke message (3/1) 15.05.2009 16:07 10.11.21.101 Debug 8929: 1w0d: ISAKMP: ignoring request to send delete notify (no ISAKMP sa) src 91.194.174.2 dst 91.194.174.10 for SPI 0x659250A6 15.05.2009 16:07 10.11.21.101 Debug 8928: 1w0d: ISAKMP: received ke message (3/1) 15.05.2009 16:07 10.11.21.101 Debug 8927: 1w0d: ISAKMP: ignoring request to send delete notify (no ISAKMP sa) src 91.194.174.2 dst 91.194.174.10 for SPI 0x659250A6 15.05.2009 16:07 10.11.21.101 Debug 8926: 1w0d: ISAKMP: received ke message (3/1) 15.05.2009 16:07 10.11.21.101 Debug 8925: 1w0d: ISAKMP: ignoring request to send delete notify (no ISAKMP sa) src 91.194.174.2 dst 91.194.174.10 for SPI 0x659250A6 15.05.2009 16:07 10.11.21.101 Debug 8924: 1w0d: ISAKMP: received ke message (3/1) 15.05.2009 16:07 10.11.21.101 Debug 8923: 1w0d: ISAKMP: ignoring request to send delete notify (no ISAKMP sa) src 91.194.174.2 dst 91.194.174.10 for SPI 0x659250A6 15.05.2009 16:07 10.11.21.101 Debug 8922: 1w0d: ISAKMP: received ke message (3/1) 15.05.2009 16:07 10.11.21.101 Debug 8921: 1w0d: ISAKMP: ignoring request to send delete notify (no ISAKMP sa) src 91.194.174.2 dst 91.194.174.10 for SPI 0x659250A6 15.05.2009 16:07 10.11.21.101 Debug 8920: 1w0d: ISAKMP: received ke message (3/1) 15.05.2009 16:07 10.11.21.101 Debug 8919: 1w0d: ISAKMP: ignoring request to send delete notify (no ISAKMP sa) src 91.194.174.2 dst 91.194.174.10 for SPI 0x659250A6 15.05.2009 16:07 10.11.21.101 Debug 8918: 1w0d: ISAKMP: received ke message (3/1) 15.05.2009 16:07 10.11.21.101 Debug 8917: 1w0d: ISAKMP: ignoring request to send delete notify (no ISAKMP sa) src 91.194.174.2 dst 91.194.174.10 for SPI 0x659250A6 15.05.2009 16:07 10.11.21.101 Debug 8916: 1w0d: ISAKMP: received ke message (3/1) 15.05.2009 16:07 10.11.21.101 Warning 8915: destaddr=91.194.174.2, prot=50, spi=0x659250A6(1704087718), srcaddr=91.194.174.10 15.05.2009 16:07 10.11.21.101 Warning 8914: 1w0d: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for 15.05.2009 16:06 10.11.21.101 Debug 8913: 1w0d: CRYPTO_ENGINE: key process suspended and continued 15.05.2009 16:06 10.11.21.101 Debug 8912: 1w0d: CRYPTO_ENGINE: key process suspended and continued 15.05.2009 16:06 10.11.21.101 Debug 8911: 1w0d: CRYPTO_ENGINE: key process suspended and continued
|
15 май 2009, 13:13 |
|
|
alex0000007
Зарегистрирован: 27 ноя 2008, 11:36 Сообщения: 311
|
Видимо данная ситуация возникает когда роутер уже уметвил канал у себя а оборудование на той стороне этого не сделало. Мы это установили экспериментальным путем. Хотя вот странно такие вещи делаю, а что стоит с той стороны не говорят.
А вот возможна ли настройка чтобы при отсутствии трафика канал не умирал ?
|
15 май 2009, 13:58 |
|
|
pchel
Зарегистрирован: 15 май 2009, 17:52 Сообщения: 4
|
Может глупость сморожу, но! Например поднять sa timeout-ы чтобы канал так быстро не ложился. Или настроить все через tunnel и поднять на tunnel keepalive.
|
15 май 2009, 17:58 |
|
|
Fedia
Супермодератор
Зарегистрирован: 01 окт 2008, 12:24 Сообщения: 4434
|
Проще: канал сам по себе НЕ умирает. Он умирает только когда включена технология isakmp keepalive.
Я её у вас не увидел. Странно, что циска отказывается канал поставить. МОжет трафик не тот? ACL симметричны?
|
15 май 2009, 20:43 |
|
|
alex0000007
Зарегистрирован: 27 ноя 2008, 11:36 Сообщения: 311
|
Такая ситуация возникает когда с нашей стороны туннель уже отсутствует на оборудовании. А со стороны контрагента еще нет. При отсутствии трафика туннель должен отключаться, или я не прав ?
|
18 май 2009, 05:37 |
|
|
Saratoga
Зарегистрирован: 13 май 2009, 13:19 Сообщения: 8
|
alex0000007 писал(а): Такая ситуация возникает когда с нашей стороны туннель уже отсутствует на оборудовании. А со стороны контрагента еще нет. При отсутствии трафика туннель должен отключаться, или я не прав ? он как бы "умирает" по таймауту, когда траффик перестает ходить, но как я заметил даже при наличии траффика, туннель "дохнет", хотя данные продолжают передаваться.
|
18 май 2009, 08:01 |
|
|
Saratoga
Зарегистрирован: 13 май 2009, 13:19 Сообщения: 8
|
к примеру вот так:
2009-05-18 10:54:38: INFO: ISAKMP-SA established хх.хх.хх.хх[500]-уу.уу.уу.уу[500] 2009-05-18 10:55:37: INFO: ISAKMP-SA expired хх.хх.хх.хх[500]-уу.уу.уу.уу[500] 2009-05-18 10:55:38: INFO: ISAKMP-SA deleted хх.хх.хх.хх[500]-уу.уу.уу.уу[500]
|
18 май 2009, 08:04 |
|
|
Fedia
Супермодератор
Зарегистрирован: 01 окт 2008, 12:24 Сообщения: 4434
|
ISAKMP - это первичный туннель. Данные по нему не ходят. Они ходят по вторичному (IPSec или ESP, не знаю как называется у вас).
