[vpn-help] Cannot access VPN resources
Kevin VPN
kvpn at live.com
Thu Jan 26 21:47:51 CST 2012
On 01/26/2012 08:38 AM, Daniele Comand wrote:
> Phase 1 appears to connect and I get the 'Tunnel enabled' message, however,
> I cannot ping or access any remote IP addresses.
> I tried both the client versions 2.1.7 and 2.2.0, with almost identical
> results.
>> From another Windows XP machine with a Cisco client I can connect.
> In the IKED.log debug file I find this message:
> "12/01/25 20:07:08!: Peer violates RFC number transform mismatch (1! = 14)"
> Can you help me to get the VPN works?
>
> VPN Client Version = 2.1.7 e 2.2.0
> Windows OS Version = Windows 7 64-bit
> Gateway Make/Model = CISCO PIX
> Gateway OS Version = unknown
>
Hi Daniele,
The problem is that the Phase2 negotiation is failing. According to the
iked.log you provided, Phase1, XAuth and client configuration succeed,
but Phase2 fails.
You'll need to contact the VPN gateway administrator to find out why
Phase2 is failing. It is probably because some of the settings in the
Shrew client do not match what the Cisco requires.
iked.log:
12/01/25 20:07:08 ii : phase1 sa established
...
12/01/25 20:07:08 ii : received basic xauth request -
12/01/25 20:07:08 ii : - standard xauth username
12/01/25 20:07:08 ii : - standard xauth password
12/01/25 20:07:08 ii : sending xauth response for comand
12/01/25 20:07:08 ii : received xauth result -
12/01/25 20:07:08 ii : user comand authentication succeeded
...
12/01/25 20:07:08 ii : sending config pull request
12/01/25 20:07:08 ii : processing config packet ( 76 bytes )
12/01/25 20:07:08 DB : config found
12/01/25 20:07:08 ii : received config pull response
12/01/25 20:07:08 ii : - IP4 Address = 192.168.61.6
...
12/01/25 20:07:24 -> : resend 1 phase2 packet(s) [2/2] 10.168.89.206:500
-> ??.???.???.?:500
12/01/25 20:07:27 -> : resend 1 phase2 packet(s) [2/2] 10.168.89.206:500
-> ??.???.???.?:500
12/01/25 20:07:29 ii : resend limit exceeded for phase2 exchange
12/01/25 20:07:29 ii : phase2 removal before expire time
12/01/25 20:07:29 DB : phase2 deleted ( obj count = 1 )
More information about the vpn-help
mailing list