[vpn-help] Can't establish connection to a CISCO
Intellia Informations
info at intellia.fr
Tue Oct 5 06:41:27 CDT 2010
Hello,
I'm trying to configure a connexion to a CISCO Gateway.
I have the following information :
-IPSec gateway (99.99.99.162:500)
-IPSec ID, also known as group ID (< ncompany >)
-IPSec secret. also known as group password
-remote access personal username (xauth username : < ncompany.vpn16 >)
-remote access personal password (xauth password)
But the connexion doesn't fire : user authentication error
Here are the log produced by shrew soft trace utility.
Thanks for your help.
Pierre.
10/10/05 13:22:13 ## : IKE Daemon, ver 2.1.7
10/10/05 13:22:13 ## : Copyright 2010 Shrew Soft Inc.
10/10/05 13:22:13 ## : This product linked OpenSSL 0.9.8h 28 May 2008
10/10/05 13:22:13 ii : opened 'C:\Program Files\ShrewSoft\VPN
Client/debug/iked.log'
10/10/05 13:22:13 ii : opened 'C:\Program Files\ShrewSoft\VPN
Client/debug/dump-ike-decrypt.cap'
10/10/05 13:22:13 ii : opened 'C:\Program Files\ShrewSoft\VPN
Client/debug/dump-ike-encrypt.cap'
10/10/05 13:22:13 ii : rebuilding vnet device list ...
10/10/05 13:22:13 ii : device ROOT\VNET\0000 disabled
10/10/05 13:22:13 ii : network process thread begin ...
10/10/05 13:22:13 ii : pfkey process thread begin ...
10/10/05 13:22:13 ii : ipc server process thread begin ...
10/10/05 13:22:21 ii : ipc client process thread begin ...
10/10/05 13:22:21 <A : peer config add message
10/10/05 13:22:21 DB : peer ref increment ( ref count = 1, obj count = 0 )
10/10/05 13:22:21 DB : peer added ( obj count = 1 )
10/10/05 13:22:21 ii : local address 192.168.1.154 selected for peer
10/10/05 13:22:21 DB : peer ref increment ( ref count = 2, obj count = 1 )
10/10/05 13:22:21 DB : tunnel ref increment ( ref count = 1, obj count = 0 )
10/10/05 13:22:21 DB : tunnel added ( obj count = 1 )
10/10/05 13:22:21 <A : proposal config message
10/10/05 13:22:21 <A : proposal config message
10/10/05 13:22:21 <A : client config message
10/10/05 13:22:21 <A : xauth username message
10/10/05 13:22:21 <A : xauth password message
10/10/05 13:22:21 <A : local id 'ncompany' message
10/10/05 13:22:21 <A : preshared key message
10/10/05 13:22:21 <A : peer tunnel enable message
10/10/05 13:22:21 DB : tunnel ref increment ( ref count = 2, obj count = 1 )
10/10/05 13:22:21 DB : new phase1 ( ISAKMP initiator )
10/10/05 13:22:21 DB : exchange type is aggressive
10/10/05 13:22:21 DB : 192.168.1.154:500 <-> 99.99.99.162:500
10/10/05 13:22:21 DB : e4c488d014f1936a:0000000000000000
10/10/05 13:22:21 DB : phase1 ref increment ( ref count = 1, obj count = 0 )
10/10/05 13:22:21 DB : phase1 added ( obj count = 1 )
10/10/05 13:22:21 >> : security association payload
10/10/05 13:22:21 >> : - proposal #1 payload
10/10/05 13:22:21 >> : -- transform #1 payload
10/10/05 13:22:21 >> : -- transform #2 payload
10/10/05 13:22:21 >> : -- transform #3 payload
10/10/05 13:22:21 >> : -- transform #4 payload
10/10/05 13:22:21 >> : -- transform #5 payload
10/10/05 13:22:21 >> : -- transform #6 payload
