Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Some VPN client connections fail with error 433

Status
Not open for further replies.
Exie

Exie

Programmer
Joined
Sep 3, 2003
Messages
156
Location
AU
Hi,

We've got a Cisco 1841 here which has been working good. However I've noticed that most clients connect fine, including people using VPNC, but theres a handful that just cant connect.

I've confirmed the username is right, and all the details are correct, but it just wont go.

Looking at the debug output, it seems pretty similar for them all, as follows:
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2007.11.12 17:05:53 =~=~=~=~=~=~=~=~=~=~=~=
vpnrtr#
vpnrtr#
vpnrtr#
vpnrtr#
vpnrtr#
vpnrtr#
vpnrtr#
vpnrtr#
vpnrtr#
vpnrtr#
vpnrtr#
vpnrtr#
vpnrtr#
*Nov 12 06:05:15.475: ISAKMP (0:0): received packet from 58.110.212.35 dport 500 sport 1244 Global (N) NEW SA
*Nov 12 06:05:15.475: ISAKMP: Created a peer struct for 58.110.212.35, peer port 1244
*Nov 12 06:05:15.475: ISAKMP: New peer created peer = 0x655F5A70 peer_handle = 0x800000B3
*Nov 12 06:05:15.475: ISAKMP: Locking peer struct 0x655F5A70, IKE refcount 1 for crypto_isakmp_process_block
*Nov 12 06:05:15.475: ISAKMP:(0:0:N/A:0):Setting client config settings 6438C018
*Nov 12 06:05:15.475: ISAKMP:(0:0:N/A:0):(Re)Setting client xauth list and state
*Nov 12 06:05:15.475: ISAKMP/xauth: initializing AAA request
*Nov 12 06:05:15.475: ISAKMP: local port 500, remote port 1244
*Nov 12 06:05:15.475: insert sa successfully sa = 6436137C
*Nov 12 06:05:15.475: ISAKMP:(0:0:N/A:0): processing SA payload. message ID = 0
*Nov 12 06:05:15.475: ISAKMP:(0:0:N/A:0): processing ID payload. message ID = 0
*Nov 12 06:05:15.475: ISAKMP (0:0): ID payload
next-payload : 13
type : 11
group id : UBF_Staff
protocol : 17
port : 500
length : 17
*Nov 12 06:05:15.479: ISAKMP:(0:0:N/A:0):: peer matches *none* of the profiles
*Nov 12 06:05:15.479: ISAKMP:(0:0:N/A:0): processing vendor id payload
*Nov 12 06:05:15.479: ISAKMP:(0:0:N/A:0): vendor ID seems Unity/DPD but major 215 mismatch
*Nov 12 06:05:15.479: ISAKMP:(0:0:N/A:0): vendor ID is XAUTH
*Nov 12 06:05:15.479: ISAKMP:(0:0:N/A:0): processing vendor id payload
*Nov 12 06:05:15.479: ISAKMP:(0:0:N/A:0): vendor ID is DPD
*Nov 12 06:05:15.479: ISAKMP:(0:0:N/A:0): processing vendor id payload
*Nov 12 06:05:15.479: ISAKMP:(0:0:N/A:0): vendor ID seems Unity/DPD but major 194 mismatch
*Nov 12 06:05:15.479: ISAKMP:(0:0:N/A:0): processing vendor id payload
*Nov 12 06:05:15.479: ISAKMP:(0:0:N/A:0): vendor ID seems Unity/DPD but major 123 mismatch
*Nov 12 06:05:15.479: ISAKMP:(0:0:N/A:0): vendor ID is NAT-T v2
*Nov 12 06:05:15.479: ISAKMP:(0:0:N/A:0): processing vendor id payload
*Nov 12 06:05:15.479: ISAKMP:(0:0:N/A:0): vendor ID is Unity
*Nov 12 06:05:15.479: ISAKMP:(0:0:N/A:0): Authentication by xauth preshared
*Nov 12 06:05:15.479: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 1 against priority 1 policy
*Nov 12 06:05:15.479: ISAKMP: encryption AES-CBC
*Nov 12 06:05:15.479: ISAKMP: hash SHA
*Nov 12 06:05:15.479: ISAKMP: default group 2
*Nov 12 06:05:15.479: ISAKMP: auth XAUTHInitPreShared
*Nov 12 06:05:15.479: ISAKMP: life type in seconds
*Nov 12 06:05:15.479: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Nov 12 06:05:15.479: ISAKMP: keylength of 256
*Nov 12 06:05:15.479: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Nov 12 06:05:15.479: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Nov 12 06:05:15.479: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 2 against priority 1 policy
*Nov 12 06:05:15.479: ISAKMP: encryption AES-CBC
*Nov 12 06:05:15.479: ISAKMP: hash MD5
*Nov 12 06:05:15.479: ISAKMP: default group 2
*Nov 12 06:05:15.479: ISAKMP: auth XAUTHInitPreShared
*Nov 12 06:05:15.479: ISAKMP: life type in seconds
*Nov 12 06:05:15.479: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Nov 12 06:05:15.479: ISAKMP: keylength of 256
*Nov 12 06:05:15.479: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Nov 12 06:05:15.479: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Nov 12 06:05:15.483: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 3 against priority 1 policy
*Nov 12 06:05:15.483: ISAKMP: encryption AES-CBC
*Nov 12 06:05:15.483: ISAKMP: hash SHA
*Nov 12 06:05:15.483: ISAKMP: default group 2
*Nov 12 06:05:15.483: ISAKMP: auth pre-share
*Nov 12 06:05:15.483: ISAKMP: life type in seconds
*Nov 12 06:05:15.483: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Nov 12 06:05:15.483: ISAKMP: keylength of 256
*Nov 12 06:05:15.483: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Nov 12 06:05:15.483: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Nov 12 06:05:15.483: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 4 against priority 1 policy
*Nov 12 06:05:15.483: ISAKMP: encryption AES-CBC
*Nov 12 06:05:15.483: ISAKMP: hash MD5
*Nov 12 06:05:15.483: ISAKMP: default group 2
*Nov 12 06:05:15.483: ISAKMP: auth pre-share
*Nov 12 06:05:15.483: ISAKMP: life type in seconds
*Nov 12 06:05:15.483: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Nov 12 06:05:15.483: ISAKMP: keylength of 256
*Nov 12 06:05:15.483: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Nov 12 06:05:15.483: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Nov 12 06:05:15.483: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 5 against priority 1 policy
*Nov 12 06:05:15.483: ISAKMP: encryption AES-CBC
*Nov 12 06:05:15.483: ISAKMP: hash SHA
*Nov 12 06:05:15.483: ISAKMP: default group 2
*Nov 12 06:05:15.483: ISAKMP: auth XAUTHInitPreShared
*Nov 12 06:05:15.483: ISAKMP: life type in seconds
*Nov 12 06:05:15.483: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Nov 12 06:05:15.483: ISAKMP: keylength of 128
*Nov 12 06:05:15.483: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Nov 12 06:05:15.483: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Nov 12 06:05:15.483: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 6 against priority 1 policy
*Nov 12 06:05:15.483: ISAKMP: encryption AES-CBC
*Nov 12 06:05:15.483: ISAKMP: hash MD5
*Nov 12 06:05:15.483: ISAKMP: default group 2
*Nov 12 06:05:15.483: ISAKMP: auth XAUTHInitPreShared
*Nov 12 06:05:15.483: ISAKMP: life type in seconds
*Nov 12 06:05:15.483: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Nov 12 06:05:15.483: ISAKMP: keylength of 128
*Nov 12 06:05:15.483: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Nov 12 06:05:15.487: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Nov 12 06:05:15.487: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 7 against priority 1 policy
*Nov 12 06:05:15.487: ISAKMP: encryption AES-CBC
*Nov 12 06:05:15.487: ISAKMP: hash SHA
*Nov 12 06:05:15.487: ISAKMP: default group 2
*Nov 12 06:05:15.487: ISAKMP: auth pre-share
*Nov 12 06:05:15.487: ISAKMP: life type in seconds
*Nov 12 06:05:15.487: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Nov 12 06:05:15.487: ISAKMP: keylength of 128
*Nov 12 06:05:15.487: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Nov 12 06:05:15.487: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Nov 12 06:05:15.487: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 8 against priority 1 policy
*Nov 12 06:05:15.487: ISAKMP: encryption AES-CBC
*Nov 12 06:05:15.487: ISAKMP: hash MD5
*Nov 12 06:05:15.487: ISAKMP: default group 2
*Nov 12 06:05:15.487: ISAKMP: auth pre-share
*Nov 12 06:05:15.487: ISAKMP: life type in seconds
*Nov 12 06:05:15.487: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Nov 12 06:05:15.487: ISAKMP: keylength of 128
*Nov 12 06:05:15.487: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!
*Nov 12 06:05:15.487: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Nov 12 06:05:15.487: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 9 against priority 1 policy
*Nov 12 06:05:15.487: ISAKMP: encryption 3DES-CBC
*Nov 12 06:05:15.487: ISAKMP: hash SHA
*Nov 12 06:05:15.487: ISAKMP: default group 2
*Nov 12 06:05:15.487: ISAKMP: auth XAUTHInitPreShared
*Nov 12 06:05:15.487: ISAKMP: life type in seconds
*Nov 12 06:05:15.491: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Nov 12 06:05:15.491: ISAKMP:(0:0:N/A:0):atts are acceptable. Next payload is 3
*Nov 12 06:05:15.491: ISAKMP:(0:0:N/A:0):Setting the rekey timer since IKE is operating in Continuous Channel Mode.
*Nov 12 06:05:15.491: CryptoEngine0: generating alg parameter for connid 4
*Nov 12 06:05:15.539: CRYPTO_ENGINE: Dh phase 1 status: 0
*Nov 12 06:05:15.539: CRYPTO_ENGINE: Dh phase 1 status: OK
*Nov 12 06:05:15.539: ISAKMP:(0:4:SW:1): processing KE payload. message ID = 0
*Nov 12 06:05:15.543: CryptoEngine0: generating alg parameter for connid 0
*Nov 12 06:05:15.603: ISAKMP:(0:4:SW:1): processing NONCE payload. message ID = 0
*Nov 12 06:05:15.607: ISAKMP:(0:4:SW:1): vendor ID is NAT-T v2
*Nov 12 06:05:15.607: ISAKMP:(0:4:SW:1):Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH
*Nov 12 06:05:15.607: ISAKMP:(0:4:SW:1):Old State = IKE_READY New State = IKE_R_AM_AAA_AWAIT

