Сообщения без ответов | Активные темы Текущее время: 04 июл 2020, 07:56



Ответить на тему  [ Сообщений: 15 ] 
Проблемы с IPSec 
Автор Сообщение

Зарегистрирован: 27 ноя 2008, 11:36
Сообщения: 308
Добрый день.
Появилась необходимость построить IPSec туннель с посторонней конторой, какое оборудование на их стороне не знаю. Мы согласовали типы шифрации. Началась странная картина. Туннель ни как не устанавливается, причины понять не могу. Ошибка наверное смешная но понять ее не могу.

Привожу конфу:

version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname gw-astra
!
boot system flash
no logging monitor
aaa new-model
aaa authentication password-prompt "password: "
aaa authentication username-prompt "login: "
aaa authentication login default local
aaa authentication login vty local
aaa authentication login dialin local
aaa authentication login none none
aaa authentication ppp default local
aaa authorization exec default local none
!
username YfiCtrhtn
username YfiCtrhtn autocommand ppp default
username **EMSI_INQC816 nopassword noescape
username **EMSI_INQC816 autocommand telnet 10.11.100.93 60179 /stream
username **EMSI_INQC816**EMSI_INQC816q. nopassword noescape
username **EMSI_INQC816**EMSI_INQC816q. autocommand telnet 10.11.100.93 60179 /stream
username **EMSI_INQC816q nopassword noescape
username **EMSI_INQC816q autocommand telnet 10.11.100.93 60179 /stream
username **EMSI_TZP16B2 nopassword noescape
username **EMSI_TZP16B2 autocommand telnet 10.11.100.93 60179 /stream

clock timezone CHEL 5
clock summer-time CHELS recurring last Sun Mar 2:00 last Sun Oct 3:00
ip subnet-zero
!
!
ip domain-name bank.bank
ip host modem 2033 10.11.101.2
ip name-server 10.11.100.1
!
ip audit notify log
ip audit po max-events 100
ip address-pool local
async-bootp dns-server 10.11.100.1
!
x29 profile default 1:1 2:1 3:2 4:2 5:1 6:5 7:21 8:0 9:0 10:0 12:0 13:0 14:0 15:0 16:8 17:24 18:18 19:2 20:248 21:0 22:0
x29 profile westernunion 0:0
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
lifetime 28800
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key 1234567890 hostname 91.194.174.10
!
!
crypto ipsec transform-set SAMPLE_SET esp-3des esp-md5-hmac
!
crypto map BANK 10 ipsec-isakmp
set peer 91.194.174.10
set security-association lifetime seconds 28800
set transform-set SAMPLE_SET
set pfs group2
match address 101
!
call rsvp-sync
!
!
!
!
!
!
controller E1 0/0
shutdown
!
controller E1 0/1
shutdown
!
!
location DialIn for Client-Bank
!
interface FastEthernet0/0
description Internal Network Trunk
no ip address
ip route-cache flow
no ip mroute-cache
duplex auto
speed auto
!
interface FastEthernet0/0.1
description old Internal Network vlan 1 (10.11.101.2, etc)
encapsulation dot1Q 1 native
ip address 10.11.21.101 255.255.0.0
ip nat inside
no ip mroute-cache
!
interface FastEthernet0/0.102
description ASA G0 vlan 102 (10.14.101.2)
encapsulation dot1Q 102
ip address 10.14.101.2 255.255.0.0
ip nat inside
no ip mroute-cache
shutdown
no cdp enable
!
interface FastEthernet0/0.150
description AS network
encapsulation dot1Q 150
ip address 91.194.174.2 255.255.255.240
ip nat outside
crypto map BANK
!
interface Serial1/0
physical-layer async
ip address negotiated
ip nat inside
encapsulation ppp
shutdown
dialer in-band
dialer string P2680973
dialer-group 1
async mode interactive
no fair-queue
ppp authentication chap callin
ppp chap password 7 141C105C555D
!
interface Serial1/1
no ip address
no ip mroute-cache
shutdown
no cdp enable
!
interface Serial1/2
no ip address
no ip mroute-cache
shutdown
no cdp enable
!
interface Serial1/3
no ip address
no ip mroute-cache
shutdown
no cdp enable
!
interface Serial1/4
no ip address
no ip mroute-cache
shutdown
no cdp enable
!
interface Serial1/5
no ip address
no ip mroute-cache
shutdown
no cdp enable
!
interface Serial1/6
no ip address
no ip mroute-cache
shutdown
no cdp enable
!
interface Serial1/7
no ip address
no ip mroute-cache
shutdown
no cdp enable
!
interface Ethernet3/0
no ip address
no ip mroute-cache
shutdown
half-duplex
no cdp enable
!
interface Ethernet3/1
no ip address
shutdown
half-duplex
no cdp enable
!
interface Ethernet3/2
no ip address
shutdown
half-duplex
no cdp enable
!
interface Ethernet3/3
no ip address
shutdown
half-duplex
no cdp enable
!
interface Group-Async1
physical-layer async
description DialIn for Client-Bank
ip unnumbered FastEthernet0/0
ip nat inside
encapsulation slip
ip tcp header-compression passive
async mode interactive
peer default ip address pool pool1
!
ip classless
ip route 0.0.0.0 0.0.0.0 91.194.174.1
ip route 192.168.0.0 255.255.255.0 91.194.174.10
ip route 212.57.141.0 255.255.255.0 10.11.101.4
no ip http server
!
!
ip access-list extended ACLFOROUTSIDENAT
permit ip host 91.194.174.2 host 212.57.141.15 log
permit ip host 91.194.174.10 host 212.57.141.15 log
permit ip host 91.194.174.10 host 91.194.174.2 log
permit ip host 91.194.174.10 host 91.194.174.9 log
ip access-list extended inList
permit ip any any log
ip access-list extended inListAS
permit ip any any log
ip access-list extended outList
permit ip any any log
ip access-list extended outListAS
permit ip any any log
logging trap debugging
logging facility local0
logging 10.11.21.12
logging 10.11.21.2
logging 10.11.21.5
access-list 51 permit 10.11.21.5
access-list 51 permit 10.11.21.2
access-list 51 deny any
access-list 101 permit ip 10.11.21.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 101 deny ip any any
snmp-server community IgbjY RO 50
snmp-server community AleX RW 51
snmp-server location Engelsa 26 Main Server Room
snmp-server enable traps tty
snmp-server host 10.11.21.13 IgbjY
!
dial-peer cor custom
!
!
!
!
banner motd ^CC
Bank Snezhinskiy - Chelyabinsk
AstraST gateway
^C
!
line con 0
speed 115200
line 33
modem InOut
modem autoconfigure type usr_courier
transport input telnet
transport output none
autoselect ppp
stopbits 1
speed 1200
flowcontrol hardware
line aux 0
line vty 0 4
transport input telnet ssh
line vty 5 871
transport input telnet ssh
!
ntp clock-period 17179916
ntp server 10.11.100.1
end

И вот еще логи.
1.Лог когда мы пытаемся поднять туннель с нашей стороны:

08.05.2009 10:50 10.11.21.101 Debug 1192: 18:01:26: CryptoEngine0: delete connection 1
08.05.2009 10:50 10.11.21.101 Debug 1191: 18:01:26: ISAKMP (0:1): purging SA., sa=629D4FE4, delme=629D4FE4
08.05.2009 10:50 10.11.21.101 Debug 1190: 18:01:19: CRYPTO_ENGINE: key process suspended and continued
08.05.2009 10:50 10.11.21.101 Debug 1189: 18:01:19: CRYPTO_ENGINE: key process suspended and continued
08.05.2009 10:50 10.11.21.101 Debug 1188: 18:01:19: CRYPTO_ENGINE: key process suspended and continued
08.05.2009 10:50 10.11.21.101 Debug 1187: 18:01:18: CRYPTO_ENGINE: key process suspended and continued
08.05.2009 10:50 10.11.21.101 Debug 1186: 18:01:18: CRYPTO_ENGINE: key process suspended and continued
08.05.2009 10:50 10.11.21.101 Debug 1185: 18:01:18: CRYPTO_ENGINE: key process suspended and continued
08.05.2009 10:50 10.11.21.101 Debug 1184: 18:01:18: CRYPTO_ENGINE: key process suspended and continued
08.05.2009 10:50 10.11.21.101 Debug 1183: 18:01:18: CRYPTO_ENGINE: key process suspended and continued
08.05.2009 10:50 10.11.21.101 Debug 1182: 18:01:17: CRYPTO_ENGINE: key process suspended and continued
08.05.2009 10:50 10.11.21.101 Debug 1181: 18:01:17: CRYPTO_ENGINE: key process suspended and continued
08.05.2009 10:50 10.11.21.101 Debug 1180: 18:01:17: CRYPTO_ENGINE: key process suspended and continued
08.05.2009 10:50 10.11.21.101 Debug 1179: 18:01:17: CRYPTO_ENGINE: key process suspended and continued
08.05.2009 10:50 10.11.21.101 Debug 1178: 18:01:16: CRYPTO_ENGINE: key process suspended and continued
08.05.2009 10:50 10.11.21.101 Debug 1177: 18:01:16: ISAKMP (0:1): purging node -2075240952
08.05.2009 10:50 10.11.21.101 Debug 1176: 18:01:16: ISAKMP (0:1): purging node 194667289
08.05.2009 10:50 10.11.21.101 Debug 1175: 18:01:16: ISAKMP (0:1): purging node -478879984
08.05.2009 10:50 10.11.21.101 Debug 1174: 18:01:16: ISAKMP (0:1): purging node 734001570
08.05.2009 10:50 10.11.21.101 Debug 1173: 18:01:16: ISAKMP (0:1): purging node 1298460604
08.05.2009 10:50 10.11.21.101 Debug 1172: 18:01:16: ISAKMP (0:1): purging node -849228394
08.05.2009 10:50 10.11.21.101 Debug 1171: 18:01:16: CRYPTO_ENGINE: key process suspended and continued
08.05.2009 10:50 10.11.21.101 Debug 1170: 18:01:16: CRYPTO_ENGINE: key process suspended and continued
08.05.2009 10:50 10.11.21.101 Debug 1169: 18:01:16: CRYPTO_ENGINE: key process suspended and continued
08.05.2009 10:50 10.11.21.101 Debug 1168: 18:01:16: CRYPTO_ENGINE: key process suspended and continued
08.05.2009 10:50 10.11.21.101 Debug 1167: 18:01:15: CRYPTO_ENGINE: key process suspended and continued
08.05.2009 10:50 10.11.21.101 Debug 1166: 18:01:15: CRYPTO_ENGINE: key process suspended and continued
08.05.2009 10:50 10.11.21.101 Debug 1165: 18:01:15: CRYPTO_ENGINE: key process suspended and continued
08.05.2009 10:50 10.11.21.101 Debug 1164: 18:01:15: CryptoEngine0: CRYPTO_GEN_KEY_PAIR
08.05.2009 10:50 10.11.21.101 Debug 1163: 18:01:15: CryptoEngine0: generate key pair
08.05.2009 10:49 10.11.21.101 Debug 1162: 18:00:26: ISAKMP (0:1): deleting node -2075240952 error TRUE reason "QM_TIMER expired"
08.05.2009 10:49 10.11.21.101 Debug 1161: 18:00:26: ISAKMP (0:1): deleting node 194667289 error TRUE reason "QM_TIMER expired"
08.05.2009 10:49 10.11.21.101 Debug 1160: 18:00:26: ISAKMP (0:1): deleting node -478879984 error TRUE reason "QM_TIMER expired"
08.05.2009 10:49 10.11.21.101 Debug 1159: 18:00:26: ISAKMP (0:1): deleting node 734001570 error TRUE reason "QM_TIMER expired"
08.05.2009 10:49 10.11.21.101 Debug 1158: 18:00:26: ISAKMP (0:1): deleting node 1298460604 error TRUE reason "QM_TIMER expired"
08.05.2009 10:49 10.11.21.101 Debug 1157: 18:00:26: ISAKMP (0:1): deleting node -849228394 error TRUE reason "QM_TIMER expired"
08.05.2009 10:49 10.11.21.101 Debug 1156: 18:00:26: ISAKMP (0:1): deleting SA reason "QM_TIMER expired" state (I) MM_NO_STATE (peer 91.194.174.10) input queue 0
08.05.2009 10:49 10.11.21.101 Debug 1155:
08.05.2009 10:49 10.11.21.101 Debug 1154: 18:00:26: ISAKMP (0:1): peer does not do paranoid keepalives.
08.05.2009 10:49 10.11.21.101 Debug 1153: 18:00:26: ISAKMP: quick mode timer expired.
08.05.2009 10:49 10.11.21.101 Debug 1152: 18:00:02: ISAKMP (0:1): ignoring request to send delete notify (sa not authenticated) src 91.194.174.2 dst 91.194.174.10
08.05.2009 10:49 10.11.21.101 Debug 1151: 18:00:02: ISAKMP: received ke message (3/1)
08.05.2009 10:49 10.11.21.101 Debug 1150: remote_proxy= 192.168.0.0/255.255.255.0/0/0 (type=4)
08.05.2009 10:49 10.11.21.101 Debug 1149: local_proxy= 10.11.21.0/255.255.255.0/0/0 (type=4),
08.05.2009 10:49 10.11.21.101 Debug 1148: (identity) local= 91.194.174.2, remote= 91.194.174.10,
08.05.2009 10:49 10.11.21.101 Debug 1147: 18:00:02: IPSEC(key_engine): request timer fired: count = 2,
08.05.2009 10:49 10.11.21.101 Debug 1146: 17:59:32: ISAKMP (0:1): SA is still budding. Attached new ipsec request to it.
08.05.2009 10:49 10.11.21.101 Debug 1145: 17:59:32: ISAKMP: received ke message (1/1)
08.05.2009 10:49 10.11.21.101 Debug 1144: spi= 0x4FFE2E7B(1342058107), conn_id= 0, keysize= 0, flags= 0x400D
08.05.2009 10:49 10.11.21.101 Debug 1143: lifedur= 28800s and 4608000kb,
08.05.2009 10:49 10.11.21.101 Debug 1142: protocol= ESP, transform= esp-3des esp-md5-hmac ,
08.05.2009 10:49 10.11.21.101 Debug 1141: remote_proxy= 192.168.0.0/255.255.255.0/0/0 (type=4),
08.05.2009 10:49 10.11.21.101 Debug 1140: local_proxy= 10.11.21.0/255.255.255.0/0/0 (type=4),
08.05.2009 10:49 10.11.21.101 Debug 1139: (key eng. msg.) OUTBOUND local= 91.194.174.2, remote= 91.194.174.10,
08.05.2009 10:49 10.11.21.101 Debug 1138: 17:59:32: IPSEC(sa_request): ,
08.05.2009 10:49 10.11.21.101 Debug 1137: remote_proxy= 192.168.0.0/255.255.255.0/0/0 (type=4)
08.05.2009 10:49 10.11.21.101 Debug 1136: local_proxy= 10.11.21.0/255.255.255.0/0/0 (type=4),
08.05.2009 10:49 10.11.21.101 Debug 1135: (identity) local= 91.194.174.2, remote= 91.194.174.10,
08.05.2009 10:49 10.11.21.101 Debug 1134: 17:59:32: IPSEC(key_engine): request timer fired: count = 1,
08.05.2009 10:48 10.11.21.101 Debug 1133: 17:59:02: ISAKMP (0:1): SA is still budding. Attached new ipsec request to it.
08.05.2009 10:48 10.11.21.101 Debug 1132: 17:59:02: ISAKMP: received ke message (1/1)
08.05.2009 10:48 10.11.21.101 Debug 1131: spi= 0x5F6EE3B2(1601102770), conn_id= 0, keysize= 0, flags= 0x400D
08.05.2009 10:48 10.11.21.101 Debug 1130: lifedur= 28800s and 4608000kb,
08.05.2009 10:48 10.11.21.101 Debug 1129: protocol= ESP, transform= esp-3des esp-md5-hmac ,
08.05.2009 10:48 10.11.21.101 Debug 1128: ,
08.05.2009 10:48 10.11.21.101 Debug 1127: remote_proxy= 192.168.0.0/255.255.255.0/0/0 (type=4)
08.05.2009 10:48 10.11.21.101 Debug 1126: local_proxy= 10.11.21.0/255.255.255.0/0/0 (type=4),
08.05.2009 10:48 10.11.21.101 Debug 1125: (key eng. msg.) OUTBOUND local= 91.194.174.2, remote= 91.194.174.10,
08.05.2009 10:48 10.11.21.101 Debug 1124: 17:59:02: IPSEC(sa_request): ,
08.05.2009 10:48 10.11.21.101 Debug 1123: 17:59:02: ISAKMP (0:1): ignoring request to send delete notify (sa not authenticated) src 91.194.174.2 dst 91.194.174.10
08.05.2009 10:48 10.11.21.101 Debug 1122: 17:59:02: ISAKMP: received ke message (3/1)
08.05.2009 10:48 10.11.21.101 Debug 1121: remote_proxy= 192.168.0.0/255.255.255.0/0/0 (type=4)
08.05.2009 10:48 10.11.21.101 Debug 1120: local_proxy= 10.11.21.0/255.255.255.0/0/0 (type=4),
08.05.2009 10:48 10.11.21.101 Debug 1119: (identity) local= 91.194.174.2, remote= 91.194.174.10,
08.05.2009 10:48 10.11.21.101 Debug 1118: 17:59:02: IPSEC(key_engine): request timer fired: count = 2,
08.05.2009 10:48 10.11.21.101 Debug 1117: 17:58:32: ISAKMP (0:1): SA is still budding. Attached new ipsec request to it.
08.05.2009 10:48 10.11.21.101 Debug 1116: 17:58:32: ISAKMP: received ke message (1/1)
08.05.2009 10:48 10.11.21.101 Debug 1115: spi= 0x8C326DFF(2352115199), conn_id= 0, keysize= 0, flags= 0x400D
08.05.2009 10:48 10.11.21.101 Debug 1114: lifedur= 28800s and 4608000kb,
08.05.2009 10:48 10.11.21.101 Debug 1113: protocol= ESP, transform= esp-3des esp-md5-hmac ,
08.05.2009 10:48 10.11.21.101 Debug 1112: remote_proxy= 192.168.0.0/255.255.255.0/0/0 (type=4),
08.05.2009 10:48 10.11.21.101 Debug 1111: local_proxy= 10.11.21.0/255.255.255.0/0/0 (type=4),
08.05.2009 10:48 10.11.21.101 Debug 1110: (key eng. msg.) OUTBOUND local= 91.194.174.2, remote= 91.194.174.10,
08.05.2009 10:48 10.11.21.101 Debug 1109: 17:58:32: IPSEC(sa_request): ,
08.05.2009 10:48 10.11.21.101 Debug 1108: remote_proxy= 192.168.0.0/255.255.255.0/0/0 (type=4)
08.05.2009 10:48 10.11.21.101 Debug 1107: local_proxy= 10.11.21.0/255.255.255.0/0/0 (type=4),
08.05.2009 10:48 10.11.21.101 Debug 1106: (identity) local= 91.194.174.2, remote= 91.194.174.10,
08.05.2009 10:48 10.11.21.101 Debug 1105: 17:58:32: IPSEC(key_engine): request timer fired: count = 1,
08.05.2009 10:47 10.11.21.101 Debug 1104: 17:58:02: ISAKMP (0:1): SA is still budding. Attached new ipsec request to it.
08.05.2009 10:47 10.11.21.101 Debug 1103: 17:58:02: ISAKMP: received ke message (1/1)
08.05.2009 10:47 10.11.21.101 Debug 1102: spi= 0xE0C02CBD(3770690749), conn_id= 0, keysize= 0, flags= 0x400D
08.05.2009 10:47 10.11.21.101 Debug 1101: lifedur= 28800s and 4608000kb,
08.05.2009 10:47 10.11.21.101 Debug 1100: protocol= ESP, transform= esp-3des esp-md5-hmac ,
08.05.2009 10:47 10.11.21.101 Debug 1099: ,
08.05.2009 10:47 10.11.21.101 Debug 1098: remote_proxy= 192.168.0.0/255.255.255.0/0/0 (type=4)
08.05.2009 10:47 10.11.21.101 Debug 1097: local_proxy= 10.11.21.0/255.255.255.0/0/0 (type=4),
08.05.2009 10:47 10.11.21.101 Debug 1096: (key eng. msg.) OUTBOUND local= 91.194.174.2, remote= 91.194.174.10,
08.05.2009 10:47 10.11.21.101 Debug 1095: 17:58:02: IPSEC(sa_request): ,
08.05.2009 10:47 10.11.21.101 Debug 1094: 17:58:01: ISAKMP (0:1): ignoring request to send delete notify (sa not authenticated) src 91.194.174.2 dst 91.194.174.10
08.05.2009 10:47 10.11.21.101 Debug 1093: 17:58:01: ISAKMP: received ke message (3/1)
08.05.2009 10:47 10.11.21.101 Debug 1092: remote_proxy= 192.168.0.0/255.255.255.0/0/0 (type=4)
08.05.2009 10:47 10.11.21.101 Debug 1091: local_proxy= 10.11.21.0/255.255.255.0/0/0 (type=4),
08.05.2009 10:47 10.11.21.101 Debug 1090: (identity) local= 91.194.174.2, remote= 91.194.174.10,
08.05.2009 10:47 10.11.21.101 Debug 1089: 17:58:01: IPSEC(key_engine): request timer fired: count = 2,
08.05.2009 10:47 10.11.21.101 Debug 1088: 17:57:31: ISAKMP (0:1): SA is still budding. Attached new ipsec request to it.
08.05.2009 10:47 10.11.21.101 Debug 1087: 17:57:31: ISAKMP: received ke message (1/1)
08.05.2009 10:47 10.11.21.101 Debug 1086: spi= 0x80E452B8(2162447032), conn_id= 0, keysize= 0, flags= 0x400D
08.05.2009 10:47 10.11.21.101 Debug 1085: lifedur= 28800s and 4608000kb,
08.05.2009 10:47 10.11.21.101 Debug 1084: protocol= ESP, transform= esp-3des esp-md5-hmac ,
08.05.2009 10:47 10.11.21.101 Debug 1083: remote_proxy= 192.168.0.0/255.255.255.0/0/0 (type=4),
08.05.2009 10:47 10.11.21.101 Debug 1082: local_proxy= 10.11.21.0/255.255.255.0/0/0 (type=4),
08.05.2009 10:47 10.11.21.101 Debug 1081: (key eng. msg.) OUTBOUND local= 91.194.174.2, remote= 91.194.174.10,
08.05.2009 10:47 10.11.21.101 Debug 1080: 17:57:31: IPSEC(sa_request): ,
08.05.2009 10:47 10.11.21.101 Debug 1079: remote_proxy= 192.168.0.0/255.255.255.0/0/0 (type=4)
08.05.2009 10:47 10.11.21.101 Debug 1078: local_proxy= 10.11.21.0/255.255.255.0/0/0 (type=4),
08.05.2009 10:47 10.11.21.101 Debug 1077: (identity) local= 91.194.174.2, remote= 91.194.174.10,
08.05.2009 10:47 10.11.21.101 Debug 1076: 17:57:31: IPSEC(key_engine): request timer fired: count = 1,
08.05.2009 10:46 10.11.21.101 Info 1075: 17:57:01: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Informational mode failed with peer at 91.194.174.10
08.05.2009 10:46 10.11.21.101 Debug 1074: 17:57:01: ISAKMP (0:1): Notify has no hash. Rejected.
08.05.2009 10:46 10.11.21.101 Debug 1073: 17:57:01: ISAKMP (0:1): received packet from 91.194.174.10 (I) MM_NO_STATE
08.05.2009 10:46 10.11.21.101 Debug 1072: 17:57:01: ISAKMP (0:1): sending packet to 91.194.174.10 (I) MM_NO_STATE
08.05.2009 10:46 10.11.21.101 Debug 1071: 17:57:01: ISAKMP (0:1): beginning Main Mode exchange
08.05.2009 10:46 10.11.21.101 Debug 1070: 17:57:01: ISAKMP: local port 500, remote port 500
08.05.2009 10:46 10.11.21.101 Debug 1069: 17:57:01: ISAKMP: received ke message (1/1)
08.05.2009 10:46 10.11.21.101 Debug 1068: spi= 0x82E17A04(2195814916), conn_id= 0, keysize= 0, flags= 0x400D
08.05.2009 10:46 10.11.21.101 Debug 1067: lifedur= 28800s and 4608000kb,
08.05.2009 10:46 10.11.21.101 Debug 1066: protocol= ESP, transform= esp-3des esp-md5-hmac ,
08.05.2009 10:46 10.11.21.101 Debug 1065: remote_proxy= 192.168.0.0/255.255.255.0/0/0 (type=4),
08.05.2009 10:46 10.11.21.101 Debug 1064: local_proxy= 10.11.21.0/255.255.255.0/0/0 (type=4),
08.05.2009 10:46 10.11.21.101 Debug 1063: (key eng. msg.) OUTBOUND local= 91.194.174.2, remote= 91.194.174.10,
08.05.2009 10:46 10.11.21.101 Debug 1062: 17:57:01: IPSEC(sa_request): ,


2.Лог когда устанавливаем с их стороны:

08.05.2009 11:06 10.11.21.101 Debug 1399: 18:16:37: ISAKMP (0:1): no outgoing phase 1 packet to retransmit. MM_NO_STATE
08.05.2009 11:06 10.11.21.101 Debug 1398: 18:16:37: ISAKMP (0:1): incrementing error counter on sa: retransmit phase 1
08.05.2009 11:06 10.11.21.101 Debug 1397: 18:16:37: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE...
08.05.2009 11:06 10.11.21.101 Debug 1396: 18:16:37: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE...
08.05.2009 11:06 10.11.21.101 Debug 1395: 18:16:37: ISAKMP (0:1): retransmitting due to retransmit phase 1
08.05.2009 11:06 10.11.21.101 Debug 1394: 18:16:37: ISAKMP (0:1): phase 1 packet is a duplicate of a previous packet.
08.05.2009 11:06 10.11.21.101 Debug 1393: 18:16:37: ISAKMP (0:1): received packet from 91.194.174.10 (R) MM_NO_STATE
08.05.2009 11:05 10.11.21.101 Debug 1392: 18:15:57: ISAKMP (0:1): no outgoing phase 1 packet to retransmit. MM_NO_STATE
08.05.2009 11:05 10.11.21.101 Debug 1391: 18:15:57: ISAKMP (0:1): incrementing error counter on sa: retransmit phase 1
08.05.2009 11:05 10.11.21.101 Debug 1390: 18:15:57: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE...
08.05.2009 11:05 10.11.21.101 Debug 1389: 18:15:57: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE...
08.05.2009 11:05 10.11.21.101 Debug 1388: 18:15:57: ISAKMP (0:1): retransmitting due to retransmit phase 1
08.05.2009 11:05 10.11.21.101 Debug 1387: 18:15:57: ISAKMP (0:1): phase 1 packet is a duplicate of a previous packet.
08.05.2009 11:05 10.11.21.101 Debug 1386: 18:15:57: ISAKMP (0:1): received packet from 91.194.174.10 (R) MM_NO_STATE
08.05.2009 11:04 10.11.21.101 Debug 1385: 18:15:17: ISAKMP (0:1): no outgoing phase 1 packet to retransmit. MM_NO_STATE
08.05.2009 11:04 10.11.21.101 Debug 1384: 18:15:17: ISAKMP (0:1): incrementing error counter on sa: retransmit phase 1
08.05.2009 11:04 10.11.21.101 Debug 1383: 18:15:17: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE...
08.05.2009 11:04 10.11.21.101 Debug 1382: 18:15:17: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE...
08.05.2009 11:04 10.11.21.101 Debug 1381: 18:15:17: ISAKMP (0:1): retransmitting due to retransmit phase 1
08.05.2009 11:04 10.11.21.101 Debug 1380: 18:15:17: ISAKMP (0:1): phase 1 packet is a duplicate of a previous packet.
08.05.2009 11:04 10.11.21.101 Debug 1379: 18:15:17: ISAKMP (0:1): received packet from 91.194.174.10 (R) MM_NO_STATE
08.05.2009 11:04 10.11.21.101 Debug 1378: 18:14:37: ISAKMP (0:1): sending packet to 91.194.174.10 (R) MM_NO_STATE
08.05.2009 11:04 10.11.21.101 Info 1377: 18:14:37: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Main mode failed with peer at 91.194.174.10
08.05.2009 11:04 10.11.21.101 Debug 1376: 18:14:37: ISAKMP (0:1): incrementing error counter on sa: construct_fail_ag_init
08.05.2009 11:04 10.11.21.101 Debug 1375: 18:14:37: ISAKMP (0:1): phase 1 SA not acceptable!
08.05.2009 11:04 10.11.21.101 Debug 1374: 18:14:37: ISAKMP (0:1): no offers accepted!
08.05.2009 11:04 10.11.21.101 Debug 1373: 18:14:37: ISAKMP (0:1): atts are not acceptable. Next payload is 0
08.05.2009 11:04 10.11.21.101 Debug 1372: 18:14:37: ISAKMP (0:1): Encryption algorithm offered does not match policy!
08.05.2009 11:04 10.11.21.101 Debug 1371: 18:14:37: ISAKMP: default group 2
08.05.2009 11:04 10.11.21.101 Debug 1370: 18:14:37: ISAKMP: auth pre-share
08.05.2009 11:04 10.11.21.101 Debug 1369: 18:14:37: ISAKMP: hash MD5
08.05.2009 11:04 10.11.21.101 Debug 1368: 18:14:37: ISAKMP: encryption 3DES-CBC
08.05.2009 11:04 10.11.21.101 Debug 1367: 18:14:37: ISAKMP: life duration (basic) of 28800
08.05.2009 11:04 10.11.21.101 Debug 1366: 18:14:37: ISAKMP: life type in seconds
08.05.2009 11:04 10.11.21.101 Debug 1365: 18:14:37: ISAKMP (0:1): Checking ISAKMP transform 0 against priority 65535 policy
08.05.2009 11:04 10.11.21.101 Debug 1364: 18:14:37: ISAKMP (0:1): atts are not acceptable. Next payload is 0
08.05.2009 11:04 10.11.21.101 Debug 1363: 18:14:37: ISAKMP (0:1): Preshared authentication offered but does not match policy!
08.05.2009 11:04 10.11.21.101 Debug 1362: 18:14:37: ISAKMP: default group 2
08.05.2009 11:04 10.11.21.101 Debug 1361: 18:14:37: ISAKMP: auth pre-share
08.05.2009 11:04 10.11.21.101 Debug 1360: 18:14:37: ISAKMP: hash MD5
08.05.2009 11:04 10.11.21.101 Debug 1359: 18:14:37: ISAKMP: encryption 3DES-CBC
08.05.2009 11:04 10.11.21.101 Debug 1358: 18:14:37: ISAKMP: life duration (basic) of 28800
08.05.2009 11:04 10.11.21.101 Debug 1357: 18:14:37: ISAKMP: life type in seconds
08.05.2009 11:04 10.11.21.101 Debug 1356: 18:14:37: ISAKMP (0:1): Checking ISAKMP transform 0 against priority 10 policy
08.05.2009 11:04 10.11.21.101 Debug 1355: 18:14:37: ISAKMP (0:1): atts are not acceptable. Next payload is 0
08.05.2009 11:04 10.11.21.101 Debug 1354: 18:14:37: ISAKMP (0:1): Preshared authentication offered but does not match policy!
08.05.2009 11:04 10.11.21.101 Debug 1353: 18:14:37: ISAKMP: default group 2
08.05.2009 11:04 10.11.21.101 Debug 1352: 18:14:37: ISAKMP: auth pre-share
08.05.2009 11:04 10.11.21.101 Debug 1351: 18:14:37: ISAKMP: hash MD5
08.05.2009 11:04 10.11.21.101 Debug 1350: 18:14:37: ISAKMP: encryption 3DES-CBC
08.05.2009 11:04 10.11.21.101 Debug 1349: 18:14:37: ISAKMP: life duration (basic) of 28800
08.05.2009 11:04 10.11.21.101 Debug 1348: 18:14:37: ISAKMP: life type in seconds
08.05.2009 11:04 10.11.21.101 Debug 1347: 18:14:37: ISAKMP (0:1): Checking ISAKMP transform 0 against priority 1 policy
08.05.2009 11:04 10.11.21.101 Debug 1346: 18:14:37: ISAKMP (0:1): No pre-shared key with 91.194.174.10!
08.05.2009 11:04 10.11.21.101 Debug 1345: 18:14:37: ISAKMP (0:1): processing SA payload. message ID = 0
08.05.2009 11:04 10.11.21.101 Debug 1344: 18:14:37: ISAKMP: local port 500, remote port 500
08.05.2009 11:04 10.11.21.101 Debug 1343: 18:14:37: ISAKMP (0:0): received packet from 91.194.174.10 (N) NEW SA
08.05.2009 11:03 10.11.21.101 Debug 1342: 18:14:17: CryptoEngine0: delete connection 1
08.05.2009 11:03 10.11.21.101 Debug 1341: 18:14:17: ISAKMP (0:1): purging SA., sa=625C1520, delme=625C1520
08.05.2009 11:03 10.11.21.101 Debug 1340: 18:13:56: ISAKMP (0:1): received packet from 91.194.174.10 (R) MM_NO_STATE
08.05.2009 11:02 10.11.21.101 Debug 1339: 18:13:17: ISAKMP (0:1): deleting SA reason "death by retransmission P1" state (R) MM_NO_STATE (peer 91.194.174.10) input queue 0
08.05.2009 11:02 10.11.21.101 Debug 1338:
08.05.2009 11:02 10.11.21.101 Debug 1337: 18:13:17: ISAKMP (0:1): peer does not do paranoid keepalives.
08.05.2009 11:02 10.11.21.101 Debug 1336: 18:13:17: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE...
08.05.2009 11:02 10.11.21.101 Debug 1335: 18:13:16: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE...
08.05.2009 11:02 10.11.21.101 Debug 1334: 18:13:16: ISAKMP (0:1): retransmitting due to retransmit phase 1
08.05.2009 11:02 10.11.21.101 Debug 1333: 18:13:16: ISAKMP (0:1): phase 1 packet is a duplicate of a previous packet.
08.05.2009 11:02 10.11.21.101 Debug 1332: 18:13:16: ISAKMP (0:1): received packet from 91.194.174.10 (R) MM_NO_STATE
08.05.2009 11:02 10.11.21.101 Debug 1331: 18:12:37: ISAKMP (0:1): no outgoing phase 1 packet to retransmit. MM_NO_STATE
08.05.2009 11:02 10.11.21.101 Debug 1330: 18:12:37: ISAKMP (0:1): incrementing error counter on sa: retransmit phase 1
08.05.2009 11:02 10.11.21.101 Debug 1329: 18:12:37: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE...
08.05.2009 11:02 10.11.21.101 Debug 1328: 18:12:36: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE...
08.05.2009 11:02 10.11.21.101 Debug 1327: 18:12:36: ISAKMP (0:1): retransmitting due to retransmit phase 1
08.05.2009 11:02 10.11.21.101 Debug 1326: 18:12:36: ISAKMP (0:1): phase 1 packet is a duplicate of a previous packet.
08.05.2009 11:02 10.11.21.101 Debug 1325: 18:12:36: ISAKMP (0:1): received packet from 91.194.174.10 (R) MM_NO_STATE
08.05.2009 11:01 10.11.21.101 Debug 1324: 18:11:57: ISAKMP (0:1): no outgoing phase 1 packet to retransmit. MM_NO_STATE
08.05.2009 11:01 10.11.21.101 Debug 1323: 18:11:57: ISAKMP (0:1): incrementing error counter on sa: retransmit phase 1
08.05.2009 11:01 10.11.21.101 Debug 1322: 18:11:57: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE...
08.05.2009 11:01 10.11.21.101 Debug 1321: 18:11:56: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE...
08.05.2009 11:01 10.11.21.101 Debug 1320: 18:11:56: ISAKMP (0:1): retransmitting due to retransmit phase 1
08.05.2009 11:01 10.11.21.101 Debug 1319: 18:11:56: ISAKMP (0:1): phase 1 packet is a duplicate of a previous packet.
08.05.2009 11:01 10.11.21.101 Debug 1318: 18:11:56: ISAKMP (0:1): received packet from 91.194.174.10 (R) MM_NO_STATE
08.05.2009 11:00 10.11.21.101 Debug 1317: 18:11:17: ISAKMP (0:1): no outgoing phase 1 packet to retransmit. MM_NO_STATE
08.05.2009 11:00 10.11.21.101 Debug 1316: 18:11:17: ISAKMP (0:1): incrementing error counter on sa: retransmit phase 1
08.05.2009 11:00 10.11.21.101 Debug 1315: 18:11:17: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE...
08.05.2009 11:00 10.11.21.101 Debug 1314: 18:11:16: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE...
08.05.2009 11:00 10.11.21.101 Debug 1313: 18:11:16: ISAKMP (0:1): retransmitting due to retransmit phase 1
08.05.2009 11:00 10.11.21.101 Debug 1312: 18:11:16: ISAKMP (0:1): phase 1 packet is a duplicate of a previous packet.
08.05.2009 11:00 10.11.21.101 Debug 1311: 18:11:16: ISAKMP (0:1): received packet from 91.194.174.10 (R) MM_NO_STATE
08.05.2009 11:00 10.11.21.101 Debug 1310: 18:10:37: ISAKMP (0:1): no outgoing phase 1 packet to retransmit. MM_NO_STATE
08.05.2009 11:00 10.11.21.101 Debug 1309: 18:10:37: ISAKMP (0:1): incrementing error counter on sa: retransmit phase 1
08.05.2009 11:00 10.11.21.101 Debug 1308: 18:10:37: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE...
08.05.2009 11:00 10.11.21.101 Debug 1307: 18:10:36: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE...
08.05.2009 11:00 10.11.21.101 Debug 1306: 18:10:36: ISAKMP (0:1): retransmitting due to retransmit phase 1
08.05.2009 11:00 10.11.21.101 Debug 1305: 18:10:36: ISAKMP (0:1): phase 1 packet is a duplicate of a previous packet.
08.05.2009 11:00 10.11.21.101 Debug 1304: 18:10:36: ISAKMP (0:1): received packet from 91.194.174.10 (R) MM_NO_STATE
08.05.2009 10:59 10.11.21.101 Debug 1303: 18:09:56: ISAKMP (0:1): sending packet to 91.194.174.10 (R) MM_NO_STATE
08.05.2009 10:59 10.11.21.101 Info 1302: 18:09:56: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Main mode failed with peer at 91.194.174.10
08.05.2009 10:59 10.11.21.101 Debug 1301: 18:09:56: ISAKMP (0:1): incrementing error counter on sa: construct_fail_ag_init
08.05.2009 10:59 10.11.21.101 Debug 1300: 18:09:56: ISAKMP (0:1): phase 1 SA not acceptable!
08.05.2009 10:59 10.11.21.101 Debug 1299: 18:09:56: ISAKMP (0:1): no offers accepted!
08.05.2009 10:59 10.11.21.101 Debug 1298: 18:09:56: ISAKMP (0:1): atts are not acceptable. Next payload is 0
08.05.2009 10:59 10.11.21.101 Debug 1297: 18:09:56: ISAKMP (0:1): Encryption algorithm offered does not match policy!
08.05.2009 10:59 10.11.21.101 Debug 1296: 18:09:56: ISAKMP: default group 2
08.05.2009 10:59 10.11.21.101 Debug 1295: 18:09:56: ISAKMP: auth pre-share
08.05.2009 10:59 10.11.21.101 Debug 1294: 18:09:56: ISAKMP: hash MD5
08.05.2009 10:59 10.11.21.101 Debug 1293: 18:09:56: ISAKMP: encryption 3DES-CBC
08.05.2009 10:59 10.11.21.101 Debug 1292: 18:09:56: ISAKMP: life duration (basic) of 28800
08.05.2009 10:59 10.11.21.101 Debug 1291: 18:09:56: ISAKMP: life type in seconds
08.05.2009 10:59 10.11.21.101 Debug 1290: 18:09:56: ISAKMP (0:1): Checking ISAKMP transform 0 against priority 65535 policy
08.05.2009 10:59 10.11.21.101 Debug 1289: 18:09:56: ISAKMP (0:1): atts are not acceptable. Next payload is 0
08.05.2009 10:59 10.11.21.101 Debug 1288: 18:09:56: ISAKMP (0:1): Preshared authentication offered but does not match policy!
08.05.2009 10:59 10.11.21.101 Debug 1287: 18:09:56: ISAKMP: default group 2
08.05.2009 10:59 10.11.21.101 Debug 1286: 18:09:56: ISAKMP: auth pre-share
08.05.2009 10:59 10.11.21.101 Debug 1285: 18:09:56: ISAKMP: hash MD5
08.05.2009 10:59 10.11.21.101 Debug 1284: 18:09:56: ISAKMP: encryption 3DES-CBC
08.05.2009 10:59 10.11.21.101 Debug 1283: 18:09:56: ISAKMP: life duration (basic) of 28800
08.05.2009 10:59 10.11.21.101 Debug 1282: 18:09:56: ISAKMP: life type in seconds
08.05.2009 10:59 10.11.21.101 Debug 1281: 18:09:56: ISAKMP (0:1): Checking ISAKMP transform 0 against priority 10 policy
08.05.2009 10:59 10.11.21.101 Debug 1280: 18:09:56: ISAKMP (0:1): atts are not acceptable. Next payload is 0
08.05.2009 10:59 10.11.21.101 Debug 1279: 18:09:56: ISAKMP (0:1): Preshared authentication offered but does not match policy!
08.05.2009 10:59 10.11.21.101 Debug 1278: 18:09:56: ISAKMP: default group 2
08.05.2009 10:59 10.11.21.101 Debug 1277: 18:09:56: ISAKMP: auth pre-share
08.05.2009 10:59 10.11.21.101 Debug 1276: 18:09:56: ISAKMP: hash MD5
08.05.2009 10:59 10.11.21.101 Debug 1275: 18:09:56: ISAKMP: encryption 3DES-CBC
08.05.2009 10:59 10.11.21.101 Debug 1274: 18:09:56: ISAKMP: life duration (basic) of 28800
08.05.2009 10:59 10.11.21.101 Debug 1273: 18:09:56: ISAKMP: life type in seconds
08.05.2009 10:59 10.11.21.101 Debug 1272: 18:09:56: ISAKMP (0:1): Checking ISAKMP transform 0 against priority 1 policy
08.05.2009 10:59 10.11.21.101 Debug 1271: 18:09:56: ISAKMP (0:1): No pre-shared key with 91.194.174.10!
08.05.2009 10:59 10.11.21.101 Debug 1270: 18:09:56: ISAKMP (0:1): processing SA payload. message ID = 0
08.05.2009 10:59 10.11.21.101 Debug 1269: 18:09:56: ISAKMP: local port 500, remote port 500
08.05.2009 10:59 10.11.21.101 Debug 1268: 18:09:56: ISAKMP (0:0): received packet from 91.194.174.10 (N) NEW SA
08.05.2009 10:59 10.11.21.101 Debug 1267: 18:09:37: CryptoEngine0: delete connection 1
08.05.2009 10:59 10.11.21.101 Debug 1266: 18:09:37: ISAKMP (0:1): purging SA., sa=629D4FE4, delme=629D4FE4
08.05.2009 10:58 10.11.21.101 Debug 1265: 18:09:16: ISAKMP (0:1): received packet from 91.194.174.10 (R) MM_NO_STATE
08.05.2009 10:58 10.11.21.101 Debug 1264: 18:08:37: ISAKMP (0:1): deleting SA reason "death by retransmission P1" state (R) MM_NO_STATE (peer 91.194.174.10) input queue 0
08.05.2009 10:58 10.11.21.101 Debug 1263:
08.05.2009 10:58 10.11.21.101 Debug 1262: 18:08:37: ISAKMP (0:1): peer does not do paranoid keepalives.
08.05.2009 10:58 10.11.21.101 Debug 1261: 18:08:37: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE...
08.05.2009 10:58 10.11.21.101 Debug 1260: 18:08:36: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE...
08.05.2009 10:58 10.11.21.101 Debug 1259: 18:08:36: ISAKMP (0:1): retransmitting due to retransmit phase 1
08.05.2009 10:58 10.11.21.101 Debug 1258: 18:08:36: ISAKMP (0:1): phase 1 packet is a duplicate of a previous packet.
08.05.2009 10:58 10.11.21.101 Debug 1257: 18:08:36: ISAKMP (0:1): received packet from 91.194.174.10 (R) MM_NO_STATE
08.05.2009 10:57 10.11.21.101 Debug 1256: 18:07:57: ISAKMP (0:1): no outgoing phase 1 packet to retransmit. MM_NO_STATE
08.05.2009 10:57 10.11.21.101 Debug 1255: 18:07:57: ISAKMP (0:1): incrementing error counter on sa: retransmit phase 1
08.05.2009 10:57 10.11.21.101 Debug 1254: 18:07:57: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE...
08.05.2009 10:57 10.11.21.101 Debug 1253: 18:07:56: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE...
08.05.2009 10:57 10.11.21.101 Debug 1252: 18:07:56: ISAKMP (0:1): retransmitting due to retransmit phase 1
08.05.2009 10:57 10.11.21.101 Debug 1251: 18:07:56: ISAKMP (0:1): phase 1 packet is a duplicate of a previous packet.
08.05.2009 10:57 10.11.21.101 Debug 1250: 18:07:56: ISAKMP (0:1): received packet from 91.194.174.10 (R) MM_NO_STATE
08.05.2009 10:56 10.11.21.101 Debug 1249: 18:07:17: ISAKMP (0:1): no outgoing phase 1 packet to retransmit. MM_NO_STATE
08.05.2009 10:56 10.11.21.101 Debug 1248: 18:07:17: ISAKMP (0:1): incrementing error counter on sa: retransmit phase 1
08.05.2009 10:56 10.11.21.101 Debug 1247: 18:07:17: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE...
08.05.2009 10:56 10.11.21.101 Debug 1246: 18:07:16: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE...
08.05.2009 10:56 10.11.21.101 Debug 1245: 18:07:16: ISAKMP (0:1): retransmitting due to retransmit phase 1
08.05.2009 10:56 10.11.21.101 Debug 1244: 18:07:16: ISAKMP (0:1): phase 1 packet is a duplicate of a previous packet.
08.05.2009 10:56 10.11.21.101 Debug 1243: 18:07:16: ISAKMP (0:1): received packet from 91.194.174.10 (R) MM_NO_STATE
08.05.2009 10:56 10.11.21.101 Debug 1242: 18:06:37: ISAKMP (0:1): no outgoing phase 1 packet to retransmit. MM_NO_STATE
08.05.2009 10:56 10.11.21.101 Debug 1241: 18:06:37: ISAKMP (0:1): incrementing error counter on sa: retransmit phase 1
08.05.2009 10:56 10.11.21.101 Debug 1240: 18:06:37: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE...
08.05.2009 10:56 10.11.21.101 Debug 1239: 18:06:36: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE...
08.05.2009 10:56 10.11.21.101 Debug 1238: 18:06:36: ISAKMP (0:1): retransmitting due to retransmit phase 1
08.05.2009 10:56 10.11.21.101 Debug 1237: 18:06:36: ISAKMP (0:1): phase 1 packet is a duplicate of a previous packet.
08.05.2009 10:56 10.11.21.101 Debug 1236: 18:06:36: ISAKMP (0:1): received packet from 91.194.174.10 (R) MM_NO_STATE
08.05.2009 10:55 10.11.21.101 Debug 1235: 18:06:17: ISAKMP (0:1): no outgoing phase 1 packet to retransmit. MM_NO_STATE
08.05.2009 10:55 10.11.21.101 Debug 1234: 18:06:17: ISAKMP (0:1): incrementing error counter on sa: retransmit phase 1
08.05.2009 10:55 10.11.21.101 Debug 1233: 18:06:17: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE...
08.05.2009 10:55 10.11.21.101 Debug 1232: 18:06:16: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE...
08.05.2009 10:55 10.11.21.101 Debug 1231: 18:06:16: ISAKMP (0:1): retransmitting due to retransmit phase 1
08.05.2009 10:55 10.11.21.101 Debug 1230: 18:06:16: ISAKMP (0:1): phase 1 packet is a duplicate of a previous packet.
08.05.2009 10:55 10.11.21.101 Debug 1229: 18:06:16: ISAKMP (0:1): received packet from 91.194.174.10 (R) MM_NO_STATE
08.05.2009 10:55 10.11.21.101 Debug 1228: 18:06:06: ISAKMP (0:1): sending packet to 91.194.174.10 (R) MM_NO_STATE
08.05.2009 10:55 10.11.21.101 Info 1227: 18:06:06: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Main mode failed with peer at 91.194.174.10
08.05.2009 10:55 10.11.21.101 Debug 1226: 18:06:06: ISAKMP (0:1): incrementing error counter on sa: construct_fail_ag_init
08.05.2009 10:55 10.11.21.101 Debug 1225: 18:06:06: ISAKMP (0:1): phase 1 SA not acceptable!
08.05.2009 10:55 10.11.21.101 Debug 1224: 18:06:06: ISAKMP (0:1): no offers accepted!
08.05.2009 10:55 10.11.21.101 Debug 1223: 18:06:06: ISAKMP (0:1): atts are not acceptable. Next payload is 0
08.05.2009 10:55 10.11.21.101 Debug 1222: 18:06:06: ISAKMP (0:1): Encryption algorithm offered does not match policy!
08.05.2009 10:55 10.11.21.101 Debug 1221: 18:06:06: ISAKMP: default group 2
08.05.2009 10:55 10.11.21.101 Debug 1220: 18:06:06: ISAKMP: auth pre-share
08.05.2009 10:55 10.11.21.101 Debug 1219: 18:06:06: ISAKMP: hash MD5
08.05.2009 10:55 10.11.21.101 Debug 1218: 18:06:06: ISAKMP: encryption 3DES-CBC
08.05.2009 10:55 10.11.21.101 Debug 1217: 18:06:06: ISAKMP: life duration (basic) of 28800
08.05.2009 10:55 10.11.21.101 Debug 1216: 18:06:06: ISAKMP: life type in seconds
08.05.2009 10:55 10.11.21.101 Debug 1215: 18:06:06: ISAKMP (0:1): Checking ISAKMP transform 0 against priority 65535 policy
08.05.2009 10:55 10.11.21.101 Debug 1214: 18:06:06: ISAKMP (0:1): atts are not acceptable. Next payload is 0
08.05.2009 10:55 10.11.21.101 Debug 1213: 18:06:06: ISAKMP (0:1): Preshared authentication offered but does not match policy!
08.05.2009 10:55 10.11.21.101 Debug 1212: 18:06:06: ISAKMP: default group 2
08.05.2009 10:55 10.11.21.101 Debug 1211: 18:06:06: ISAKMP: auth pre-share
08.05.2009 10:55 10.11.21.101 Debug 1210: 18:06:06: ISAKMP: hash MD5
08.05.2009 10:55 10.11.21.101 Debug 1209: 18:06:06: ISAKMP: encryption 3DES-CBC
08.05.2009 10:55 10.11.21.101 Debug 1208: 18:06:06: ISAKMP: life duration (basic) of 28800
08.05.2009 10:55 10.11.21.101 Debug 1207: 18:06:06: ISAKMP: life type in seconds
08.05.2009 10:55 10.11.21.101 Debug 1206: 18:06:06: ISAKMP (0:1): Checking ISAKMP transform 0 against priority 10 policy
08.05.2009 10:55 10.11.21.101 Debug 1205: 18:06:06: ISAKMP (0:1): atts are not acceptable. Next payload is 0
08.05.2009 10:55 10.11.21.101 Debug 1204: 18:06:06: ISAKMP (0:1): Preshared authentication offered but does not match policy!
08.05.2009 10:55 10.11.21.101 Debug 1203: 18:06:06: ISAKMP: default group 2
08.05.2009 10:55 10.11.21.101 Debug 1202: 18:06:06: ISAKMP: auth pre-share
08.05.2009 10:55 10.11.21.101 Debug 1201: 18:06:06: ISAKMP: hash MD5
08.05.2009 10:55 10.11.21.101 Debug 1200: 18:06:06: ISAKMP: encryption 3DES-CBC
08.05.2009 10:55 10.11.21.101 Debug 1199: 18:06:06: ISAKMP: life duration (basic) of 28800
08.05.2009 10:55 10.11.21.101 Debug 1198: 18:06:06: ISAKMP: life type in seconds
08.05.2009 10:55 10.11.21.101 Debug 1197: 18:06:06: ISAKMP (0:1): Checking ISAKMP transform 0 against priority 1 policy
08.05.2009 10:55 10.11.21.101 Debug 1196: 18:06:06: ISAKMP (0:1): No pre-shared key with 91.194.174.10!
08.05.2009 10:55 10.11.21.101 Debug 1195: 18:06:06: ISAKMP (0:1): processing SA payload. message ID = 0
08.05.2009 10:55 10.11.21.101 Debug 1194: 18:06:06: ISAKMP: local port 500, remote port 500
08.05.2009 10:55 10.11.21.101 Debug 1193: 18:06:06: ISAKMP (0:0): received packet from 91.194.174.10 (N) NEW SA