|
18 май 2009, 11:02 |
|
|
alex0000007
Зарегистрирован: 27 ноя 2008, 11:36 Сообщения: 311
|
Огромное спасибо. На тестовом стенде всё отладил и всё было хорошо. Теперь когда пошел ставить эту штуку в боевой режим получил вот такой лог:
cisco_chel.log:May 21 10:55:39 10.11.21.101 15545: 1w6d: ISAKMP (0:1): deleting SA reason "P1 delete notify (in)" state (R) QM_IDLE (peer 91.1 94.174.10) input queue 0 cisco_chel.log:May 21 10:55:39 10.11.21.101 15546: 1w6d: ISAKMP (0:1): deleting node 1820516887 error FALSE reason "P1 delete notify (in)" cisco_chel.log:May 21 10:56:28 10.11.21.101 15547: 1w6d: ISAKMP (0:1): purging node -2013509273 cisco_chel.log:May 21 10:56:28 10.11.21.101 15548: 1w6d: ISAKMP (0:1): purging node 1820516887 cisco_chel.log:May 21 10:56:39 10.11.21.101 15549: 1w6d: ISAKMP (0:1): purging SA., sa=62315E9C, delme=62315E9C cisco_chel.log:May 21 10:56:39 10.11.21.101 15550: 1w6d: CryptoEngine0: delete connection 1 cisco_chel.log:May 21 10:58:28 10.11.21.101 15551: 1w6d: CRYPTO: Packet dropped because of an incomplete cryptomap cisco_chel.log:May 21 10:58:28 10.11.21.101 15552: 1w6d: CRYPTO: Packet dropped because of an incomplete cryptomap cisco_chel.log:May 21 10:58:29 10.11.21.101 15553: 1w6d: CRYPTO: Packet dropped because of an incomplete cryptomap cisco_chel.log:May 21 10:58:32 10.11.21.101 15554: 1w6d: CRYPTO: Packet dropped because of an incomplete cryptomap cisco_chel.log:May 21 10:58:33 10.11.21.101 15555: 1w6d: CRYPTO: Packet dropped because of an incomplete cryptomap cisco_chel.log:May 21 10:58:38 10.11.21.101 15556: 1w6d: %SYS-5-CONFIG_I: Configured from console by akrylov on vty0 (10.11.21.5) cisco_chel.log:May 21 11:07:28 10.11.21.101 15557: 1w6d: CryptoEngine0: generate key pair cisco_chel.log:May 21 11:07:28 10.11.21.101 15558: 1w6d: CryptoEngine0: CRYPTO_GEN_KEY_PAIR cisco_chel.log:May 21 11:07:28 10.11.21.101 15559: 1w6d: CRYPTO_ENGINE: key process suspended and continued cisco_chel.log:May 21 11:07:28 10.11.21.101 15560: 1w6d: CRYPTO_ENGINE: key process suspended and continued cisco_chel.log:May 21 11:07:28 10.11.21.101 15561: 1w6d: CRYPTO_ENGINE: key process suspended and continued cisco_chel.log:May 21 11:07:28 10.11.21.101 15562: 1w6d: CRYPTO_ENGINE: key process suspended and continued cisco_chel.log:May 21 11:29:10 10.11.21.101 15563: 1w6d: ISAKMP (0:0): received packet from 195.16.74.78 (N) NEW SA cisco_chel.log:May 21 11:29:10 10.11.21.101 15564: 1w6d: ISAKMP: local port 500, remote port 500 cisco_chel.log:May 21 11:29:10 10.11.21.101 15565: 1w6d: ISAKMP (0:1): processing SA payload. message ID = 0 cisco_chel.log:May 21 11:29:10 10.11.21.101 15566: 1w6d: ISAKMP (0:1): found peer pre-shared key matching 195.16.74.78 cisco_chel.log:May 21 11:29:10 10.11.21.101 15567: 1w6d: ISAKMP (0:1): Checking ISAKMP transform 0 against priority 1 policy cisco_chel.log:May 21 11:29:10 10.11.21.101 15568: 1w6d: ISAKMP: life type in seconds cisco_chel.log:May 21 11:29:10 10.11.21.101 15569: 1w6d: ISAKMP: life duration (basic) of 28800 cisco_chel.log:May 21 11:29:10 10.11.21.101 15570: 1w6d: ISAKMP: encryption 3DES-CBC cisco_chel.log:May 21 11:29:10 10.11.21.101 15571: 1w6d: ISAKMP: hash MD5 cisco_chel.log:May 21 11:29:10 10.11.21.101 15572: 1w6d: ISAKMP: auth pre-share cisco_chel.log:May 21 11:29:10 10.11.21.101 15573: 1w6d: ISAKMP: default group 2 cisco_chel.log:May 21 11:29:10 10.11.21.101 15574: 1w6d: ISAKMP (0:1): atts are acceptable. Next payload is 0 cisco_chel.log:May 21 11:29:10 10.11.21.101 15575: 1w6d: CryptoEngine0: generate alg parameter cisco_chel.log:May 21 11:29:10 10.11.21.101 15576: 1w6d: CRYPTO_ENGINE: Dh phase 1 status: 0 cisco_chel.log:May 21 11:29:11 10.11.21.101 15577: 1w6d: CRYPTO_ENGINE: Dh phase 1 status: 0 cisco_chel.log:May 21 11:29:11 10.11.21.101 15578: 1w6d: ISAKMP (0:1): processing vendor id payload cisco_chel.log:May 21 11:29:11 10.11.21.101 15579: 1w6d: ISAKMP (0:1): SA is doing pre-shared key authentication using id type ID_IPV4_ADDR cisco_chel.log:May 21 11:29:11 10.11.21.101 15580: 1w6d: ISAKMP (0:1): sending packet to 195.16.74.78 (R) MM_SA_SETUP cisco_chel.log:May 21 11:29:11 10.11.21.101 15581: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) MM_SA_SETUP cisco_chel.log:May 21 11:29:11 10.11.21.101 15582: 1w6d: ISAKMP (0:1): processing KE payload. message ID = 0 cisco_chel.log:May 21 11:29:11 10.11.21.101 15583: 1w6d: CryptoEngine0: generate alg parameter cisco_chel.log:May 21 11:29:11 10.11.21.101 15584: 1w6d: ISAKMP (0:1): processing NONCE payload. message ID = 0 cisco_chel.log:May 21 11:29:11 10.11.21.101 15585: 1w6d: ISAKMP (0:1): found peer pre-shared key matching 195.16.74.78 cisco_chel.log:May 21 11:29:11 10.11.21.101 15586: 1w6d: CryptoEngine0: create ISAKMP SKEYID for conn id 1 cisco_chel.log:May 21 11:29:11 10.11.21.101 15587: 1w6d: ISAKMP (0:1): SKEYID state generated cisco_chel.log:May 21 11:29:11 10.11.21.101 15588: 1w6d: ISAKMP (0:1): sending packet to 195.16.74.78 (R) MM_KEY_EXCH cisco_chel.log:May 21 11:29:11 10.11.21.101 15589: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) MM_KEY_EXCH cisco_chel.log:May 21 11:29:11 10.11.21.101 15590: 1w6d: ISAKMP (0:1): processing ID payload. message ID = 0 cisco_chel.log:May 21 11:29:11 10.11.21.101 15591: 1w6d: ISAKMP (0:1): processing HASH payload. message ID = 0 cisco_chel.log:May 21 11:29:11 10.11.21.101 15592: 1w6d: CryptoEngine0: generate hmac context for conn id 1 cisco_chel.log:May 21 11:29:11 10.11.21.101 15593: 1w6d: ISAKMP (0:1): SA has been authenticated with 195.16.74.78 cisco_chel.log:May 21 11:29:11 10.11.21.101 15594: 1w6d: ISAKMP (1): ID payload cisco_chel.log:May 21 11:29:11 10.11.21.101 15595: ^Inext-payload : 8 cisco_chel.log:May 21 11:29:11 10.11.21.101 15596: ^Itype : 1 cisco_chel.log:May 21 11:29:11 10.11.21.101 