[Vpn-help] Problem importing pcf file
David Perrault
perrauld at gmail.com
Sun Aug 16 10:31:58 CDT 2009
Thanks Matthew.
I set Authentication -> Remote Identify -> IP Address -> use a
dsicovered remote address.
Still getting the same problem.
Logs below.
Thanks,
David
++++++++++
IKE logs:-
09/08/16 16:28:28 ## : IKE Daemon, ver 2.1.0
09/08/16 16:28:28 ## : Copyright 2008 Shrew Soft Inc.
09/08/16 16:28:28 ## : This product linked OpenSSL 0.9.8h 28 May 2008
09/08/16 16:28:28 ii : opened 'C:\Program Files\ShrewSoft\VPN
Client\debug\iked.log'
09/08/16 16:28:28 ii : rebuilding vnet device list ...
09/08/16 16:28:28 ii : device ROOT\VNET\0000 disabled
09/08/16 16:28:28 ii : network process thread begin ...
09/08/16 16:28:28 ii : pfkey process thread begin ...
09/08/16 16:28:28 ii : ipc server process thread begin ...
09/08/16 16:28:41 ii : ipc client process thread begin ...
09/08/16 16:28:41 <A : peer config add message
09/08/16 16:28:41 DB : peer added ( obj count = 1 )
09/08/16 16:28:41 ii : local address 10.10.10.50 selected for peer
09/08/16 16:28:41 DB : tunnel added ( obj count = 1 )
09/08/16 16:28:41 <A : proposal config message
09/08/16 16:28:41 <A : proposal config message
09/08/16 16:28:41 <A : client config message
09/08/16 16:28:41 <A : xauth username message
09/08/16 16:28:41 <A : xauth password message
09/08/16 16:28:41 <A : local id 'CorpVPN-4x' message
09/08/16 16:28:41 <A : preshared key message
09/08/16 16:28:41 <A : peer tunnel enable message
09/08/16 16:28:41 DB : new phase1 ( ISAKMP initiator )
09/08/16 16:28:41 DB : exchange type is aggressive
09/08/16 16:28:41 DB : 10.10.10.50:500 <-> 152.62.108.70:500
09/08/16 16:28:41 DB : 421d181ce4ff4359:0000000000000000
09/08/16 16:28:41 DB : phase1 added ( obj count = 1 )
09/08/16 16:28:41 >> : security association payload
09/08/16 16:28:41 >> : - proposal #1 payload
09/08/16 16:28:41 >> : -- transform #1 payload
09/08/16 16:28:41 >> : -- transform #2 payload
09/08/16 16:28:41 >> : -- transform #3 payload
09/08/16 16:28:41 >> : -- transform #4 payload
09/08/16 16:28:41 >> : -- transform #5 payload
09/08/16 16:28:41 >> : -- transform #6 payload
09/08/16 16:28:41 >> : -- transform #7 payload
09/08/16 16:28:41 >> : -- transform #8 payload
09/08/16 16:28:41 >> : -- transform #9 payload
09/08/16 16:28:41 >> : -- transform #10 payload
09/08/16 16:28:41 >> : -- transform #11 payload
09/08/16 16:28:41 >> : -- transform #12 payload
09/08/16 16:28:41 >> : -- transform #13 payload
09/08/16 16:28:41 >> : -- transform #14 payload
09/08/16 16:28:41 >> : -- transform #15 payload
09/08/16 16:28:41 >> : -- transform #16 payload
09/08/16 16:28:41 >> : -- transform #17 payload
09/08/16 16:28:41 >> : -- transform #18 payload
09/08/16 16:28:41 >> : key exchange payload
09/08/16 16:28:41 >> : nonce payload
09/08/16 16:28:41 >> : identification payload
09/08/16 16:28:41 >> : vendor id payload
09/08/16 16:28:41 ii : local supports XAUTH
09/08/16 16:28:41 >> : vendor id payload
09/08/16 16:28:41 ii : local supports DPDv1
09/08/16 16:28:41 >> : vendor id payload
09/08/16 16:28:41 ii : local is SHREW SOFT compatible
09/08/16 16:28:41 >> : vendor id payload
09/08/16 16:28:41 ii : local is NETSCREEN compatible
09/08/16 16:28:41 >> : vendor id payload