12 май 2009, 12:03
Профиль
Супермодератор

Зарегистрирован: 01 окт 2008, 12:24
Сообщения: 4436
Для начала поменяйте вот это
crypto isakmp key 1234567890 hostname 91.194.174.10

вот на это
crypto isakmp key 1234567890 address 91.194.174.10 no-xauth

и добавьте на всякий случай (вообще должно по дефолту идти)
crypto isakmp identity address

И расскажите, что изменилось


12 май 2009, 14:30
Профиль

Зарегистрирован: 27 ноя 2008, 11:36
Сообщения: 308
Извините за молчание, немного был в отъезде.

После того как применил ваши команды, имею следующую картину:

Когда инициализирую канал с нашей стороны всё в порядке, он поднимается и всё работает.

Когда же они пытаются сделать это со своей стороны в логах получаю ошибку:
15.05.2009 16:07 10.11.21.101 Debug 8932: 1w0d: IPSEC(decapsulate): error in decapsulation crypto_ipsec_sa_exists
15.05.2009 16:07 10.11.21.101 Debug 8931: 1w0d: ISAKMP: ignoring request to send delete notify (no ISAKMP sa) src 91.194.174.2 dst 91.194.174.10 for SPI 0x659250A6
15.05.2009 16:07 10.11.21.101 Debug 8930: 1w0d: ISAKMP: received ke message (3/1)
15.05.2009 16:07 10.11.21.101 Debug 8929: 1w0d: ISAKMP: ignoring request to send delete notify (no ISAKMP sa) src 91.194.174.2 dst 91.194.174.10 for SPI 0x659250A6
15.05.2009 16:07 10.11.21.101 Debug 8928: 1w0d: ISAKMP: received ke message (3/1)
15.05.2009 16:07 10.11.21.101 Debug 8927: 1w0d: ISAKMP: ignoring request to send delete notify (no ISAKMP sa) src 91.194.174.2 dst 91.194.174.10 for SPI 0x659250A6
15.05.2009 16:07 10.11.21.101 Debug 8926: 1w0d: ISAKMP: received ke message (3/1)
15.05.2009 16:07 10.11.21.101 Debug 8925: 1w0d: ISAKMP: ignoring request to send delete notify (no ISAKMP sa) src 91.194.174.2 dst 91.194.174.10 for SPI 0x659250A6
15.05.2009 16:07 10.11.21.101 Debug 8924: 1w0d: ISAKMP: received ke message (3/1)
15.05.2009 16:07 10.11.21.101 Debug 8923: 1w0d: ISAKMP: ignoring request to send delete notify (no ISAKMP sa) src 91.194.174.2 dst 91.194.174.10 for SPI 0x659250A6
15.05.2009 16:07 10.11.21.101 Debug 8922: 1w0d: ISAKMP: received ke message (3/1)
15.05.2009 16:07 10.11.21.101 Debug 8921: 1w0d: ISAKMP: ignoring request to send delete notify (no ISAKMP sa) src 91.194.174.2 dst 91.194.174.10 for SPI 0x659250A6
15.05.2009 16:07 10.11.21.101 Debug 8920: 1w0d: ISAKMP: received ke message (3/1)
15.05.2009 16:07 10.11.21.101 Debug 8919: 1w0d: ISAKMP: ignoring request to send delete notify (no ISAKMP sa) src 91.194.174.2 dst 91.194.174.10 for SPI 0x659250A6
15.05.2009 16:07 10.11.21.101 Debug 8918: 1w0d: ISAKMP: received ke message (3/1)
15.05.2009 16:07 10.11.21.101 Debug 8917: 1w0d: ISAKMP: ignoring request to send delete notify (no ISAKMP sa) src 91.194.174.2 dst 91.194.174.10 for SPI 0x659250A6
15.05.2009 16:07 10.11.21.101 Debug 8916: 1w0d: ISAKMP: received ke message (3/1)
15.05.2009 16:07 10.11.21.101 Warning 8915: destaddr=91.194.174.2, prot=50, spi=0x659250A6(1704087718), srcaddr=91.194.174.10
15.05.2009 16:07 10.11.21.101 Warning 8914: 1w0d: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for
15.05.2009 16:06 10.11.21.101 Debug 8913: 1w0d: CRYPTO_ENGINE: key process suspended and continued
15.05.2009 16:06 10.11.21.101 Debug 8912: 1w0d: CRYPTO_ENGINE: key process suspended and continued
15.05.2009 16:06 10.11.21.101 Debug 8911: 1w0d: CRYPTO_ENGINE: key process suspended and continued


15 май 2009, 13:13
Профиль

Зарегистрирован: 27 ноя 2008, 11:36
Сообщения: 308
Видимо данная ситуация возникает когда роутер уже уметвил канал у себя а оборудование на той стороне этого не сделало. Мы это установили экспериментальным путем. Хотя вот странно такие вещи делаю, а что стоит с той стороны не говорят.