10/10/05 13:22:21 >> : -- transform #7 payload
10/10/05 13:22:21 >> : -- transform #8 payload
10/10/05 13:22:21 >> : -- transform #9 payload
10/10/05 13:22:21 >> : -- transform #10 payload
10/10/05 13:22:21 >> : -- transform #11 payload
10/10/05 13:22:21 >> : -- transform #12 payload
10/10/05 13:22:21 >> : -- transform #13 payload
10/10/05 13:22:21 >> : -- transform #14 payload
10/10/05 13:22:21 >> : -- transform #15 payload
10/10/05 13:22:21 >> : -- transform #16 payload
10/10/05 13:22:21 >> : -- transform #17 payload
10/10/05 13:22:21 >> : -- transform #18 payload
10/10/05 13:22:21 >> : key exchange payload
10/10/05 13:22:21 >> : nonce payload
10/10/05 13:22:21 >> : identification payload
10/10/05 13:22:21 >> : vendor id payload
10/10/05 13:22:21 ii : local supports XAUTH
10/10/05 13:22:21 >> : vendor id payload
10/10/05 13:22:21 ii : local supports nat-t ( draft v00 )
10/10/05 13:22:21 >> : vendor id payload
10/10/05 13:22:21 ii : local supports nat-t ( draft v01 )
10/10/05 13:22:21 >> : vendor id payload
10/10/05 13:22:21 ii : local supports nat-t ( draft v02 )
10/10/05 13:22:21 >> : vendor id payload
10/10/05 13:22:21 ii : local supports nat-t ( draft v03 )
10/10/05 13:22:21 >> : vendor id payload
10/10/05 13:22:21 ii : local supports nat-t ( rfc )
10/10/05 13:22:21 >> : vendor id payload
10/10/05 13:22:21 ii : local supports DPDv1
10/10/05 13:22:21 >> : vendor id payload
10/10/05 13:22:21 ii : local is SHREW SOFT compatible
10/10/05 13:22:21 >> : vendor id payload
10/10/05 13:22:21 ii : local is NETSCREEN compatible
10/10/05 13:22:21 >> : vendor id payload
10/10/05 13:22:21 ii : local is SIDEWINDER compatible
10/10/05 13:22:21 >> : vendor id payload
10/10/05 13:22:21 ii : local is CISCO UNITY compatible
10/10/05 13:22:21 >= : cookies e4c488d014f1936a:0000000000000000
10/10/05 13:22:21 >= : message 00000000
10/10/05 13:22:21 -> : send IKE packet 192.168.1.154:500 -> 99.99.99.162:500
( 1163 bytes )
10/10/05 13:22:21 DB : phase1 resend event scheduled ( ref count = 2 )
10/10/05 13:22:21 DB : phase1 ref decrement ( ref count = 1, obj count = 1 )
10/10/05 13:22:21 DB : tunnel ref increment ( ref count = 3, obj count = 1 )
10/10/05 13:22:21 <- : recv IKE packet 99.99.99.162:500 -> 192.168.1.154:500
( 416 bytes )
10/10/05 13:22:21 DB : phase1 found
10/10/05 13:22:21 DB : phase1 ref increment ( ref count = 2, obj count = 1 )
10/10/05 13:22:21 ii : processing phase1 packet ( 416 bytes )
10/10/05 13:22:21 =< : cookies e4c488d014f1936a:7b73b0e26a72216e
10/10/05 13:22:21 =< : message 00000000
10/10/05 13:22:21 << : security association payload
10/10/05 13:22:21 << : - propsal #1 payload
10/10/05 13:22:21 << : -- transform #1 payload
10/10/05 13:22:21 ii : unmatched isakmp proposal/transform
10/10/05 13:22:21 ii : cipher type ( 3des != aes )
10/10/05 13:22:21 ii : unmatched isakmp proposal/transform
10/10/05 13:22:21 ii : cipher type ( 3des != aes )
10/10/05 13:22:21 ii : unmatched isakmp proposal/transform
10/10/05 13:22:21 ii : cipher type ( 3des != aes )
10/10/05 13:22:21 ii : unmatched isakmp proposal/transform