09/08/16 16:28:41 ii : local is SIDEWINDER compatible
09/08/16 16:28:41 >> : vendor id payload
09/08/16 16:28:41 ii : local is CISCO UNITY compatible
09/08/16 16:28:41 >= : cookies 421d181ce4ff4359:0000000000000000
09/08/16 16:28:41 >= : message 00000000
09/08/16 16:28:41 -> : send IKE packet 10.10.10.50:500 ->
152.62.108.70:500 ( 1062 bytes )
09/08/16 16:28:41 DB : phase1 resend event scheduled ( ref count = 2 )
09/08/16 16:28:41 <- : recv IKE packet 152.62.108.70:500 ->
10.10.10.50:500 ( 388 bytes )
09/08/16 16:28:41 DB : phase1 found
09/08/16 16:28:41 ii : processing phase1 packet ( 388 bytes )
09/08/16 16:28:41 =< : cookies 421d181ce4ff4359:14acb698dbb4c72f
09/08/16 16:28:41 =< : message 00000000
09/08/16 16:28:41 << : security association payload
09/08/16 16:28:41 << : - propsal #1 payload
09/08/16 16:28:41 << : -- transform #13 payload
09/08/16 16:28:41 ii : unmatched isakmp proposal/transform
09/08/16 16:28:41 ii : cipher type ( 3des != aes )
09/08/16 16:28:41 ii : unmatched isakmp proposal/transform
09/08/16 16:28:41 ii : cipher type ( 3des != aes )
09/08/16 16:28:41 ii : unmatched isakmp proposal/transform
09/08/16 16:28:41 ii : cipher type ( 3des != aes )
09/08/16 16:28:41 ii : unmatched isakmp proposal/transform
09/08/16 16:28:41 ii : cipher type ( 3des != aes )
09/08/16 16:28:41 ii : unmatched isakmp proposal/transform
09/08/16 16:28:41 ii : cipher type ( 3des != aes )
09/08/16 16:28:41 ii : unmatched isakmp proposal/transform
09/08/16 16:28:41 ii : cipher type ( 3des != aes )
09/08/16 16:28:41 ii : unmatched isakmp proposal/transform
09/08/16 16:28:41 ii : cipher type ( 3des != blowfish )
09/08/16 16:28:41 ii : unmatched isakmp proposal/transform
09/08/16 16:28:41 ii : cipher type ( 3des != blowfish )
09/08/16 16:28:41 ii : unmatched isakmp proposal/transform
09/08/16 16:28:41 ii : cipher type ( 3des != blowfish )
09/08/16 16:28:41 ii : unmatched isakmp proposal/transform
09/08/16 16:28:41 ii : cipher type ( 3des != blowfish )
09/08/16 16:28:41 ii : unmatched isakmp proposal/transform
09/08/16 16:28:41 ii : cipher type ( 3des != blowfish )
09/08/16 16:28:41 ii : unmatched isakmp proposal/transform
09/08/16 16:28:41 ii : cipher type ( 3des != blowfish )
09/08/16 16:28:41 ii : matched isakmp proposal #1 transform #13
09/08/16 16:28:41 ii : - transform = ike
09/08/16 16:28:41 ii : - cipher type = 3des
09/08/16 16:28:41 ii : - key length = default
09/08/16 16:28:41 ii : - hash type = md5
09/08/16 16:28:41 ii : - dh group = modp-1024
09/08/16 16:28:41 ii : - auth type = xauth-initiator-psk
09/08/16 16:28:41 ii : - life seconds = 86400
09/08/16 16:28:41 ii : - life kbytes = 0
09/08/16 16:28:41 << : key exchange payload
09/08/16 16:28:41 << : nonce payload
09/08/16 16:28:41 << : identification payload
09/08/16 16:28:41 ii : phase1 id match
09/08/16 16:28:41 ii : received = ipv4-host 152.62.108.70
09/08/16 16:28:41 << : hash payload
09/08/16 16:28:41 << : vendor id payload
09/08/16 16:28:41 ii : peer is CISCO UNITY compatible
09/08/16 16:28:41 << : vendor id payload
09/08/16 16:28:41 ii : peer supports XAUTH
09/08/16 16:28:41 << : vendor id payload
09/08/16 16:28:41 ii : peer supports DPDv1
09/08/16 16:28:41 << : vendor id payload
09/08/16 16:28:41 ii : unknown vendor id ( 20 bytes )
