[vpn-help] All IPSec SA proposals found unacceptable!
Robert L Sowders
rsowders at usgs.gov
Mon Feb 8 23:06:41 CST 2010
All,
I've been trying to get the shrew client to work on my local systems, both
XP and Windows 7 to no avail. I have a Cisco 3000 and I can connect to it
with the Cisco client ok. I imported the pcf file into shrew with no
problems. I did have to adjust the NAT port as that setting did not
change from the default of 4500 to what we have ours set for 3322. The
shrew client connects fine and authenticates the user and it appears the
phase 1 is completed but it terminates shortly there after with the error
All IPSec SA proposals found unacceptable!. This is an error from the VPN
logs, the trace utility on the client just says a IKE packet was received
the de-crytped to DELETE and the client then dutifully deletes all
configurations and terminated the tunnel.
Here are the relevant logs from the VPN.
Feb 8 18:44:50 hihnl-vpn1.wr.usgs.gov 133536: 2010 Feb 08 18:44:49.550
-1000 -10:00 %IKE-5-52: RPT=2421: 137.227.237.66: Group [3000client] User
[billyb] User (billyb) authenticated.
Feb 8 18:45:02 hihnl-vpn1.wr.usgs.gov 133537: 2010 Feb 08 18:45:01.310
-1000 -10:00 %AUTH-5-22: RPT=2402: 137.227.237.66: User [billyb] Group
[3000client] connected, Session Type: IPSec
Feb 8 18:45:02 hihnl-vpn1.wr.usgs.gov 133538: 2010 Feb 08 18:45:01.310
-1000 -10:00 %IKE-5-119: RPT=2578: 137.227.237.66: Group [3000client] User
[billyb] PHASE 1 COMPLETED
Feb 8 18:45:02 hihnl-vpn1.wr.usgs.gov 133540: 2010 Feb 08 18:45:01.320
-1000 -10:00 %IKE-6-25: RPT=3189: 137.227.237.66: Group [3000client] User
[billyb] Received remote Proxy Host data in ID Payload: Address
130.118.84.171, Protocol 0, Port 0
Feb 8 18:45:02 hihnl-vpn1.wr.usgs.gov 133543: 2010 Feb 08 18:45:01.320
-1000 -10:00 %IKE-6-34: RPT=3187: 137.227.237.66: Group [3000client] User
[billyb] Received local IP Proxy Subnet data in ID Payload: Address
0.0.0.0, Mask 0.0.0.0, Protocol 0, Port 0
Feb 8 18:45:02 hihnl-vpn1.wr.usgs.gov 133545: 2010 Feb 08 18:45:01.320
-1000 -10:00 %IKE-6-66: RPT=3189: 137.227.237.66: Group [3000client] User
[billyb] IKE Remote Peer configured for SA: ESP-3DES-MD5
Feb 8 18:45:02 hihnl-vpn1.wr.usgs.gov 133547: 2010 Feb 08 18:45:01.320
-1000 -10:00 %IKE-5-227: RPT=116: 137.227.237.66: Group [3000client] User
[billyb] All IPSec SA proposals found unacceptable!
Feb 8 18:45:02 hihnl-vpn1.wr.usgs.gov 133548: 2010 Feb 08 18:45:01.320
-1000 -10:00 %IKEDBG-5-97: RPT=316: 137.227.237.66: Group [3000client]
User [billyb] QM FSM error (P2 struct &0x196ecfe4, mess id 0x6925bfa3)!
Feb 8 18:45:02 hihnl-vpn1.wr.usgs.gov 133550: 2010 Feb 08 18:45:01.320
-1000 -10:00 %AUTH-5-23: RPT=118: 137.227.237.66: User [billyb] Group
[3000client] disconnected: duration: 0:00:00
the Trace utility doesn't show anything out of the ordinary, at least not
that I can see
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.shrew.net/pipermail/vpn-help/attachments/20100208/18914d34/attachment.html>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: shrew.txt
URL: <http://lists.shrew.net/pipermail/vpn-help/attachments/20100208/18914d34/attachment.txt>
More information about the vpn-help
mailing list