*Nov 12 06:05:15.607: CryptoEngine0: create ISAKMP SKEYID for conn id 4
*Nov 12 06:05:15.607: ISAKMP:(0:4:SW:1):SKEYID state generated
*Nov 12 06:05:15.607: ISAKMP:(0:4:SW:1): constructed NAT-T vendor-02 ID
*Nov 12 06:05:15.607: ISAKMP:(0:4:SW:1):SA is doing pre-shared key authentication plus XAUTH using id type ID_IPV4_ADDR
*Nov 12 06:05:15.607: ISAKMP (0:134217732): ID payload
next-payload : 10
type : 1
address : xxx.xxx.xxx.xxx
protocol : 17
port : 0
length : 12
*Nov 12 06:05:15.611: ISAKMP:(0:4:SW:1):Total payload length: 12
*Nov 12 06:05:15.611: CryptoEngine0: generate hmac context for conn id 4
*Nov 12 06:05:15.611: ISAKMP:(0:4:SW:1): sending packet to 58.110.212.35 my_port 500 peer_port 1244 (R) AG_INIT_EXCH
*Nov 12 06:05:15.611: ISAKMP:(0:4:SW:1):Input = IKE_MESG_FROM_AAA, PRESHARED_KEY_REPLY
*Nov 12 06:05:15.611: ISAKMP:(0:4:SW:1):Old State = IKE_R_AM_AAA_AWAIT New State = IKE_R_AM2

*Nov 12 06:05:15.671: ISAKMP (0:134217732): received packet from 58.110.212.35 dport 500 sport 1244 Global (R) AG_INIT_EXCH
*Nov 12 06:05:15.671: ISAKMP:(0:4:SW:1): processing HASH payload. message ID = 0
*Nov 12 06:05:15.675: CryptoEngine0: generate hmac context for conn id 4
*Nov 12 06:05:15.675: ISAKMP:(0:4:SW:1): processing NOTIFY INITIAL_CONTACT protocol 1
spi 0, message ID = 0, sa = 6436137C
*Nov 12 06:05:15.675: ISAKMP:(0:4:SW:1):SA authentication status:
authenticated
*Nov 12 06:05:15.675: ISAKMP:(0:4:SW:1): Process initial contact,
bring down existing phase 1 and 2 SA's with local xxx.xxx.xxx.xxx remote 58.110.212.35 remote port 1244
*Nov 12 06:05:15.675: ISAKMP:(0:4:SW:1):returning IP addr to the address pool
*Nov 12 06:05:15.675: ISAKMP:received payload type 20
*Nov 12 06:05:15.675: ISAKMP:received payload type 20
*Nov 12 06:05:15.675: ISAKMP:(0:4:SW:1):SA authentication status:
authenticated
*Nov 12 06:05:15.675: ISAKMP:(0:4:SW:1):SA has been authenticated with 58.110.212.35
*Nov 12 06:05:15.675: CryptoEngine0: clear dh number for conn id 1
*Nov 12 06:05:15.675: ISAKMP: Trying to insert a peer xxx.xxx.xxx.xxx/58.110.212.35/1244/, and inserted successfully 655F5A70.
*Nov 12 06:05:15.675: ISAKMP:(0:4:SW:1):IKE_DPD is enabled, initializing timers
*Nov 12 06:05:15.675: ISAKMP: set new node 1335179530 to CONF_XAUTH
*Nov 12 06:05:15.675: CryptoEngine0: generate hmac context for conn id 4
*Nov 12 06:05:15.675: ISAKMP:(0:4:SW:1):Sending NOTIFY RESPONDER_LIFETIME protocol 1
spi 1696388000, message ID = 1335179530
*Nov 12 06:05:15.675: ISAKMP:(0:4:SW:1): sending packet to 58.110.212.35 my_port 500 peer_port 1244 (R) QM_IDLE
*Nov 12 06:05:15.679: ISAKMP:(0:4:SW:1):purging node 1335179530
*Nov 12 06:05:15.679: ISAKMP: Sending phase 1 responder lifetime 28800

*Nov 12 06:05:15.679: ISAKMP:(0:4:SW:1):Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH
*Nov 12 06:05:15.679: ISAKMP:(0:4:SW:1):Old State = IKE_R_AM2 New State = IKE_P1_COMPLETE

