VPN not working
Michael Vince
mv at roq.com
Fri Feb 10 00:48:08 PST 2006
You can try out this script if you like, it may or may not help.
I created it so I could more easily remember all the VPN knobs that need
to be touched when creating a VPN.
http://www.roq.com/projects/vpnsetup/vpnsetup.pl
Mike
Subhro wrote:
>Hello,
>
>I am trying to connect to my workplace which uses a Cisco IW600. I am
>putting the connect log from the router below.
>
>------
>terminal monitor
>IW600#
>*Feb 3 22:00:44.051: IPSEC(sa_request): ,
> (key eng. msg.) OUTBOUND local= 64.191.227.249, remote= 220.225.82.250,
> local_proxy= 172.16.3.151/255.255.255.255/0/0 (type=1),
> remote_proxy= 192.168.100.0/255.255.255.0/0/0 (type=4),
> protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel),
> lifedur= 3600s and 4608000kb,
> spi= 0x5A88B8A1(1518909601), conn_id= 0, keysize= 0, flags= 0x400B
>*Feb 3 22:00:44.051: ISAKMP: received ke message (1/1)
>*Feb 3 22:00:44.051: ISAKMP:(0:0:N/A:0): SA request profile is (NULL)
>*Feb 3 22:00:44.051: ISAKMP: Created a peer struct for
>220.225.82.250, peer port 500
>*Feb 3 22:00:44.051: ISAKMP: New peer created peer = 0x447C2CF4
>peer_handle = 0x80000286
>*Feb 3 22:00:44.051: ISAKMP: Locking peer struct 0x447C2CF4, IKE
>refcount 1 for isakmp_initiator
>*Feb 3 22:00:44.051: ISAKMP:(0:0:N/A:0):Setting client config settings 448F7964
>*Feb 3 22:00:44.051: ISAKMP: local port 500, remote port 500
>*Feb 3 22:00:44.051: ISAKMP: set new node 0 to QM_IDLE
>*Feb 3 22:00:44.051: ISAKMP: Find a dup sa in the avl tree during
>calling isadb_insert sa = 447DC520
>*Feb 3 22:00:44.051: ISAKMP:(0:0:N/A:0):Can not start Aggressive
>mode, trying Main mode.
>*Feb 3 22:00:44.051: ISAKMP:(0:0:N/A:0):Looking for a matching key
>for 220.225.82.250 in default
>*Feb 3 22:00:44.051: ISAKMP:(0:0:N/A:0): : success
>*Feb 3 22:00:44.051: ISAKMP:(0:0:N/A:0):found peer pre-shared key
>matching 220.225.82.250
>*Feb 3 22:00:44.051: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-07 ID
>*Feb 3 22:00:44.051: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-03 ID
>*Feb 3 22:00:44.051: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-02 ID
>*Feb 3 22:00:44.051: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_IPSEC,
>IKE_SA_REQ_MM
>*Feb 3 22:00:44.051: ISAKMP:(0:0:N/A:0):Old State = IKE_READY New
>State = IKE_I_MM1
>
>*Feb 3 22:00:44.051: ISAKMP:(0:0:N/A:0): beginning Main Mode exchange
>*Feb 3 22:00:44.051: ISAKMP:(0:0:N/A:0): sending packet to
>220.225.82.250 my_port 500 peer_port 500 (I) MM_NO_STATE
>*Feb 3 22:00:54.051: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STATE...
>*Feb 3 22:00:54.051: ISAKMP:(0:0:N/A:0):incrementing error counter on
>sa: retransmit phase 1
>*Feb 3 22:00:54.051: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STATE
>*Feb 3 22:00:54.051: ISAKMP:(0:0:N/A:0): sending packet to
>220.225.82.250 my_port 500 peer_port 500 (I) MM_NO_STATE
>*Feb 3 22:01:03.043: ISAKMP:(0:0:N/A:0):purging node 1798766697
>*Feb 3 22:01:03.043: ISAKMP:(0:0:N/A:0):purging node 756905305
>*Feb 3 22:01:04.051: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STATE...
