[vpn-help] All IPSec SA proposals found unacceptable!

Robert L Sowders rsowders at usgs.gov
Mon Feb 8 23:06:41 CST 2010 

All,

I've been trying to get the shrew client to work on my local systems, both 
XP and Windows 7 to no avail.  I have a Cisco 3000 and I can connect to it 
with the Cisco client ok.  I imported the pcf file into shrew with no 
problems.  I did have to adjust the NAT port as that setting did not 
change from the default of 4500 to what we have ours set for 3322.  The 
shrew client connects fine and authenticates the user and it appears the 
phase 1 is completed but it terminates shortly there after with the error 
All IPSec SA proposals found unacceptable!.  This is an error from the VPN 
logs, the trace utility on the client just says a IKE packet was received 
the de-crytped to DELETE and the client then dutifully deletes all 
configurations and terminated the tunnel.

Here are the relevant logs from the VPN.

Feb  8 18:44:50 hihnl-vpn1.wr.usgs.gov 133536: 2010 Feb 08 18:44:49.550 
-1000 -10:00 %IKE-5-52: RPT=2421: 137.227.237.66: Group [3000client] User 
[billyb] User (billyb) authenticated.
Feb  8 18:45:02 hihnl-vpn1.wr.usgs.gov 133537: 2010 Feb 08 18:45:01.310 
-1000 -10:00 %AUTH-5-22: RPT=2402: 137.227.237.66: User [billyb] Group 
[3000client] connected, Session Type: IPSec
Feb  8 18:45:02 hihnl-vpn1.wr.usgs.gov 133538: 2010 Feb 08 18:45:01.310 
-1000 -10:00 %IKE-5-119: RPT=2578: 137.227.237.66: Group [3000client] User 
[billyb] PHASE 1 COMPLETED
Feb  8 18:45:02 hihnl-vpn1.wr.usgs.gov 133540: 2010 Feb 08 18:45:01.320 
-1000 -10:00 %IKE-6-25: RPT=3189: 137.227.237.66: Group [3000client] User 
[billyb] Received remote Proxy Host data in ID Payload: Address 
130.118.84.171, Protocol 0, Port 0
Feb  8 18:45:02 hihnl-vpn1.wr.usgs.gov 133543: 2010 Feb 08 18:45:01.320 
-1000 -10:00 %IKE-6-34: RPT=3187: 137.227.237.66: Group [3000client] User 
[billyb] Received local IP Proxy Subnet data in ID Payload:  Address 
0.0.0.0, Mask 0.0.0.0, Protocol 0, Port 0
Feb  8 18:45:02 hihnl-vpn1.wr.usgs.gov 133545: 2010 Feb 08 18:45:01.320 
-1000 -10:00 %IKE-6-66: RPT=3189: 137.227.237.66: Group [3000client] User 
[billyb] IKE Remote Peer configured for SA: ESP-3DES-MD5
Feb  8 18:45:02 hihnl-vpn1.wr.usgs.gov 133547: 2010 Feb 08 18:45:01.320 
-1000 -10:00 %IKE-5-227: RPT=116: 137.227.237.66: Group [3000client] User 
[billyb] All IPSec SA proposals found unacceptable!
Feb  8 18:45:02 hihnl-vpn1.wr.usgs.gov 133548: 2010 Feb 08 18:45:01.320 
-1000 -10:00 %IKEDBG-5-97: RPT=316: 137.227.237.66: Group [3000client] 
User [billyb] QM FSM error (P2 struct &0x196ecfe4, mess id 0x6925bfa3)!
Feb  8 18:45:02 hihnl-vpn1.wr.usgs.gov 133550: 2010 Feb 08 18:45:01.320 
-1000 -10:00 %AUTH-5-23: RPT=118: 137.227.237.66: User [billyb] Group 
[3000client] disconnected: duration: 0:00:00

the Trace utility doesn't show anything out of the ordinary, at least not 
that I can see

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20100208/18914d34/attachment-0001.html>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: shrew.txt
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20100208/18914d34/attachment-0001.txt>

More information about the vpn-help mailing list