09/08/16 16:28:41 0x : 4048b7d5 6ebce885 25e7de7f 00d6c2d3 c0000000
09/08/16 16:28:41 << : vendor id payload
09/08/16 16:28:41 ii : unknown vendor id ( 16 bytes )
09/08/16 16:28:41 0x : e16b1185 dbb5c72f 57e232fc fed85a1f
09/08/16 16:28:41 << : vendor id payload
09/08/16 16:28:41 ii : unknown vendor id ( 16 bytes )
09/08/16 16:28:41 0x : 1f07f70e aa6514d3 b0fa9654 2a500407
09/08/16 16:28:41 ii : nat-t is disabled locally
09/08/16 16:28:42 == : DH shared secret ( 128 bytes )
09/08/16 16:28:42 == : SETKEYID ( 16 bytes )
09/08/16 16:28:42 == : SETKEYID_d ( 16 bytes )
09/08/16 16:28:42 == : SETKEYID_a ( 16 bytes )
09/08/16 16:28:42 == : SETKEYID_e ( 16 bytes )
09/08/16 16:28:42 == : cipher key ( 32 bytes )
09/08/16 16:28:42 == : cipher iv ( 8 bytes )
09/08/16 16:28:42 == : phase1 hash_i ( computed ) ( 16 bytes )
09/08/16 16:28:42 >> : hash payload
09/08/16 16:28:42 >= : cookies 421d181ce4ff4359:14acb698dbb4c72f
09/08/16 16:28:42 >= : message 00000000
09/08/16 16:28:42 >= : encrypt iv ( 8 bytes )
09/08/16 16:28:42 == : encrypt packet ( 48 bytes )
09/08/16 16:28:42 == : stored iv ( 8 bytes )
09/08/16 16:28:42 DB : phase1 resend event canceled ( ref count = 1 )
09/08/16 16:28:42 -> : send IKE packet 10.10.10.50:500 ->
152.62.108.70:500 ( 80 bytes )
09/08/16 16:28:42 == : phase1 hash_r ( computed ) ( 16 bytes )
09/08/16 16:28:42 == : phase1 hash_r ( received ) ( 16 bytes )
09/08/16 16:28:42 ii : phase1 sa established
09/08/16 16:28:42 ii : 152.62.108.70:500 <-> 10.10.10.50:500
09/08/16 16:28:42 ii : 421d181ce4ff4359:14acb698dbb4c72f
09/08/16 16:28:42 ii : sending peer INITIAL-CONTACT notification
09/08/16 16:28:42 ii : - 10.10.10.50:500 -> 152.62.108.70:500
09/08/16 16:28:42 ii : - isakmp spi = 421d181ce4ff4359:14acb698dbb4c72f
09/08/16 16:28:42 ii : - data size 0
09/08/16 16:28:42 >> : hash payload
09/08/16 16:28:42 >> : notification payload
09/08/16 16:28:42 == : new informational hash ( 16 bytes )
09/08/16 16:28:42 == : new informational iv ( 8 bytes )
09/08/16 16:28:42 >= : cookies 421d181ce4ff4359:14acb698dbb4c72f
09/08/16 16:28:42 >= : message 0bcf0398
09/08/16 16:28:42 >= : encrypt iv ( 8 bytes )
09/08/16 16:28:42 == : encrypt packet ( 76 bytes )
09/08/16 16:28:42 == : stored iv ( 8 bytes )
09/08/16 16:28:42 -> : send IKE packet 10.10.10.50:500 ->
152.62.108.70:500 ( 104 bytes )
09/08/16 16:28:42 DB : phase2 not found
09/08/16 16:28:42 <- : recv IKE packet 152.62.108.70:500 ->
10.10.10.50:500 ( 84 bytes )
09/08/16 16:28:42 DB : phase1 found
09/08/16 16:28:42 ii : processing informational packet ( 84 bytes )
09/08/16 16:28:42 == : new informational iv ( 8 bytes )
09/08/16 16:28:42 =< : cookies 421d181ce4ff4359:14acb698dbb4c72f
09/08/16 16:28:42 =< : message c890172b
09/08/16 16:28:42 =< : decrypt iv ( 8 bytes )
09/08/16 16:28:42 == : decrypt packet ( 84 bytes )
09/08/16 16:28:42 <= : trimmed packet padding ( 4 bytes )
09/08/16 16:28:42 <= : stored iv ( 8 bytes )
09/08/16 16:28:42 << : hash payload
09/08/16 16:28:42 << : notification payload
09/08/16 16:28:42 == : informational hash_i ( computed ) ( 16 bytes )
09/08/16 16:28:42 == : informational hash_c ( received ) ( 16 bytes )
09/08/16 16:28:42 ii : informational hash verified
09/08/16 16:28:42 ii : received peer UNITY-LOAD-BALANCE notification