15597: ^Iprotocol : 17 cisco_chel.log:May 21 11:29:11 10.11.21.101 15598: ^Iport : 500 cisco_chel.log:May 21 11:29:11 10.11.21.101 15599: ^Ilength : 8 cisco_chel.log:May 21 11:29:11 10.11.21.101 15600: 1w6d: ISAKMP (1): Total payload length: 12 cisco_chel.log:May 21 11:29:11 10.11.21.101 15601: 1w6d: CryptoEngine0: generate hmac context for conn id 1 cisco_chel.log:May 21 11:29:11 10.11.21.101 15602: 1w6d: CryptoEngine0: clear dh number for conn id 1 cisco_chel.log:May 21 11:29:11 10.11.21.101 15603: 1w6d: ISAKMP (0:1): sending packet to 195.16.74.78 (R) QM_IDLE cisco_chel.log:May 21 11:29:11 10.11.21.101 15604: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE cisco_chel.log:May 21 11:29:11 10.11.21.101 15605: 1w6d: CryptoEngine0: generate hmac context for conn id 1 cisco_chel.log:May 21 11:29:11 10.11.21.101 15606: 1w6d: ISAKMP (0:1): processing HASH payload. message ID = 2088736608 cisco_chel.log:May 21 11:29:11 10.11.21.101 15607: 1w6d: ISAKMP (0:1): processing SA payload. message ID = 2088736608 cisco_chel.log:May 21 11:29:11 10.11.21.101 15608: 1w6d: ISAKMP (0:1): Checking IPSec proposal 0 cisco_chel.log:May 21 11:29:11 10.11.21.101 15609: 1w6d: ISAKMP: transform 0, ESP_3DES cisco_chel.log:May 21 11:29:11 10.11.21.101 15610: 1w6d: ISAKMP: attributes in transform: cisco_chel.log:May 21 11:29:11 10.11.21.101 15611: 1w6d: ISAKMP: group is 2 cisco_chel.log:May 21 11:29:11 10.11.21.101 15612: 1w6d: ISAKMP: encaps is 1 cisco_chel.log:May 21 11:29:11 10.11.21.101 15613: 1w6d: ISAKMP: SA life type in seconds cisco_chel.log:May 21 11:29:11 10.11.21.101 15614: 1w6d: ISAKMP: SA life duration (basic) of 3600 cisco_chel.log:May 21 11:29:11 10.11.21.101 15615: 1w6d: ISAKMP: authenticator is HMAC-MD5 cisco_chel.log:May 21 11:29:11 10.11.21.101 15616: 1w6d: validate proposal 0 cisco_chel.log:May 21 11:29:11 10.11.21.101 15617: 1w6d: IPSEC(validate_proposal): peer address 195.16.74.78 not found cisco_chel.log:May 21 11:29:11 10.11.21.101 15618: 1w6d: ISAKMP (0:1): atts not acceptable. Next payload is 0 cisco_chel.log:May 21 11:29:11 10.11.21.101 15619: 1w6d: ISAKMP (0:1): phase 2 SA not acceptable! cisco_chel.log:May 21 11:29:11 10.11.21.101 15620: 1w6d: CryptoEngine0: generate hmac context for conn id 1 cisco_chel.log:May 21 11:29:11 10.11.21.101 15621: 1w6d: ISAKMP (0:1): sending packet to 195.16.74.78 (R) QM_IDLE cisco_chel.log:May 21 11:29:11 10.11.21.101 15622: 1w6d: ISAKMP (0:1): purging node -1814739293 cisco_chel.log:May 21 11:29:11 10.11.21.101 15623: 1w6d: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Quick mode failed with peer at 195.16.74.78 cisco_chel.log:May 21 11:29:12 10.11.21.101 15624: 1w6d: ISAKMP (0:1): deleting node 2088736608 error FALSE reason "IKMP_NO_ERR_NO_TRANS" cisco_chel.log:May 21 11:29:16 10.11.21.101 15625: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE cisco_chel.log:May 21 11:29:16 10.11.21.101 15626: 1w6d: CryptoEngine0: generate hmac context for conn id 1 cisco_chel.log:May 21 11:29:16 10.11.21.101 15627: 1w6d: ISAKMP (0:1): processing HASH payload. message ID = 2103146783 cisco_chel.log:May 21 11:29:16 10.11.21.101 15628: 1w6d: ISAKMP (0:1): processing SA payload. message ID = 2103146783 cisco_chel.log:May 21 11:29:16 10.11.21.101 15629: 1w6d: ISAKMP (0:1): Checking IPSec proposal 0 cisco_chel.log:May 21 11:29:16 10.11.21.101 15630: 1w6d: ISAKMP: transform 0, ESP_3DES cisco_chel.log:May 21 11:29:16 10.11.21.101 15631: 1w6d: ISAKMP: attributes in transform: cisco_chel.log:May 21 11:29:16 10.11.21.101 15632: 1w6d: ISAKMP: group is 2 cisco_chel.log:May 21 11:29:16 10.11.21.101 15633: 1w6d: ISAKMP: encaps is 1 cisco_chel.log:May 21 11:29:16 10.11.21.101 15634: 1w6d: ISAKMP: SA life type in seconds cisco_chel.log:May 21 11:29:16 10.11.21.101 15635: 1w6d: ISAKMP: SA life duration (basic) of 3600 cisco_chel.log:May 21 11:29:16 10.11.21.101 15636: 1w6d: ISAKMP: authenticator is HMAC-MD5 cisco_chel.log:May 21 11:29:16 10.11.21.101 15637: 1w6d: validate proposal 0 cisco_chel.log:May 21 11:29:16 10.11.21.101 15638: 1w6d: IPSEC(validate_proposal): peer address 195.16.74.78 not found cisco_chel.log:May 21 11:29:17 10.11.21.101 15639: 1w6d: ISAKMP (0:1): atts not acceptable. Next payload is 0 cisco_chel.log:May 21 11:29:17 10.11.21.101 15640: 1w6d: ISAKMP (0:1): phase 2 SA not acceptable! cisco_chel.log:May 21 11:29:17 10.11.21.101 15641: 1w6d: CryptoEngine0: generate hmac context for conn id 1 cisco_chel.log:May 21 11:29:17 10.11.21.101 15642: 1w6d: ISAKMP (0:1): sending packet to 195.16.74.78 (R) QM_IDLE cisco_chel.log:May 21 11:29:17 10.11.21.101 15643: 1w6d: ISAKMP (0:1): purging node 1999973284 cisco_chel.log:May 21 11:29:17 10.11.21.101 15644: 1w6d: ISAKMP (0:1): deleting node 2103146783 error FALSE reason "IKMP_NO_ERR_NO_TRANS" cisco_chel.log:May 21 11:29:22 10.11.21.101 15645: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE cisco_chel.log:May 21 11:29:22 10.11.21.101 15646: 1w6d: ISAKMP (0:1): phase 2 packet is a duplicate of a previous packet. cisco_chel.log:May 21 11:29:22 10.11.21.101 15647: 1w6d: ISAKMP (0:1): retransmitting due to retransmit phase 2 cisco_chel.log:May 21 11:29:22 10.11.21.101 15648: 1w6d: ISAKMP (0:1): ignoring retransmission,because phase2 node marked dead 2088736608 cisco_chel.log:May 21 11:29:27 10.11.21.101 15649: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE cisco_chel.log:May 21 11:29:27 10.11.21.101 15650: 1w6d: ISAKMP (0:1): phase 2 packet is a duplicate of a previous packet. cisco_chel.log:May 21 11:29:27 10.11.21.101 15651: 1w6d: ISAKMP (0:1): retransmitting due to retransmit phase 2 cisco_chel.log:May 21 11:29:27 10.11.21.101 15652: 1w6d: ISAKMP (0:1): ignoring retransmission,because phase2 node marked dead 2103146783 cisco_chel.log:May 21 11:29:42 10.11.21.101 