А вот возможна ли настройка чтобы при отсутствии трафика канал не умирал ?


15 май 2009, 13:58
Профиль

Зарегистрирован: 15 май 2009, 17:52
Сообщения: 4
Может глупость сморожу, но!
Например поднять sa timeout-ы чтобы канал так быстро не ложился.
Или настроить все через tunnel и поднять на tunnel keepalive.


15 май 2009, 17:58
Профиль
Супермодератор

Зарегистрирован: 01 окт 2008, 12:24
Сообщения: 4436
Проще: канал сам по себе НЕ умирает. Он умирает только когда включена технология isakmp keepalive.

Я её у вас не увидел. Странно, что циска отказывается канал поставить. МОжет трафик не тот? ACL симметричны?


15 май 2009, 20:43
Профиль

Зарегистрирован: 27 ноя 2008, 11:36
Сообщения: 308
Такая ситуация возникает когда с нашей стороны туннель уже отсутствует на оборудовании. А со стороны контрагента еще нет. При отсутствии трафика туннель должен отключаться, или я не прав ?


18 май 2009, 05:37
Профиль

Зарегистрирован: 13 май 2009, 13:19
Сообщения: 8
alex0000007 писал(а):
Такая ситуация возникает когда с нашей стороны туннель уже отсутствует на оборудовании. А со стороны контрагента еще нет. При отсутствии трафика туннель должен отключаться, или я не прав ?


он как бы "умирает" по таймауту, когда траффик перестает ходить, но как я заметил даже при наличии траффика, туннель "дохнет", хотя данные продолжают передаваться.


18 май 2009, 08:01
Профиль

Зарегистрирован: 13 май 2009, 13:19
Сообщения: 8
к примеру вот так:

2009-05-18 10:54:38: INFO: ISAKMP-SA established хх.хх.хх.хх[500]-уу.уу.уу.уу[500]
2009-05-18 10:55:37: INFO: ISAKMP-SA expired хх.хх.хх.хх[500]-уу.уу.уу.уу[500]
2009-05-18 10:55:38: INFO: ISAKMP-SA deleted хх.хх.хх.хх[500]-уу.уу.уу.уу[500]


18 май 2009, 08:04
Профиль
Супермодератор

Зарегистрирован: 01 окт 2008, 12:24
Сообщения: 4436
ISAKMP - это первичный туннель. Данные по нему не ходят. Они ходят по вторичному (IPSec или ESP, не знаю как называется у вас).


18 май 2009, 11:02
Профиль

Зарегистрирован: 27 ноя 2008, 11:36
Сообщения: 308
Огромное спасибо.
На тестовом стенде всё отладил и всё было хорошо. Теперь когда пошел ставить эту штуку в боевой режим получил вот такой лог:

cisco_chel.log:May 21 10:55:39 10.11.21.101 15545: 1w6d: ISAKMP (0:1): deleting SA reason "P1 delete notify (in)" state (R) QM_IDLE (peer 91.1
94.174.10) input queue 0
cisco_chel.log:May 21 10:55:39 10.11.21.101 15546: 1w6d: ISAKMP (0:1): deleting node 1820516887 error FALSE reason "P1 delete notify (in)"
cisco_chel.log:May 21 10:56:28 10.11.21.101 15547: 1w6d: ISAKMP (0:1): purging node -2013509273
cisco_chel.log:May 21 10:56:28 10.11.21.101 15548: 1w6d: ISAKMP (0:1): purging node 1820516887
cisco_chel.log:May 21 10:56:39 10.11.21.101 15549: 1w6d: ISAKMP (0:1): purging SA., sa=62315E9C, delme=62315E9C
cisco_chel.log:May 21 10:56:39 10.11.21.101 15550: 1w6d: CryptoEngine0: delete connection 1
cisco_chel.log:May 21 10:58:28 10.11.21.101 15551: 1w6d: CRYPTO: Packet dropped because of an incomplete cryptomap
cisco_chel.log:May 21 10:58:28 10.11.21.101 15552: 1w6d: CRYPTO: Packet dropped because of an incomplete cryptomap
cisco_chel.log:May 21 10:58:29 10.11.21.101 15553: 1w6d: CRYPTO: Packet dropped because of an incomplete cryptomap
cisco_chel.log:May 21 10:58:32 10.11.21.101 15554: 1w6d: CRYPTO: Packet dropped because of an incomplete cryptomap
cisco_chel.log:May 21 10:58:33 10.11.21.101 15555: 1w6d: CRYPTO: Packet dropped because of an incomplete cryptomap
cisco_chel.log:May 21 10:58:38 10.11.21.101 15556: 1w6d: %SYS-5-CONFIG_I: Configured from console by akrylov on vty0 (10.11.21.5)
cisco_chel.log:May 21 11:07:28 10.11.21.101 15557: 1w6d: CryptoEngine0: generate key pair
cisco_chel.log:May 21 11:07:28 10.11.21.101 15558: 1w6d: CryptoEngine0: CRYPTO_GEN_KEY_PAIR
cisco_chel.log:May 21 11:07:28 10.11.21.101 15559: 1w6d: CRYPTO_ENGINE: key process suspended and continued
cisco_chel.log:May 21 11:07:28 10.11.21.101 15560: 1w6d: CRYPTO_ENGINE: key process suspended and continued
cisco_chel.log:May 21 11:07:28 10.11.21.101 15561: 1w6d: CRYPTO_ENGINE: key process suspended and continued
cisco_chel.log:May 21 11:07:28 10.11.21.101 15562: 1w6d: CRYPTO_ENGINE: key process suspended and continued
cisco_chel.log:May 21 11:29:10 10.11.21.101 15563: 1w6d: ISAKMP (0:0): received packet from 195.16.74.78 (N) NEW SA
cisco_chel.log:May 21 11:29:10 10.11.21.101 15564: 1w6d: ISAKMP: local port 500, remote port 500
cisco_chel.log:May 21 11:29:10 10.11.21.101 15565: 1w6d: ISAKMP (0:1): processing SA payload. message ID = 0
cisco_chel.log:May 21 11:29:10 10.11.21.101 15566: 1w6d: ISAKMP (0:1): found peer pre-shared key matching 195.16.74.78
cisco_chel.log:May 21 11:29:10 10.11.21.101 15567: 1w6d: ISAKMP (0:1): Checking ISAKMP transform 0 against priority 1 policy
cisco_chel.log:May 21 11:29:10 10.11.21.101 15568: 1w6d: ISAKMP: life type in seconds
cisco_chel.log:May 21 11:29:10 10.11.21.101 15569: 1w6d: ISAKMP: life duration (basic) of 28800
cisco_chel.log:May 21 11:29:10 10.11.21.101 15570: 1w6d: ISAKMP: encryption 3DES-CBC
cisco_chel.log:May 21 11:29:10 10.11.21.101 15571: 1w6d: ISAKMP: hash MD5
cisco_chel.log:May 21 11:29:10 10.11.21.101 15572: 1w6d: ISAKMP: auth pre-share
cisco_chel.log:May 21 11:29:10 10.11.21.101 15573: 1w6d: ISAKMP: default group 2
cisco_chel.log:May 21 11:29:10 10.11.21.101 15574: 1w6d: ISAKMP (0:1): atts are acceptable. Next payload is 0
cisco_chel.log:May 21 11:29:10 10.11.21.101 15575: 1w6d: CryptoEngine0: generate alg parameter
cisco_chel.log:May 21 11:29:10 10.11.21.101 15576: 1w6d: CRYPTO_ENGINE: Dh phase 1 status: 0
cisco_chel.log:May 21 11:29:11 10.11.21.101 15577: 1w6d: CRYPTO_ENGINE: Dh phase 1 status: 0
cisco_chel.log:May 21 11:29:11 10.11.21.101 15578: 1w6d: ISAKMP (0:1): processing vendor id payload
cisco_chel.log:May 21 11:29:11 10.11.21.101 15579: 1w6d: ISAKMP (0:1): SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
cisco_chel.log:May 21 11:29:11 10.11.21.101 15580: 1w6d: ISAKMP (0:1): sending packet to 195.16.74.78 (R) MM_SA_SETUP
cisco_chel.log:May 21 11:29:11 10.11.21.101 15581: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) MM_SA_SETUP
cisco_chel.log:May 21 11:29:11 10.11.21.101 15582: 1w6d: ISAKMP (0:1): processing KE payload. message ID = 0
cisco_chel.log:May 21 11:29:11 10.11.21.101 15583: 1w6d: CryptoEngine0: generate alg parameter
cisco_chel.log:May 21 11:29:11 10.11.21.101 15584: 1w6d: ISAKMP (0:1): processing NONCE payload. message ID = 0
cisco_chel.log:May 21 11:29:11 10.11.21.101 15585: 1w6d: ISAKMP (0:1): found peer pre-shared key matching 195.16.74.78
cisco_chel.log:May 21 11:29:11 10.11.21.101 15586: 1w6d: CryptoEngine0: create ISAKMP SKEYID for conn id 1
cisco_chel.log:May 21 11:29:11 10.11.21.101 15587: 1w6d: ISAKMP (0:1): SKEYID state generated
cisco_chel.log:May 21 11:29:11 10.11.21.101 15588: 1w6d: ISAKMP (0:1): sending packet to 195.16.74.78 (R) MM_KEY_EXCH
cisco_chel.log:May 21 11:29:11 10.11.21.101 15589: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) MM_KEY_EXCH
cisco_chel.log:May 21 11:29:11 10.11.21.101 15590: 1w6d: ISAKMP (0:1): processing ID payload. message ID = 0
cisco_chel.log:May 21 11:29:11 10.11.21.101 15591: 1w6d: ISAKMP (0:1): processing HASH payload. message ID = 0
cisco_chel.log:May 21 11:29:11 10.11.21.101 15592: 1w6d: CryptoEngine0: generate hmac context for conn id 1
cisco_chel.log:May 21 11:29:11 10.11.21.101 15593: 1w6d: ISAKMP (0:1): SA has been authenticated with 195.16.74.78
cisco_chel.log:May 21 11:29:11 10.11.21.101 15594: 1w6d: ISAKMP (1): ID payload
cisco_chel.log:May 21 11:29:11 10.11.21.101 15595: ^Inext-payload : 8
cisco_chel.log:May 21 11:29:11 10.11.21.101 15596: ^Itype : 1
cisco_chel.log:May 21 11:29:11 10.11.21.101 15597: ^Iprotocol : 17
cisco_chel.log:May 21 11:29:11 10.11.21.101 15598: ^Iport : 500
cisco_chel.log:May 21 11:29:11 10.11.21.101 15599: ^Ilength : 8
cisco_chel.log:May 21 11:29:11 10.11.21.101 15600: 1w6d: ISAKMP (1): Total payload length: 12
cisco_chel.log:May 21 11:29:11 10.11.21.101 15601: 1w6d: CryptoEngine0: generate hmac context for conn id 1
cisco_chel.log:May 21 11:29:11 10.11.21.101 15602: 1w6d: CryptoEngine0: clear dh number for conn id 1
cisco_chel.log:May 21 11:29:11 10.11.21.101 15603: 1w6d: ISAKMP (0:1): sending packet to 195.16.74.78 (R) QM_IDLE
cisco_chel.log:May 21 11:29:11 10.11.21.101 15604: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE
cisco_chel.log:May 21 11:29:11 10.11.21.101 15605: 1w6d: CryptoEngine0: generate hmac context for conn id 1
cisco_chel.log:May 21 11:29:11 10.11.21.101 15606: 1w6d: ISAKMP (0:1): processing HASH payload. message ID = 2088736608
cisco_chel.log:May 21 11:29:11 10.11.21.101 15607: 1w6d: ISAKMP (0:1): processing SA payload. message ID = 2088736608
cisco_chel.log:May 21 11:29:11 10.11.21.101 15608: 1w6d: ISAKMP (0:1): Checking IPSec proposal 0
cisco_chel.log:May 21 11:29:11 10.11.21.101 15609: 1w6d: ISAKMP: transform 0, ESP_3DES
cisco_chel.log:May 21 11:29:11 10.11.21.101 15610: 1w6d: ISAKMP: attributes in transform:
cisco_chel.log:May 21 11:29:11 10.11.21.101 15611: 1w6d: ISAKMP: group is 2
cisco_chel.log:May 21 11:29:11 10.11.21.101 15612: 1w6d: ISAKMP: encaps is 1
cisco_chel.log:May 21 11:29:11 10.11.21.101 15613: 1w6d: ISAKMP: SA life type in seconds
cisco_chel.log:May 21 11:29:11 10.11.21.101 15614: 1w6d: ISAKMP: SA life duration (basic) of 3600
cisco_chel.log:May 21 11:29:11 10.11.21.101 15615: 1w6d: ISAKMP: authenticator is HMAC-MD5
cisco_chel.log:May 21 11:29:11 10.11.21.101 15616: 1w6d: validate proposal 0
cisco_chel.log:May 21 11:29:11 10.11.21.101 15617: 1w6d: IPSEC(validate_proposal): peer address 195.16.74.78 not found
cisco_chel.log:May 21 11:29:11 10.11.21.101 15618: 1w6d: ISAKMP (0:1): atts not acceptable. Next payload is 0
cisco_chel.log:May 21 11:29:11 10.11.21.101 15619: 1w6d: ISAKMP (0:1): phase 2 SA not acceptable!
cisco_chel.log:May 21 11:29:11 10.11.21.101 15620: 1w6d: CryptoEngine0: generate hmac context for conn id 1
cisco_chel.log:May 21 11:29:11 10.11.21.101 15621: 1w6d: ISAKMP (0:1): sending packet to 195.16.74.78 (R) QM_IDLE
cisco_chel.log:May 21 11:29:11 10.11.21.101 15622: 1w6d: ISAKMP (0:1): purging node -1814739293
cisco_chel.log:May 21 11:29:11 10.11.21.101 15623: 1w6d: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Quick mode failed with peer at 195.16.74.78
cisco_chel.log:May 21 11:29:12 10.11.21.101 15624: 1w6d: ISAKMP (0:1): deleting node 2088736608 error FALSE reason "IKMP_NO_ERR_NO_TRANS"
cisco_chel.log:May 21 11:29:16 10.11.21.101 15625: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE
cisco_chel.log:May 21 11:29:16 10.11.21.101 15626: 1w6d: CryptoEngine0: generate hmac context for conn id 1
cisco_chel.log:May 21 11:29:16 10.11.21.101 15627: 1w6d: ISAKMP (0:1): processing HASH payload. message ID = 2103146783
cisco_chel.log:May 21 11:29:16 10.11.21.101 15628: 1w6d: ISAKMP (0:1): processing SA payload. message ID = 2103146783
cisco_chel.log:May 21 11:29:16 10.11.21.101 15629: 1w6d: ISAKMP (0:1): Checking IPSec proposal 0
cisco_chel.log:May 21 11:29:16 10.11.21.101 15630: 1w6d: ISAKMP: transform 0, ESP_3DES
cisco_chel.log:May 21 11:29:16 10.11.21.101 15631: 1w6d: ISAKMP: attributes in transform:
cisco_chel.log:May 21 11:29:16 10.11.21.101 15632: 1w6d: ISAKMP: group is 2
cisco_chel.log:May 21 11:29:16 10.11.21.101 15633: 1w6d: ISAKMP: encaps is 1
cisco_chel.log:May 21 11:29:16 10.11.21.101 15634: 1w6d: ISAKMP: SA life type in seconds
cisco_chel.log:May 21 11:29:16 10.11.21.101 15635: 1w6d: ISAKMP: SA life duration (basic) of 3600
cisco_chel.log:May 21 11:29:16 10.11.21.101 15636: 1w6d: ISAKMP: authenticator is HMAC-MD5
cisco_chel.log:May 21 11:29:16 10.11.21.101 15637: 1w6d: validate proposal 0
cisco_chel.log:May 21 11:29:16 10.11.21.101 15638: 1w6d: IPSEC(validate_proposal): peer address 195.16.74.78 not found
cisco_chel.log:May 21 11:29:17 10.11.21.101 15639: 1w6d: ISAKMP (0:1): atts not acceptable. Next payload is 0
cisco_chel.log:May 21 11:29:17 10.11.21.101 15640: 1w6d: ISAKMP (0:1): phase 2 SA not acceptable!
cisco_chel.log:May 21 11:29:17 10.11.21.101 15641: 1w6d: CryptoEngine0: generate hmac context for conn id 1
cisco_chel.log:May 21 11:29:17 10.11.21.101 15642: 1w6d: ISAKMP (0:1): sending packet to 195.16.74.78 (R) QM_IDLE
cisco_chel.log:May 21 11:29:17 10.11.21.101 15643: 1w6d: ISAKMP (0:1): purging node 1999973284
cisco_chel.log:May 21 11:29:17 10.11.21.101 15644: 1w6d: ISAKMP (0:1): deleting node 2103146783 error FALSE reason "IKMP_NO_ERR_NO_TRANS"
cisco_chel.log:May 21 11:29:22 10.11.21.101 15645: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE
cisco_chel.log:May 21 11:29:22 10.11.21.101 15646: 1w6d: ISAKMP (0:1): phase 2 packet is a duplicate of a previous packet.
cisco_chel.log:May 21 11:29:22 10.11.21.101 15647: 1w6d: ISAKMP (0:1): retransmitting due to retransmit phase 2
cisco_chel.log:May 21 11:29:22 10.11.21.101 15648: 1w6d: ISAKMP (0:1): ignoring retransmission,because phase2 node marked dead 2088736608
cisco_chel.log:May 21 11:29:27 10.11.21.101 15649: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE
cisco_chel.log:May 21 11:29:27 10.11.21.101 15650: 1w6d: ISAKMP (0:1): phase 2 packet is a duplicate of a previous packet.
cisco_chel.log:May 21 11:29:27 10.11.21.101 15651: 1w6d: ISAKMP (0:1): retransmitting due to retransmit phase 2
cisco_chel.log:May 21 11:29:27 10.11.21.101 15652: 1w6d: ISAKMP (0:1): ignoring retransmission,because phase2 node marked dead 2103146783
cisco_chel.log:May 21 11:29:42 10.11.21.101 15653: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE
cisco_chel.log:May 21 11:29:42 10.11.21.101 15654: 1w6d: ISAKMP (0:1): phase 2 packet is a duplicate of a previous packet.
cisco_chel.log:May 21 11:29:42 10.11.21.101 15655: 1w6d: ISAKMP (0:1): retransmitting due to retransmit phase 2
cisco_chel.log:May 21 11:29:42 10.11.21.101 15656: 1w6d: ISAKMP (0:1): ignoring retransmission,because phase2 node marked dead 2088736608
cisco_chel.log:May 21 11:29:47 10.11.21.101 15657: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE
cisco_chel.log:May 21 11:29:47 10.11.21.101 15658: 1w6d: ISAKMP (0:1): phase 2 packet is a duplicate of a previous packet.
cisco_chel.log:May 21 11:29:47 10.11.21.101 15659: 1w6d: ISAKMP (0:1): retransmitting due to retransmit phase 2
cisco_chel.log:May 21 11:29:47 10.11.21.101 15660: 1w6d: ISAKMP (0:1): ignoring retransmission,because phase2 node marked dead 2103146783
cisco_chel.log:May 21 11:30:02 10.11.21.101 15661: 1w6d: ISAKMP (0:1): purging node 2088736608
cisco_chel.log:May 21 11:30:07 10.11.21.101 15662: 1w6d: ISAKMP (0:1): purging node 2103146783
cisco_chel.log:May 21 11:30:21 10.11.21.101 15663: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE
cisco_chel.log:May 21 11:30:21 10.11.21.101 15664: 1w6d: CryptoEngine0: generate hmac context for conn id 1
cisco_chel.log:May 21 11:30:21 10.11.21.101 15665: 1w6d: ISAKMP (0:1): processing HASH payload. message ID = -524495451
cisco_chel.log:May 21 11:30:21 10.11.21.101 15666: 1w6d: ISAKMP (0:1): processing SA payload. message ID = -524495451
cisco_chel.log:May 21 11:30:21 10.11.21.101 15667: 1w6d: ISAKMP (0:1): Checking IPSec proposal 0
cisco_chel.log:May 21 11:30:21 10.11.21.101 15668: 1w6d: ISAKMP: transform 0, ESP_3DES
cisco_chel.log:May 21 11:30:21 10.11.21.101 15669: 1w6d: ISAKMP: attributes in transform:
cisco_chel.log:May 21 11:30:21 10.11.21.101 15670: 1w6d: ISAKMP: group is 2
cisco_chel.log:May 21 11:30:21 10.11.21.101 15671: 1w6d: ISAKMP: encaps is 1
cisco_chel.log:May 21 11:30:21 10.11.21.101 15672: 1w6d: ISAKMP: SA life type in seconds
cisco_chel.log:May 21 11:30:21 10.11.21.101 15673: 1w6d: ISAKMP: SA life duration (basic) of 3600
cisco_chel.log:May 21 11:30:21 10.11.21.101 15674: 1w6d: ISAKMP: authenticator is HMAC-MD5
cisco_chel.log:May 21 11:30:21 10.11.21.101 15675: 1w6d: validate proposal 0
cisco_chel.log:May 21 11:30:21 10.11.21.101 15676: 1w6d: IPSEC(validate_proposal): peer address 195.16.74.78 not found
cisco_chel.log:May 21 11:30:21 10.11.21.101 15677: 1w6d: ISAKMP (0:1): atts not acceptable. Next payload is 0
cisco_chel.log:May 21 11:30:21 10.11.21.101 15678: 1w6d: ISAKMP (0:1): phase 2 SA not acceptable!
cisco_chel.log:May 21 11:30:21 10.11.21.101 15679: 1w6d: CryptoEngine0: generate hmac context for conn id 1
cisco_chel.log:May 21 11:30:21 10.11.21.101 15680: 1w6d: ISAKMP (0:1): sending packet to 195.16.74.78 (R) QM_IDLE
cisco_chel.log:May 21 11:30:21 10.11.21.101 15681: 1w6d: ISAKMP (0:1): purging node -647989893
cisco_chel.log:May 21 11:30:21 10.11.21.101 15682: 1w6d: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Quick mode failed with peer at 195.16.74.78
cisco_chel.log:May 21 11:30:22 10.11.21.101 15683: 1w6d: ISAKMP (0:1): deleting node -524495451 error FALSE reason "IKMP_NO_ERR_NO_TRANS"
cisco_chel.log:May 21 11:30:26 10.11.21.101 15684: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE
cisco_chel.log:May 21 11:30:26 10.11.21.101 15685: 1w6d: CryptoEngine0: generate hmac context for conn id 1
cisco_chel.log:May 21 11:30:26 10.11.21.101 15686: 1w6d: ISAKMP (0:1): processing HASH payload. message ID = 2069965690
cisco_chel.log:May 21 11:30:26 10.11.21.101 15687: 1w6d: ISAKMP (0:1): processing SA payload. message ID = 2069965690
cisco_chel.log:May 21 11:30:26 10.11.21.101 15688: 1w6d: ISAKMP (0:1): Checking IPSec proposal 0
cisco_chel.log:May 21 11:30:26 10.11.21.101 15689: 1w6d: ISAKMP: transform 0, ESP_3DES
cisco_chel.log:May 21 11:30:26 10.11.21.101 15690: 1w6d: ISAKMP: attributes in transform:
cisco_chel.log:May 21 11:30:26 10.11.21.101 15691: 1w6d: ISAKMP: group is 2
cisco_chel.log:May 21 11:30:26 10.11.21.101 15692: 1w6d: ISAKMP: encaps is 1
cisco_chel.log:May 21 11:30:26 10.11.21.101 15693: 1w6d: ISAKMP: SA life type in seconds
cisco_chel.log:May 21 11:30:26 10.11.21.101 15694: 1w6d: ISAKMP: SA life duration (basic) of 3600
cisco_chel.log:May 21 11:30:26 10.11.21.101 15695: 1w6d: ISAKMP: authenticator is HMAC-MD5
cisco_chel.log:May 21 11:30:26 10.11.21.101 15696: 1w6d: validate proposal 0
cisco_chel.log:May 21 11:30:26 10.11.21.101 15697: 1w6d: IPSEC(validate_proposal): peer address 195.16.74.78 not found
cisco_chel.log:May 21 11:30:27 10.11.21.101 15698: 1w6d: ISAKMP (0:1): atts not acceptable. Next payload is 0
cisco_chel.log:May 21 11:30:27 10.11.21.101 15699: 1w6d: ISAKMP (0:1): phase 2 SA not acceptable!
cisco_chel.log:May 21 11:30:27 10.11.21.101 15700: 1w6d: CryptoEngine0: generate hmac context for conn id 1
cisco_chel.log:May 21 11:30:27 10.11.21.101 15701: 1w6d: ISAKMP (0:1): sending packet to 195.16.74.78 (R) QM_IDLE
cisco_chel.log:May 21 11:30:27 10.11.21.101 15702: 1w6d: ISAKMP (0:1): purging node 1954696385
cisco_chel.log:May 21 11:30:27 10.11.21.101 15703: 1w6d: ISAKMP (0:1): deleting node 2069965690 error FALSE reason "IKMP_NO_ERR_NO_TRANS"
cisco_chel.log:May 21 11:30:32 10.11.21.101 15704: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE
cisco_chel.log:May 21 11:30:32 10.11.21.101 15705: 1w6d: ISAKMP (0:1): phase 2 packet is a duplicate of a previous packet.
cisco_chel.log:May 21 11:30:32 10.11.21.101 15706: 1w6d: ISAKMP (0:1): retransmitting due to retransmit phase 2
cisco_chel.log:May 21 11:30:32 10.11.21.101 15707: 1w6d: ISAKMP (0:1): ignoring retransmission,because phase2 node marked dead -524495451
cisco_chel.log:May 21 11:30:37 10.11.21.101 15708: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE
cisco_chel.log:May 21 11:30:37 10.11.21.101 15709: 1w6d: ISAKMP (0:1): phase 2 packet is a duplicate of a previous packet.
cisco_chel.log:May 21 11:30:37 10.11.21.101 15710: 1w6d: ISAKMP (0:1): retransmitting due to retransmit phase 2
cisco_chel.log:May 21 11:30:37 10.11.21.101 15711: 1w6d: ISAKMP (0:1): ignoring retransmission,because phase2 node marked dead 2069965690
cisco_chel.log:May 21 11:30:52 10.11.21.101 15712: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE
cisco_chel.log:May 21 11:30:52 10.11.21.101 15713: 1w6d: ISAKMP (0:1): phase 2 packet is a duplicate of a previous packet.
cisco_chel.log:May 21 11:30:52 10.11.21.101 15714: 1w6d: ISAKMP (0:1): retransmitting due to retransmit phase 2
cisco_chel.log:May 21 11:30:52 10.11.21.101 15715: 1w6d: ISAKMP (0:1): ignoring retransmission,because phase2 node marked dead -524495451
cisco_chel.log:May 21 11:30:57 10.11.21.101 15716: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE
cisco_chel.log:May 21 11:30:57 10.11.21.101 15717: 1w6d: ISAKMP (0:1): phase 2 packet is a duplicate of a previous packet.
cisco_chel.log:May 21 11:30:57 10.11.21.101 15718: 1w6d: ISAKMP (0:1): retransmitting due to retransmit phase 2
cisco_chel.log:May 21 11:30:57 10.11.21.101 15719: 1w6d: ISAKMP (0:1): ignoring retransmission,because phase2 node marked dead 2069965690
cisco_chel.log:May 21 11:31:12 10.11.21.101 15720: 1w6d: ISAKMP (0:1): purging node -524495451
cisco_chel.log:May 21 11:31:17 10.11.21.101 15721: 1w6d: ISAKMP (0:1): purging node 2069965690
cisco_chel.log:May 21 11:31:31 10.11.21.101 15722: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE
cisco_chel.log:May 21 11:31:31 10.11.21.101 15723: 1w6d: CryptoEngine0: generate hmac context for conn id 1
cisco_chel.log:May 21 11:31:31 10.11.21.101 15724: 1w6d: ISAKMP (0:1): processing HASH payload. message ID = -15251869