09/08/16 16:28:42 ii : - 152.62.108.70:500 -> 10.10.10.50:500
09/08/16 16:28:42 ii : - isakmp spi = 421d181ce4ff4359:14acb698dbb4c72f
09/08/16 16:28:42 ii : - data size 4
09/08/16 16:28:42 ii : UNITY-LOAD-BALANCE requested migration to 152.62.108.71
09/08/16 16:28:42 DB : new phase1 ( ISAKMP initiator )
09/08/16 16:28:42 DB : exchange type is aggressive
09/08/16 16:28:42 DB : 10.10.10.50:500 <-> 152.62.108.70:500
09/08/16 16:28:42 DB : 1820dc757df6e150:0000000000000000
09/08/16 16:28:42 DB : phase1 added ( obj count = 2 )
09/08/16 16:28:42 DB : phase1 soft event canceled ( ref count = 4 )
09/08/16 16:28:42 DB : phase1 hard event canceled ( ref count = 3 )
09/08/16 16:28:42 DB : phase1 dead event canceled ( ref count = 2 )
09/08/16 16:28:42 ii : sending peer DELETE message
09/08/16 16:28:42 ii : - 10.10.10.50:500 -> 152.62.108.70:500
09/08/16 16:28:42 ii : - isakmp spi = 421d181ce4ff4359:14acb698dbb4c72f
09/08/16 16:28:42 ii : - data size 0
09/08/16 16:28:42 >> : hash payload
09/08/16 16:28:42 >> : delete payload
09/08/16 16:28:42 == : new informational hash ( 16 bytes )
09/08/16 16:28:42 == : new informational iv ( 8 bytes )
09/08/16 16:28:42 >= : cookies 421d181ce4ff4359:14acb698dbb4c72f
09/08/16 16:28:42 >= : message ed3e64bc
09/08/16 16:28:42 >= : encrypt iv ( 8 bytes )
09/08/16 16:28:42 == : encrypt packet ( 76 bytes )
09/08/16 16:28:42 == : stored iv ( 8 bytes )
09/08/16 16:28:42 -> : send IKE packet 10.10.10.50:500 ->
152.62.108.70:500 ( 104 bytes )
09/08/16 16:28:42 ii : phase1 removal before expire time
09/08/16 16:28:42 >> : security association payload
09/08/16 16:28:42 >> : - proposal #1 payload
09/08/16 16:28:42 >> : -- transform #1 payload
09/08/16 16:28:42 >> : -- transform #2 payload
09/08/16 16:28:42 >> : -- transform #3 payload
09/08/16 16:28:42 >> : -- transform #4 payload
09/08/16 16:28:42 >> : -- transform #5 payload
09/08/16 16:28:42 >> : -- transform #6 payload
09/08/16 16:28:42 >> : -- transform #7 payload
09/08/16 16:28:42 >> : -- transform #8 payload
09/08/16 16:28:42 >> : -- transform #9 payload
09/08/16 16:28:42 >> : -- transform #10 payload
09/08/16 16:28:42 >> : -- transform #11 payload
09/08/16 16:28:42 >> : -- transform #12 payload
09/08/16 16:28:42 >> : -- transform #13 payload
09/08/16 16:28:42 >> : -- transform #14 payload
09/08/16 16:28:42 >> : -- transform #15 payload
09/08/16 16:28:42 >> : -- transform #16 payload
09/08/16 16:28:42 >> : -- transform #17 payload
09/08/16 16:28:42 >> : -- transform #18 payload
09/08/16 16:28:42 >> : key exchange payload
09/08/16 16:28:42 >> : nonce payload
09/08/16 16:28:42 >> : identification payload
09/08/16 16:28:42 >> : vendor id payload
09/08/16 16:28:42 ii : local supports XAUTH
09/08/16 16:28:42 >> : vendor id payload
09/08/16 16:28:42 ii : local supports DPDv1
09/08/16 16:28:42 >> : vendor id payload
09/08/16 16:28:42 ii : local is SHREW SOFT compatible
09/08/16 16:28:42 >> : vendor id payload
09/08/16 16:28:42 ii : local is NETSCREEN compatible
09/08/16 16:28:42 >> : vendor id payload
09/08/16 16:28:42 ii : local is SIDEWINDER compatible
09/08/16 16:28:42 >> : vendor id payload
09/08/16 16:28:42 ii : local is CISCO UNITY compatible
09/08/16 16:28:42 >= : cookies 1820dc757df6e150:0000000000000000
09/08/16 16:28:42 >= : message 00000000