*Nov 12 06:05:15.679: IPSEC(key_engine): got a queue event with 1 kei messages
*Nov 12 06:05:15.679: ISAKMP:(0:4:SW:1):Need XAUTH
*Nov 12 06:05:15.679: ISAKMP: set new node -2099714460 to CONF_XAUTH
*Nov 12 06:05:15.679: ISAKMP/xauth: request attribute XAUTH_USER_NAME_V2
*Nov 12 06:05:15.679: ISAKMP/xauth: request attribute XAUTH_USER_PASSWORD_V2
*Nov 12 06:05:15.679: CryptoEngine0: generate hmac context for conn id 4
*Nov 12 06:05:15.679: ISAKMP:(0:4:SW:1): initiating peer config to 58.110.212.35. ID = -2099714460
*Nov 12 06:05:15.683: ISAKMP:(0:4:SW:1): sending packet to 58.110.212.35 my_port 500 peer_port 1244 (R) CONF_XAUTH
*Nov 12 06:05:15.683: ISAKMP:(0:4:SW:1):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
*Nov 12 06:05:15.683: ISAKMP:(0:4:SW:1):Old State = IKE_P1_COMPLETE New State = IKE_XAUTH_REQ_SENT

*Nov 12 06:05:20.683: ISAKMP:(0:4:SW:1): retransmitting phase 2 CONF_XAUTH -2099714460 ...
*Nov 12 06:05:20.683: ISAKMP:(0:4:SW:1):incrementing error counter on node: retransmit phase 2
*Nov 12 06:05:20.683: ISAKMP:(0:4:SW:1):incrementing error counter on sa: retransmit phase 2
*Nov 12 06:05:20.683: ISAKMP:(0:4:SW:1): retransmitting phase 2 -2099714460 CONF_XAUTH
*Nov 12 06:05:20.683: ISAKMP:(0:4:SW:1): sending packet to 58.110.212.35 my_port 500 peer_port 1244 (R) CONF_XAUTH
*Nov 12 06:05:25.683: ISAKMP:(0:4:SW:1): retransmitting phase 2 CONF_XAUTH -2099714460 ...
*Nov 12 06:05:25.683: ISAKMP:(0:4:SW:1):incrementing error counter on node: retransmit phase 2
*Nov 12 06:05:25.683: ISAKMP:(0:4:SW:1):incrementing error counter on sa: retransmit phase 2
*Nov 12 06:05:25.683: ISAKMP:(0:4:SW:1): retransmitting phase 2 -2099714460 CONF_XAUTH
*Nov 12 06:05:25.683: ISAKMP:(0:4:SW:1): sending packet to 58.110.212.35 my_port 500 peer_port 1244 (R) CONF_XAUTH
*Nov 12 06:05:30.683: ISAKMP:(0:4:SW:1): retransmitting phase 2 CONF_XAUTH -2099714460 ...
*Nov 12 06:05:30.683: ISAKMP:(0:4:SW:1):incrementing error counter on node: retransmit phase 2
*Nov 12 06:05:30.683: ISAKMP:(0:4:SW:1):incrementing error counter on sa: retransmit phase 2
*Nov 12 06:05:30.683: ISAKMP:(0:4:SW:1): retransmitting phase 2 -2099714460 CONF_XAUTH
*Nov 12 06:05:30.683: ISAKMP:(0:4:SW:1): sending packet to 58.110.212.35 my_port 500 peer_port 1244 (R) CONF_XAUTH
*Nov 12 06:05:34.139: ISAKMP (0:134217732): received packet from 58.110.212.35 dport 500 sport 1244 Global (R) CONF_XAUTH
*Nov 12 06:05:34.139: ISAKMP:(0:4:SW:1):processing transaction payload from 58.110.212.35. message ID = -2099714460
*Nov 12 06:05:34.139: CryptoEngine0: generate hmac context for conn id 4
*Nov 12 06:05:34.139: ISAKMP: Config payload REPLY
*Nov 12 06:05:34.139: ISAKMP/xauth: reply attribute XAUTH_USER_NAME_V2
*Nov 12 06:05:34.139: ISAKMP/xauth: reply attribute XAUTH_USER_PASSWORD_V2
*Nov 12 06:05:34.143: ISAKMP:(0:4:SW:1):deleting node -2099714460 error FALSE reason "Done with xauth request/reply exchange"
*Nov 12 06:05:34.143: ISAKMP:(0:4:SW:1):Input = IKE_MESG_FROM_PEER, IKE_CFG_REPLY
*Nov 12 06:05:34.143: ISAKMP:(0:4:SW:1):Old State = IKE_XAUTH_REQ_SENT New State = IKE_XAUTH_AAA_CONT_LOGIN_AWAIT

*Nov 12 06:05:34.191: ISAKMP: set new node 589135525 to CONF_XAUTH
*Nov 12 06:05:34.191: CryptoEngine0: generate hmac context for conn id 4
*Nov 12 06:05:34.191: ISAKMP:(0:4:SW:1): initiating peer config to 58.110.212.35. ID = 589135525
*Nov 12 06:05:34.191: ISAKMP:(0:4:SW:1): sending packet to 58.110.212.35 my_port 500 peer_port 1244 (R) CONF_XAUTH
*Nov 12 06:05:34.191: ISAKMP:(0:4:SW:1):Input = IKE_MESG_FROM_AAA, IKE_AAA_CONT_LOGIN
*Nov 12 06:05:34.191: ISAKMP:(0:4:SW:1):Old State = IKE_XAUTH_AAA_CONT_LOGIN_AWAIT New State = IKE_XAUTH_SET_SENT

*Nov 12 06:05:34.243: ISAKMP (0:134217732): received packet from 58.110.212.35 dport 500 sport 1244 Global (R) CONF_XAUTH
*Nov 12 06:05:34.243: ISAKMP:(0:4:SW:1):processing transaction payload from 58.110.212.35. message ID = 589135525
*Nov 12 06:05:34.243: CryptoEngine0: generate hmac context for conn id 4
*Nov 12 06:05:34.243: ISAKMP: Config payload ACK
*Nov 12 06:05:34.243: ISAKMP:(0:4:SW:1): (blank) XAUTH ACK Processed
*Nov 12 06:05:34.243: ISAKMP:(0:4:SW:1):deleting node 589135525 error FALSE reason "Transaction mode done"
*Nov 12 06:05:34.243: ISAKMP:(0:4:SW:1):Input = IKE_MESG_FROM_PEER, IKE_CFG_ACK
*Nov 12 06:05:34.243: ISAKMP:(0:4:SW:1):Old State = IKE_XAUTH_SET_SENT New State = IKE_P1_COMPLETE

*Nov 12 06:05:34.243: ISAKMP:(0:4:SW:1):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
*Nov 12 06:05:34.243: ISAKMP:(0:4:SW:1):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE

*Nov 12 06:05:34.535: ISAKMP (0:134217732): received packet from 58.110.212.35 dport 500 sport 1244 Global (R) QM_IDLE
*Nov 12 06:05:34.535: ISAKMP: set new node 375786709 to QM_IDLE
*Nov 12 06:05:34.535: ISAKMP:(0:4:SW:1):processing transaction payload from 58.110.212.35. message ID = 375786709
*Nov 12 06:05:34.535: CryptoEngine0: generate hmac context for conn id 4
*Nov 12 06:05:34.535: ISAKMP: Config payload REQUEST
*Nov 12 06:05:34.535: ISAKMP:(0:4:SW:1):checking request:
*Nov 12 06:05:34.535: ISAKMP: IP4_ADDRESS
*Nov 12 06:05:34.535: ISAKMP: IP4_NETMASK
*Nov 12 06:05:34.535: ISAKMP: IP4_DNS
*Nov 12 06:05:34.535: ISAKMP: IP4_NBNS
*Nov 12 06:05:34.535: ISAKMP: ADDRESS_EXPIRY
*Nov 12 06:05:34.535: ISAKMP: UNKNOWN Unknown Attr: 0x7000
*Nov 12 06:05:34.535: ISAKMP: MODECFG_SAVEPWD
*Nov 12 06:05:34.535: ISAKMP: DEFAULT_DOMAIN
*Nov 12 06:05:34.539: ISAKMP: SPLIT_INCLUDE
*Nov 12 06:05:34.539: ISAKMP: SPLIT_DNS
*Nov 12 06:05:34.539: ISAKMP: PFS
*Nov 12 06:05:34.539: ISAKMP: UNKNOWN Unknown Attr: 0x700B
*Nov 12 06:05:34.539: ISAKMP: BACKUP_SERVER
*Nov 12 06:05:34.539: ISAKMP: UNKNOWN Unknown Attr: 0x700C
*Nov 12 06:05:34.539: ISAKMP: APPLICATION_VERSION
*Nov 12 06:05:34.539: ISAKMP: FW_RECORD
*Nov 12 06:05:34.539: ISAKMP: UNKNOWN Unknown Attr: 0x700A
*Nov 12 06:05:34.539: ISAKMP: UNKNOWN Unknown Attr: 0x7005
*Nov 12 06:05:34.539: ISAKMP/author: Author request for group UBF_Staffsuccessfully sent to AAA
*Nov 12 06:05:34.539: ISAKMP:(0:4:SW:1):Input = IKE_MESG_FROM_PEER, IKE_CFG_REQUEST
*Nov 12 06:05:34.539: ISAKMP:(0:4:SW:1):Old State = IKE_P1_COMPLETE New State = IKE_CONFIG_AUTHOR_AAA_AWAIT

*Nov 12 06:05:34.539: ISAKMP:(0:4:SW:1):attributes sent in message:
*Nov 12 06:05:34.539: Address: 0.2.0.0
*Nov 12 06:05:34.539: ISAKMP:(0:4:SW:1):allocating address 192.168.250.59
*Nov 12 06:05:34.539: ISAKMP: Sending private address: 192.168.250.59
*Nov 12 06:05:34.539: ISAKMP: Sending IP4_DNS server address: 192.168.40.51
*Nov 12 06:05:34.539: ISAKMP: Sending IP4_NBNS server address: 192.168.40.51
*Nov 12 06:05:34.539: ISAKMP: Sending ADDRESS_EXPIRY seconds left to use the address: 28780
*Nov 12 06:05:34.543: ISAKMP (0/134217732): Unknown Attr: UNKNOWN (0x7000)
*Nov 12 06:05:34.543: ISAKMP: Sending save password reply value 0
*Nov 12 06:05:34.543: ISAKMP: Sending DEFAULT_DOMAIN default domain name: tfapac.tontinefibres.com.au
*Nov 12 06:05:34.543: ISAKMP (0/134217732): Unknown Attr: UNKNOWN (0x700B)
*Nov 12 06:05:34.543: ISAKMP (0/134217732): Unknown Attr: UNKNOWN (0x700C)
*Nov 12 06:05:34.543: ISAKMP: Sending APPLICATION_VERSION string: Cisco IOS Software, 1841 Software (C1841-ADVIPSERVICESK9-M), Version 12.3(14)T3, RELEASE SOFTWARE (fc2)
Technical Support: Copyright (c) 1986-2005 by Cisco Systems, Inc.
Compiled Mon 11-Jul-05 21:04 by ccai
*Nov 12 06:05:34.543: ISAKMP (0/134217732): Unknown Attr: UNKNOWN (0x700A)
*Nov 12 06:05:34.543: ISAKMP (0/134217732): Unknown Attr: UNKNOWN (0x7005)
*Nov 12 06:05:34.543: CryptoEngine0: generate hmac context for conn id 4
*Nov 12 06:05:34.543: ISAKMP:(0:4:SW:1): responding to peer config from 58.110.212.35. ID = 375786709
*Nov 12 06:05:34.543: ISAKMP:(0:4:SW:1): sending packet to 58.110.212.35 my_port 500 peer_port 1244 (R) CONF_ADDR
*Nov 12 06:05:34.543: ISAKMP:(0:4:SW:1):deleting node 375786709 error FALSE reason "No Error"
*Nov 12 06:05:34.543: ISAKMP:(0:4:SW:1):Input = IKE_MESG_FROM_AAA, IKE_AAA_GROUP_ATTR
*Nov 12 06:05:34.543: ISAKMP:(0:4:SW:1):Old State = IKE_CONFIG_AUTHOR_AAA_AWAIT New State = IKE_P1_COMPLETE

*Nov 12 06:05:34.547: ISAKMP:(0:4:SW:1):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
*Nov 12 06:05:34.547: ISAKMP:(0:4:SW:1):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE

*Nov 12 06:05:34.623: ISAKMP (0:134217732): received packet from 58.110.212.35 dport 500 sport 1244 Global (R) QM_IDLE
*Nov 12 06:05:34.623: ISAKMP: set new node 1622653534 to QM_IDLE
*Nov 12 06:05:34.627: CryptoEngine0: generate hmac context for conn id 4
*Nov 12 06:05:34.627: ISAKMP:(0:4:SW:1): processing HASH payload. message ID = 1622653534
*Nov 12 06:05:34.627: ISAKMP:(0:4:SW:1): processing SA payload. message ID = 1622653534
*Nov 12 06:05:34.627: ISAKMP:(0:4:SW:1):Checking IPSec proposal 1
*Nov 12 06:05:34.627: ISAKMP: transform 1, ESP_AES
*Nov 12 06:05:34.627: ISAKMP: attributes in transform:
*Nov 12 06:05:34.627: ISAKMP: authenticator is HMAC-MD5
*Nov 12 06:05:34.627: ISAKMP: key length is 256
*Nov 12 06:05:34.627: ISAKMP: encaps is 1 (Tunnel)
*Nov 12 06:05:34.627: ISAKMP: SA life type in seconds
*Nov 12 06:05:34.627: ISAKMP: SA life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Nov 12 06:05:34.627: CryptoEngine0: validate proposal
*Nov 12 06:05:34.627: ISAKMP:(0:4:SW:1):atts are acceptable.
*Nov 12 06:05:34.631: ISAKMP:(0:4:SW:1):Checking IPSec proposal 1
*Nov 12 06:05:34.631: ISAKMP:(0:4:SW:1):transform 1, IPPCP LZS
*Nov 12 06:05:34.631: ISAKMP: attributes in transform:
*Nov 12 06:05:34.631: ISAKMP: encaps is 1 (Tunnel)
*Nov 12 06:05:34.631: ISAKMP: SA life type in seconds
*Nov 12 06:05:34.631: ISAKMP: SA life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Nov 12 06:05:34.631: ISAKMP:(0:4:SW:1):atts are acceptable.
*Nov 12 06:05:34.631: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= xxx.xxx.xxx.xxx, remote= 58.110.212.35,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 192.168.250.59/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= esp-aes 256 esp-md5-hmac (Tunnel),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 256, flags= 0x2
*Nov 12 06:05:34.631: IPSEC(validate_proposal_request): proposal part #2,
(key eng. msg.) INBOUND local= xxx.xxx.xxx.xxx, remote= 58.110.212.35,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 192.168.250.59/255.255.255.255/0/0 (type=1),
protocol= PCP, transform= comp-lzs (Tunnel),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2
*Nov 12 06:05:34.631: CryptoEngine0: validate proposal request
*Nov 12 06:05:34.631: IPSEC(validate_transform_proposal): transform proposal not supported for identity:
{esp-aes 256 esp-md5-hmac comp-lzs }
*Nov 12 06:05:34.631: ISAKMP:(0:4:SW:1): IPSec policy invalidated proposal
*Nov 12 06:05:34.631: ISAKMP:(0:4:SW:1):Checking IPSec proposal 2
*Nov 12 06:05:34.631: ISAKMP: transform 1, ESP_AES
*Nov 12 06:05:34.631: ISAKMP: attributes in transform:
*Nov 12 06:05:34.631: ISAKMP: authenticator is HMAC-SHA
*Nov 12 06:05:34.631: ISAKMP: key length is 256
*Nov 12 06:05:34.631: ISAKMP: encaps is 1 (Tunnel)
*Nov 12 06:05:34.631: ISAKMP: SA life type in seconds
*Nov 12 06:05:34.631: ISAKMP: SA life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Nov 12 06:05:34.631: CryptoEngine0: validate proposal
*Nov 12 06:05:34.631: ISAKMP:(0:4:SW:1):atts are acceptable.
*Nov 12 06:05:34.631: ISAKMP:(0:4:SW:1):Checking IPSec proposal 2
*Nov 12 06:05:34.631: ISAKMP:(0:4:SW:1):transform 1, IPPCP LZS
*Nov 12 06:05:34.631: ISAKMP: attributes in transform:
*Nov 12 06:05:34.635: ISAKMP: encaps is 1 (Tunnel)
*Nov 12 06:05:34.635: ISAKMP: SA life type in seconds
*Nov 12 06:05:34.635: ISAKMP: SA life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Nov 12 06:05:34.635: ISAKMP:(0:4:SW:1):atts are acceptable.
*Nov 12 06:05:34.635: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= xxx.xxx.xxx.xxx, remote= 58.110.212.35,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 192.168.250.59/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= esp-aes 256 esp-sha-hmac (Tunnel),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 256, flags= 0x2
*Nov 12 06:05:34.635: IPSEC(validate_proposal_request): proposal part #2,
(key eng. msg.) INBOUND local= xxx.xxx.xxx.xxx, remote= 58.110.212.35,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 192.168.250.59/255.255.255.255/0/0 (type=1),
protocol= PCP, transform= comp-lzs (Tunnel),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2
*Nov 12 06:05:34.635: CryptoEngine0: validate proposal request
*Nov 12 06:05:34.635: IPSEC(validate_transform_proposal): transform proposal not supported for identity:
{esp-aes 256 esp-sha-hmac comp-lzs }
*Nov 12 06:05:34.635: ISAKMP:(0:4:SW:1): IPSec policy invalidated proposal
*Nov 12 06:05:34.635: ISAKMP:(0:4:SW:1):Checking IPSec proposal 3
*Nov 12 06:05:34.635: ISAKMP: transform 1, ESP_AES
*Nov 12 06:05:34.635: ISAKMP: attributes in transform:
*Nov 12 06:05:34.635: ISAKMP: authenticator is HMAC-MD5
*Nov 12 06:05:34.635: ISAKMP: key length is 128
*Nov 12 06:05:34.635: ISAKMP: encaps is 1 (Tunnel)
*Nov 12 06:05:34.635: ISAKMP: SA life type in seconds
*Nov 12 06:05:34.635: ISAKMP: SA life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Nov 12 06:05:34.635: CryptoEngine0: validate proposal
*Nov 12 06:05:34.635: ISAKMP:(0:4:SW:1):atts are acceptable.
*Nov 12 06:05:34.635: ISAKMP:(0:4:SW:1):Checking IPSec proposal 3
*Nov 12 06:05:34.635: ISAKMP:(0:4:SW:1):transform 1, IPPCP LZS
*Nov 12 06:05:34.635: ISAKMP: attributes in transform:
*Nov 12 06:05:34.635: ISAKMP: encaps is 1 (Tunnel)
*Nov 12 06:05:34.639: ISAKMP: SA life type in seconds
*Nov 12 06:05:34.639: ISAKMP: SA life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Nov 12 06:05:34.639: ISAKMP:(0:4:SW:1):atts are acceptable.
*Nov 12 06:05:34.639: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= xxx.xxx.xxx.xxx, remote= 58.110.212.35,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 192.168.250.59/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= esp-aes esp-md5-hmac (Tunnel),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 128, flags= 0x2
*Nov 12 06:05:34.639: IPSEC(validate_proposal_request): proposal part #2,
(key eng. msg.) INBOUND local= xxx.xxx.xxx.xxx, remote= 58.110.212.35,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 192.168.250.59/255.255.255.255/0/0 (type=1),
protocol= PCP, transform= comp-lzs (Tunnel),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2
*Nov 12 06:05:34.639: CryptoEngine0: validate proposal request
*Nov 12 06:05:34.639: IPSEC(validate_transform_proposal): transform proposal not supported for identity:
{esp-aes esp-md5-hmac comp-lzs }
*Nov 12 06:05:34.639: ISAKMP:(0:4:SW:1): IPSec policy invalidated proposal
*Nov 12 06:05:34.639: ISAKMP:(0:4:SW:1):Checking IPSec proposal 4
*Nov 12 06:05:34.639: ISAKMP: transform 1, ESP_AES
*Nov 12 06:05:34.639: ISAKMP: attributes in transform:
*Nov 12 06:05:34.639: ISAKMP: authenticator is HMAC-SHA
*Nov 12 06:05:34.639: ISAKMP: key length is 128
*Nov 12 06:05:34.639: ISAKMP: encaps is 1 (Tunnel)
*Nov 12 06:05:34.639: ISAKMP: SA life type in seconds
*Nov 12 06:05:34.639: ISAKMP: SA life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Nov 12 06:05:34.639: CryptoEngine0: validate proposal
*Nov 12 06:05:34.639: ISAKMP:(0:4:SW:1):atts are acceptable.
*Nov 12 06:05:34.639: ISAKMP:(0:4:SW:1):Checking IPSec proposal 4
*Nov 12 06:05:34.639: ISAKMP:(0:4:SW:1):transform 1, IPPCP LZS
*Nov 12 06:05:34.639: ISAKMP: attributes in transform:
*Nov 12 06:05:34.639: ISAKMP: encaps is 1 (Tunnel)
*Nov 12 06:05:34.639: ISAKMP: SA life type in seconds
*Nov 12 06:05:34.639: ISAKMP: SA life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Nov 12 06:05:34.643: ISAKMP:(0:4:SW:1):atts are acceptable.
*Nov 12 06:05:34.643: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= xxx.xxx.xxx.xxx, remote= 58.110.212.35,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 192.168.250.59/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= esp-aes esp-sha-hmac (Tunnel),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 128, flags= 0x2
*Nov 12 06:05:34.643: IPSEC(validate_proposal_request): proposal part #2,
(key eng. msg.) INBOUND local= xxx.xxx.xxx.xxx, remote= 58.110.212.35,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 192.168.250.59/255.255.255.255/0/0 (type=1),
protocol= PCP, transform= comp-lzs (Tunnel),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2
*Nov 12 06:05:34.643: CryptoEngine0: validate proposal request
*Nov 12 06:05:34.643: IPSEC(validate_transform_proposal): transform proposal not supported for identity:
{esp-aes esp-sha-hmac comp-lzs }
*Nov 12 06:05:34.643: ISAKMP:(0:4:SW:1): IPSec policy invalidated proposal
*Nov 12 06:05:34.643: ISAKMP:(0:4:SW:1):Checking IPSec proposal 5
*Nov 12 06:05:34.643: ISAKMP: transform 1, ESP_AES
*Nov 12 06:05:34.643: ISAKMP: attributes in transform:
*Nov 12 06:05:34.643: ISAKMP: authenticator is HMAC-MD5
*Nov 12 06:05:34.643: ISAKMP: key length is 256
*Nov 12 06:05:34.643: ISAKMP: encaps is 1 (Tunnel)
*Nov 12 06:05:34.643: ISAKMP: SA life type in seconds
*Nov 12 06:05:34.643: ISAKMP: SA life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Nov 12 06:05:34.643: CryptoEngine0: validate proposal
*Nov 12 06:05:34.647: ISAKMP:(0:4:SW:1):atts are acceptable.
*Nov 12 06:05:34.647: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= xxx.xxx.xxx.xxx, remote= 58.110.212.35,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 192.168.250.59/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= esp-aes 256 esp-md5-hmac (Tunnel),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 256, flags= 0x2
*Nov 12 06:05:34.647: CryptoEngine0: validate proposal request
*Nov 12 06:05:34.647: IPSEC(validate_transform_proposal): transform proposal not supported for identity:
{esp-aes 256 esp-md5-hmac }
*Nov 12 06:05:34.647: ISAKMP:(0:4:SW:1): IPSec policy invalidated proposal
*Nov 12 06:05:34.647: ISAKMP:(0:4:SW:1):Checking IPSec proposal 6
*Nov 12 06:05:34.647: ISAKMP: transform 1, ESP_AES
*Nov 12 06:05:34.647: ISAKMP: attributes in transform:
*Nov 12 06:05:34.647: ISAKMP: authenticator is HMAC-SHA
*Nov 12 06:05:34.647: ISAKMP: key length is 256
*Nov 12 06:05:34.647: ISAKMP: encaps is 1 (Tunnel)
*Nov 12 06:05:34.647: ISAKMP: SA life type in seconds
*Nov 12 06:05:34.647: ISAKMP: SA life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Nov 12 06:05:34.647: CryptoEngine0: validate proposal
*Nov 12 06:05:34.651: ISAKMP:(0:4:SW:1):atts are acceptable.
*Nov 12 06:05:34.651: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= xxx.xxx.xxx.xxx, remote= 58.110.212.35,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 192.168.250.59/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= esp-aes 256 esp-sha-hmac (Tunnel),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 256, flags= 0x2