15653: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE cisco_chel.log:May 21 11:29:42 10.11.21.101 15654: 1w6d: ISAKMP (0:1): phase 2 packet is a duplicate of a previous packet. cisco_chel.log:May 21 11:29:42 10.11.21.101 15655: 1w6d: ISAKMP (0:1): retransmitting due to retransmit phase 2 cisco_chel.log:May 21 11:29:42 10.11.21.101 15656: 1w6d: ISAKMP (0:1): ignoring retransmission,because phase2 node marked dead 2088736608 cisco_chel.log:May 21 11:29:47 10.11.21.101 15657: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE cisco_chel.log:May 21 11:29:47 10.11.21.101 15658: 1w6d: ISAKMP (0:1): phase 2 packet is a duplicate of a previous packet. cisco_chel.log:May 21 11:29:47 10.11.21.101 15659: 1w6d: ISAKMP (0:1): retransmitting due to retransmit phase 2 cisco_chel.log:May 21 11:29:47 10.11.21.101 15660: 1w6d: ISAKMP (0:1): ignoring retransmission,because phase2 node marked dead 2103146783 cisco_chel.log:May 21 11:30:02 10.11.21.101 15661: 1w6d: ISAKMP (0:1): purging node 2088736608 cisco_chel.log:May 21 11:30:07 10.11.21.101 15662: 1w6d: ISAKMP (0:1): purging node 2103146783 cisco_chel.log:May 21 11:30:21 10.11.21.101 15663: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE cisco_chel.log:May 21 11:30:21 10.11.21.101 15664: 1w6d: CryptoEngine0: generate hmac context for conn id 1 cisco_chel.log:May 21 11:30:21 10.11.21.101 15665: 1w6d: ISAKMP (0:1): processing HASH payload. message ID = -524495451 cisco_chel.log:May 21 11:30:21 10.11.21.101 15666: 1w6d: ISAKMP (0:1): processing SA payload. message ID = -524495451 cisco_chel.log:May 21 11:30:21 10.11.21.101 15667: 1w6d: ISAKMP (0:1): Checking IPSec proposal 0 cisco_chel.log:May 21 11:30:21 10.11.21.101 15668: 1w6d: ISAKMP: transform 0, ESP_3DES cisco_chel.log:May 21 11:30:21 10.11.21.101 15669: 1w6d: ISAKMP: attributes in transform: cisco_chel.log:May 21 11:30:21 10.11.21.101 15670: 1w6d: ISAKMP: group is 2 cisco_chel.log:May 21 11:30:21 10.11.21.101 15671: 1w6d: ISAKMP: encaps is 1 cisco_chel.log:May 21 11:30:21 10.11.21.101 15672: 1w6d: ISAKMP: SA life type in seconds cisco_chel.log:May 21 11:30:21 10.11.21.101 15673: 1w6d: ISAKMP: SA life duration (basic) of 3600 cisco_chel.log:May 21 11:30:21 10.11.21.101 15674: 1w6d: ISAKMP: authenticator is HMAC-MD5 cisco_chel.log:May 21 11:30:21 10.11.21.101 15675: 1w6d: validate proposal 0 cisco_chel.log:May 21 11:30:21 10.11.21.101 15676: 1w6d: IPSEC(validate_proposal): peer address 195.16.74.78 not found cisco_chel.log:May 21 11:30:21 10.11.21.101 15677: 1w6d: ISAKMP (0:1): atts not acceptable. Next payload is 0 cisco_chel.log:May 21 11:30:21 10.11.21.101 15678: 1w6d: ISAKMP (0:1): phase 2 SA not acceptable! cisco_chel.log:May 21 11:30:21 10.11.21.101 15679: 1w6d: CryptoEngine0: generate hmac context for conn id 1 cisco_chel.log:May 21 11:30:21 10.11.21.101 15680: 1w6d: ISAKMP (0:1): sending packet to 195.16.74.78 (R) QM_IDLE cisco_chel.log:May 21 11:30:21 10.11.21.101 15681: 1w6d: ISAKMP (0:1): purging node -647989893 cisco_chel.log:May 21 11:30:21 10.11.21.101 15682: 1w6d: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Quick mode failed with peer at 195.16.74.78 cisco_chel.log:May 21 11:30:22 10.11.21.101 15683: 1w6d: ISAKMP (0:1): deleting node -524495451 error FALSE reason "IKMP_NO_ERR_NO_TRANS" cisco_chel.log:May 21 11:30:26 10.11.21.101 15684: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE cisco_chel.log:May 21 11:30:26 10.11.21.101 15685: 1w6d: CryptoEngine0: generate hmac context for conn id 1 cisco_chel.log:May 21 11:30:26 10.11.21.101 15686: 1w6d: ISAKMP (0:1): processing HASH payload. message ID = 2069965690 cisco_chel.log:May 21 11:30:26 10.11.21.101 15687: 1w6d: ISAKMP (0:1): processing SA payload. message ID = 2069965690 cisco_chel.log:May 21 11:30:26 10.11.21.101 15688: 1w6d: ISAKMP (0:1): Checking IPSec proposal 0 cisco_chel.log:May 21 11:30:26 10.11.21.101 15689: 1w6d: ISAKMP: transform 0, ESP_3DES cisco_chel.log:May 21 11:30:26 10.11.21.101 15690: 1w6d: ISAKMP: attributes in transform: cisco_chel.log:May 21 11:30:26 10.11.21.101 15691: 1w6d: ISAKMP: group is 2 cisco_chel.log:May 21 11:30:26 10.11.21.101 15692: 1w6d: ISAKMP: encaps is 1 cisco_chel.log:May 21 11:30:26 10.11.21.101 15693: 1w6d: ISAKMP: SA life type in seconds cisco_chel.log:May 21 11:30:26 10.11.21.101 15694: 1w6d: ISAKMP: SA life duration (basic) of 3600 cisco_chel.log:May 21 11:30:26 10.11.21.101 15695: 1w6d: ISAKMP: authenticator is HMAC-MD5 cisco_chel.log:May 21 11:30:26 10.11.21.101 15696: 1w6d: validate proposal 0 cisco_chel.log:May 21 11:30:26 10.11.21.101 15697: 1w6d: IPSEC(validate_proposal): peer address 195.16.74.78 not found cisco_chel.log:May 21 11:30:27 10.11.21.101 15698: 1w6d: ISAKMP (0:1): atts not acceptable. Next payload is 0 cisco_chel.log:May 21 11:30:27 10.11.21.101 15699: 1w6d: ISAKMP (0:1): phase 2 SA not acceptable! cisco_chel.log:May 21 11:30:27 10.11.21.101 15700: 1w6d: CryptoEngine0: generate hmac context for conn id 1 cisco_chel.log:May 21 11:30:27 10.11.21.101 15701: 1w6d: ISAKMP (0:1): sending packet to 195.16.74.78 (R) QM_IDLE cisco_chel.log:May 21 11:30:27 10.11.21.101 15702: 1w6d: ISAKMP (0:1): purging node 1954696385 cisco_chel.log:May 21 11:30:27 10.11.21.101 15703: 1w6d: ISAKMP (0:1): deleting node 2069965690 error FALSE reason "IKMP_NO_ERR_NO_TRANS" cisco_chel.log:May 21 11:30:32 10.11.21.101 15704: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE cisco_chel.log:May 21 11:30:32 10.11.21.101 15705: 1w6d: ISAKMP (0:1): phase 2 packet is a duplicate of a previous packet. cisco_chel.log:May 21 11:30:32 10.11.21.101 15706: 1w6d: ISAKMP (0:1): retransmitting due to retransmit phase 2 cisco_chel.log:May 21 11:30:32 10.11.21.101 15707: 1w6d: ISAKMP (0:1): ignoring retransmission,because phase2 node marked dead -524495451 