09/08/16 16:28:42 -> : send IKE packet 10.10.10.50:500 ->
152.62.108.71:500 ( 1062 bytes )
09/08/16 16:28:42 DB : phase1 resend event scheduled ( ref count = 2 )
09/08/16 16:28:42 DB : phase1 deleted ( obj count = 1 )
09/08/16 16:28:42 <- : recv IKE packet 152.62.108.71:500 ->
10.10.10.50:500 ( 388 bytes )
09/08/16 16:28:42 DB : phase1 found
09/08/16 16:28:42 ii : processing phase1 packet ( 388 bytes )
09/08/16 16:28:42 =< : cookies 1820dc757df6e150:bbf6bc5f80ab5e2a
09/08/16 16:28:42 =< : message 00000000
09/08/16 16:28:42 << : security association payload
09/08/16 16:28:42 << : - propsal #1 payload
09/08/16 16:28:42 << : -- transform #13 payload
09/08/16 16:28:42 ii : unmatched isakmp proposal/transform
09/08/16 16:28:42 ii : cipher type ( 3des != aes )
09/08/16 16:28:42 ii : unmatched isakmp proposal/transform
09/08/16 16:28:42 ii : cipher type ( 3des != aes )
09/08/16 16:28:42 ii : unmatched isakmp proposal/transform
09/08/16 16:28:42 ii : cipher type ( 3des != aes )
09/08/16 16:28:42 ii : unmatched isakmp proposal/transform
09/08/16 16:28:42 ii : cipher type ( 3des != aes )
09/08/16 16:28:42 ii : unmatched isakmp proposal/transform
09/08/16 16:28:42 ii : cipher type ( 3des != aes )
09/08/16 16:28:42 ii : unmatched isakmp proposal/transform
09/08/16 16:28:42 ii : cipher type ( 3des != aes )
09/08/16 16:28:42 ii : unmatched isakmp proposal/transform
09/08/16 16:28:42 ii : cipher type ( 3des != blowfish )
09/08/16 16:28:42 ii : unmatched isakmp proposal/transform
09/08/16 16:28:42 ii : cipher type ( 3des != blowfish )
09/08/16 16:28:42 ii : unmatched isakmp proposal/transform
09/08/16 16:28:42 ii : cipher type ( 3des != blowfish )
09/08/16 16:28:42 ii : unmatched isakmp proposal/transform
09/08/16 16:28:42 ii : cipher type ( 3des != blowfish )
09/08/16 16:28:42 ii : unmatched isakmp proposal/transform
09/08/16 16:28:42 ii : cipher type ( 3des != blowfish )
09/08/16 16:28:42 ii : unmatched isakmp proposal/transform
09/08/16 16:28:42 ii : cipher type ( 3des != blowfish )
09/08/16 16:28:42 ii : matched isakmp proposal #1 transform #13
09/08/16 16:28:42 ii : - transform = ike
09/08/16 16:28:42 ii : - cipher type = 3des
09/08/16 16:28:42 ii : - key length = default
09/08/16 16:28:42 ii : - hash type = md5
09/08/16 16:28:42 ii : - dh group = modp-1024
09/08/16 16:28:42 ii : - auth type = xauth-initiator-psk
09/08/16 16:28:42 ii : - life seconds = 86400
09/08/16 16:28:42 ii : - life kbytes = 0
09/08/16 16:28:42 << : key exchange payload
09/08/16 16:28:42 << : nonce payload
09/08/16 16:28:42 << : identification payload
09/08/16 16:28:42 ii : phase1 id match
09/08/16 16:28:42 ii : received = ipv4-host 152.62.108.71
09/08/16 16:28:42 << : hash payload
09/08/16 16:28:42 << : vendor id payload
09/08/16 16:28:42 ii : peer is CISCO UNITY compatible
09/08/16 16:28:42 << : vendor id payload
09/08/16 16:28:42 ii : peer supports XAUTH
09/08/16 16:28:42 << : vendor id payload
09/08/16 16:28:42 ii : peer supports DPDv1
09/08/16 16:28:42 << : vendor id payload
09/08/16 16:28:42 ii : unknown vendor id ( 20 bytes )
09/08/16 16:28:42 0x : 4048b7d5 6ebce885 25e7de7f 00d6c2d3 c0000000
09/08/16 16:28:42 << : vendor id payload
09/08/16 16:28:42 ii : unknown vendor id ( 16 bytes )
09/08/16 16:28:42 0x : 4e311b42 80aa5e2a cb8b502f ae717a01
