[vpn-help] Cisco VPN concentrator

Garber, Kevin M. Kevin.Garber at glatfelter.com
Tue Jan 5 11:55:18 CST 2010 

Sean,

This client does work with the VPN Concentrators once you upgrade to the
2.1.6 version.  You might also have to install the ikedfix.exe patch and
also put in a remote network resource of 0.0.0.0/0.0.0.0 in the policy
section of your profile.

The IKEDFIX is located here.  (It may be included in the latest beta,
I'm not sure).
http://www.shrew.net/download/vpn/vpn-client-2.1.6-ikedfix.exe

If you still can't get it to work, let me know and I'll send you the
specific config I'm using.

~Kevin

-----Original Message-----
From: vpn-help-bounces at lists.shrew.net
[mailto:vpn-help-bounces at lists.shrew.net] On Behalf Of Byars, Sean
Sent: Tuesday, January 05, 2010 11:32 AM
To: vpn-help at lists.shrew.net
Subject: [vpn-help] Cisco VPN concentrator

I see this works with Cisco PIX and ASA, but I cannot get it to work
with the Cisco formerly Altiga VPN 3000 series Concentrator.  Log is
attached.  It connects, I get an IP and the user security notice, but I
can never PING across it and then about 10 seconds later it times out.
I'm using the same policies that the Cisco VPN client uses.  My guess is
there are still quite a few concentrators out there so enabling support
for this could greatly increase market share for your product.  I know
of 100-200 users that would download it now if we can get this working.
Thanks!

-----Original Message-----
From: vpn-help-bounces at lists.shrew.net
[mailto:vpn-help-bounces at lists.shrew.net] On Behalf Of
vpn-help-request at lists.shrew.net
Sent: Monday, January 04, 2010 7:59 PM
To: vpn-help at lists.shrew.net
Subject: vpn-help Digest, Vol 40, Issue 3

Send vpn-help mailing list submissions to
	vpn-help at lists.shrew.net

To subscribe or unsubscribe via the World Wide Web, visit
	http://lists.shrew.net/mailman/listinfo/vpn-help
or, via email, send a message with subject or body 'help' to
	vpn-help-request at lists.shrew.net

You can reach the person managing the list at
	vpn-help-owner at lists.shrew.net

When replying, please edit your Subject line so it is more specific than
"Re: Contents of vpn-help digest..."


Today's Topics:

   1. Conflict between ShrewSoft VPN Client and VirtualBox
      (Alexis Bilodeau)
   2. Access Manager - Disconnected during Phase-2 (Windows 7	64
      bit) (ataru moroboshi)


----------------------------------------------------------------------

Message: 1
Date: Mon, 4 Jan 2010 13:28:43 -0500
From: Alexis Bilodeau <a.bilodeau at novoelectronique.com>
Subject: [vpn-help] Conflict between ShrewSoft VPN Client and
	VirtualBox
To: vpn-help at lists.shrew.net
Message-ID:
	<221471bb1001041028h227e7e94ode68b87c0c4fcfa4 at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

Hi,

I installed VPN Client v2.1.6 on a Windows 7 x64 machine that also have
VirtualBox 3.1.2 installed.

The VPN worked right after the installation, but after my computer
rebooted I lost the dns (which is, I could access the internet but no
name resolving). A few trials and errors shown that stopping the
ShrewSoft DNS Proxy Daemon fixed the problem. Obviously, stopping this
service every time I disconnect from the VPN isn't very practical.

I later found that uninstalling VirtualBox fixed it completely, I do not
have to stop the DNS Proxy service to get a fully functionnal internet
access.

There seem to be a conflict between those two, what do you think?

Thanks,

Alexis Bilodeau
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.shrew.net/pipermail/vpn-help/attachments/20100104/0ea7b62d/
attac
hment-0001.html 

------------------------------

Message: 2
Date: Tue, 5 Jan 2010 01:28:05 +0100
From: ataru moroboshi <ataru80 at gmail.com>
Subject: [vpn-help] Access Manager - Disconnected during Phase-2
	(Windows 7	64 bit)
To: vpn-help at lists.shrew.net
Message-ID:
	<bc330aba1001041628rb446e94h6044b2f8013cee9c at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

Hi,
I'm trying to set a VPN client on Windows 7 64 bit.
I've installed and run Access Manager v.2.1.5 : I've imported a Cisco
IPSEC VPN account (file .pcf) Everytings seems OK, no warning, etc.
When I try to connect to the VPN, I get the following ouptut:

attached to key daemon ...
peer configured
iskamp proposal configured
esp proposal configured
client configured
local id configured
pre-shared key configured
bringing up tunnel ...
network device configured
tunnel enabled
session terminated by gateway
tunnel disabled
detached from key daemon ...

