<html><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:12pt"><div style="" class=""><span style="" class=""><br class="" style="">Hello</span></div><div class="" style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif; background-color: transparent; font-style: normal;"><br style="" class=""><span style="" class=""></span></div><div class="" style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif; background-color: transparent; font-style: normal;"><span style="" class="">I am using VPN client 2.2.1 on xubuntu 14.04. And I am stuck trying to get past phase 2 to a cisco IOS crypto map.</span></div><div class="" style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue,Helvetica
Neue,Helvetica,Arial,Lucida Grande,sans-serif; background-color: transparent; font-style: normal;"><br style="" class=""><span style="" class=""></span></div><div class="" style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif; background-color: transparent; font-style: normal;"><span style="" class="">I'm not sure if I have the network interface for </span>tap0 configured correctly? not sure what to change on the vpn client next. appreciate any help. <br style="" class=""></div><div class="" style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif; background-color: transparent; font-style: normal;"><br style="" class=""></div><div class="" style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif;
background-color: transparent; font-style: normal;">thank you<br style="" class=""></div><div class="" style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif; background-color: transparent; font-style: normal;"><br style="" class=""></div><div class="" style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif; background-color: transparent; font-style: normal;">My iked.log shows numerous DPD ARE-YOU-THERE messages. <br style="" class=""></div><div class="" style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif; background-color: transparent; font-style: normal;"><br style="" class="">14/07/14 16:17:24 >= : message 370c044c<br style="" class="">14/07/14 16:17:24 >= : encrypt iv ( 16 bytes )<br style="" class="">14/07/14
16:17:24 == : encrypt packet ( 84 bytes )<br style="" class="">14/07/14 16:17:24 == : stored iv ( 16 bytes )<br style="" class="">14/07/14 16:17:24 -> : send NAT-T:IKE packet 24.144.135.177:4500 -> 205.131.188.61:4500 ( 124 bytes )<br style="" class="">14/07/14 16:17:24 ii : DPD ARE-YOU-THERE sequence 03285c3d requested<br style="" class="">14/07/14 16:17:24 DB : phase1 found<br style="" class="">14/07/14 16:17:24 -> : send NAT-T:KEEP-ALIVE packet 24.144.135.177:4500 -> 205.131.188.61:4500<br style="" class="">14/07/14 16:17:29 -> : resend 1 phase2 packet(s) [1/2] 24.144.135.177:4500 -> 205.131.188.61:4500<br style="" class="">14/07/14 16:17:29 -> : resend 1 phase2 packet(s) [1/2] 24.144.135.177:4500 -> 205.131.188.61:4500<br style="" class="">14/07/14 16:17:29 -> : resend 1 phase2 packet(s) [1/2] 24.144.135.177:4500 -> 205.131.188.61:4500<br style="" class="">14/07/14 16:17:39 DB : phase1 found<br style="" class=""><br
style="" class=""></div><div class="" style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif; background-color: transparent; font-style: normal;"><br style="" class=""></div><div class="" style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif; background-color: transparent; font-style: normal;"><br style="" class=""></div><div class="" style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif; background-color: transparent; font-style: normal;">My routing table changes...</div><div class="" style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif; background-color: transparent; font-style: normal;"><br style="" class=""></div><div class="" style="color: rgb(0, 0, 0);