cisco_chel.log:May 21 11:31:31 10.11.21.101 15725: 1w6d: ISAKMP (0:1): processing SA payload. message ID = -15251869
cisco_chel.log:May 21 11:31:31 10.11.21.101 15726: 1w6d: ISAKMP (0:1): Checking IPSec proposal 0
cisco_chel.log:May 21 11:31:31 10.11.21.101 15727: 1w6d: ISAKMP: transform 0, ESP_3DES
cisco_chel.log:May 21 11:31:31 10.11.21.101 15728: 1w6d: ISAKMP: attributes in transform:
cisco_chel.log:May 21 11:31:31 10.11.21.101 15729: 1w6d: ISAKMP: group is 2
cisco_chel.log:May 21 11:31:31 10.11.21.101 15730: 1w6d: ISAKMP: encaps is 1
cisco_chel.log:May 21 11:31:31 10.11.21.101 15731: 1w6d: ISAKMP: SA life type in seconds
cisco_chel.log:May 21 11:31:31 10.11.21.101 15732: 1w6d: ISAKMP: SA life duration (basic) of 3600
cisco_chel.log:May 21 11:31:31 10.11.21.101 15733: 1w6d: ISAKMP: authenticator is HMAC-MD5
cisco_chel.log:May 21 11:31:31 10.11.21.101 15734: 1w6d: validate proposal 0
cisco_chel.log:May 21 11:31:31 10.11.21.101 15735: 1w6d: IPSEC(validate_proposal): peer address 195.16.74.78 not found
cisco_chel.log:May 21 11:31:31 10.11.21.101 15736: 1w6d: ISAKMP (0:1): atts not acceptable. Next payload is 0
cisco_chel.log:May 21 11:31:31 10.11.21.101 15737: 1w6d: ISAKMP (0:1): phase 2 SA not acceptable!
cisco_chel.log:May 21 11:31:31 10.11.21.101 15738: 1w6d: CryptoEngine0: generate hmac context for conn id 1
cisco_chel.log:May 21 11:31:31 10.11.21.101 15739: 1w6d: ISAKMP (0:1): sending packet to 195.16.74.78 (R) QM_IDLE
cisco_chel.log:May 21 11:31:31 10.11.21.101 15740: 1w6d: ISAKMP (0:1): purging node 1987779631
cisco_chel.log:May 21 11:31:31 10.11.21.101 15741: 1w6d: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Quick mode failed with peer at 195.16.74.78
cisco_chel.log:May 21 11:31:32 10.11.21.101 15742: 1w6d: ISAKMP (0:1): deleting node -15251869 error FALSE reason "IKMP_NO_ERR_NO_TRANS"
cisco_chel.log:May 21 11:31:37 10.11.21.101 15743: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE
cisco_chel.log:May 21 11:31:37 10.11.21.101 15744: 1w6d: CryptoEngine0: generate hmac context for conn id 1
cisco_chel.log:May 21 11:31:37 10.11.21.101 15745: 1w6d: ISAKMP (0:1): processing HASH payload. message ID = 1615010728
cisco_chel.log:May 21 11:31:37 10.11.21.101 15746: 1w6d: ISAKMP (0:1): processing SA payload. message ID = 1615010728
cisco_chel.log:May 21 11:31:37 10.11.21.101 15747: 1w6d: ISAKMP (0:1): Checking IPSec proposal 0
cisco_chel.log:May 21 11:31:37 10.11.21.101 15748: 1w6d: ISAKMP: transform 0, ESP_3DES
cisco_chel.log:May 21 11:31:37 10.11.21.101 15749: 1w6d: ISAKMP: attributes in transform:
cisco_chel.log:May 21 11:31:37 10.11.21.101 15750: 1w6d: ISAKMP: group is 2
cisco_chel.log:May 21 11:31:37 10.11.21.101 15751: 1w6d: ISAKMP: encaps is 1
cisco_chel.log:May 21 11:31:37 10.11.21.101 15752: 1w6d: ISAKMP: SA life type in seconds
cisco_chel.log:May 21 11:31:37 10.11.21.101 15753: 1w6d: ISAKMP: SA life duration (basic) of 3600
cisco_chel.log:May 21 11:31:37 10.11.21.101 15754: 1w6d: ISAKMP: authenticator is HMAC-MD5
cisco_chel.log:May 21 11:31:37 10.11.21.101 15755: 1w6d: validate proposal 0
cisco_chel.log:May 21 11:31:37 10.11.21.101 15756: 1w6d: IPSEC(validate_proposal): peer address 195.16.74.78 not found
cisco_chel.log:May 21 11:31:38 10.11.21.101 15757: 1w6d: ISAKMP (0:1): atts not acceptable. Next payload is 0
cisco_chel.log:May 21 11:31:38 10.11.21.101 15758: 1w6d: ISAKMP (0:1): phase 2 SA not acceptable!
cisco_chel.log:May 21 11:31:38 10.11.21.101 15759: 1w6d: CryptoEngine0: generate hmac context for conn id 1
cisco_chel.log:May 21 11:31:38 10.11.21.101 15760: 1w6d: ISAKMP (0:1): sending packet to 195.16.74.78 (R) QM_IDLE
cisco_chel.log:May 21 11:31:38 10.11.21.101 15761: 1w6d: ISAKMP (0:1): purging node -1749007449
cisco_chel.log:May 21 11:31:38 10.11.21.101 15762: 1w6d: ISAKMP (0:1): deleting node 1615010728 error FALSE reason "IKMP_NO_ERR_NO_TRANS"
cisco_chel.log:May 21 11:31:42 10.11.21.101 15763: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE
cisco_chel.log:May 21 11:31:42 10.11.21.101 15764: 1w6d: ISAKMP (0:1): phase 2 packet is a duplicate of a previous packet.
cisco_chel.log:May 21 11:31:42 10.11.21.101 15765: 1w6d: ISAKMP (0:1): retransmitting due to retransmit phase 2
cisco_chel.log:May 21 11:31:42 10.11.21.101 15766: 1w6d: ISAKMP (0:1): ignoring retransmission,because phase2 node marked dead -15251869
cisco_chel.log:May 21 11:31:48 10.11.21.101 15767: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE
cisco_chel.log:May 21 11:31:48 10.11.21.101 15768: 1w6d: ISAKMP (0:1): phase 2 packet is a duplicate of a previous packet.
cisco_chel.log:May 21 11:31:48 10.11.21.101 15769: 1w6d: ISAKMP (0:1): retransmitting due to retransmit phase 2
cisco_chel.log:May 21 11:31:48 10.11.21.101 15770: 1w6d: ISAKMP (0:1): ignoring retransmission,because phase2 node marked dead 1615010728
cisco_chel.log:May 21 11:32:02 10.11.21.101 15771: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE
cisco_chel.log:May 21 11:32:02 10.11.21.101 15772: 1w6d: ISAKMP (0:1): phase 2 packet is a duplicate of a previous packet.
cisco_chel.log:May 21 11:32:02 10.11.21.101 15773: 1w6d: ISAKMP (0:1): retransmitting due to retransmit phase 2
cisco_chel.log:May 21 11:32:02 10.11.21.101 15774: 1w6d: ISAKMP (0:1): ignoring retransmission,because phase2 node marked dead -15251869
cisco_chel.log:May 21 11:32:08 10.11.21.101 15775: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE
cisco_chel.log:May 21 11:32:08 10.11.21.101 15776: 1w6d: ISAKMP (0:1): phase 2 packet is a duplicate of a previous packet.
cisco_chel.log:May 21 11:32:08 10.11.21.101 15777: 1w6d: ISAKMP (0:1): retransmitting due to retransmit phase 2
cisco_chel.log:May 21 11:32:08 10.11.21.101 15778: 1w6d: ISAKMP (0:1): ignoring retransmission,because phase2 node marked dead 1615010728
cisco_chel.log:May 21 11:32:22 10.11.21.101 15779: 1w6d: ISAKMP (0:1): purging node -15251869
cisco_chel.log:May 21 11:32:28 10.11.21.101 15780: 1w6d: ISAKMP (0:1): purging node 1615010728
cisco_chel.log:May 21 11:32:41 10.11.21.101 15781: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE
cisco_chel.log:May 21 11:32:41 10.11.21.101 15782: 1w6d: CryptoEngine0: generate hmac context for conn id 1
cisco_chel.log:May 21 11:32:41 10.11.21.101 15783: 1w6d: ISAKMP (0:1): processing HASH payload. message ID = 2118667139
cisco_chel.log:May 21 11:32:41 10.11.21.101 15784: 1w6d: ISAKMP (0:1): processing SA payload. message ID = 2118667139
cisco_chel.log:May 21 11:32:41 10.11.21.101 15785: 1w6d: ISAKMP (0:1): Checking IPSec proposal 0
cisco_chel.log:May 21 11:32:41 10.11.21.101 15786: 1w6d: ISAKMP: transform 0, ESP_3DES
cisco_chel.log:May 21 11:32:41 10.11.21.101 15787: 1w6d: ISAKMP: attributes in transform:
cisco_chel.log:May 21 11:32:41 10.11.21.101 15788: 1w6d: ISAKMP: group is 2
cisco_chel.log:May 21 11:32:41 10.11.21.101 15789: 1w6d: ISAKMP: encaps is 1
cisco_chel.log:May 21 11:32:41 10.11.21.101 15790: 1w6d: ISAKMP: SA life type in seconds
cisco_chel.log:May 21 11:32:41 10.11.21.101 15791: 1w6d: ISAKMP: SA life duration (basic) of 3600
cisco_chel.log:May 21 11:32:41 10.11.21.101 15792: 1w6d: ISAKMP: authenticator is HMAC-MD5
cisco_chel.log:May 21 11:32:41 10.11.21.101 15793: 1w6d: validate proposal 0
cisco_chel.log:May 21 11:32:41 10.11.21.101 15794: 1w6d: IPSEC(validate_proposal): peer address 195.16.74.78 not found
cisco_chel.log:May 21 11:32:41 10.11.21.101 15795: 1w6d: ISAKMP (0:1): atts not acceptable. Next payload is 0
cisco_chel.log:May 21 11:32:41 10.11.21.101 15796: 1w6d: ISAKMP (0:1): phase 2 SA not acceptable!
cisco_chel.log:May 21 11:32:41 10.11.21.101 15797: 1w6d: CryptoEngine0: generate hmac context for conn id 1
cisco_chel.log:May 21 11:32:41 10.11.21.101 15798: 1w6d: ISAKMP (0:1): sending packet to 195.16.74.78 (R) QM_IDLE
cisco_chel.log:May 21 11:32:41 10.11.21.101 15799: 1w6d: ISAKMP (0:1): purging node -1825652820
cisco_chel.log:May 21 11:32:41 10.11.21.101 15800: 1w6d: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Quick mode failed with peer at 195.16.74.78
cisco_chel.log:May 21 11:32:42 10.11.21.101 15801: 1w6d: ISAKMP (0:1): deleting node 2118667139 error FALSE reason "IKMP_NO_ERR_NO_TRANS"
cisco_chel.log:May 21 11:32:48 10.11.21.101 15802: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE
cisco_chel.log:May 21 11:32:48 10.11.21.101 15803: 1w6d: CryptoEngine0: generate hmac context for conn id 1
cisco_chel.log:May 21 11:32:48 10.11.21.101 15804: 1w6d: ISAKMP (0:1): processing HASH payload. message ID = -2121723884
cisco_chel.log:May 21 11:32:48 10.11.21.101 15805: 1w6d: ISAKMP (0:1): processing SA payload. message ID = -2121723884
cisco_chel.log:May 21 11:32:48 10.11.21.101 15806: 1w6d: ISAKMP (0:1): Checking IPSec proposal 0
cisco_chel.log:May 21 11:32:48 10.11.21.101 15807: 1w6d: ISAKMP: transform 0, ESP_3DES
cisco_chel.log:May 21 11:32:48 10.11.21.101 15808: 1w6d: ISAKMP: attributes in transform:
cisco_chel.log:May 21 11:32:48 10.11.21.101 15809: 1w6d: ISAKMP: group is 2
cisco_chel.log:May 21 11:32:48 10.11.21.101 15810: 1w6d: ISAKMP: encaps is 1
cisco_chel.log:May 21 11:32:48 10.11.21.101 15811: 1w6d: ISAKMP: SA life type in seconds
cisco_chel.log:May 21 11:32:48 10.11.21.101 15812: 1w6d: ISAKMP: SA life duration (basic) of 3600
cisco_chel.log:May 21 11:32:48 10.11.21.101 15813: 1w6d: ISAKMP: authenticator is HMAC-MD5
cisco_chel.log:May 21 11:32:48 10.11.21.101 15814: 1w6d: validate proposal 0
cisco_chel.log:May 21 11:32:49 10.11.21.101 15815: 1w6d: IPSEC(validate_proposal): peer address 195.16.74.78 not found
cisco_chel.log:May 21 11:32:49 10.11.21.101 15816: 1w6d: ISAKMP (0:1): atts not acceptable. Next payload is 0
cisco_chel.log:May 21 11:32:49 10.11.21.101 15817: 1w6d: ISAKMP (0:1): phase 2 SA not acceptable!
cisco_chel.log:May 21 11:32:49 10.11.21.101 15818: 1w6d: CryptoEngine0: generate hmac context for conn id 1
cisco_chel.log:May 21 11:32:49 10.11.21.101 15819: 1w6d: ISAKMP (0:1): sending packet to 195.16.74.78 (R) QM_IDLE
cisco_chel.log:May 21 11:32:49 10.11.21.101 15820: 1w6d: ISAKMP (0:1): purging node 103716619
cisco_chel.log:May 21 11:32:49 10.11.21.101 15821: 1w6d: ISAKMP (0:1): deleting node -2121723884 error FALSE reason "IKMP_NO_ERR_NO_TRANS"
cisco_chel.log:May 21 11:32:52 10.11.21.101 15822: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE
cisco_chel.log:May 21 11:32:52 10.11.21.101 15823: 1w6d: ISAKMP (0:1): phase 2 packet is a duplicate of a previous packet.
cisco_chel.log:May 21 11:32:52 10.11.21.101 15824: 1w6d: ISAKMP (0:1): retransmitting due to retransmit phase 2
cisco_chel.log:May 21 11:32:52 10.11.21.101 15825: 1w6d: ISAKMP (0:1): ignoring retransmission,because phase2 node marked dead 2118667139
cisco_chel.log:May 21 11:32:58 10.11.21.101 15826: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE
cisco_chel.log:May 21 11:32:58 10.11.21.101 15827: 1w6d: ISAKMP (0:1): phase 2 packet is a duplicate of a previous packet.
cisco_chel.log:May 21 11:32:58 10.11.21.101 15828: 1w6d: ISAKMP (0:1): retransmitting due to retransmit phase 2
cisco_chel.log:May 21 11:32:58 10.11.21.101 15829: 1w6d: ISAKMP (0:1): ignoring retransmission,because phase2 node marked dead -2121723884
cisco_chel.log:May 21 11:33:12 10.11.21.101 15830: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE
cisco_chel.log:May 21 11:33:12 10.11.21.101 15831: 1w6d: ISAKMP (0:1): phase 2 packet is a duplicate of a previous packet.
cisco_chel.log:May 21 11:33:12 10.11.21.101 15832: 1w6d: ISAKMP (0:1): retransmitting due to retransmit phase 2
cisco_chel.log:May 21 11:33:12 10.11.21.101 15833: 1w6d: ISAKMP (0:1): ignoring retransmission,because phase2 node marked dead 2118667139
cisco_chel.log:May 21 11:33:18 10.11.21.101 15834: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE
cisco_chel.log:May 21 11:33:18 10.11.21.101 15835: 1w6d: ISAKMP (0:1): phase 2 packet is a duplicate of a previous packet.
cisco_chel.log:May 21 11:33:18 10.11.21.101 15836: 1w6d: ISAKMP (0:1): retransmitting due to retransmit phase 2
cisco_chel.log:May 21 11:33:18 10.11.21.101 15837: 1w6d: ISAKMP (0:1): ignoring retransmission,because phase2 node marked dead -2121723884
cisco_chel.log:May 21 11:33:32 10.11.21.101 15838: 1w6d: ISAKMP (0:1): purging node 2118667139
cisco_chel.log:May 21 11:33:39 10.11.21.101 15839: 1w6d: ISAKMP (0:1): purging node -2121723884
cisco_chel.log:May 21 11:33:51 10.11.21.101 15840: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE
cisco_chel.log:May 21 11:33:51 10.11.21.101 15841: 1w6d: CryptoEngine0: generate hmac context for conn id 1
cisco_chel.log:May 21 11:33:51 10.11.21.101 15842: 1w6d: ISAKMP (0:1): processing HASH payload. message ID = 1024054824
cisco_chel.log:May 21 11:33:51 10.11.21.101 15843: 1w6d: ISAKMP (0:1): processing SA payload. message ID = 1024054824
cisco_chel.log:May 21 11:33:51 10.11.21.101 15844: 1w6d: ISAKMP (0:1): Checking IPSec proposal 0
cisco_chel.log:May 21 11:33:51 10.11.21.101 15845: 1w6d: ISAKMP: transform 0, ESP_3DES
cisco_chel.log:May 21 11:33:51 10.11.21.101 15846: 1w6d: ISAKMP: attributes in transform:
cisco_chel.log:May 21 11:33:51 10.11.21.101 15847: 1w6d: ISAKMP: group is 2
cisco_chel.log:May 21 11:33:51 10.11.21.101 15848: 1w6d: ISAKMP: encaps is 1
cisco_chel.log:May 21 11:33:51 10.11.21.101 15849: 1w6d: ISAKMP: SA life type in seconds
cisco_chel.log:May 21 11:33:51 10.11.21.101 15850: 1w6d: ISAKMP: SA life duration (basic) of 3600
cisco_chel.log:May 21 11:33:51 10.11.21.101 15851: 1w6d: ISAKMP: authenticator is HMAC-MD5
cisco_chel.log:May 21 11:33:51 10.11.21.101 15852: 1w6d: validate proposal 0
cisco_chel.log:May 21 11:33:51 10.11.21.101 15853: 1w6d: IPSEC(validate_proposal): peer address 195.16.74.78 not found
cisco_chel.log:May 21 11:33:51 10.11.21.101 15854: 1w6d: ISAKMP (0:1): atts not acceptable. Next payload is 0
cisco_chel.log:May 21 11:33:51 10.11.21.101 15855: 1w6d: ISAKMP (0:1): phase 2 SA not acceptable!
cisco_chel.log:May 21 11:33:51 10.11.21.101 15856: 1w6d: CryptoEngine0: generate hmac context for conn id 1
cisco_chel.log:May 21 11:33:51 10.11.21.101 15857: 1w6d: ISAKMP (0:1): sending packet to 195.16.74.78 (R) QM_IDLE
cisco_chel.log:May 21 11:33:51 10.11.21.101 15858: 1w6d: ISAKMP (0:1): purging node -1944990558
cisco_chel.log:May 21 11:33:51 10.11.21.101 15859: 1w6d: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Quick mode failed with peer at 195.16.74.78
cisco_chel.log:May 21 11:33:52 10.11.21.101 15860: 1w6d: ISAKMP (0:1): deleting node 1024054824 error FALSE reason "IKMP_NO_ERR_NO_TRANS"
cisco_chel.log:May 21 11:33:57 10.11.21.101 15861: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE
cisco_chel.log:May 21 11:33:57 10.11.21.101 15862: 1w6d: CryptoEngine0: generate hmac context for conn id 1
cisco_chel.log:May 21 11:33:57 10.11.21.101 15863: 1w6d: ISAKMP (0:1): processing HASH payload. message ID = -420755965
cisco_chel.log:May 21 11:33:57 10.11.21.101 15864: 1w6d: ISAKMP (0:1): processing SA payload. message ID = -420755965
cisco_chel.log:May 21 11:33:57 10.11.21.101 15865: 1w6d: ISAKMP (0:1): Checking IPSec proposal 0
cisco_chel.log:May 21 11:33:57 10.11.21.101 15866: 1w6d: ISAKMP: transform 0, ESP_3DES
cisco_chel.log:May 21 11:33:57 10.11.21.101 15867: 1w6d: ISAKMP: attributes in transform:
cisco_chel.log:May 21 11:33:57 10.11.21.101 15868: 1w6d: ISAKMP: group is 2
cisco_chel.log:May 21 11:33:57 10.11.21.101 15869: 1w6d: ISAKMP: encaps is 1
cisco_chel.log:May 21 11:33:57 10.11.21.101 15870: 1w6d: ISAKMP: SA life type in seconds
cisco_chel.log:May 21 11:33:57 10.11.21.101 15871: 1w6d: ISAKMP: SA life duration (basic) of 3600
cisco_chel.log:May 21 11:33:57 10.11.21.101 15872: 1w6d: ISAKMP: authenticator is HMAC-MD5
cisco_chel.log:May 21 11:33:57 10.11.21.101 15873: 1w6d: validate proposal 0
cisco_chel.log:May 21 11:33:57 10.11.21.101 15874: 1w6d: IPSEC(validate_proposal): peer address 195.16.74.78 not found
cisco_chel.log:May 21 11:33:58 10.11.21.101 15875: 1w6d: ISAKMP (0:1): atts not acceptable. Next payload is 0
cisco_chel.log:May 21 11:33:58 10.11.21.101 15876: 1w6d: ISAKMP (0:1): phase 2 SA not acceptable!
cisco_chel.log:May 21 11:33:58 10.11.21.101 15877: 1w6d: CryptoEngine0: generate hmac context for conn id 1
cisco_chel.log:May 21 11:33:58 10.11.21.101 15878: 1w6d: ISAKMP (0:1): sending packet to 195.16.74.78 (R) QM_IDLE
cisco_chel.log:May 21 11:33:58 10.11.21.101 15879: 1w6d: ISAKMP (0:1): purging node -2060552285
cisco_chel.log:May 21 11:33:58 10.11.21.101 15880: 1w6d: ISAKMP (0:1): deleting node -420755965 error FALSE reason "IKMP_NO_ERR_NO_TRANS"
cisco_chel.log:May 21 11:34:02 10.11.21.101 15881: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE
cisco_chel.log:May 21 11:34:02 10.11.21.101 15882: 1w6d: ISAKMP (0:1): phase 2 packet is a duplicate of a previous packet.
cisco_chel.log:May 21 11:34:02 10.11.21.101 15883: 1w6d: ISAKMP (0:1): retransmitting due to retransmit phase 2
cisco_chel.log:May 21 11:34:02 10.11.21.101 15884: 1w6d: ISAKMP (0:1): ignoring retransmission,because phase2 node marked dead 1024054824
cisco_chel.log:May 21 11:34:09 10.11.21.101 15885: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE
cisco_chel.log:May 21 11:34:09 10.11.21.101 15886: 1w6d: ISAKMP (0:1): phase 2 packet is a duplicate of a previous packet.
cisco_chel.log:May 21 11:34:09 10.11.21.101 15887: 1w6d: ISAKMP (0:1): retransmitting due to retransmit phase 2
cisco_chel.log:May 21 11:34:09 10.11.21.101 15888: 1w6d: ISAKMP (0:1): ignoring retransmission,because phase2 node marked dead -420755965
cisco_chel.log:May 21 11:34:22 10.11.21.101 15889: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE
cisco_chel.log:May 21 11:34:22 10.11.21.101 15890: 1w6d: ISAKMP (0:1): phase 2 packet is a duplicate of a previous packet.
cisco_chel.log:May 21 11:34:22 10.11.21.101 15891: 1w6d: ISAKMP (0:1): retransmitting due to retransmit phase 2
cisco_chel.log:May 21 11:34:22 10.11.21.101 15892: 1w6d: ISAKMP (0:1): ignoring retransmission,because phase2 node marked dead 1024054824
cisco_chel.log:May 21 11:34:28 10.11.21.101 15893: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE
cisco_chel.log:May 21 11:34:28 10.11.21.101 15894: 1w6d: ISAKMP (0:1): phase 2 packet is a duplicate of a previous packet.
cisco_chel.log:May 21 11:34:28 10.11.21.101 15895: 1w6d: ISAKMP (0:1): retransmitting due to retransmit phase 2
cisco_chel.log:May 21 11:34:28 10.11.21.101 15896: 1w6d: ISAKMP (0:1): ignoring retransmission,because phase2 node marked dead -420755965
cisco_chel.log:May 21 11:34:42 10.11.21.101 15897: 1w6d: ISAKMP (0:1): purging node 1024054824
cisco_chel.log:May 21 11:34:48 10.11.21.101 15898: 1w6d: ISAKMP (0:1): purging node -420755965
cisco_chel.log:May 21 11:35:01 10.11.21.101 15899: 1w6d: ISAKMP (0:1): received packet from 195.16.74.78 (R) QM_IDLE
cisco_chel.log:May 21 11:35:01 10.11.21.101 15900: 1w6d: CryptoEngine0: generate hmac context for conn id 1
cisco_chel.log:May 21 11:35:01 10.11.21.101 15901: 1w6d: ISAKMP (0:1): processing HASH payload. message ID = -347573868