It looks like connected, but after a short while i get the disconnected
status.
Looking on google I found the avdice of setting the "PFS Exchange"  in
the Tab "Phase-2" to the value "group 2" but it still not working.
Attached and below you can find the trace output.
Could you please give me your support?
Thanx in advance



10/01/05 01:10:19 ii : ipc client process thread begin ...
10/01/05 01:10:19 <A : peer config add message
10/01/05 01:10:19 DB : peer added ( obj count = 1 )
10/01/05 01:10:19 ii : local address 192.168.0.4 selected for peer
10/01/05 01:10:19 DB : tunnel added ( obj count = 1 )
10/01/05 01:10:19 <A : proposal config message
10/01/05 01:10:19 <A : proposal config message
10/01/05 01:10:19 <A : client config message
10/01/05 01:10:19 <A : xauth username message
10/01/05 01:10:19 <A : xauth password message
10/01/05 01:10:19 <A : local id 'vpnusers' message
10/01/05 01:10:19 <A : preshared key message
10/01/05 01:10:19 <A : peer tunnel enable message
10/01/05 01:10:19 DB : new phase1 ( ISAKMP initiator )
10/01/05 01:10:19 DB : exchange type is aggressive
10/01/05 01:10:19 DB : 192.168.0.4:500 <-> 213.255.79.172:500
10/01/05 01:10:19 DB : b884b435e4cb96a5:0000000000000000
10/01/05 01:10:19 DB : phase1 added ( obj count = 1 )
10/01/05 01:10:19 >> : security association payload
10/01/05 01:10:19 >> : - proposal #1 payload
10/01/05 01:10:19 >> : -- transform #1 payload
10/01/05 01:10:19 >> : -- transform #2 payload
10/01/05 01:10:19 >> : -- transform #3 payload
10/01/05 01:10:19 >> : -- transform #4 payload
10/01/05 01:10:19 >> : -- transform #5 payload
10/01/05 01:10:19 >> : -- transform #6 payload
10/01/05 01:10:19 >> : -- transform #7 payload
10/01/05 01:10:19 >> : -- transform #8 payload
10/01/05 01:10:19 >> : -- transform #9 payload
10/01/05 01:10:19 >> : -- transform #10 payload
10/01/05 01:10:19 >> : -- transform #11 payload
10/01/05 01:10:19 >> : -- transform #12 payload
10/01/05 01:10:19 >> : -- transform #13 payload
10/01/05 01:10:19 >> : -- transform #14 payload
10/01/05 01:10:19 >> : -- transform #15 payload
10/01/05 01:10:19 >> : -- transform #16 payload
10/01/05 01:10:19 >> : -- transform #17 payload
10/01/05 01:10:19 >> : -- transform #18 payload
10/01/05 01:10:19 >> : key exchange payload
10/01/05 01:10:19 >> : nonce payload
10/01/05 01:10:19 >> : identification payload
10/01/05 01:10:19 >> : vendor id payload
10/01/05 01:10:19 ii : local supports XAUTH
10/01/05 01:10:19 >> : vendor id payload
10/01/05 01:10:19 ii : local supports nat-t ( draft v00 )
10/01/05 01:10:19 >> : vendor id payload
10/01/05 01:10:19 ii : local supports nat-t ( draft v01 )
10/01/05 01:10:19 >> : vendor id payload
10/01/05 01:10:19 ii : local supports nat-t ( draft v02 )
10/01/05 01:10:19 >> : vendor id payload
10/01/05 01:10:19 ii : local supports nat-t ( draft v03 )
10/01/05 01:10:19 >> : vendor id payload
10/01/05 01:10:19 ii : local supports nat-t ( rfc )
10/01/05 01:10:19 >> : vendor id payload
10/01/05 01:10:19 ii : local supports DPDv1
10/01/05 01:10:19 >> : vendor id payload
10/01/05 01:10:19 ii : local is SHREW SOFT compatible
10/01/05 01:10:19 >> : vendor id payload
10/01/05 01:10:19 ii : local is NETSCREEN compatible
10/01/05 01:10:19 >> : vendor id payload
10/01/05 01:10:19 ii : local is SIDEWINDER compatible
10/01/05 01:10:19 >> : vendor id payload
10/01/05 01:10:19 ii : local is CISCO UNITY compatible
10/01/05 01:10:19 >= : cookies b884b435e4cb96a5:0000000000000000