font-size: 16px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif; background-color: transparent; font-style: normal;">routing before<br style="" class=""># route -n<br style="" class="">Kernel IP routing table<br style="" class="">Destination Gateway Genmask Flags Metric Ref Use Iface<br style="" class="">0.0.0.0 24.144.135.1 0.0.0.0 UG 0 0 0 eth0<br style="" class="">24.144.135.0 0.0.0.0 255.255.255.0 U 0 0 0
eth0<br style="" class="">169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth0<br style="" class=""><br style="" class=""><br style="" class=""># route -n<br style="" class="">Kernel IP routing table<br style="" class="">Destination Gateway Genmask Flags Metric Ref Use Iface<br style="" class="">0.0.0.0 24.144.135.1 0.0.0.0 UG 0 0 0 eth0<br style="" class="">24.144.135.0 0.0.0.0
255.255.255.0 U 0 0 0 eth0<br style="" class="">24.144.135.177 198.18.104.11 255.255.255.255 UGH 0 0 0 tap0<br style="" class="">169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth0<br style="" class="">198.18.0.0 0.0.0.0 255.254.0.0 U 0 0 0 tap0<br style="" class="">205.131.188.61 198.18.104.11 255.255.255.255 UGH 0
0 0 tap0<br style="" class="">205.131.188.61 24.144.135.1 255.255.255.255 UGH 0 0 0 eth0<br style="" class=""></div><div class="" style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif; background-color: transparent; font-style: normal;"><br style="" class=""></div><div class="" style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif; background-color: transparent; font-style: normal;"><br style="" class=""></div><div class="" style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif; background-color: transparent; font-style: normal;"><br style="" class=""></div><div class="" style="color:
rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif; background-color: transparent; font-style: normal;">cisco debug logs shows phase 1 completes. </div><div class="" style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif; background-color: transparent; font-style: normal;"><br style="" class=""></div><div class="" style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif; background-color: transparent; font-style: normal;"><br style="" class="">Jul 14 16:17:17 192.168.3.1 29540503: *Sep 13 19:52:13.519: ISAKMP:(1042):SA authentication status:<br style="" class="">Jul 14 16:17:17 192.168.3.1 29540504: ^Iauthenticated<br style="" class="">Jul 14 16:17:17 192.168.3.1 29540505: *Sep 13 19:52:13.523: ISAKMP:(1042):SA has been authenticated with
24.144.135.177<br style="" class="">Jul 14 16:17:17 192.168.3.1 29540506: *Sep 13 19:52:13.523: ISAKMP:(1042):Detected port floating to port = 4500<br style="" class="">Jul 14 16:17:17 192.168.3.1 29540507: *Sep 13 19:52:13.523: ISAKMP: Trying to insert a peer 172.16.224.61/24.144.135.177/4500/, and inserted successfully 83C59C8C.<br style="" class="">Jul 14 16:17:17 192.168.3.1 29540508: *Sep 13 19:52:13.523: ISAKMP:(1042):Setting UDP ENC peer struct 0x83A49B8C sa= 0x8448E07C<br style="" class="">Jul 14 16:17:17 192.168.3.1 29540509: *Sep 13 19:52:13.527: ISAKMP:(1042):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE<br style="" class="">Jul 14 16:17:17 192.168.3.1 29540510: *Sep 13 19:52:13.527: ISAKMP:(1042):Old State = IKE_R_MM5 New State = IKE_R_MM5 <br style="" class="">Jul 14 16:17:17 192.168.3.1 29540511: <br style="" class="">Jul 14 16:17:17 192.168.3.1 29540512: *Sep 13 19:52:13.531: ISAKMP:(1042):SA is doing pre-shared key
authentication using id type ID_IPV4_ADDR<br style="" class="">Jul 14 16:17:17 192.168.3.1 29540513: *Sep 13 19:52:13.531: ISAKMP (0:1042): ID payload <br style="" class="">Jul 14 16:17:17 192.168.3.1 29540514: ^Inext-payload : 8<br style="" class="">Jul 14 16:17:17 192.168.3.1 29540515: ^Itype : 1 <br style="" class="">Jul 14 16:17:17 192.168.3.1 29540516: ^Iaddress : 172.16.224.61<br style="" class="">Jul 14 16:17:17 192.168.3.1 29540517: <br style="" class="">Jul 14 16:17:17 192.168.3.1 29540518: ^Iprotocol : 17 <br style="" class="">Jul 14 16:17:17 192.168.3.1 29540519: ^Iport : 0 <br style="" class="">Jul 14 16:17:17 192.168.3.1 29540520: ^Ilength : 12<br style="" class="">Jul 14 16:17:17 192.168.3.1 29540521: *Sep 13 19:52:13.531: ISAKMP:(1042):Total payload
