<div dir="ltr"><style type="text/css"><!--
@page { size: 21cm 29.7cm; margin: 2cm }
P { margin-bottom: 0.21cm }
-->
</style>
<p style="margin-bottom: 0cm;">Hi Matthew,</p>
<p style="margin-bottom: 0.5cm;"><br>With you changes, I am able to
create a new connection by specifying FQDN in authentication, group1
and group2 configuration etc and save the configuration. If I want to
edit the saved configuration to change from FQDN to User FQDN, these
options are not available in the Authentication tab. It is only
available when I add a new connection, not available during edit.</p>
<div class="gmail_quote"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
It looks like phase1 is completing but phase2 is not being attempted. Your router log showed that it received a delete message from the client in its log output. Does that happen when you click dis-connect or does the client eventually show an error message?<br>
<br>
It looks like we need to figure out why the client is not attempting to initiate a phase2 exchange. What does your site configuration show in the policy tab?</blockquote><div><br>
<meta http-equiv="CONTENT-TYPE" content="text/html; charset=utf-8">
<title></title>
<meta name="GENERATOR" content="OpenOffice.org 2.4 (Linux)">
<style type="text/css">
<!--
@page { size: 21cm 29.7cm; margin: 2cm }
P { margin-bottom: 0.21cm }
-->
</style>
<p> In the policy tab, Obtain Topology automatically or
Tunnel... is selected. <br></p></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><br>
<br>
It would also be helpful to review the debug level output from the ike daemon. Here is some documentation on how to bump up the log level for submitting a bug report ...<br>
<br>
<a href="http://www.shrew.net/support/wiki/BugReportVpnUnix" target="_blank">http://www.shrew.net/support/wiki/BugReportVpnUnix</a></blockquote><div><br>
<meta http-equiv="CONTENT-TYPE" content="text/html; charset=utf-8">
<title></title>
<meta name="GENERATOR" content="OpenOffice.org 2.4 (Linux)">
<style type="text/css">
<!--
@page { size: 21cm 29.7cm; margin: 2cm }
P { margin-bottom: 0.21cm }
TD P { margin-bottom: 0cm }
TH P { margin-bottom: 0cm }
-->
</style>
<p style="margin-bottom: 0cm;">I have enabled debug level. The
following are the observation under different scenarios in ubuntu
8.04.<br><br>Case 1:<br><br>New connection creating with your
changes. The following is what logged on the vpn router. I have
attached iked-case1.log which contains debug messages. The delete was done manually using disconnect.<br></p><p style="margin-bottom: 0cm;"><br></p>
<table width="100%" border="1" cellpadding="2" cellspacing="3">
<col width="47">
<col width="69">
<col width="140">
<tbody><tr bgcolor="#b3b3b3">
<th width="18%">
<center>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<col width="51">
<col width="154">
<col width="51">
<tbody><tr>
<th width="20%">
<p><font size="1"><br></font>
</p>
</th>
<th width="60%">
<p><font size="1" face="verdana">Time</font>
</p>
</th>
<th width="20%">
<p><font size="1"><img src="http://122.166.6.229:8080/images_rv042/cend_0.gif" name="graphics1" width="10" align="bottom" border="0" height="9"></font></p>
</th>
</tr>
</tbody></table>
</center>
<p><font size="1"><br></font>
</p>
</th>
<th width="27%">
<p align="center"><font size="1" face="verdana">Event-Type</font></p>
</th>
<th width="55%">
<p align="center"><font size="1" face="verdana">Message</font></p>
</th>
</tr>
<tr>
<td width="18%">
<p align="center"><font size="1">Aug 21 23:36:44 2008</font></p>
</td>
<td width="27%">
<p><font size="1"> </font><font size="1">VPN Log</font></p>
</td>
<td width="55%">
<p><font size="1"> </font><font size="1">Received Vendor ID payload Type =
[draft-ietf-ipsec-nat-t-ike-00] </font>
</p>
</td>
</tr>
<tr>
<td width="18%">
<p align="center"><font size="1">Aug 21 23:36:44 2008</font></p>
</td>
<td width="27%">
<p><font size="1"> </font><font size="1">VPN Log</font></p>
</td>
<td width="55%">