10/01/05 01:10:19 >= : message 00000000
10/01/05 01:10:19 -> : send IKE packet 192.168.0.4:500 ->
213.255.79.172:500( 1224 bytes )
10/01/05 01:10:19 DB : phase1 resend event scheduled ( ref count = 2 )
10/01/05 01:10:19 <- : recv IKE packet 213.255.79.172:500 ->
192.168.0.4:500( 512 bytes )
10/01/05 01:10:19 DB : phase1 found
10/01/05 01:10:19 ii : processing phase1 packet ( 512 bytes )
10/01/05 01:10:19 =< : cookies b884b435e4cb96a5:565ceabf68958ba8
10/01/05 01:10:19 =< : message 00000000
10/01/05 01:10:19 << : security association payload
10/01/05 01:10:19 << : - propsal #1 payload
10/01/05 01:10:19 << : -- transform #13 payload
10/01/05 01:10:19 ii : unmatched isakmp proposal/transform
10/01/05 01:10:19 ii : cipher type ( 3des != aes )
10/01/05 01:10:19 ii : unmatched isakmp proposal/transform
10/01/05 01:10:19 ii : cipher type ( 3des != aes )
10/01/05 01:10:19 ii : unmatched isakmp proposal/transform
10/01/05 01:10:19 ii : cipher type ( 3des != aes )
10/01/05 01:10:19 ii : unmatched isakmp proposal/transform
10/01/05 01:10:19 ii : cipher type ( 3des != aes )
10/01/05 01:10:19 ii : unmatched isakmp proposal/transform
10/01/05 01:10:19 ii : cipher type ( 3des != aes )
10/01/05 01:10:19 ii : unmatched isakmp proposal/transform
10/01/05 01:10:19 ii : cipher type ( 3des != aes )
10/01/05 01:10:19 ii : unmatched isakmp proposal/transform
10/01/05 01:10:19 ii : cipher type ( 3des != blowfish )
10/01/05 01:10:19 ii : unmatched isakmp proposal/transform
10/01/05 01:10:19 ii : cipher type ( 3des != blowfish )
10/01/05 01:10:19 ii : unmatched isakmp proposal/transform
10/01/05 01:10:19 ii : cipher type ( 3des != blowfish )
10/01/05 01:10:19 ii : unmatched isakmp proposal/transform
10/01/05 01:10:19 ii : cipher type ( 3des != blowfish )
10/01/05 01:10:19 ii : unmatched isakmp proposal/transform
10/01/05 01:10:19 ii : cipher type ( 3des != blowfish )
10/01/05 01:10:19 ii : unmatched isakmp proposal/transform
10/01/05 01:10:19 ii : cipher type ( 3des != blowfish )
10/01/05 01:10:19 ii : matched isakmp proposal #1 transform #13
10/01/05 01:10:19 ii : - transform = ike
10/01/05 01:10:19 ii : - cipher type = 3des
10/01/05 01:10:19 ii : - key length = default
10/01/05 01:10:19 ii : - hash type = md5
10/01/05 01:10:19 ii : - dh group = modp-1536
10/01/05 01:10:19 ii : - auth type = xauth-initiator-psk
10/01/05 01:10:19 ii : - life seconds = 86400
10/01/05 01:10:19 ii : - life kbytes = 0
10/01/05 01:10:19 << : key exchange payload
10/01/05 01:10:19 << : nonce payload
10/01/05 01:10:19 << : identification payload
10/01/05 01:10:19 ii : phase1 id target is any
10/01/05 01:10:19 ii : phase1 id match
10/01/05 01:10:19 ii : received = ipv4-host 10.16.96.66
10/01/05 01:10:19 << : hash payload
10/01/05 01:10:19 << : vendor id payload
10/01/05 01:10:19 ii : peer is CISCO UNITY compatible
10/01/05 01:10:19 << : vendor id payload
10/01/05 01:10:19 ii : peer supports XAUTH
10/01/05 01:10:19 << : vendor id payload
10/01/05 01:10:19 ii : peer supports DPDv1
10/01/05 01:10:19 << : vendor id payload
10/01/05 01:10:19 ii : peer supports nat-t ( draft v02 )
10/01/05 01:10:19 << : nat discovery payload
10/01/05 01:10:19 << : nat discovery payload
10/01/05 01:10:19 << : vendor id payload
10/01/05 01:10:19 ii : unknown vendor id ( 20 bytes )
10/01/05 01:10:19 0x : 4048b7d5 6ebce885 25e7de7f 00d6c2d3 c0000000
10/01/05 01:10:19 << : vendor id payload
10/01/05 01:10:19 ii : unknown vendor id ( 16 bytes )
10/01/05 01:10:19 0x : a39b4da2 68948ba8 1ae72a26 795ecd96