>*Feb 3 22:01:04.051: ISAKMP:(0:0:N/A:0):incrementing error counter on
>sa: retransmit phase 1
>*Feb 3 22:01:04.051: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STATE
>*Feb 3 22:01:04.051: ISAKMP:(0:0:N/A:0): sending packet to
>220.225.82.250 my_port 500 peer_port 500 (I) MM_NO_STATE
>*Feb 3 22:01:13.043: ISAKMP:(0:0:N/A:0):purging SA., sa=44872764,
>delme=44872764
>*Feb 3 22:01:13.727: %SYS-2-CHUNKBADMAGIC: Bad magic number in chunk
>header, chunk 0 data 446BFA58 chunkmagic 400B97A8 chunk_freemagic
>43EDF9F4
>-Process= "IP Input", ipl= 4, pid= 74
>-Traceback= 0x40ABDEE8 0x400BC510 0x402FF6B4 0x40ED1738 0x40ED48EC
>0x40ED2F8C 0x40ED325C 0x40ED3318 0x40ED34BC
>*Feb 3 22:01:14.051: IPSEC(key_engine): request timer fired: count = 1,
> (identity) local= 64.191.227.249, remote= 220.225.82.250,
> local_proxy= 172.16.3.151/255.255.255.255/0/0 (type=1),
> remote_proxy= 192.168.100.0/255.255.255.0/0/0 (type=4)
>*Feb 3 22:01:14.051: IPSEC(sa_request): ,
> (key eng. msg.) OUTBOUND local= 64.191.227.249, remote= 220.225.82.250,
> local_proxy= 172.16.3.151/255.255.255.255/0/0 (type=1),
> remote_proxy= 192.168.100.0/255.255.255.0/0/0 (type=4),
> protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel),
> lifedur= 3600s and 4608000kb,
> spi= 0x385ACC06(945474566), conn_id= 0, keysize= 0, flags= 0x400B
>*Feb 3 22:01:14.051: ISAKMP: received ke message (1/1)
>*Feb 3 22:01:14.051: ISAKMP: set new node 0 to QM_IDLE
>*Feb 3 22:01:14.051: ISAKMP:(0:0:N/A:0):SA is still budding. Attached
>new ipsec request to it. (local 64.191.227.249, remote 220.225.82.250)
>*Feb 3 22:01:14.051: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STATE...
>*Feb 3 22:01:14.051: ISAKMP:(0:0:N/A:0):incrementing error counter on
>sa: retransmit phase 1
>*Feb 3 22:01:14.051: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STATE
>*Feb 3 22:01:14.051: ISAKMP:(0:0:N/A:0): sending packet to
>220.225.82.250 my_port 500 peer_port 500 (I) MM_NO_STATE
>*Feb 3 22:01:24.051: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STATE...
>*Feb 3 22:01:24.051: ISAKMP:(0:0:N/A:0):incrementing error counter on
>sa: retransmit phase 1
>*Feb 3 22:01:24.051: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STATE
>*Feb 3 22:01:24.051: ISAKMP:(0:0:N/A:0): sending packet to
>220.225.82.250 my_port 500 peer_port 500 (I) MM_NO_STATE
>*Feb 3 22:01:28.147: %SYS-2-CHUNKBADMAGIC: Bad magic number in chunk
>header, chunk 0 data 446BFA58 chunkmagic 400B97A8 chunk_freemagic
>43EDF2FC
>-Process= "IP Input", ipl= 4, pid= 74
>-Traceback= 0x40ABDEE8 0x400BC510 0x402FF6B4 0x40ED1738 0x40ED48EC
>0x40ED2F8C 0x40ED325C 0x40ED3318 0x40ED34BC
>-----
>
>
>I am using the method mentioned in the freebsd handbook. Please help
>me out by telling me what exactly is wrong.
>
>Thanks and Best Regards
>Subhro
>_______________________________________________
>freebsd-questions at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
>
More information about the freebsd-questions
mailing list