10/10/05 13:22:21 ii : cipher type ( 3des != aes )
10/10/05 13:22:21 ii : unmatched isakmp proposal/transform
10/10/05 13:22:21 ii : cipher type ( 3des != aes )
10/10/05 13:22:21 ii : unmatched isakmp proposal/transform
10/10/05 13:22:21 ii : cipher type ( 3des != aes )
10/10/05 13:22:21 ii : unmatched isakmp proposal/transform
10/10/05 13:22:21 ii : cipher type ( 3des != blowfish )
10/10/05 13:22:21 ii : unmatched isakmp proposal/transform
10/10/05 13:22:21 ii : cipher type ( 3des != blowfish )
10/10/05 13:22:21 ii : unmatched isakmp proposal/transform
10/10/05 13:22:21 ii : cipher type ( 3des != blowfish )
10/10/05 13:22:21 ii : unmatched isakmp proposal/transform
10/10/05 13:22:21 ii : cipher type ( 3des != blowfish )
10/10/05 13:22:21 ii : unmatched isakmp proposal/transform
10/10/05 13:22:21 ii : cipher type ( 3des != blowfish )
10/10/05 13:22:21 ii : unmatched isakmp proposal/transform
10/10/05 13:22:21 ii : cipher type ( 3des != blowfish )
10/10/05 13:22:21 ii : unmatched isakmp proposal/transform
10/10/05 13:22:21 ii : hash type ( hmac-sha != hmac-md5 )
10/10/05 13:22:21 !! : peer violates RFC, transform number mismatch ( 1 !=
14 )
10/10/05 13:22:21 ii : matched isakmp proposal #1 transform #1
10/10/05 13:22:21 ii : - transform = ike
10/10/05 13:22:21 ii : - cipher type = 3des
10/10/05 13:22:21 ii : - key length = default
10/10/05 13:22:21 ii : - hash type = sha1
10/10/05 13:22:21 ii : - dh group = modp-1024
10/10/05 13:22:21 ii : - auth type = xauth-initiator-psk
10/10/05 13:22:21 ii : - life seconds = 86400
10/10/05 13:22:21 ii : - life kbytes = 0
10/10/05 13:22:21 << : vendor id payload
10/10/05 13:22:21 ii : peer is CISCO UNITY compatible
10/10/05 13:22:21 << : vendor id payload
10/10/05 13:22:21 ii : peer supports DPDv1
10/10/05 13:22:21 << : vendor id payload
10/10/05 13:22:21 ii : unknown vendor id ( 16 bytes )
10/10/05 13:22:21 0x : 8eb417ff 6a73216e 1c49f3ee 054aa609
10/10/05 13:22:21 << : vendor id payload
10/10/05 13:22:21 ii : peer supports XAUTH
10/10/05 13:22:21 << : vendor id payload
10/10/05 13:22:21 ii : peer supports nat-t ( rfc )
10/10/05 13:22:21 << : key exchange payload
10/10/05 13:22:21 << : identification payload
10/10/05 13:22:21 ii : phase1 id target is any
10/10/05 13:22:21 ii : phase1 id match
10/10/05 13:22:21 ii : received = ipv4-host 99.99.99.162
10/10/05 13:22:21 << : nonce payload
10/10/05 13:22:21 << : hash payload
10/10/05 13:22:21 << : nat discovery payload
10/10/05 13:22:21 << : nat discovery payload
10/10/05 13:22:21 ii : nat discovery - local address is translated
10/10/05 13:22:21 ii : switching to src nat-t udp port 4500
10/10/05 13:22:21 ii : switching to dst nat-t udp port 4500
10/10/05 13:22:21 == : DH shared secret ( 128 bytes )
10/10/05 13:22:21 == : SETKEYID ( 20 bytes )
10/10/05 13:22:21 == : SETKEYID_d ( 20 bytes )
10/10/05 13:22:21 == : SETKEYID_a ( 20 bytes )
10/10/05 13:22:21 == : SETKEYID_e ( 20 bytes )
10/10/05 13:22:21 == : cipher key ( 40 bytes )
10/10/05 13:22:21 == : cipher iv ( 8 bytes )