10/01/05 01:10:19 << : vendor id payload
10/01/05 01:10:19 ii : unknown vendor id ( 16 bytes )
10/01/05 01:10:19 0x : 1f07f70e aa6514d3 b0fa9654 2a500401
10/01/05 01:10:19 ii : nat discovery - local address is translated
10/01/05 01:10:19 ii : nat discovery - remote address is translated
10/01/05 01:10:19 ii : switching to src nat-t udp port 4500
10/01/05 01:10:19 ii : switching to dst nat-t udp port 4500
10/01/05 01:10:20 == : DH shared secret ( 192 bytes )
10/01/05 01:10:20 == : SETKEYID ( 16 bytes )
10/01/05 01:10:20 == : SETKEYID_d ( 16 bytes )
10/01/05 01:10:20 == : SETKEYID_a ( 16 bytes )
10/01/05 01:10:20 == : SETKEYID_e ( 16 bytes )
10/01/05 01:10:20 == : cipher key ( 32 bytes )
10/01/05 01:10:20 == : cipher iv ( 8 bytes )
10/01/05 01:10:20 == : phase1 hash_i ( computed ) ( 16 bytes )
10/01/05 01:10:20 >> : hash payload
10/01/05 01:10:20 >> : nat discovery payload
10/01/05 01:10:20 >> : nat discovery payload
10/01/05 01:10:20 >= : cookies b884b435e4cb96a5:565ceabf68958ba8
10/01/05 01:10:20 >= : message 00000000
10/01/05 01:10:20 >= : encrypt iv ( 8 bytes )
10/01/05 01:10:20 == : encrypt packet ( 88 bytes )
10/01/05 01:10:20 == : stored iv ( 8 bytes )
10/01/05 01:10:20 DB : phase1 resend event canceled ( ref count = 1 )
10/01/05 01:10:20 -> : send NAT-T:IKE packet 192.168.0.4:4500 ->
213.255.79.172:4500 ( 124 bytes )
10/01/05 01:10:20 == : phase1 hash_r ( computed ) ( 16 bytes )
10/01/05 01:10:20 == : phase1 hash_r ( received ) ( 16 bytes )
10/01/05 01:10:20 ii : phase1 sa established
10/01/05 01:10:20 ii : 213.255.79.172:4500 <-> 192.168.0.4:4500
10/01/05 01:10:20 ii : b884b435e4cb96a5:565ceabf68958ba8
10/01/05 01:10:20 ii : sending peer INITIAL-CONTACT notification
10/01/05 01:10:20 ii : - 192.168.0.4:4500 -> 213.255.79.172:4500
10/01/05 01:10:20 ii : - isakmp spi = b884b435e4cb96a5:565ceabf68958ba8
10/01/05 01:10:20 ii : - data size 0
10/01/05 01:10:20 >> : hash payload
10/01/05 01:10:20 >> : notification payload
10/01/05 01:10:20 == : new informational hash ( 16 bytes )
10/01/05 01:10:20 == : new informational iv ( 8 bytes )
10/01/05 01:10:20 >= : cookies b884b435e4cb96a5:565ceabf68958ba8
10/01/05 01:10:20 >= : message 6dfc6788
10/01/05 01:10:20 >= : encrypt iv ( 8 bytes )
10/01/05 01:10:20 == : encrypt packet ( 76 bytes )
10/01/05 01:10:20 == : stored iv ( 8 bytes )
10/01/05 01:10:20 -> : send NAT-T:IKE packet 192.168.0.4:4500 ->
213.255.79.172:4500 ( 108 bytes )
10/01/05 01:10:20 DB : phase2 not found
10/01/05 01:10:20 <- : recv NAT-T:IKE packet 213.255.79.172:4500 ->
192.168.0.4:4500 ( 116 bytes )
10/01/05 01:10:20 DB : phase1 found
10/01/05 01:10:20 ii : processing config packet ( 116 bytes )
10/01/05 01:10:20 DB : config not found
10/01/05 01:10:20 DB : config added ( obj count = 1 )
10/01/05 01:10:20 == : new config iv ( 8 bytes )
10/01/05 01:10:20 =< : cookies b884b435e4cb96a5:565ceabf68958ba8
10/01/05 01:10:20 =< : message 9c2fb287
10/01/05 01:10:20 =< : decrypt iv ( 8 bytes )
10/01/05 01:10:20 == : decrypt packet ( 116 bytes )
10/01/05 01:10:20 <= : trimmed packet padding ( 4 bytes )
10/01/05 01:10:20 <= : stored iv ( 8 bytes )
10/01/05 01:10:20 << : hash payload
10/01/05 01:10:20 << : attribute payload
10/01/05 01:10:20 == : configure hash_i ( computed ) ( 16 bytes )
10/01/05 01:10:20 == : configure hash_c ( computed ) ( 16 bytes )
10/01/05 01:10:20 ii : configure hash verified
10/01/05 01:10:20 ii : - xauth authentication type
10/01/05 01:10:20 ii : - xauth username