cisco_chel.log:May 21 11:30:37 10.11.21.101 15708: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE cisco_chel.log:May 21 11:30:37 10.11.21.101 15709: 1w6d: ISAKMP (0:1): phase 2 packet is a duplicate of a previous packet. cisco_chel.log:May 21 11:30:37 10.11.21.101 15710: 1w6d: ISAKMP (0:1): retransmitting due to retransmit phase 2 cisco_chel.log:May 21 11:30:37 10.11.21.101 15711: 1w6d: ISAKMP (0:1): ignoring retransmission,because phase2 node marked dead 2069965690 cisco_chel.log:May 21 11:30:52 10.11.21.101 15712: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE cisco_chel.log:May 21 11:30:52 10.11.21.101 15713: 1w6d: ISAKMP (0:1): phase 2 packet is a duplicate of a previous packet. cisco_chel.log:May 21 11:30:52 10.11.21.101 15714: 1w6d: ISAKMP (0:1): retransmitting due to retransmit phase 2 cisco_chel.log:May 21 11:30:52 10.11.21.101 15715: 1w6d: ISAKMP (0:1): ignoring retransmission,because phase2 node marked dead -524495451 cisco_chel.log:May 21 11:30:57 10.11.21.101 15716: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE cisco_chel.log:May 21 11:30:57 10.11.21.101 15717: 1w6d: ISAKMP (0:1): phase 2 packet is a duplicate of a previous packet. cisco_chel.log:May 21 11:30:57 10.11.21.101 15718: 1w6d: ISAKMP (0:1): retransmitting due to retransmit phase 2 cisco_chel.log:May 21 11:30:57 10.11.21.101 15719: 1w6d: ISAKMP (0:1): ignoring retransmission,because phase2 node marked dead 2069965690 cisco_chel.log:May 21 11:31:12 10.11.21.101 15720: 1w6d: ISAKMP (0:1): purging node -524495451 cisco_chel.log:May 21 11:31:17 10.11.21.101 15721: 1w6d: ISAKMP (0:1): purging node 2069965690 cisco_chel.log:May 21 11:31:31 10.11.21.101 15722: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE cisco_chel.log:May 21 11:31:31 10.11.21.101 15723: 1w6d: CryptoEngine0: generate hmac context for conn id 1 cisco_chel.log:May 21 11:31:31 10.11.21.101 15724: 1w6d: ISAKMP (0:1): processing HASH payload. message ID = -15251869 cisco_chel.log:May 21 11:31:31 10.11.21.101 15725: 1w6d: ISAKMP (0:1): processing SA payload. message ID = -15251869 cisco_chel.log:May 21 11:31:31 10.11.21.101 15726: 1w6d: ISAKMP (0:1): Checking IPSec proposal 0 cisco_chel.log:May 21 11:31:31 10.11.21.101 15727: 1w6d: ISAKMP: transform 0, ESP_3DES cisco_chel.log:May 21 11:31:31 10.11.21.101 15728: 1w6d: ISAKMP: attributes in transform: cisco_chel.log:May 21 11:31:31 10.11.21.101 15729: 1w6d: ISAKMP: group is 2 cisco_chel.log:May 21 11:31:31 10.11.21.101 15730: 1w6d: ISAKMP: encaps is 1 cisco_chel.log:May 21 11:31:31 10.11.21.101 15731: 1w6d: ISAKMP: SA life type in seconds cisco_chel.log:May 21 11:31:31 10.11.21.101 15732: 1w6d: ISAKMP: SA life duration (basic) of 3600 cisco_chel.log:May 21 11:31:31 10.11.21.101 15733: 1w6d: ISAKMP: authenticator is HMAC-MD5 cisco_chel.log:May 21 11:31:31 10.11.21.101 15734: 1w6d: validate proposal 0 cisco_chel.log:May 21 11:31:31 10.11.21.101 15735: 1w6d: IPSEC(validate_proposal): peer address 195.16.74.78 not found cisco_chel.log:May 21 11:31:31 10.11.21.101 15736: 1w6d: ISAKMP (0:1): atts not acceptable. Next payload is 0 cisco_chel.log:May 21 11:31:31 10.11.21.101 15737: 1w6d: ISAKMP (0:1): phase 2 SA not acceptable! cisco_chel.log:May 21 11:31:31 10.11.21.101 15738: 1w6d: CryptoEngine0: generate hmac context for conn id 1 cisco_chel.log:May 21 11:31:31 10.11.21.101 15739: 1w6d: ISAKMP (0:1): sending packet to 195.16.74.78 (R) QM_IDLE cisco_chel.log:May 21 11:31:31 10.11.21.101 15740: 1w6d: ISAKMP (0:1): purging node 1987779631 cisco_chel.log:May 21 11:31:31 10.11.21.101 15741: 1w6d: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Quick mode failed with peer at 195.16.74.78 cisco_chel.log:May 21 11:31:32 10.11.21.101 15742: 1w6d: ISAKMP (0:1): deleting node -15251869 error FALSE reason "IKMP_NO_ERR_NO_TRANS" cisco_chel.log:May 21 11:31:37 10.11.21.101 15743: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE cisco_chel.log:May 21 11:31:37 10.11.21.101 15744: 1w6d: CryptoEngine0: generate hmac context for conn id 1 cisco_chel.log:May 21 11:31:37 10.11.21.101 15745: 1w6d: ISAKMP (0:1): processing HASH payload. message ID = 1615010728 cisco_chel.log:May 21 11:31:37 10.11.21.101 15746: 1w6d: ISAKMP (0:1): processing SA payload. message ID = 1615010728 cisco_chel.log:May 21 11:31:37 10.11.21.101 15747: 1w6d: ISAKMP (0:1): Checking IPSec proposal 0 cisco_chel.log:May 21 11:31:37 10.11.21.101 15748: 1w6d: ISAKMP: transform 0, ESP_3DES cisco_chel.log:May 21 11:31:37 10.11.21.101 15749: 1w6d: ISAKMP: attributes in transform: cisco_chel.log:May 21 11:31:37 10.11.21.101 15750: 1w6d: ISAKMP: group is 2 cisco_chel.log:May 21 11:31:37 10.11.21.101 15751: 1w6d: ISAKMP: encaps is 1 cisco_chel.log:May 21 11:31:37 10.11.21.101 15752: 1w6d: ISAKMP: SA life type in seconds cisco_chel.log:May 21 11:31:37 10.11.21.101 15753: 1w6d: ISAKMP: SA life duration (basic) of 3600 cisco_chel.log:May 21 11:31:37 10.11.21.101 15754: 1w6d: ISAKMP: authenticator is HMAC-MD5 cisco_chel.log:May 21 11:31:37 10.11.21.101 15755: 1w6d: validate proposal 0 cisco_chel.log:May 21 11:31:37 10.11.21.101 15756: 1w6d: IPSEC(validate_proposal): peer address 195.16.74.78 not found cisco_chel.log:May 21 11:31:38 10.11.21.101 15757: 1w6d: ISAKMP (0:1): atts not acceptable. Next payload is 0 cisco_chel.log:May 21 11:31:38 10.11.21.101 15758: 1w6d: ISAKMP (0:1): phase 2 SA not acceptable! cisco_chel.log:May 21 11:31:38 10.11.21.101 15759: 1w6d: CryptoEngine0: generate hmac context for conn id 1 cisco_chel.log:May 21 11:31:38 10.11.21.101 15760: 1w6d: ISAKMP (0:1): sending packet to 195.16.74.78 (R) QM_IDLE cisco_chel.log:May 21 11:31:38 10.11.21.101 15761: 1w6d: ISAKMP (0:1): purging node -1749007449 cisco_chel.log:May 21 11:31:38 10.11.21.101 15762: 1w6d: ISAKMP (0:1): deleting node 