09/08/16 16:28:42 << : vendor id payload
09/08/16 16:28:42 ii : unknown vendor id ( 16 bytes )
09/08/16 16:28:42 0x : 1f07f70e aa6514d3 b0fa9654 2a500407
09/08/16 16:28:42 ii : nat-t is disabled locally
09/08/16 16:28:42 == : DH shared secret ( 128 bytes )
09/08/16 16:28:42 == : SETKEYID ( 16 bytes )
09/08/16 16:28:42 == : SETKEYID_d ( 16 bytes )
09/08/16 16:28:42 == : SETKEYID_a ( 16 bytes )
09/08/16 16:28:42 == : SETKEYID_e ( 16 bytes )
09/08/16 16:28:42 == : cipher key ( 32 bytes )
09/08/16 16:28:42 == : cipher iv ( 8 bytes )
09/08/16 16:28:42 == : phase1 hash_i ( computed ) ( 16 bytes )
09/08/16 16:28:42 >> : hash payload
09/08/16 16:28:42 >= : cookies 1820dc757df6e150:bbf6bc5f80ab5e2a
09/08/16 16:28:42 >= : message 00000000
09/08/16 16:28:42 >= : encrypt iv ( 8 bytes )
09/08/16 16:28:42 == : encrypt packet ( 48 bytes )
09/08/16 16:28:42 == : stored iv ( 8 bytes )
09/08/16 16:28:42 DB : phase1 resend event canceled ( ref count = 1 )
09/08/16 16:28:42 -> : send IKE packet 10.10.10.50:500 ->
152.62.108.71:500 ( 80 bytes )
09/08/16 16:28:42 == : phase1 hash_r ( computed ) ( 16 bytes )
09/08/16 16:28:42 == : phase1 hash_r ( received ) ( 16 bytes )
09/08/16 16:28:42 ii : phase1 sa established
09/08/16 16:28:42 ii : 152.62.108.71:500 <-> 10.10.10.50:500
09/08/16 16:28:42 ii : 1820dc757df6e150:bbf6bc5f80ab5e2a
09/08/16 16:28:42 ii : sending peer INITIAL-CONTACT notification
09/08/16 16:28:42 ii : - 10.10.10.50:500 -> 152.62.108.71:500
09/08/16 16:28:42 ii : - isakmp spi = 1820dc757df6e150:bbf6bc5f80ab5e2a
09/08/16 16:28:42 ii : - data size 0
09/08/16 16:28:42 >> : hash payload
09/08/16 16:28:42 >> : notification payload
09/08/16 16:28:42 == : new informational hash ( 16 bytes )
09/08/16 16:28:42 == : new informational iv ( 8 bytes )
09/08/16 16:28:42 >= : cookies 1820dc757df6e150:bbf6bc5f80ab5e2a
09/08/16 16:28:42 >= : message 7a7efa02
09/08/16 16:28:42 >= : encrypt iv ( 8 bytes )
09/08/16 16:28:42 == : encrypt packet ( 76 bytes )
09/08/16 16:28:42 == : stored iv ( 8 bytes )
09/08/16 16:28:42 -> : send IKE packet 10.10.10.50:500 ->
152.62.108.71:500 ( 104 bytes )
09/08/16 16:28:42 DB : phase2 not found
09/08/16 16:28:42 <- : recv IKE packet 152.62.108.71:500 ->
10.10.10.50:500 ( 108 bytes )
09/08/16 16:28:42 DB : phase1 found
09/08/16 16:28:42 ii : processing config packet ( 108 bytes )
09/08/16 16:28:42 DB : config not found
09/08/16 16:28:42 DB : config added ( obj count = 1 )
09/08/16 16:28:42 == : new config iv ( 8 bytes )
09/08/16 16:28:42 =< : cookies 1820dc757df6e150:bbf6bc5f80ab5e2a
09/08/16 16:28:42 =< : message 3a689107
09/08/16 16:28:42 =< : decrypt iv ( 8 bytes )
09/08/16 16:28:42 == : decrypt packet ( 108 bytes )
09/08/16 16:28:42 <= : trimmed packet padding ( 4 bytes )
09/08/16 16:28:42 <= : stored iv ( 8 bytes )
09/08/16 16:28:42 << : hash payload
09/08/16 16:28:42 << : attribute payload
09/08/16 16:28:42 == : configure hash_i ( computed ) ( 16 bytes )
09/08/16 16:28:42 == : configure hash_c ( computed ) ( 16 bytes )
09/08/16 16:28:42 ii : configure hash verified
09/08/16 16:28:42 !! : warning, unhandled xauth attribute 32136
09/08/16 16:28:42 !! : warning, unhandled xauth attribute 16523
09/08/16 16:28:42 ii : received xauth request - Enter Username and Password.