10/01/05 01:10:20 !! : warning, unhandled xauth attribute 16526
10/01/05 01:10:20 ii : - xauth password
10/01/05 01:10:20 ii : received basic xauth request - Enter Username,
Password and Domain.
10/01/05 01:10:20 ii : - standard xauth username
10/01/05 01:10:20 ii : - standard xauth password
10/01/05 01:10:20 ii : sending xauth response for novil
10/01/05 01:10:20 >> : hash payload
10/01/05 01:10:20 >> : attribute payload
10/01/05 01:10:20 == : new configure hash ( 16 bytes )
10/01/05 01:10:20 >= : cookies b884b435e4cb96a5:565ceabf68958ba8
10/01/05 01:10:20 >= : message 9c2fb287
10/01/05 01:10:20 >= : encrypt iv ( 8 bytes )
10/01/05 01:10:20 == : encrypt packet ( 81 bytes )
10/01/05 01:10:20 == : stored iv ( 8 bytes )
10/01/05 01:10:20 -> : send NAT-T:IKE packet 192.168.0.4:4500 ->
213.255.79.172:4500 ( 116 bytes )
10/01/05 01:10:20 DB : config resend event scheduled ( ref count = 2 )
10/01/05 01:10:20 <- : recv NAT-T:IKE packet 213.255.79.172:4500 ->
192.168.0.4:4500 ( 60 bytes )
10/01/05 01:10:20 DB : phase1 found
10/01/05 01:10:20 ii : processing config packet ( 60 bytes )
10/01/05 01:10:20 DB : config found
10/01/05 01:10:20 == : new config iv ( 8 bytes )
10/01/05 01:10:20 =< : cookies b884b435e4cb96a5:565ceabf68958ba8
10/01/05 01:10:20 =< : message 1375c751
10/01/05 01:10:20 =< : decrypt iv ( 8 bytes )
10/01/05 01:10:20 == : decrypt packet ( 60 bytes )
10/01/05 01:10:20 <= : stored iv ( 8 bytes )
10/01/05 01:10:20 << : hash payload
10/01/05 01:10:20 << : attribute payload
10/01/05 01:10:20 == : configure hash_i ( computed ) ( 16 bytes )
10/01/05 01:10:20 == : configure hash_c ( computed ) ( 16 bytes )
10/01/05 01:10:20 ii : configure hash verified
10/01/05 01:10:20 ii : received xauth result -
10/01/05 01:10:20 ii : user novil authentication succeeded
10/01/05 01:10:20 ii : sending xauth acknowledge
10/01/05 01:10:20 >> : hash payload
10/01/05 01:10:20 >> : attribute payload
10/01/05 01:10:20 == : new configure hash ( 16 bytes )
10/01/05 01:10:20 >= : cookies b884b435e4cb96a5:565ceabf68958ba8
10/01/05 01:10:20 >= : message 1375c751
10/01/05 01:10:20 >= : encrypt iv ( 8 bytes )
10/01/05 01:10:20 == : encrypt packet ( 56 bytes )
10/01/05 01:10:20 == : stored iv ( 8 bytes )
10/01/05 01:10:20 DB : config resend event canceled ( ref count = 1 )
10/01/05 01:10:20 -> : send NAT-T:IKE packet 192.168.0.4:4500 ->
213.255.79.172:4500 ( 92 bytes )
10/01/05 01:10:20 DB : config resend event scheduled ( ref count = 2 )
10/01/05 01:10:20 ii : building config attribute list
10/01/05 01:10:20 ii : - IP4 Address
10/01/05 01:10:20 ii : - Address Expiry
10/01/05 01:10:20 ii : - IP4 Netamask
10/01/05 01:10:20 ii : - IP4 DNS Server
10/01/05 01:10:20 ii : - IP4 WINS Server
10/01/05 01:10:20 ii : - DNS Suffix
10/01/05 01:10:20 ii : - Split DNS Domain
10/01/05 01:10:20 ii : - IP4 Split Network Include
10/01/05 01:10:20 ii : - IP4 Split Network Exclude
10/01/05 01:10:20 ii : - Login Banner
10/01/05 01:10:20 ii : - Save Password
10/01/05 01:10:20 == : new config iv ( 8 bytes )
10/01/05 01:10:20 ii : sending config pull request
10/01/05 01:10:20 >> : hash payload
10/01/05 01:10:20 >> : attribute payload
10/01/05 01:10:20 == : new configure hash ( 16 bytes )
10/01/05 01:10:20 >= : cookies b884b435e4cb96a5:565ceabf68958ba8
10/01/05 01:10:20 >= : message f60c55da
10/01/05 01:10:20 >= : encrypt iv ( 8 bytes )
10/01/05 01:10:20 == : encrypt packet ( 100 bytes )
10/01/05 01:10:20 == : stored iv ( 8 bytes )