*Nov 12 06:05:34.651: CryptoEngine0: validate proposal request
*Nov 12 06:05:34.651: IPSEC(validate_transform_proposal): transform proposal not supported for identity:
{esp-aes 256 esp-sha-hmac }
*Nov 12 06:05:34.651: ISAKMP:(0:4:SW:1): IPSec policy invalidated proposal
*Nov 12 06:05:34.651: ISAKMP:(0:4:SW:1):Checking IPSec proposal 7
*Nov 12 06:05:34.651: ISAKMP: transform 1, ESP_AES
*Nov 12 06:05:34.651: ISAKMP: attributes in transform:
*Nov 12 06:05:34.651: ISAKMP: authenticator is HMAC-MD5
*Nov 12 06:05:34.651: ISAKMP: key length is 128
*Nov 12 06:05:34.651: ISAKMP: encaps is 1 (Tunnel)
*Nov 12 06:05:34.651: ISAKMP: SA life type in seconds
*Nov 12 06:05:34.651: ISAKMP: SA life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Nov 12 06:05:34.651: CryptoEngine0: validate proposal
*Nov 12 06:05:34.651: ISAKMP:(0:4:SW:1):atts are acceptable.
*Nov 12 06:05:34.655: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= xxx.xxx.xxx.xxx, remote= 58.110.212.35,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 192.168.250.59/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= esp-aes esp-md5-hmac (Tunnel),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 128, flags= 0x2
*Nov 12 06:05:34.655: CryptoEngine0: validate proposal request
*Nov 12 06:05:34.655: IPSEC(validate_transform_proposal): transform proposal not supported for identity:
{esp-aes esp-md5-hmac }
*Nov 12 06:05:34.655: ISAKMP:(0:4:SW:1): IPSec policy invalidated proposal
*Nov 12 06:05:34.655: ISAKMP:(0:4:SW:1):Checking IPSec proposal 8
*Nov 12 06:05:34.655: ISAKMP: transform 1, ESP_AES
*Nov 12 06:05:34.655: ISAKMP: attributes in transform:
*Nov 12 06:05:34.655: ISAKMP: authenticator is HMAC-SHA
*Nov 12 06:05:34.655: ISAKMP: key length is 128
*Nov 12 06:05:34.655: ISAKMP: encaps is 1 (Tunnel)
*Nov 12 06:05:34.655: ISAKMP: SA life type in seconds
*Nov 12 06:05:34.655: ISAKMP: SA life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Nov 12 06:05:34.655: CryptoEngine0: validate proposal
*Nov 12 06:05:34.655: ISAKMP:(0:4:SW:1):atts are acceptable.
*Nov 12 06:05:34.659: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= xxx.xxx.xxx.xxx, remote= 58.110.212.35,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 192.168.250.59/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= esp-aes esp-sha-hmac (Tunnel),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 128, flags= 0x2
*Nov 12 06:05:34.659: CryptoEngine0: validate proposal request
*Nov 12 06:05:34.659: IPSEC(validate_transform_proposal): transform proposal not supported for identity:
{esp-aes esp-sha-hmac }
*Nov 12 06:05:34.659: ISAKMP:(0:4:SW:1): IPSec policy invalidated proposal
*Nov 12 06:05:34.659: ISAKMP:(0:4:SW:1):Checking IPSec proposal 9
*Nov 12 06:05:34.659: ISAKMP: transform 1, ESP_3DES
*Nov 12 06:05:34.659: ISAKMP: attributes in transform:
*Nov 12 06:05:34.659: ISAKMP: authenticator is HMAC-MD5
*Nov 12 06:05:34.659: ISAKMP: encaps is 1 (Tunnel)
*Nov 12 06:05:34.659: ISAKMP: SA life type in seconds
*Nov 12 06:05:34.659: ISAKMP: SA life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Nov 12 06:05:34.659: CryptoEngine0: validate proposal
*Nov 12 06:05:34.659: ISAKMP:(0:4:SW:1):atts are acceptable.
*Nov 12 06:05:34.659: ISAKMP:(0:4:SW:1):Checking IPSec proposal 9
*Nov 12 06:05:34.659: ISAKMP:(0:4:SW:1):transform 1, IPPCP LZS
*Nov 12 06:05:34.663: ISAKMP: attributes in transform:
*Nov 12 06:05:34.663: ISAKMP: encaps is 1 (Tunnel)
*Nov 12 06:05:34.663: ISAKMP: SA life type in seconds
*Nov 12 06:05:34.663: ISAKMP: SA life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Nov 12 06:05:34.663: ISAKMP:(0:4:SW:1):atts are acceptable.
*Nov 12 06:05:34.663: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= xxx.xxx.xxx.xxx, remote= 58.110.212.35,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 192.168.250.59/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= esp-3des esp-md5-hmac (Tunnel),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2
*Nov 12 06:05:34.663: IPSEC(validate_proposal_request): proposal part #2,
(key eng. msg.) INBOUND local= xxx.xxx.xxx.xxx, remote= 58.110.212.35,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 192.168.250.59/255.255.255.255/0/0 (type=1),
protocol= PCP, transform= comp-lzs (Tunnel),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2
*Nov 12 06:05:34.663: CryptoEngine0: validate proposal request
*Nov 12 06:05:34.663: IPSEC(validate_transform_proposal): transform proposal not supported for identity:
{esp-3des esp-md5-hmac comp-lzs }
*Nov 12 06:05:34.663: ISAKMP:(0:4:SW:1): IPSec policy invalidated proposal
*Nov 12 06:05:34.663: ISAKMP:(0:4:SW:1):Checking IPSec proposal 10
*Nov 12 06:05:34.663: ISAKMP: transform 1, ESP_3DES
*Nov 12 06:05:34.663: ISAKMP: attributes in transform:
*Nov 12 06:05:34.667: ISAKMP: authenticator is HMAC-SHA
*Nov 12 06:05:34.667: ISAKMP: encaps is 1 (Tunnel)
*Nov 12 06:05:34.667: ISAKMP: SA life type in seconds
*Nov 12 06:05:34.667: ISAKMP: SA life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Nov 12 06:05:34.667: CryptoEngine0: validate proposal
*Nov 12 06:05:34.667: ISAKMP:(0:4:SW:1):atts are acceptable.
*Nov 12 06:05:34.667: ISAKMP:(0:4:SW:1):Checking IPSec proposal 10
*Nov 12 06:05:34.667: ISAKMP:(0:4:SW:1):transform 1, IPPCP LZS
*Nov 12 06:05:34.667: ISAKMP: attributes in transform:
*Nov 12 06:05:34.667: ISAKMP: encaps is 1 (Tunnel)
*Nov 12 06:05:34.667: ISAKMP: SA life type in seconds
*Nov 12 06:05:34.667: ISAKMP: SA life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Nov 12 06:05:34.667: ISAKMP:(0:4:SW:1):atts are acceptable.
*Nov 12 06:05:34.667: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= xxx.xxx.xxx.xxx, remote= 58.110.212.35,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 192.168.250.59/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2
*Nov 12 06:05:34.671: IPSEC(validate_proposal_request): proposal part #2,
(key eng. msg.) INBOUND local= xxx.xxx.xxx.xxx, remote= 58.110.212.35,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 192.168.250.59/255.255.255.255/0/0 (type=1),
protocol= PCP, transform= comp-lzs (Tunnel),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2
*Nov 12 06:05:34.671: CryptoEngine0: validate proposal request
*Nov 12 06:05:34.671: IPSEC(validate_transform_proposal): transform proposal not supported for identity:
{esp-3des esp-sha-hmac comp-lzs }
*Nov 12 06:05:34.671: ISAKMP:(0:4:SW:1): IPSec policy invalidated proposal
*Nov 12 06:05:34.671: ISAKMP:(0:4:SW:1):Checking IPSec proposal 11
*Nov 12 06:05:34.671: ISAKMP: transform 1, ESP_3DES
*Nov 12 06:05:34.671: ISAKMP: attributes in transform:
*Nov 12 06:05:34.671: ISAKMP: authenticator is HMAC-MD5
*Nov 12 06:05:34.671: ISAKMP: encaps is 1 (Tunnel)
*Nov 12 06:05:34.671: ISAKMP: SA life type in seconds
*Nov 12 06:05:34.671: ISAKMP: SA life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Nov 12 06:05:34.671: CryptoEngine0: validate proposal
*Nov 12 06:05:34.671: ISAKMP:(0:4:SW:1):atts are acceptable.
*Nov 12 06:05:34.671: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= xxx.xxx.xxx.xxx, remote= 58.110.212.35,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 192.168.250.59/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= esp-3des esp-md5-hmac (Tunnel),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2
*Nov 12 06:05:34.675: CryptoEngine0: validate proposal request
*Nov 12 06:05:34.675: ISAKMP:(0:4:SW:1): processing NONCE payload. message ID = 1622653534
*Nov 12 06:05:34.675: ISAKMP:(0:4:SW:1): processing ID payload. message ID = 1622653534
*Nov 12 06:05:34.675: ISAKMP:(0:4:SW:1): processing ID payload. message ID = 1622653534
*Nov 12 06:05:34.675: ISAKMP:(0:4:SW:1): asking for 1 spis from ipsec
*Nov 12 06:05:34.675: ISAKMP:(0:4:SW:1):Node 1622653534, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH
*Nov 12 06:05:34.675: ISAKMP:(0:4:SW:1):Old State = IKE_QM_READY New State = IKE_QM_SPI_STARVE
*Nov 12 06:05:34.675: IPSEC(key_engine): got a queue event with 1 kei messages
*Nov 12 06:05:34.675: IPSEC(spi_response): getting spi 4081360604 for SA
from xxx.xxx.xxx.xxx to 58.110.212.35 for prot 3
*Nov 12 06:05:34.675: ISAKMP: received ke message (2/1)
*Nov 12 06:05:34.679: CryptoEngine0: generate hmac context for conn id 4
*Nov 12 06:05:34.679: crypto_engine: ipsec_key_create_by_keys
*Nov 12 06:05:34.679: crypto_engine: ipsec_key_create_by_keys
*Nov 12 06:05:34.679: ISAKMP: Locking peer struct 0x655F5A70, IPSEC refcount 1 for for stuff_ke
*Nov 12 06:05:34.679: ISAKMP:(0:4:SW:1): Creating IPSec SAs
*Nov 12 06:05:34.679: inbound SA from 58.110.212.35 to xxx.xxx.xxx.xxx (f/i) 0/ 0
(proxy 192.168.250.59 to 0.0.0.0)
*Nov 12 06:05:34.679: has spi 0xF3449EDC and conn_id 0 and flags 2
*Nov 12 06:05:34.679: lifetime of 2147483 seconds
*Nov 12 06:05:34.679: has client flags 0x0
*Nov 12 06:05:34.679: outbound SA from xxx.xxx.xxx.xxx to 58.110.212.35 (f/i) 0/0
(proxy 0.0.0.0 to 192.168.250.59)
*Nov 12 06:05:34.679: has spi -821191484 and conn_id 0 and flags A
*Nov 12 06:05:34.679: lifetime of 2147483 seconds
*Nov 12 06:05:34.679: has client flags 0x0
*Nov 12 06:05:34.679: ISAKMP:(0:4:SW:1): sending packet to 58.110.212.35 my_port 500 peer_port 1244 (R) QM_IDLE
*Nov 12 06:05:34.683: ISAKMP:(0:4:SW:1):Node 1622653534, Input = IKE_MESG_FROM_IPSEC, IKE_SPI_REPLY
*Nov 12 06:05:34.683: ISAKMP:(0:4:SW:1):Old State = IKE_QM_SPI_STARVE New State = IKE_QM_R_QM2
*Nov 12 06:05:34.683: IPSEC(key_engine): got a queue event with 2 kei messages
*Nov 12 06:05:34.683: IPSEC(initialize_sas): ,
(key eng. msg.) INBOUND local= xxx.xxx.xxx.xxx, remote= 58.110.212.35,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 192.168.250.59/0.0.0.0/0/0 (type=1),
protocol= ESP, transform= esp-3des esp-md5-hmac (Tunnel),
lifedur= 2147483s and 0kb,
spi= 0xF3449EDC(4081360604), conn_id= 0, keysize= 0, flags= 0x2
*Nov 12 06:05:34.683: IPSEC(initialize_sas): ,
(key eng. msg.) OUTBOUND local= xxx.xxx.xxx.xxx, remote= 58.110.212.35,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 192.168.250.59/0.0.0.0/0/0 (type=1),
protocol= ESP, transform= esp-3des esp-md5-hmac (Tunnel),
lifedur= 2147483s and 0kb,
spi= 0xCF0D9CC4(3473775812), conn_id= 0, keysize= 0, flags= 0xA
*Nov 12 06:05:34.683: IPSec: Flow_switching Allocated flow for sibling 80000128
*Nov 12 06:05:34.683: IPSEC(policy_db_add_ident): src 0.0.0.0, dest 192.168.250.59, dest_port 0