1615010728 error FALSE reason "IKMP_NO_ERR_NO_TRANS" cisco_chel.log:May 21 11:31:42 10.11.21.101 15763: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE cisco_chel.log:May 21 11:31:42 10.11.21.101 15764: 1w6d: ISAKMP (0:1): phase 2 packet is a duplicate of a previous packet. cisco_chel.log:May 21 11:31:42 10.11.21.101 15765: 1w6d: ISAKMP (0:1): retransmitting due to retransmit phase 2 cisco_chel.log:May 21 11:31:42 10.11.21.101 15766: 1w6d: ISAKMP (0:1): ignoring retransmission,because phase2 node marked dead -15251869 cisco_chel.log:May 21 11:31:48 10.11.21.101 15767: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE cisco_chel.log:May 21 11:31:48 10.11.21.101 15768: 1w6d: ISAKMP (0:1): phase 2 packet is a duplicate of a previous packet. cisco_chel.log:May 21 11:31:48 10.11.21.101 15769: 1w6d: ISAKMP (0:1): retransmitting due to retransmit phase 2 cisco_chel.log:May 21 11:31:48 10.11.21.101 15770: 1w6d: ISAKMP (0:1): ignoring retransmission,because phase2 node marked dead 1615010728 cisco_chel.log:May 21 11:32:02 10.11.21.101 15771: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE cisco_chel.log:May 21 11:32:02 10.11.21.101 15772: 1w6d: ISAKMP (0:1): phase 2 packet is a duplicate of a previous packet. cisco_chel.log:May 21 11:32:02 10.11.21.101 15773: 1w6d: ISAKMP (0:1): retransmitting due to retransmit phase 2 cisco_chel.log:May 21 11:32:02 10.11.21.101 15774: 1w6d: ISAKMP (0:1): ignoring retransmission,because phase2 node marked dead -15251869 cisco_chel.log:May 21 11:32:08 10.11.21.101 15775: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE cisco_chel.log:May 21 11:32:08 10.11.21.101 15776: 1w6d: ISAKMP (0:1): phase 2 packet is a duplicate of a previous packet. cisco_chel.log:May 21 11:32:08 10.11.21.101 15777: 1w6d: ISAKMP (0:1): retransmitting due to retransmit phase 2 cisco_chel.log:May 21 11:32:08 10.11.21.101 15778: 1w6d: ISAKMP (0:1): ignoring retransmission,because phase2 node marked dead 1615010728 cisco_chel.log:May 21 11:32:22 10.11.21.101 15779: 1w6d: ISAKMP (0:1): purging node -15251869 cisco_chel.log:May 21 11:32:28 10.11.21.101 15780: 1w6d: ISAKMP (0:1): purging node 1615010728 cisco_chel.log:May 21 11:32:41 10.11.21.101 15781: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE cisco_chel.log:May 21 11:32:41 10.11.21.101 15782: 1w6d: CryptoEngine0: generate hmac context for conn id 1 cisco_chel.log:May 21 11:32:41 10.11.21.101 15783: 1w6d: ISAKMP (0:1): processing HASH payload. message ID = 2118667139 cisco_chel.log:May 21 11:32:41 10.11.21.101 15784: 1w6d: ISAKMP (0:1): processing SA payload. message ID = 2118667139 cisco_chel.log:May 21 11:32:41 10.11.21.101 15785: 1w6d: ISAKMP (0:1): Checking IPSec proposal 0 cisco_chel.log:May 21 11:32:41 10.11.21.101 15786: 1w6d: ISAKMP: transform 0, ESP_3DES cisco_chel.log:May 21 11:32:41 10.11.21.101 15787: 1w6d: ISAKMP: attributes in transform: cisco_chel.log:May 21 11:32:41 10.11.21.101 15788: 1w6d: ISAKMP: group is 2 cisco_chel.log:May 21 11:32:41 10.11.21.101 15789: 1w6d: ISAKMP: encaps is 1 cisco_chel.log:May 21 11:32:41 10.11.21.101 15790: 1w6d: ISAKMP: SA life type in seconds cisco_chel.log:May 21 11:32:41 10.11.21.101 15791: 1w6d: ISAKMP: SA life duration (basic) of 3600 cisco_chel.log:May 21 11:32:41 10.11.21.101 15792: 1w6d: ISAKMP: authenticator is HMAC-MD5 cisco_chel.log:May 21 11:32:41 10.11.21.101 15793: 1w6d: validate proposal 0 cisco_chel.log:May 21 11:32:41 10.11.21.101 15794: 1w6d: IPSEC(validate_proposal): peer address 195.16.74.78 not found cisco_chel.log:May 21 11:32:41 10.11.21.101 15795: 1w6d: ISAKMP (0:1): atts not acceptable. Next payload is 0 cisco_chel.log:May 21 11:32:41 10.11.21.101 15796: 1w6d: ISAKMP (0:1): phase 2 SA not acceptable! cisco_chel.log:May 21 11:32:41 10.11.21.101 15797: 1w6d: CryptoEngine0: generate hmac context for conn id 1 cisco_chel.log:May 21 11:32:41 10.11.21.101 15798: 1w6d: ISAKMP (0:1): sending packet to 195.16.74.78 (R) QM_IDLE cisco_chel.log:May 21 11:32:41 10.11.21.101 15799: 1w6d: ISAKMP (0:1): purging node -1825652820 cisco_chel.log:May 21 11:32:41 10.11.21.101 15800: 1w6d: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Quick mode failed with peer at 195.16.74.78 cisco_chel.log:May 21 11:32:42 10.11.21.101 15801: 1w6d: ISAKMP (0:1): deleting node 2118667139 error FALSE reason "IKMP_NO_ERR_NO_TRANS" cisco_chel.log:May 21 11:32:48 10.11.21.101 15802: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE cisco_chel.log:May 21 11:32:48 10.11.21.101 15803: 1w6d: CryptoEngine0: generate hmac context for conn id 1 cisco_chel.log:May 21 11:32:48 10.11.21.101 15804: 1w6d: ISAKMP (0:1): processing HASH payload. message ID = -2121723884 cisco_chel.log:May 21 11:32:48 10.11.21.101 15805: 1w6d: ISAKMP (0:1): processing SA payload. message ID = -2121723884 cisco_chel.log:May 21 11:32:48 10.11.21.101 15806: 1w6d: ISAKMP (0:1): Checking IPSec proposal 0 cisco_chel.log:May 21 11:32:48 10.11.21.101 15807: 1w6d: ISAKMP: transform 0, ESP_3DES cisco_chel.log:May 21 11:32:48 10.11.21.101 15808: 1w6d: ISAKMP: attributes in transform: cisco_chel.log:May 21 11:32:48 10.11.21.101 15809: 1w6d: ISAKMP: group is 2 cisco_chel.log:May 21 11:32:48 10.11.21.101 15810: 1w6d: ISAKMP: encaps is 1 cisco_chel.log:May 21 11:32:48 10.11.21.101 15811: 1w6d: ISAKMP: SA life type in seconds cisco_chel.log:May 21 11:32:48 10.11.21.101 15812: 1w6d: ISAKMP: SA life duration (basic) of 3600 cisco_chel.log:May 21 11:32:48 10.11.21.101 15813: 1w6d: ISAKMP: authenticator is HMAC-MD5 cisco_chel.log:May 21 11:32:48 10.11.21.101 15814: 1w6d: validate proposal 0 cisco_chel.log:May 21 11:32:49 10.11.21.101 15815: 1w6d: IPSEC(validate_proposal): peer address 195.16.74.78 not found cisco_chel.log:May 21 11:32:49 10.11.21.101 15816: 1w6d: ISAKMP (0:1): atts not