10/01/05 01:10:20 DB : config resend event canceled ( ref count = 1 )
10/01/05 01:10:20 -> : send NAT-T:IKE packet 192.168.0.4:4500 ->
213.255.79.172:4500 ( 132 bytes )
10/01/05 01:10:20 DB : config resend event scheduled ( ref count = 2 )
10/01/05 01:10:20 <- : recv NAT-T:IKE packet 213.255.79.172:4500 ->
192.168.0.4:4500 ( 132 bytes )
10/01/05 01:10:20 DB : phase1 found
10/01/05 01:10:20 ii : processing config packet ( 132 bytes )
10/01/05 01:10:20 DB : config found
10/01/05 01:10:20 =< : cookies b884b435e4cb96a5:565ceabf68958ba8
10/01/05 01:10:20 =< : message f60c55da
10/01/05 01:10:20 =< : decrypt iv ( 8 bytes )
10/01/05 01:10:20 == : decrypt packet ( 132 bytes )
10/01/05 01:10:20 <= : trimmed packet padding ( 6 bytes )
10/01/05 01:10:20 <= : stored iv ( 8 bytes )
10/01/05 01:10:20 << : hash payload
10/01/05 01:10:20 << : attribute payload
10/01/05 01:10:20 == : configure hash_i ( computed ) ( 16 bytes )
10/01/05 01:10:20 == : configure hash_c ( computed ) ( 16 bytes )
10/01/05 01:10:20 ii : configure hash verified
10/01/05 01:10:20 ii : received config pull response
10/01/05 01:10:20 ii : - IP4 Address = 10.16.98.1
10/01/05 01:10:20 ii : - IP4 Netmask = 255.255.255.224
10/01/05 01:10:20 ii : - IP4 DNS Server = 10.16.112.36
10/01/05 01:10:20 ii : - IP4 DNS Server = 10.16.112.40
10/01/05 01:10:20 ii : - IP4 WINS Server = 10.16.112.2
10/01/05 01:10:20 ii : - IP4 WINS Server = 10.16.112.3
10/01/05 01:10:20 ii : - Save Password = 0
10/01/05 01:10:20 ii : - DNS Suffix = atr.ansaldo.it
10/01/05 01:10:20 DB : config resend event canceled ( ref count = 1 )
10/01/05 01:10:20 ii : waiting for vnet to arrive ...
10/01/05 01:10:21 !! : VNET adapter MTU defaulted to 1500.
10/01/05 01:10:21 ii : enabled adapter ROOT\VNET\0000
10/01/05 01:10:21 ii : creating NONE INBOUND policy ANY:213.255.79.172:*
->
ANY:192.168.0.4:*
10/01/05 01:10:21 DB : policy added ( obj count = 1 )
10/01/05 01:10:21 K> : send pfkey X_SPDADD UNSPEC message
10/01/05 01:10:21 ii : creating NONE OUTBOUND policy ANY:192.168.0.4:*
->
ANY:213.255.79.172:*
10/01/05 01:10:21 K< : recv pfkey X_SPDADD UNSPEC message
10/01/05 01:10:21 DB : policy found
10/01/05 01:10:21 ii : created NONE policy route for 213.255.79.172/32
10/01/05 01:10:21 DB : policy added ( obj count = 2 )
10/01/05 01:10:21 K> : send pfkey X_SPDADD UNSPEC message
10/01/05 01:10:21 ii : creating IPSEC INBOUND policy ANY:0.0.0.0/0:* ->
ANY:10.16.98.1:*
10/01/05 01:10:21 DB : policy added ( obj count = 3 )
10/01/05 01:10:21 K> : send pfkey X_SPDADD UNSPEC message
10/01/05 01:10:21 ii : creating IPSEC OUTBOUND policy ANY:10.16.98.1:*
->
ANY:0.0.0.0/0:*
10/01/05 01:10:21 ii : created IPSEC policy route for 0.0.0.0
10/01/05 01:10:21 DB : policy added ( obj count = 4 )
10/01/05 01:10:21 K> : send pfkey X_SPDADD UNSPEC message
10/01/05 01:10:21 ii : split DNS bypassed ( no split domains defined )
10/01/05 01:10:21 K< : recv pfkey X_SPDADD UNSPEC message
10/01/05 01:10:21 DB : policy found
10/01/05 01:10:21 ii : calling init phase2 for initial policy
10/01/05 01:10:21 DB : policy found
10/01/05 01:10:21 DB : policy not found
10/01/05 01:10:21 !! : unable to locate inbound policy for init phase2
10/01/05 01:10:21 K< : recv pfkey X_SPDADD UNSPEC message
10/01/05 01:10:21 DB : policy found
10/01/05 01:10:21 K< : recv pfkey X_SPDADD UNSPEC message
10/01/05 01:10:21 DB : policy found
10/01/05 01:10:24 K< : recv pfkey ACQUIRE UNSPEC message
10/01/05 01:10:24 DB : policy found