*Nov 12 06:05:34.683: ISAKMP: Locking peer struct 0x655F5A70, IPSEC refcount 2 for from create_transforms
*Nov 12 06:05:34.683: IPSEC(create_sa): sa created,
(sa) sa_dest= xxx.xxx.xxx.xxx, sa_proto= 50,
sa_spi= 0xF3449EDC(4081360604),
sa_trans= esp-3des esp-md5-hmac , sa_conn_id= 3009
*Nov 12 06:05:34.683: IPSEC(create_sa): sa created,
(sa) sa_dest= 58.110.212.35, sa_proto= 50,
sa_spi= 0xCF0D9CC4(3473775812),
sa_trans= esp-3des esp-md5-hmac , sa_conn_id= 3010
*Nov 12 06:05:34.683: ISAKMP: Unlocking IPSEC struct 0x655F5A70 from create_transforms, count 1
*Nov 12 06:05:34.735: ISAKMP (0:134217732): received packet from 58.110.212.35 dport 500 sport 1244 Global (R) QM_IDLE
*Nov 12 06:05:34.735: CryptoEngine0: generate hmac context for conn id 4
*Nov 12 06:05:34.735: ISAKMP:(0:4:SW:1):deleting node 1622653534 error FALSE reason "QM done (await)"
*Nov 12 06:05:34.735: ISAKMP:(0:4:SW:1):Node 1622653534, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH
*Nov 12 06:05:34.735: ISAKMP:(0:4:SW:1):Old State = IKE_QM_R_QM2 New State = IKE_QM_PHASE2_COMPLETE
*Nov 12 06:05:34.735: IPSEC(key_engine): got a queue event with 1 kei messages
*Nov 12 06:05:34.735: IPSEC(key_engine_enable_outbound): rec'd enable notify from ISAKMP
*Nov 12 06:05:34.735: IPSEC(key_engine_enable_outbound): enable SA with spi 3473775812/50
*Nov 12 06:05:36.115: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for
destaddr=xxx.xxx.xxx.xxx, prot=50, spi=0x94040000(2483290112), srcaddr=58.110.212.35
*Nov 12 06:05:36.115: ISAKMP: received ke message (3/1)
*Nov 12 06:05:36.115: ISAKMP: set new node 121121992 to QM_IDLE
*Nov 12 06:05:36.115: CryptoEngine0: generate hmac context for conn id 4
*Nov 12 06:05:36.119: ISAKMP:(0:4:SW:1): sending packet to 58.110.212.35 my_port 500 peer_port 1244 (R) QM_IDLE
*Nov 12 06:05:36.119: ISAKMP:(0:4:SW:1):purging node 121121992
*Nov 12 06:05:36.119: ISAKMP:(0:4:SW:1):deleting SA reason "No reason" state (R) QM_IDLE (peer 58.110.212.35)
*Nov 12 06:05:36.119: ISAKMP:(0:4:SW:1):Input = IKE_MESG_FROM_IPSEC, IKE_PHASE2_DEL
*Nov 12 06:05:36.119: ISAKMP:(0:4:SW:1):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE

*Nov 12 06:05:36.119: ISAKMP: set new node 1562759676 to QM_IDLE
*Nov 12 06:05:36.119: CryptoEngine0: generate hmac context for conn id 4
*Nov 12 06:05:36.119: ISAKMP:(0:4:SW:1): sending packet to 58.110.212.35 my_port 500 peer_port 1244 (R) QM_IDLE
*Nov 12 06:05:36.119: ISAKMP:(0:4:SW:1):purging node 1562759676
*Nov 12 06:05:36.123: ISAKMP:(0:4:SW:1):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
*Nov 12 06:05:36.123: ISAKMP:(0:4:SW:1):Old State = IKE_P1_COMPLETE New State = IKE_DEST_SA

*Nov 12 06:05:36.123: ISAKMP:(0:4:SW:1):deleting SA reason "No reason" state (R) QM_IDLE (peer 58.110.212.35)
*Nov 12 06:05:36.123: ISAKMP: Unlocking IKE struct 0x655F5A70 for isadb_mark_sa_deleted(), count 0
*Nov 12 06:05:36.123: ISAKMP:(0:4:SW:1):deleting node -2099714460 error FALSE reason "IKE deleted"
*Nov 12 06:05:36.123: ISAKMP:(0:4:SW:1):deleting node 589135525 error FALSE reason "IKE deleted"
*Nov 12 06:05:36.123: ISAKMP:(0:4:SW:1):deleting node 375786709 error FALSE reason "IKE deleted"
*Nov 12 06:05:36.123: ISAKMP:(0:4:SW:1):deleting node 1622653534 error FALSE reason "IKE deleted"
*Nov 12 06:05:36.123: ISAKMP:(0:4:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
*Nov 12 06:05:36.123: ISAKMP:(0:4:SW:1):Old State = IKE_DEST_SA New State = IKE_DEST_SA

*Nov 12 06:06:26.123: ISAKMP:(0:4:SW:1):purging node -2099714460
*Nov 12 06:06:26.123: ISAKMP:(0:4:SW:1):purging node 589135525
*Nov 12 06:06:26.123: ISAKMP:(0:4:SW:1):purging node 375786709
*Nov 12 06:06:26.123: ISAKMP:(0:4:SW:1):purging node 1622653534
*Nov 12 06:06:36.123: ISAKMP:(0:4:SW:1):purging SA., sa=6436137C, delme=6436137C
*Nov 12 06:06:36.123: CryptoEngine0: delete connection 4
Click to expand...


Can anyone sched any clues why these clients cant connect ?
 
Status
Not open for further replies.

Similar threads

CPM86
  • Locked
  • Question Question
Cisco isr 4331 with IOS and sip busy fail over to 2nd sip number on pbx?
Replies
0
Views
580
CPM86
CPM86
quazimotto
  • Locked
  • Question Question
Cisco ASA_5505 VPN to Juniper_SRX210 VPN IS UP_ No Traffic!!!!!!
Replies
0
Views
325
quazimotto
quazimotto
WinstonCH
  • Locked
  • Helpful tip Helpful tip
What is wrong with the diagram, there are people who will help to fix it? How do i do the configurat
Replies
1
Views
932
BIS
BIS
inlsp05
  • Locked
  • Question Question
2811 ios start with cf
Replies
0
Views
347
inlsp05
inlsp05
khashyar2021
  • Locked
  • Question Question
Problem with cisco switch after upgrading
Replies
1
Views
463
Geraldine Souza
Geraldine Souza

Part and Inventory Search

Sponsor

Back
Top