<p><font size="1"> </font><font size="1">Ignoring Vendor ID payload
[16f6ca16e4a4066d...] </font>
</p>
</td>
</tr>
<tr>
<td width="18%">
<p align="center"><font size="1">Aug 21 23:36:44 2008</font></p>
</td>
<td width="27%">
<p><font size="1"> </font><font size="1">VPN Log</font></p>
</td>
<td width="55%">
<p><font size="1"> </font><font size="1">Received Vendor ID payload Type =
[draft-ietf-ipsec-nat-t-ike-02_n] </font>
</p>
</td>
</tr>
<tr>
<td width="18%">
<p align="center"><font size="1">Aug 21 23:36:44 2008</font></p>
</td>
<td width="27%">
<p><font size="1"> </font><font size="1">VPN Log</font></p>
</td>
<td width="55%">
<p><font size="1"> </font><font size="1">Received Vendor ID payload Type =
[draft-ietf-ipsec-nat-t-ike-03] </font>
</p>
</td>
</tr>
<tr>
<td width="18%">
<p align="center"><font size="1">Aug 21 23:36:44 2008</font></p>
</td>
<td width="27%">
<p><font size="1"> </font><font size="1">VPN Log</font></p>
</td>
<td width="55%">
<p><font size="1"> </font><font size="1">Ignoring Vendor ID payload
[4a131c8107035845...] </font>
</p>
</td>
</tr>
<tr>
<td width="18%">
<p align="center"><font size="1">Aug 21 23:36:44 2008</font></p>
</td>
<td width="27%">
<p><font size="1"> </font><font size="1">VPN Log</font></p>
</td>
<td width="55%">
<p><font size="1"> </font><font size="1">Ignoring Vendor ID payload
[4048b7d56ebce885...] </font>
</p>
</td>
</tr>
<tr>
<td width="18%">
<p align="center"><font size="1">Aug 21 23:36:44 2008</font></p>
</td>
<td width="27%">
<p><font size="1"> </font><font size="1">VPN Log</font></p>
</td>
<td width="55%">
<p><font size="1"> </font><font size="1">Received Vendor ID payload Type =
[Dead Peer Detection] </font>
</p>
</td>
</tr>
<tr>
<td width="18%">
<p align="center"><font size="1">Aug 21 23:36:44 2008</font></p>
</td>
<td width="27%">
<p><font size="1"> </font><font size="1">VPN Log</font></p>
</td>
<td width="55%">
<p><font size="1"> </font><font size="1">Ignoring Vendor ID payload
[f14b94b7bff1fef0...] </font>
</p>
</td>
</tr>
<tr>
<td width="18%">
<p align="center"><font size="1">Aug 21 23:36:44 2008</font></p>
</td>
<td width="27%">
<p><font size="1"> </font><font size="1">VPN Log</font></p>
</td>
<td width="55%">
<p><font size="1"> </font><font size="1">Ignoring Vendor ID payload Type =
[Cisco-Unity] </font>
</p>
</td>
</tr>
<tr>
<td width="18%">
<p align="center"><font size="1">Aug 21 23:36:44 2008</font></p>
</td>
<td width="27%">
<p><font size="1"> </font><font size="1">VPN Log</font></p>
</td>
<td width="55%">
<p><font size="1"> </font><font size="1">Ignoring Vendor ID payload
[166f932d55eb64d8...] </font>
</p>
</td>
</tr>
<tr>
<td width="18%">
<p align="center"><font size="1">Aug 21 23:36:44 2008</font></p>
</td>
<td width="27%">
<p><font size="1"> </font><font size="1">VPN Log</font></p>
</td>
<td width="55%">
<p><font size="1"> </font><font size="1">Ignoring Vendor ID payload
[8404adf9cda05760...] </font>
</p>
</td>
</tr>
<tr>
<td width="18%">
<p align="center"><font size="1">Aug 21 23:36:44 2008</font></p>
</td>
<td width="27%">
<p><font size="1"> </font><font size="1">VPN Log</font></p>
</td>
<td width="55%">
<p><font size="1"> </font><font size="1">Ignoring Vendor ID payload
[f4ed19e0c114eb51...] </font>
</p>
</td>
</tr>
<tr>
<td width="18%">
<p align="center"><font size="1">Aug 21 23:36:44 2008</font></p>
</td>
<td width="27%">
<p><font size="1"> </font><font size="1">VPN Log</font></p>
</td>
<td width="55%">
<p><font size="1"> </font><font size="1">[Tunnel Negotiation Info] <<<
Responder Received Aggressive Mode 1st packet </font>
</p>
</td>
</tr>
<tr>
<td width="18%">
<p align="center"><font size="1">Aug 21 23:36:44 2008</font></p>
</td>
<td width="27%">
<p><font size="1"> </font><font size="1">VPN Log</font></p>
</td>
<td width="55%">
<p><font size="1"> </font><font size="1">Aggressive mode peer ID is
ID_USER_FQDN: 'xx@xx.xxx' </font>
</p>
</td>
</tr>
<tr>
<td width="18%">
<p align="center"><font size="1">Aug 21 23:36:44 2008</font></p>