10/01/05 01:10:24 DB : policy found
10/01/05 01:10:24 DB : tunnel found
10/01/05 01:10:24 DB : new phase2 ( IPSEC initiator )
10/01/05 01:10:24 DB : phase2 added ( obj count = 1 )
10/01/05 01:10:24 K> : send pfkey GETSPI ESP message
10/01/05 01:10:24 K< : recv pfkey GETSPI ESP message
10/01/05 01:10:24 DB : phase2 found
10/01/05 01:10:24 ii : updated spi for 1 ipsec-esp proposal
10/01/05 01:10:24 DB : phase1 found
10/01/05 01:10:24 >> : hash payload
10/01/05 01:10:24 >> : security association payload
10/01/05 01:10:24 >> : - proposal #1 payload
10/01/05 01:10:24 >> : -- transform #1 payload
10/01/05 01:10:24 >> : -- transform #2 payload
10/01/05 01:10:24 >> : -- transform #3 payload
10/01/05 01:10:24 >> : -- transform #4 payload
10/01/05 01:10:24 >> : -- transform #5 payload
10/01/05 01:10:24 >> : -- transform #6 payload
10/01/05 01:10:24 >> : -- transform #7 payload
10/01/05 01:10:24 >> : -- transform #8 payload
10/01/05 01:10:24 >> : -- transform #9 payload
10/01/05 01:10:24 >> : -- transform #10 payload
10/01/05 01:10:24 >> : -- transform #11 payload
10/01/05 01:10:24 >> : -- transform #12 payload
10/01/05 01:10:24 >> : -- transform #13 payload
10/01/05 01:10:24 >> : -- transform #14 payload
10/01/05 01:10:24 >> : -- transform #15 payload
10/01/05 01:10:24 >> : -- transform #16 payload
10/01/05 01:10:24 >> : -- transform #17 payload
10/01/05 01:10:24 >> : -- transform #18 payload
10/01/05 01:10:24 >> : nonce payload
10/01/05 01:10:24 >> : key exchange payload
10/01/05 01:10:24 >> : identification payload
10/01/05 01:10:24 >> : identification payload
10/01/05 01:10:24 == : phase2 hash_i ( input ) ( 836 bytes )
10/01/05 01:10:24 == : phase2 hash_i ( computed ) ( 16 bytes )
10/01/05 01:10:24 == : new phase2 iv ( 8 bytes )
10/01/05 01:10:24 >= : cookies b884b435e4cb96a5:565ceabf68958ba8
10/01/05 01:10:24 >= : message 25857ede
10/01/05 01:10:24 >= : encrypt iv ( 8 bytes )
10/01/05 01:10:24 == : encrypt packet ( 880 bytes )
10/01/05 01:10:24 == : stored iv ( 8 bytes )
10/01/05 01:10:24 -> : send NAT-T:IKE packet 192.168.0.4:4500 ->
213.255.79.172:4500 ( 916 bytes )
10/01/05 01:10:24 DB : phase2 resend event scheduled ( ref count = 2 )
10/01/05 01:10:24 <- : recv NAT-T:IKE packet 213.255.79.172:4500 ->
192.168.0.4:4500 ( 76 bytes )
10/01/05 01:10:24 DB : phase1 found
10/01/05 01:10:24 ii : processing informational packet ( 76 bytes )
10/01/05 01:10:24 == : new informational iv ( 8 bytes )
10/01/05 01:10:24 =< : cookies b884b435e4cb96a5:565ceabf68958ba8
10/01/05 01:10:24 =< : message a42e8334
10/01/05 01:10:24 =< : decrypt iv ( 8 bytes )
10/01/05 01:10:24 == : decrypt packet ( 76 bytes )
10/01/05 01:10:24 <= : stored iv ( 8 bytes )
10/01/05 01:10:24 << : hash payload
10/01/05 01:10:24 << : delete payload
10/01/05 01:10:24 == : informational hash_i ( computed ) ( 16 bytes )
10/01/05 01:10:24 == : informational hash_c ( received ) ( 16 bytes )
10/01/05 01:10:24 ii : informational hash verified
10/01/05 01:10:24 ii : received peer DELETE message
10/01/05 01:10:24 ii : - 213.255.79.172:4500 -> 192.168.0.4:4500
10/01/05 01:10:24 ii : - isakmp spi = b884b435e4cb96a5:565ceabf68958ba8
10/01/05 01:10:24 DB : phase1 found
10/01/05 01:10:24 ii : cleanup, marked phase1
b884b435e4cb96a5:565ceabf68958ba8 for removal
10/01/05 01:10:24 DB : phase1 soft event canceled ( ref count = 4 )
10/01/05 01:10:24 DB : phase1 hard event canceled ( ref count = 3 )
10/01/05 01:10:24 DB : phase1 dead event canceled ( ref count = 2 )