10/10/05 13:22:21 == : phase1 hash_i ( computed ) ( 20 bytes )
10/10/05 13:22:21 >> : hash payload
10/10/05 13:22:21 >> : nat discovery payload
10/10/05 13:22:21 >> : nat discovery payload
10/10/05 13:22:21 >= : cookies e4c488d014f1936a:7b73b0e26a72216e
10/10/05 13:22:21 >= : message 00000000
10/10/05 13:22:21 >= : encrypt iv ( 8 bytes )
10/10/05 13:22:21 == : encrypt packet ( 100 bytes )
10/10/05 13:22:21 == : stored iv ( 8 bytes )
10/10/05 13:22:21 DB : phase1 resend event canceled ( ref count = 1 )
10/10/05 13:22:21 -> : send NAT-T:IKE packet 192.168.1.154:4500 ->
99.99.99.162:4500 ( 132 bytes )
10/10/05 13:22:21 == : phase1 hash_r ( computed ) ( 20 bytes )
10/10/05 13:22:21 == : phase1 hash_r ( received ) ( 20 bytes )
10/10/05 13:22:21 ii : phase1 sa established
10/10/05 13:22:21 ii : 99.99.99.162:4500 <-> 192.168.1.154:4500
10/10/05 13:22:21 ii : e4c488d014f1936a:7b73b0e26a72216e
10/10/05 13:22:21 ii : sending peer INITIAL-CONTACT notification
10/10/05 13:22:21 ii : - 192.168.1.154:4500 -> 99.99.99.162:4500
10/10/05 13:22:21 ii : - isakmp spi = e4c488d014f1936a:7b73b0e26a72216e
10/10/05 13:22:21 ii : - data size 0
10/10/05 13:22:21 >> : hash payload
10/10/05 13:22:21 >> : notification payload
10/10/05 13:22:21 == : new informational hash ( 20 bytes )
10/10/05 13:22:21 == : new informational iv ( 8 bytes )
10/10/05 13:22:21 >= : cookies e4c488d014f1936a:7b73b0e26a72216e
10/10/05 13:22:21 >= : message ec879af6
10/10/05 13:22:21 >= : encrypt iv ( 8 bytes )
10/10/05 13:22:21 == : encrypt packet ( 80 bytes )
10/10/05 13:22:21 == : stored iv ( 8 bytes )
10/10/05 13:22:21 -> : send NAT-T:IKE packet 192.168.1.154:4500 ->
99.99.99.162:4500 ( 116 bytes )
10/10/05 13:22:21 DB : tunnel ref increment ( ref count = 4, obj count = 1 )
10/10/05 13:22:21 DB : tunnel ref increment ( ref count = 5, obj count = 1 )
10/10/05 13:22:21 DB : phase1 ref increment ( ref count = 2, obj count = 1 )
10/10/05 13:22:21 DB : phase1 ref increment ( ref count = 3, obj count = 1 )
10/10/05 13:22:21 DB : phase1 ref increment ( ref count = 4, obj count = 1 )
10/10/05 13:22:21 DB : phase2 not found
10/10/05 13:22:21 DB : phase1 ref decrement ( ref count = 3, obj count = 1 )
10/10/05 13:22:21 <- : recv NAT-T:IKE packet 99.99.99.162:4500 ->
192.168.1.154:4500 ( 100 bytes )
10/10/05 13:22:21 DB : phase1 found
10/10/05 13:22:21 DB : phase1 ref increment ( ref count = 4, obj count = 1 )
10/10/05 13:22:21 ii : processing informational packet ( 100 bytes )
10/10/05 13:22:21 == : new informational iv ( 8 bytes )
10/10/05 13:22:21 =< : cookies e4c488d014f1936a:7b73b0e26a72216e
10/10/05 13:22:21 =< : message 56bda200
10/10/05 13:22:21 =< : decrypt iv ( 8 bytes )
10/10/05 13:22:21 == : decrypt packet ( 100 bytes )
10/10/05 13:22:21 <= : trimmed packet padding ( 8 bytes )
10/10/05 13:22:21 <= : stored iv ( 8 bytes )
10/10/05 13:22:21 << : hash payload
10/10/05 13:22:21 << : notification payload
10/10/05 13:22:21 == : informational hash_i ( computed ) ( 20 bytes )
10/10/05 13:22:21 == : informational hash_c ( received ) ( 20 bytes )