21 май 2009, 11:57
Профиль
Супермодератор

Зарегистрирован: 01 окт 2008, 12:24
Сообщения: 4436
У вас не хватает строки в crypto map скорее всего.

Дайте ваш конфиг или проверьте самостоятельно:
1. sh cry map
НЕ ДОЛЖНО быть записей, типа "incomplete crypto map"

2. Если видите такое, значит либо случайно создался лишний абзац, либо удалилсь одно из
set transfom-set
set peer
match addr

в абзаце crypto map


21 май 2009, 12:18
Профиль

Зарегистрирован: 27 ноя 2008, 11:36
Сообщения: 308
Проверил ничего криминального не вижу.
Может вы подскажите.

crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
lifetime 28800
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp policy 11
encr 3des
hash md5
group 2
crypto isakmp key 1234567890 address 91.194.174.10 no-xauth
crypto isakmp key 1234567890 address 195.16.74.78 no-xauth
crypto isakmp key 1234567890 hostname 91.194.174.10
crypto isakmp key 1234567890 hostname 195.16.74.78
!
!
crypto ipsec transform-set SAMPLE_SET esp-3des esp-md5-hmac
!
crypto map BANK 10 ipsec-isakmp
set peer 195.16.74.78
set security-association lifetime seconds 28800
set transform-set SAMPLE_SET
set pfs group2
match address 101

access-list 101 permit ip 10.11.21.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 101 permit ip 10.11.21.0 0.0.0.255 10.2.1.0 0.0.0.255
access-list 101 permit ip 212.57.141.0 0.0.0.255 10.2.1.0 0.0.0.255
access-list 101 deny ip any any


21 май 2009, 14:21
Профиль
Супермодератор

Зарегистрирован: 01 окт 2008, 12:24
Сообщения: 4436
Вот это вот

crypto isakmp key 1234567890 hostname 91.194.174.10
crypto isakmp key 1234567890 hostname 195.16.74.78

Категоричски убрать

Добавить
cry isak iden addr


21 май 2009, 14:41
Профиль

Зарегистрирован: 27 ноя 2008, 11:36
Сообщения: 308
Спасибо, всё получилось.


22 май 2009, 11:34
Профиль
Показать сообщения за:  Поле сортировки  
Ответить на тему   [ Сообщений: 15 ] 

Кто сейчас на конференции

Сейчас этот форум просматривают: нет зарегистрированных пользователей и гости: 28


Вы не можете начинать темы
Вы не можете отвечать на сообщения
Вы не можете редактировать свои сообщения
Вы не можете удалять свои сообщения
Вы не можете добавлять вложения

Найти:
Перейти:  
Создано на основе phpBB® Forum Software © phpBB Group
Designed by ST Software for PTF.
Русская поддержка phpBB