length: 12<br style="" class="">Jul 14 16:17:17 192.168.3.1 29540522: *Sep 13 19:52:13.535: ISAKMP:(1042): sending packet to 24.144.135.177 my_port 4500 peer_port 4500 (R) MM_KEY_EXCH<br style="" class="">Jul 14 16:17:17 192.168.3.1 29540523: *Sep 13 19:52:13.535: ISAKMP:(1042):Sending an IKE IPv4 Packet.<br style="" class="">Jul 14 16:17:17 192.168.3.1 29540524: *Sep 13 19:52:13.539: ISAKMP:(1042):Returning Actual lifetime: 3600<br style="" class="">Jul 14 16:17:17 192.168.3.1 29540525: *Sep 13 19:52:13.539: ISAKMP: set new node 1736466818 to QM_IDLE <br style="" class="">Jul 14 16:17:17 192.168.3.1 29540526: *Sep 13 19:52:13.539: ISAKMP:(1042):Sending NOTIFY RESPONDER_LIFETIME protocol 1<br style="" class="">Jul 14 16:17:17 192.168.3.1 29540527: ^Ispi 2209681816, message ID = 1736466818<br style="" class="">Jul 14 16:17:17 192.168.3.1 29540528: *Sep 13 19:52:13.543: ISAKMP:(1042): sending packet to 24.144.135.177 my_port
4500 peer_port 4500 (R) MM_KEY_EXCH<br style="" class="">Jul 14 16:17:17 192.168.3.1 29540529: *Sep 13 19:52:13.543: ISAKMP:(1042):Sending an IKE IPv4 Packet.<br style="" class="">Jul 14 16:17:17 192.168.3.1 29540530: *Sep 13 19:52:13.543: ISAKMP:(1042):purging node 1736466818<br style="" class="">Jul 14 16:17:17 192.168.3.1 29540531: *Sep 13 19:52:13.547: ISAKMP: Sending phase 1 responder lifetime 3600<br style="" class="">Jul 14 16:17:17 192.168.3.1 29540532: <br style="" class="">Jul 14 16:17:17 192.168.3.1 29540533: *Sep 13 19:52:13.547: ISAKMP:(1042):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE<br style="" class="">Jul 14 16:17:17 192.168.3.1 29540534: *Sep 13 19:52:13.547: ISAKMP:(1042):Old State = IKE_R_MM5 New State = IKE_P1_COMPLETE <br style="" class="">Jul 14 16:17:17 192.168.3.1 29540535: <br style="" class="">Jul 14 16:17:17 192.168.3.1 29540536: *Sep 13 19:52:13.551: ISAKMP:(1042):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE<br
style="" class="">Jul 14 16:17:17 192.168.3.1 29540537: *Sep 13 19:52:13.551: ISAKMP:(1042):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE <br style="" class="">Jul 14 16:17:17 192.168.3.1 29540538: <br style="" class="">Jul 14 16:17:17 192.168.3.1 29540539: *Sep 13 19:52:13.587: ISAKMP (0:1042): received packet from 24.144.135.177 dport 4500 sport 4500 Global (R) QM_IDLE <br style="" class="">Jul 14 16:17:17 192.168.3.1 29540540: *Sep 13 19:52:13.587: ISAKMP: set new node -1966322217 to QM_IDLE <br style="" class="">Jul 14 16:17:17 192.168.3.1 29540541: *Sep 13 19:52:13.591: ISAKMP:(1042): processing HASH payload. message ID = -1966322217<br style="" class="">Jul 14 16:17:17 192.168.3.1 29540542: *Sep 13 19:52:13.591: ISAKMP:(1042): processing NOTIFY INITIAL_CONTACT protocol 1<br style="" class="">Jul 14 16:17:17 192.168.3.1 29540543: ^Ispi 0, message ID = -1966322217, sa =
8448E07C<br style="" class="">Jul 14 16:17:17 192.168.3.1 29540544: *Sep 13 19:52:13.591: ISAKMP:(1042):SA authentication status:<br style="" class="">Jul 14 16:17:17 192.168.3.1 29540545: ^Iauthenticated<br style="" class="">Jul 14 16:17:17 192.168.3.1 29540546: *Sep 13 19:52:13.595: ISAKMP:(1042): Process initial contact,<br style="" class="">Jul 14 16:17:17 192.168.3.1 29540547: bring down existing phase 1 and 2 SA's with local 172.16.224.61 remote 24.144.135.177 remote port 4500<br style="" class="">Jul 14 16:17:17 192.168.3.1 29540548: *Sep 13 19:52:13.595: ISAKMP:(1042):deleting node -1966322217 error FALSE reason "Informational (in) state 1"<br style="" class="">Jul 14 16:17:18 192.168.3.1 29540549: *Sep 13 19:52:13.595: ISAKMP:(1042):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY<br style="" class="">Jul 14 16:17:18 192.168.3.1 29540550: *Sep 13 19:52:13.599: ISAKMP:(1042):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE <br style=""
class=""><span style="" class=""></span></div><br style="" class=""></div></body></html>