10/01/05 01:10:24 DB : config deleted ( obj count = 0 )
10/01/05 01:10:24 ii : phase1 removal before expire time
10/01/05 01:10:24 DB : phase1 not found
10/01/05 01:10:24 DB : phase1 deleted ( obj count = 0 )
10/01/05 01:10:24 DB : policy found
10/01/05 01:10:24 ii : removing IPSEC INBOUND policy ANY:0.0.0.0/0:* ->
ANY:10.16.98.1:*
10/01/05 01:10:24 K> : send pfkey X_SPDDELETE2 UNSPEC message
10/01/05 01:10:24 DB : policy found
10/01/05 01:10:24 ii : removing IPSEC OUTBOUND policy ANY:10.16.98.1:*
->
ANY:0.0.0.0/0:*
10/01/05 01:10:24 K> : send pfkey X_SPDDELETE2 UNSPEC message
10/01/05 01:10:24 K< : recv pfkey X_SPDDELETE2 UNSPEC message
10/01/05 01:10:24 ii : removed IPSEC policy route for ANY:0.0.0.0/0:*
10/01/05 01:10:24 DB : policy found
10/01/05 01:10:24 ii : removing NONE INBOUND policy ANY:213.255.79.172:*
->
ANY:192.168.0.4:*
10/01/05 01:10:24 K> : send pfkey X_SPDDELETE2 UNSPEC message
10/01/05 01:10:24 DB : policy found
10/01/05 01:10:24 ii : removing NONE OUTBOUND policy ANY:192.168.0.4:*
->
ANY:213.255.79.172:*
10/01/05 01:10:24 K> : send pfkey X_SPDDELETE2 UNSPEC message
10/01/05 01:10:24 ii : removed NONE policy route for
ANY:213.255.79.172:*
10/01/05 01:10:24 DB : policy found
10/01/05 01:10:24 DB : policy deleted ( obj count = 3 )
10/01/05 01:10:24 K< : recv pfkey X_SPDDELETE2 UNSPEC message
10/01/05 01:10:24 DB : policy found
10/01/05 01:10:24 DB : policy deleted ( obj count = 2 )
10/01/05 01:10:24 K< : recv pfkey X_SPDDELETE2 UNSPEC message
10/01/05 01:10:24 DB : policy found
10/01/05 01:10:24 DB : policy deleted ( obj count = 1 )
10/01/05 01:10:24 K< : recv pfkey X_SPDDELETE2 UNSPEC message
10/01/05 01:10:24 DB : policy found
10/01/05 01:10:24 DB : policy deleted ( obj count = 0 )
10/01/05 01:10:24 ii : disabled adapter ROOT\VNET\0000
10/01/05 01:10:24 DB : tunnel dpd event canceled ( ref count = 4 )
10/01/05 01:10:24 DB : tunnel natt event canceled ( ref count = 3 )
10/01/05 01:10:24 DB : tunnel stats event canceled ( ref count = 2 )
10/01/05 01:10:24 DB : removing tunnel config references
10/01/05 01:10:24 DB : removing tunnel phase2 references
10/01/05 01:10:24 DB : phase2 resend event canceled ( ref count = 1 )
10/01/05 01:10:24 ii : phase2 removal before expire time
10/01/05 01:10:24 DB : phase2 deleted ( obj count = 0 )
10/01/05 01:10:24 DB : removing tunnel phase1 references
10/01/05 01:10:24 DB : tunnel deleted ( obj count = 0 )
10/01/05 01:10:25 DB : removing all peer tunnel refrences
10/01/05 01:10:25 DB : peer deleted ( obj count = 0 )
10/01/05 01:10:25 ii : ipc client process thread exit ...
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.shrew.net/pipermail/vpn-help/attachments/20100105/54e4e915/
attac
hment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: iked.log
Type: application/octet-stream
Size: 208912 bytes
Desc: not available
Url :
http://lists.shrew.net/pipermail/vpn-help/attachments/20100105/54e4e915/
attac
hment.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipsec.log
Type: application/octet-stream
Size: 109006 bytes
Desc: not available
Url :
http://lists.shrew.net/pipermail/vpn-help/attachments/20100105/54e4e915/
attac
hment-0001.obj 

------------------------------

_______________________________________________
vpn-help mailing list
vpn-help at lists.shrew.net
http://lists.shrew.net/mailman/listinfo/vpn-help


End of vpn-help Digest, Vol 40, Issue 3
***************************************

More information about the vpn-help mailing list