</td>
<td width="27%">
<p><font size="1"> </font><font size="1">VPN Log</font></p>
</td>
<td width="55%">
<p><font size="1"> </font><font size="1">Responding to Aggressive Mode from
xx.xx.xx.xxx </font>
</p>
</td>
</tr>
<tr>
<td width="18%">
<p align="center"><font size="1">Aug 21 23:36:44 2008</font></p>
</td>
<td width="27%">
<p><font size="1"> </font><font size="1">VPN Log</font></p>
</td>
<td width="55%">
<p><font size="1"> </font><font size="1">[Tunnel Negotiation Info] >>>
Responder Send Aggressive Mode 2nd packet </font>
</p>
</td>
</tr>
<tr>
<td width="18%">
<p align="center"><font size="1">Aug 21 23:36:44 2008</font></p>
</td>
<td width="27%">
<p><font size="1"> </font><font size="1">VPN Log</font></p>
</td>
<td width="55%">
<p><font size="1"> </font><font size="1">[Tunnel Negotiation Info] <<<
Responder Received Aggressive Mode 3rd packet </font>
</p>
</td>
</tr>
<tr>
<td width="18%">
<p align="center"><font size="1">Aug 21 23:36:44 2008</font></p>
</td>
<td width="27%">
<p><font size="1"> </font><font size="1">VPN Log</font></p>
</td>
<td width="55%">
<p><font size="1"> </font><font size="1">Aggressive mode peer ID is
ID_USER_FQDN: 'xx@xx.xx' </font>
</p>
</td>
</tr>
<tr>
<td width="18%">
<p align="center"><font size="1">Aug 21 23:36:44 2008</font></p>
</td>
<td width="27%">
<p><font size="1"> </font><font size="1">VPN Log</font></p>
</td>
<td width="55%">
<p><font size="1"> </font><font size="1">[Tunnel Negotiation Info] Aggressive
Mode Phase 1 SA Established </font>
</p>
</td>
</tr>
<tr>
<td width="18%">
<p align="center"><font size="1">Aug 21 23:36:44 2008</font></p>
</td>
<td width="27%">
<p><font size="1"> </font><font size="1">VPN Log</font></p>
</td>
<td width="55%">
<p><font size="1"> </font><font size="1">[Tunnel Negotiation Info] Initiator
Cookies = 67c8 76e5 4b10 e8f1 </font>
</p>
</td>
</tr>
<tr>
<td width="18%">
<p align="center"><font size="1">Aug 21 23:36:44 2008</font></p>
</td>
<td width="27%">
<p><font size="1"> </font><font size="1">VPN Log</font></p>
</td>
<td width="55%">
<p><font size="1"> </font><font size="1">[Tunnel Negotiation Info] Responder
Cookies = a88f de12 1dd7 841a </font>
</p>
</td>
</tr>
<tr>
<td width="18%">
<p align="center"><font size="1">Aug 21 23:36:44 2008</font></p>
</td>
<td width="27%">
<p><font size="1"> </font><font size="1">VPN Log</font></p>
</td>
<td width="55%">
<p><font size="1"> </font><font size="1">Received informational payload, type
IPSEC_INITIAL_CONTACT </font>
</p>
</td>
</tr>
<tr>
<td width="18%">
<p align="center"><font size="1">Aug 21 23:36:56 2008</font></p>
</td>
<td width="27%">
<p><font size="1"> </font><font size="1">VPN Log</font></p>
</td>
<td width="55%">
<p><font size="1"> </font><font size="1">[Tunnel Negotiation Info] <<<
Responder Received Quick Mode 1st packet </font>
</p>
</td>
</tr>
<tr>
<td width="18%">
<p align="center"><font size="1">Aug 21 23:36:56 2008</font></p>
</td>
<td width="27%">
<p><font size="1"> </font><font size="1">VPN Log</font></p>
</td>
<td width="55%">
<p><font size="1"> </font><font size="1">we require PFS but Quick I1 SA
specifies no GROUP_DESCRIPTION </font>
</p>
</td>
</tr>
<tr>
<td width="18%">
<p align="center"><font size="1">Aug 21 23:37:06 2008</font></p>
</td>
<td width="27%">
<p><font size="1"> </font><font size="1">VPN Log</font></p>
</td>
<td width="55%">
<p><font size="1"> </font><font size="1">Quick Mode I1 message is unacceptable
because it uses a previously used Message ID 0x141e7660 (perhaps
this is a duplicated packet) </font>
</p>
</td>
</tr>
</tbody></table><br>
<meta http-equiv="CONTENT-TYPE" content="text/html; charset=utf-8">
<title></title>
<meta name="GENERATOR" content="OpenOffice.org 2.4 (Linux)">
<style type="text/css">
<!--
@page { size: 21cm 29.7cm; margin: 2cm }
TD P { margin-bottom: 0cm }
TH P { margin-bottom: 0cm }
P { margin-bottom: 0.21cm }
--></style><br>Best Regards<br>Prakash<br></div></div><br></div>