09/08/16 16:28:42 ii : added standard xauth username attribute
09/08/16 16:28:42 ii : sending xauth response for perrad
09/08/16 16:28:42 >> : hash payload
09/08/16 16:28:42 >> : attribute payload
09/08/16 16:28:42 == : new configure hash ( 16 bytes )
09/08/16 16:28:42 >= : cookies 1820dc757df6e150:bbf6bc5f80ab5e2a
09/08/16 16:28:42 >= : message 3a689107
09/08/16 16:28:42 >= : encrypt iv ( 8 bytes )
09/08/16 16:28:42 == : encrypt packet ( 70 bytes )
09/08/16 16:28:42 == : stored iv ( 8 bytes )
09/08/16 16:28:42 -> : send IKE packet 10.10.10.50:500 ->
152.62.108.71:500 ( 104 bytes )
09/08/16 16:28:42 DB : config resend event scheduled ( ref count = 2 )
09/08/16 16:28:42 <- : recv IKE packet 152.62.108.71:500 ->
10.10.10.50:500 ( 76 bytes )
09/08/16 16:28:42 DB : phase1 found
09/08/16 16:28:42 ii : processing informational packet ( 76 bytes )
09/08/16 16:28:42 == : new informational iv ( 8 bytes )
09/08/16 16:28:42 =< : cookies 1820dc757df6e150:bbf6bc5f80ab5e2a
09/08/16 16:28:42 =< : message 14ace392
09/08/16 16:28:42 =< : decrypt iv ( 8 bytes )
09/08/16 16:28:42 == : decrypt packet ( 76 bytes )
09/08/16 16:28:42 <= : stored iv ( 8 bytes )
09/08/16 16:28:42 << : hash payload
09/08/16 16:28:42 << : delete payload
09/08/16 16:28:42 == : informational hash_i ( computed ) ( 16 bytes )
09/08/16 16:28:42 == : informational hash_c ( received ) ( 16 bytes )
09/08/16 16:28:42 ii : informational hash verified
09/08/16 16:28:42 ii : received peer DELETE message
09/08/16 16:28:42 ii : - 152.62.108.71:500 -> 10.10.10.50:500
09/08/16 16:28:42 ii : - isakmp spi = 1820dc757df6e150:bbf6bc5f80ab5e2a
09/08/16 16:28:42 DB : phase1 found
09/08/16 16:28:42 ii : cleanup, marked phase1
1820dc757df6e150:bbf6bc5f80ab5e2a for removal
09/08/16 16:28:42 DB : phase1 soft event canceled ( ref count = 4 )
09/08/16 16:28:42 DB : phase1 hard event canceled ( ref count = 3 )
09/08/16 16:28:42 DB : phase1 dead event canceled ( ref count = 2 )
09/08/16 16:28:42 DB : config resend event canceled ( ref count = 1 )
09/08/16 16:28:42 DB : config deleted ( obj count = 0 )
09/08/16 16:28:42 ii : phase1 removal before expire time
09/08/16 16:28:42 DB : phase1 not found
09/08/16 16:28:42 DB : phase1 deleted ( obj count = 0 )
09/08/16 16:28:42 DB : tunnel dpd event canceled ( ref count = 2 )
09/08/16 16:28:42 DB : tunnel stats event canceled ( ref count = 1 )
09/08/16 16:28:42 DB : removing tunnel config references
09/08/16 16:28:42 DB : removing tunnel phase2 references
09/08/16 16:28:42 DB : removing tunnel phase1 references
09/08/16 16:28:42 DB : tunnel deleted ( obj count = 0 )
09/08/16 16:28:43 DB : removing all peer tunnel refrences
09/08/16 16:28:43 DB : peer deleted ( obj count = 0 )
09/08/16 16:28:43 ii : ipc client process thread exit ...
+++++
IPSEC logs:-
09/08/16 16:28:26 ## : IPSEC Daemon, ver 2.1.0
09/08/16 16:28:26 ## : Copyright 2008 Shrew Soft Inc.
09/08/16 16:28:26 ## : This product linked OpenSSL 0.9.8h 28 May 2008
09/08/16 16:28:26 ## : This product linked zlib v1.2.3
09/08/16 16:28:26 ii : network send process thread begin ...