10/10/05 13:22:21 ii : informational hash verified
10/10/05 13:22:21 ii : received peer RESPONDER-LIFETIME notification
10/10/05 13:22:21 ii : - 99.99.99.162:4500 -> 192.168.1.154:4500
10/10/05 13:22:21 ii : - isakmp spi = e4c488d014f1936a:7b73b0e26a72216e
10/10/05 13:22:21 ii : - data size 12
10/10/05 13:22:21 DB : phase1 ref decrement ( ref count = 3, obj count = 1 )
10/10/05 13:22:21 <- : recv NAT-T:IKE packet 99.99.99.162:4500 ->
192.168.1.154:4500 ( 76 bytes )
10/10/05 13:22:21 DB : phase1 found
10/10/05 13:22:21 DB : phase1 ref increment ( ref count = 4, obj count = 1 )
10/10/05 13:22:21 ii : processing config packet ( 76 bytes )
10/10/05 13:22:21 DB : config not found
10/10/05 13:22:21 DB : tunnel ref increment ( ref count = 6, obj count = 1 )
10/10/05 13:22:21 DB : config ref increment ( ref count = 1, obj count = 0 )
10/10/05 13:22:21 DB : config added ( obj count = 1 )
10/10/05 13:22:21 == : new config iv ( 8 bytes )
10/10/05 13:22:21 =< : cookies e4c488d014f1936a:7b73b0e26a72216e
10/10/05 13:22:21 =< : message 19a16e51
10/10/05 13:22:21 =< : decrypt iv ( 8 bytes )
10/10/05 13:22:21 == : decrypt packet ( 76 bytes )
10/10/05 13:22:21 <= : trimmed packet padding ( 8 bytes )
10/10/05 13:22:21 <= : stored iv ( 8 bytes )
10/10/05 13:22:21 << : hash payload
10/10/05 13:22:21 << : attribute payload
10/10/05 13:22:21 == : configure hash_i ( computed ) ( 20 bytes )
10/10/05 13:22:21 == : configure hash_c ( computed ) ( 20 bytes )
10/10/05 13:22:21 ii : configure hash verified
10/10/05 13:22:21 ii : - xauth username
10/10/05 13:22:21 ii : - xauth password
10/10/05 13:22:21 ii : received basic xauth request -
10/10/05 13:22:21 ii : - standard xauth username
10/10/05 13:22:21 ii : - standard xauth password
10/10/05 13:22:21 ii : sending xauth response for ncompany.vpn16
10/10/05 13:22:21 >> : hash payload
10/10/05 13:22:21 >> : attribute payload
10/10/05 13:22:21 == : new configure hash ( 20 bytes )
10/10/05 13:22:21 >= : cookies e4c488d014f1936a:7b73b0e26a72216e
10/10/05 13:22:21 >= : message 19a16e51
10/10/05 13:22:21 >= : encrypt iv ( 8 bytes )
10/10/05 13:22:21 == : encrypt packet ( 97 bytes )
10/10/05 13:22:21 == : stored iv ( 8 bytes )
10/10/05 13:22:21 -> : send NAT-T:IKE packet 192.168.1.154:4500 ->
99.99.99.162:4500 ( 132 bytes )
10/10/05 13:22:21 DB : config resend event scheduled ( ref count = 2 )
10/10/05 13:22:21 DB : config ref decrement ( ref count = 1, obj count = 1 )
10/10/05 13:22:21 DB : phase1 ref decrement ( ref count = 3, obj count = 1 )
10/10/05 13:22:22 <- : recv NAT-T:IKE packet 99.99.99.162:4500 ->
192.168.1.154:4500 ( 76 bytes )
10/10/05 13:22:22 DB : phase1 found
10/10/05 13:22:22 DB : phase1 ref increment ( ref count = 4, obj count = 1 )
10/10/05 13:22:22 ii : processing config packet ( 76 bytes )
10/10/05 13:22:22 DB : config found
10/10/05 13:22:22 DB : config ref increment ( ref count = 2, obj count = 1 )
10/10/05 13:22:22 == : new config iv ( 8 bytes )
10/10/05 13:22:22 =< : cookies e4c488d014f1936a:7b73b0e26a72216e
10/10/05 13:22:22 =< : message f12f67cc