acceptable. Next payload is 0 cisco_chel.log:May 21 11:32:49 10.11.21.101 15817: 1w6d: ISAKMP (0:1): phase 2 SA not acceptable! cisco_chel.log:May 21 11:32:49 10.11.21.101 15818: 1w6d: CryptoEngine0: generate hmac context for conn id 1 cisco_chel.log:May 21 11:32:49 10.11.21.101 15819: 1w6d: ISAKMP (0:1): sending packet to 195.16.74.78 (R) QM_IDLE cisco_chel.log:May 21 11:32:49 10.11.21.101 15820: 1w6d: ISAKMP (0:1): purging node 103716619 cisco_chel.log:May 21 11:32:49 10.11.21.101 15821: 1w6d: ISAKMP (0:1): deleting node -2121723884 error FALSE reason "IKMP_NO_ERR_NO_TRANS" cisco_chel.log:May 21 11:32:52 10.11.21.101 15822: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE cisco_chel.log:May 21 11:32:52 10.11.21.101 15823: 1w6d: ISAKMP (0:1): phase 2 packet is a duplicate of a previous packet. cisco_chel.log:May 21 11:32:52 10.11.21.101 15824: 1w6d: ISAKMP (0:1): retransmitting due to retransmit phase 2 cisco_chel.log:May 21 11:32:52 10.11.21.101 15825: 1w6d: ISAKMP (0:1): ignoring retransmission,because phase2 node marked dead 2118667139 cisco_chel.log:May 21 11:32:58 10.11.21.101 15826: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE cisco_chel.log:May 21 11:32:58 10.11.21.101 15827: 1w6d: ISAKMP (0:1): phase 2 packet is a duplicate of a previous packet. cisco_chel.log:May 21 11:32:58 10.11.21.101 15828: 1w6d: ISAKMP (0:1): retransmitting due to retransmit phase 2 cisco_chel.log:May 21 11:32:58 10.11.21.101 15829: 1w6d: ISAKMP (0:1): ignoring retransmission,because phase2 node marked dead -2121723884 cisco_chel.log:May 21 11:33:12 10.11.21.101 15830: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE cisco_chel.log:May 21 11:33:12 10.11.21.101 15831: 1w6d: ISAKMP (0:1): phase 2 packet is a duplicate of a previous packet. cisco_chel.log:May 21 11:33:12 10.11.21.101 15832: 1w6d: ISAKMP (0:1): retransmitting due to retransmit phase 2 cisco_chel.log:May 21 11:33:12 10.11.21.101 15833: 1w6d: ISAKMP (0:1): ignoring retransmission,because phase2 node marked dead 2118667139 cisco_chel.log:May 21 11:33:18 10.11.21.101 15834: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE cisco_chel.log:May 21 11:33:18 10.11.21.101 15835: 1w6d: ISAKMP (0:1): phase 2 packet is a duplicate of a previous packet. cisco_chel.log:May 21 11:33:18 10.11.21.101 15836: 1w6d: ISAKMP (0:1): retransmitting due to retransmit phase 2 cisco_chel.log:May 21 11:33:18 10.11.21.101 15837: 1w6d: ISAKMP (0:1): ignoring retransmission,because phase2 node marked dead -2121723884 cisco_chel.log:May 21 11:33:32 10.11.21.101 15838: 1w6d: ISAKMP (0:1): purging node 2118667139 cisco_chel.log:May 21 11:33:39 10.11.21.101 15839: 1w6d: ISAKMP (0:1): purging node -2121723884 cisco_chel.log:May 21 11:33:51 10.11.21.101 15840: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE cisco_chel.log:May 21 11:33:51 10.11.21.101 15841: 1w6d: CryptoEngine0: generate hmac context for conn id 1 cisco_chel.log:May 21 11:33:51 10.11.21.101 15842: 1w6d: ISAKMP (0:1): processing HASH payload. message ID = 1024054824 cisco_chel.log:May 21 11:33:51 10.11.21.101 15843: 1w6d: ISAKMP (0:1): processing SA payload. message ID = 1024054824 cisco_chel.log:May 21 11:33:51 10.11.21.101 15844: 1w6d: ISAKMP (0:1): Checking IPSec proposal 0 cisco_chel.log:May 21 11:33:51 10.11.21.101 15845: 1w6d: ISAKMP: transform 0, ESP_3DES cisco_chel.log:May 21 11:33:51 10.11.21.101 15846: 1w6d: ISAKMP: attributes in transform: cisco_chel.log:May 21 11:33:51 10.11.21.101 15847: 1w6d: ISAKMP: group is 2 cisco_chel.log:May 21 11:33:51 10.11.21.101 15848: 1w6d: ISAKMP: encaps is 1 cisco_chel.log:May 21 11:33:51 10.11.21.101 15849: 1w6d: ISAKMP: SA life type in seconds cisco_chel.log:May 21 11:33:51 10.11.21.101 15850: 1w6d: ISAKMP: SA life duration (basic) of 3600 cisco_chel.log:May 21 11:33:51 10.11.21.101 15851: 1w6d: ISAKMP: authenticator is HMAC-MD5 cisco_chel.log:May 21 11:33:51 10.11.21.101 15852: 1w6d: validate proposal 0 cisco_chel.log:May 21 11:33:51 10.11.21.101 15853: 1w6d: IPSEC(validate_proposal): peer address 195.16.74.78 not found cisco_chel.log:May 21 11:33:51 10.11.21.101 15854: 1w6d: ISAKMP (0:1): atts not acceptable. Next payload is 0 cisco_chel.log:May 21 11:33:51 10.11.21.101 15855: 1w6d: ISAKMP (0:1): phase 2 SA not acceptable! cisco_chel.log:May 21 11:33:51 10.11.21.101 15856: 1w6d: CryptoEngine0: generate hmac context for conn id 1 cisco_chel.log:May 21 11:33:51 10.11.21.101 15857: 1w6d: ISAKMP (0:1): sending packet to 195.16.74.78 (R) QM_IDLE cisco_chel.log:May 21 11:33:51 10.11.21.101 15858: 1w6d: ISAKMP (0:1): purging node -1944990558 cisco_chel.log:May 21 11:33:51 10.11.21.101 15859: 1w6d: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Quick mode failed with peer at 195.16.74.78 cisco_chel.log:May 21 11:33:52 10.11.21.101 15860: 1w6d: ISAKMP (0:1): deleting node 1024054824 error FALSE reason "IKMP_NO_ERR_NO_TRANS" cisco_chel.log:May 21 11:33:57 10.11.21.101 15861: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE cisco_chel.log:May 21 11:33:57 10.11.21.101 15862: 1w6d: CryptoEngine0: generate hmac context for conn id 1 cisco_chel.log:May 21 11:33:57 10.11.21.101 15863: 1w6d: ISAKMP (0:1): processing HASH payload. message ID = -420755965 cisco_chel.log:May 21 11:33:57 10.11.21.101 15864: 1w6d: ISAKMP (0:1): processing SA payload. message ID = -420755965 cisco_chel.log:May 21 11:33:57 10.11.21.101 15865: 1w6d: ISAKMP (0:1): Checking IPSec proposal 0 cisco_chel.log:May 21 11:33:57 10.11.21.101 15866: 1w6d: ISAKMP: transform 0, ESP_3DES cisco_chel.log:May 21 11:33:57 10.11.21.101 15867: 1w6d: ISAKMP: attributes in transform: cisco_chel.log:May 21 11:33:57 10.11.21.101 15868: 1w6d: ISAKMP: group is 2 cisco_chel.log:May 21 11:33:57 10.11.21.101 15869: 1w6d: ISAKMP: encaps is 1 cisco_chel.log:May 21 11:33:57 