09/08/16 16:28:26 ii : network recv process thread begin ...
09/08/16 16:28:26 ii : opened vflt device
09/08/16 16:28:26 ii : opened vflt recv device
09/08/16 16:28:26 ii : pfkey server process thread begin ...
09/08/16 16:28:26 ii : pfkey client process thread begin ...
09/08/16 16:28:26 K< : recv DUMP UNSPEC message
09/08/16 16:28:26 K< : recv X_SPDDUMP UNSPEC message
09/08/16 16:28:27 ii : pfkey client process thread begin ...
09/08/16 16:28:27 K< : message REGISTER AH received
09/08/16 16:28:27 K< : message REGISTER ESP received
09/08/16 16:28:27 K< : message REGISTER IPCOMP received
09/08/16 16:28:27 K< : recv X_SPDDUMP UNSPEC message
09/08/16 16:28:27 ii : pfkey client process thread exit ...
09/08/16 16:28:28 ii : pfkey client process thread begin ...
09/08/16 16:28:28 K< : message REGISTER AH received
09/08/16 16:28:28 K< : message REGISTER ESP received
09/08/16 16:28:28 K< : message REGISTER IPCOMP received
09/08/16 16:28:28 K< : recv X_SPDDUMP UNSPEC message
09/08/16 16:28:28 ii : inspecting ARP request ...
09/08/16 16:28:28 !! : ARP packet has invalid header
09/08/16 16:28:41 ii : inspecting ARP request ...
09/08/16 16:28:41 DB : policy not found
09/08/16 16:28:41 ii : ignoring ARP request for 10.10.10.1, no policy found
09/08/16 16:28:42 ii : inspecting ARP request ...
09/08/16 16:28:42 DB : policy not found
09/08/16 16:28:42 ii : ignoring ARP request for 10.10.10.1, no policy found
09/08/16 16:29:00 ii : inspecting ARP request ...
09/08/16 16:29:00 DB : policy not found
09/08/16 16:29:00 ii : ignoring ARP request for 10.10.10.1, no policy found
09/08/16 16:29:00 ii : inspecting ARP request ...
09/08/16 16:29:00 DB : policy not found
09/08/16 16:29:00 ii : ignoring ARP request for 10.10.10.1, no policy found
09/08/16 16:29:06 ii : inspecting ARP request ...
09/08/16 16:29:06 DB : policy not found
09/08/16 16:29:06 ii : ignoring ARP request for 10.10.10.1, no policy found
09/08/16 16:29:23 ii : inspecting ARP request ...
09/08/16 16:29:23 DB : policy not found
09/08/16 16:29:23 ii : ignoring ARP request for 10.10.10.1, no policy found
09/08/16 16:29:32 ii : inspecting ARP request ...
09/08/16 16:29:32 DB : policy not found
09/08/16 16:29:32 ii : ignoring ARP request for 10.10.10.1, no policy found
09/08/16 16:30:34 ii : inspecting ARP request ...
09/08/16 16:30:34 !! : ARP packet has invalid header
09/08/16 16:31:05 ii : inspecting ARP request ...
09/08/16 16:31:05 DB : policy not found
09/08/16 16:31:05 ii : ignoring ARP request for 10.10.10.1, no policy found
On Sun, Aug 16, 2009 at 3:12 PM, Matthew Grooms<mgrooms at shrew.net> wrote:
> David Perrault wrote:
>>
>> Thanks all - I've now managed to import my profiles successfully.
>> However none of my profiles work despites being ok with the Cisco VPN
>> client or NCP Secure Entry.
>>
>> With an ESP-IPsec profile I get the following error in the IKE log:-
>>
>> 09/08/16 07:48:34 !! : phase1 id mismatch
>> 09/08/16 07:48:34 !! : received = ipv4-host 152.62.108.70
>> 09/08/16 07:48:34 !! : expected = none
>>
>> With a Multi-User TCP profile I get:-
>> 09/08/16 08:12:20 !! : unable to connect to pfkey interface
>>
>> I also see from time to time in the IPsec log:-
>> 09/08/16 08:15:18 !! : ARP packet has invalid header
>>
>
> Hi David,
>
> This is the other bug that has been reported, fixed and will be included in
> RC3 :) When the Authentication / Remote Identity is set to Any in the site
> configuration, the client will sometimes fail negotiations with "phase1 id
> mismatch". As a temporary work-around for your connection, you will need to
> set it to address since thats what your gateway sends.
>
> Hope this helps,
>
> -Matthew
>
More information about the vpn-help
mailing list