10/10/05 13:22:22 =< : decrypt iv ( 8 bytes )
10/10/05 13:22:22 == : decrypt packet ( 76 bytes )
10/10/05 13:22:22 <= : trimmed packet padding ( 8 bytes )
10/10/05 13:22:22 <= : stored iv ( 8 bytes )
10/10/05 13:22:22 << : hash payload
10/10/05 13:22:22 << : attribute payload
10/10/05 13:22:22 == : configure hash_i ( computed ) ( 20 bytes )
10/10/05 13:22:22 == : configure hash_c ( computed ) ( 20 bytes )
10/10/05 13:22:22 ii : configure hash verified
10/10/05 13:22:22 !! : duplicate xauth request, authentication failed
10/10/05 13:22:22 DB : config ref decrement ( ref count = 1, obj count = 1 )
10/10/05 13:22:22 DB : phase1 soft event canceled ( ref count = 3 )
10/10/05 13:22:22 DB : phase1 hard event canceled ( ref count = 2 )
10/10/05 13:22:22 DB : phase1 dead event canceled ( ref count = 1 )
10/10/05 13:22:22 ii : sending peer DELETE message
10/10/05 13:22:22 ii : - 192.168.1.154:4500 -> 99.99.99.162:4500
10/10/05 13:22:22 ii : - isakmp spi = e4c488d014f1936a:7b73b0e26a72216e
10/10/05 13:22:22 ii : - data size 0
10/10/05 13:22:22 >> : hash payload
10/10/05 13:22:22 >> : delete payload
10/10/05 13:22:22 == : new informational hash ( 20 bytes )
10/10/05 13:22:22 == : new informational iv ( 8 bytes )
10/10/05 13:22:22 >= : cookies e4c488d014f1936a:7b73b0e26a72216e
10/10/05 13:22:22 >= : message de223125
10/10/05 13:22:22 >= : encrypt iv ( 8 bytes )
10/10/05 13:22:22 == : encrypt packet ( 80 bytes )
10/10/05 13:22:22 == : stored iv ( 8 bytes )
10/10/05 13:22:22 -> : send NAT-T:IKE packet 192.168.1.154:4500 ->
99.99.99.162:4500 ( 116 bytes )
10/10/05 13:22:22 DB : config ref increment ( ref count = 2, obj count = 1 )
10/10/05 13:22:22 DB : config resend event canceled ( ref count = 1 )
10/10/05 13:22:22 DB : config deleted ( obj count = 0 )
10/10/05 13:22:22 DB : tunnel ref decrement ( ref count = 5, obj count = 1 )
10/10/05 13:22:22 ii : phase1 removal before expire time
10/10/05 13:22:22 DB : phase1 deleted ( obj count = 0 )
10/10/05 13:22:22 DB : policy not found
10/10/05 13:22:22 DB : policy not found
10/10/05 13:22:22 DB : tunnel ref decrement ( ref count = 4, obj count = 1 )
10/10/05 13:22:22 DB : policy not found
10/10/05 13:22:22 DB : policy not found
10/10/05 13:22:22 DB : tunnel dpd event canceled ( ref count = 3 )
10/10/05 13:22:22 DB : tunnel natt event canceled ( ref count = 2 )
10/10/05 13:22:22 DB : tunnel stats event canceled ( ref count = 1 )
10/10/05 13:22:22 DB : removing tunnel config references
10/10/05 13:22:22 DB : removing tunnel phase2 references
10/10/05 13:22:22 DB : removing tunnel phase1 references
10/10/05 13:22:22 DB : tunnel deleted ( obj count = 0 )
10/10/05 13:22:22 DB : peer ref decrement ( ref count = 1, obj count = 1 )
10/10/05 13:22:22 DB : removing all peer tunnel refrences
10/10/05 13:22:22 DB : peer deleted ( obj count = 0 )
10/10/05 13:22:22 ii : ipc client process thread exit ...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.shrew.net/pipermail/vpn-help/attachments/20101005/d0903786/attachment.html>
More information about the vpn-help
mailing list