10.11.21.101 15870: 1w6d: ISAKMP: SA life type in seconds cisco_chel.log:May 21 11:33:57 10.11.21.101 15871: 1w6d: ISAKMP: SA life duration (basic) of 3600 cisco_chel.log:May 21 11:33:57 10.11.21.101 15872: 1w6d: ISAKMP: authenticator is HMAC-MD5 cisco_chel.log:May 21 11:33:57 10.11.21.101 15873: 1w6d: validate proposal 0 cisco_chel.log:May 21 11:33:57 10.11.21.101 15874: 1w6d: IPSEC(validate_proposal): peer address 195.16.74.78 not found cisco_chel.log:May 21 11:33:58 10.11.21.101 15875: 1w6d: ISAKMP (0:1): atts not acceptable. Next payload is 0 cisco_chel.log:May 21 11:33:58 10.11.21.101 15876: 1w6d: ISAKMP (0:1): phase 2 SA not acceptable! cisco_chel.log:May 21 11:33:58 10.11.21.101 15877: 1w6d: CryptoEngine0: generate hmac context for conn id 1 cisco_chel.log:May 21 11:33:58 10.11.21.101 15878: 1w6d: ISAKMP (0:1): sending packet to 195.16.74.78 (R) QM_IDLE cisco_chel.log:May 21 11:33:58 10.11.21.101 15879: 1w6d: ISAKMP (0:1): purging node -2060552285 cisco_chel.log:May 21 11:33:58 10.11.21.101 15880: 1w6d: ISAKMP (0:1): deleting node -420755965 error FALSE reason "IKMP_NO_ERR_NO_TRANS" cisco_chel.log:May 21 11:34:02 10.11.21.101 15881: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE cisco_chel.log:May 21 11:34:02 10.11.21.101 15882: 1w6d: ISAKMP (0:1): phase 2 packet is a duplicate of a previous packet. cisco_chel.log:May 21 11:34:02 10.11.21.101 15883: 1w6d: ISAKMP (0:1): retransmitting due to retransmit phase 2 cisco_chel.log:May 21 11:34:02 10.11.21.101 15884: 1w6d: ISAKMP (0:1): ignoring retransmission,because phase2 node marked dead 1024054824 cisco_chel.log:May 21 11:34:09 10.11.21.101 15885: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE cisco_chel.log:May 21 11:34:09 10.11.21.101 15886: 1w6d: ISAKMP (0:1): phase 2 packet is a duplicate of a previous packet. cisco_chel.log:May 21 11:34:09 10.11.21.101 15887: 1w6d: ISAKMP (0:1): retransmitting due to retransmit phase 2 cisco_chel.log:May 21 11:34:09 10.11.21.101 15888: 1w6d: ISAKMP (0:1): ignoring retransmission,because phase2 node marked dead -420755965 cisco_chel.log:May 21 11:34:22 10.11.21.101 15889: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE cisco_chel.log:May 21 11:34:22 10.11.21.101 15890: 1w6d: ISAKMP (0:1): phase 2 packet is a duplicate of a previous packet. cisco_chel.log:May 21 11:34:22 10.11.21.101 15891: 1w6d: ISAKMP (0:1): retransmitting due to retransmit phase 2 cisco_chel.log:May 21 11:34:22 10.11.21.101 15892: 1w6d: ISAKMP (0:1): ignoring retransmission,because phase2 node marked dead 1024054824 cisco_chel.log:May 21 11:34:28 10.11.21.101 15893: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE cisco_chel.log:May 21 11:34:28 10.11.21.101 15894: 1w6d: ISAKMP (0:1): phase 2 packet is a duplicate of a previous packet. cisco_chel.log:May 21 11:34:28 10.11.21.101 15895: 1w6d: ISAKMP (0:1): retransmitting due to retransmit phase 2 cisco_chel.log:May 21 11:34:28 10.11.21.101 15896: 1w6d: ISAKMP (0:1): ignoring retransmission,because phase2 node marked dead -420755965 cisco_chel.log:May 21 11:34:42 10.11.21.101 15897: 1w6d: ISAKMP (0:1): purging node 1024054824 cisco_chel.log:May 21 11:34:48 10.11.21.101 15898: 1w6d: ISAKMP (0:1): purging node -420755965 cisco_chel.log:May 21 11:35:01 10.11.21.101 15899: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE cisco_chel.log:May 21 11:35:01 10.11.21.101 15900: 1w6d: CryptoEngine0: generate hmac context for conn id 1 cisco_chel.log:May 21 11:35:01 10.11.21.101 15901: 1w6d: ISAKMP (0:1): processing HASH payload. message ID = -347573868
|
21 май 2009, 11:57 |
|
|
Fedia
Супермодератор
Зарегистрирован: 01 окт 2008, 12:24 Сообщения: 4434
|
У вас не хватает строки в crypto map скорее всего.
Дайте ваш конфиг или проверьте самостоятельно: 1. sh cry map НЕ ДОЛЖНО быть записей, типа "incomplete crypto map"
2. Если видите такое, значит либо случайно создался лишний абзац, либо удалилсь одно из set transfom-set set peer match addr
в абзаце crypto map
|
21 май 2009, 12:18 |
|
|
alex0000007
Зарегистрирован: 27 ноя 2008, 11:36 Сообщения: 311
|
Проверил ничего криминального не вижу. Может вы подскажите.
crypto isakmp policy 1 encr 3des hash md5 authentication pre-share group 2 lifetime 28800 ! crypto isakmp policy 10 encr 3des hash md5 authentication pre-share group 2 ! crypto isakmp policy 11 encr 3des hash md5 group 2 crypto isakmp key 1234567890 address 91.194.174.10 no-xauth crypto isakmp key 1234567890 address 195.16.74.78 no-xauth crypto isakmp key 1234567890 hostname 91.194.174.10 crypto isakmp key 1234567890 hostname 195.16.74.78 ! ! crypto ipsec transform-set SAMPLE_SET esp-3des esp-md5-hmac ! crypto map BANK 10 ipsec-isakmp set peer 195.16.74.78 set security-association lifetime seconds 28800 set transform-set SAMPLE_SET set pfs group2 match address 101
access-list 101 permit ip 10.11.21.0 0.0.0.255 192.168.0.0 0.0.0.255 access-list 101 permit ip 10.11.21.0 0.0.0.255 10.2.1.0 0.0.0.255 access-list 101 permit ip 212.57.141.0 0.0.0.255 10.2.1.0 0.0.0.255 access-list 101 deny ip any any
|
21 май 2009, 14:21 |
|
|
Fedia
Супермодератор
Зарегистрирован: 01 окт 2008, 12:24 Сообщения: 4434
|
Вот это вот
crypto isakmp key 1234567890 hostname 91.194.174.10 crypto isakmp key 1234567890 hostname 195.16.74.78
Категоричски убрать
Добавить cry isak iden addr
|
21 май 2009, 14:41 |
|
|
alex0000007
Зарегистрирован: 27 ноя 2008, 11:36 Сообщения: 311
|
Спасибо, всё получилось.
|
22 май 2009, 11:34 |
|
|
|
Страница 1 из 1
|
[ Сообщений: 15 ] |
|
Кто сейчас на конференции |
Сейчас этот форум просматривают: нет зарегистрированных пользователей и гости: 51 |
|
Вы не можете начинать темы Вы не можете отвечать на сообщения Вы не можете редактировать свои сообщения Вы не можете удалять свои сообщения Вы не можете добавлять вложения
|
|
|