From: claudio_at_profiletecnologia.com.br
Date: Tue Jan 14 2003 - 17:28:56 CET
Hi,
I´l try to setup a vpn with an freeswan peer and a cisco
router peer.
We use Freeswan + des patch, because cisco only accept
this.
We have some problem and these are freeswan and cisco
logs.
Please, any help is apreciate.
Regards,
Cláuudio.
Freeswan log
--------------------
Jan 13 15:09:11 iserver ipsec__plutorun: Starting Pluto
subsystem...
Jan 13 15:09:11 iserver Pluto[21036]: Starting Pluto
(FreeS/WAN Version 1.95)
Jan 13 15:09:11 iserver Pluto[21036]: added connection
description "ifsvpn"
Jan 13 15:09:11 iserver Pluto[21036]: listening for IKE
messages
Jan 13 15:09:11 iserver Pluto[21036]: adding interface
ipsec0/eth1 200.223.26.155
Jan 13 15:09:11 iserver Pluto[21036]: loading secrets from
"/etc/ipsec.secrets"
Jan 13 15:09:35 iserver Pluto[21036]: "ifsvpn" #1:
initiating Main Mode
Jan 13 15:09:37 iserver Pluto[21036]: "ifsvpn" #1:
ignoring Vendor ID payload
Jan 13 15:09:37 iserver Pluto[21036]: "ifsvpn" #1:
encrypted Informational Exchange message is invalid
because it is for incomplete ISAKMP SA
Jan 13 15:10:47 iserver Pluto[21036]: "ifsvpn" #1: max
number of retransmissions (2) reached STATE_MAIN_I3.
Possible authentication failure: no acceptable response
to our first encrypted message
Jan 13 15:10:47 iserver Pluto[21036]: "ifsvpn" #1:
starting keying attempt 2 of an unlimited number, but
releasing whack
Jan 13 15:10:47 iserver Pluto[21036]: "ifsvpn" #2:
initiating Main Mode to replace #1
Jan 13 15:10:48 iserver Pluto[21036]: "ifsvpn" #2:
ignoring Vendor ID payload
Jan 13 15:10:49 iserver Pluto[21036]: "ifsvpn" #2:
encrypted Informational Exchange message is invalid
because it is for incomplete ISAKMP SA
Cisco log
----------------
7w4d: ISAKMP (0:30): beginning Main Mode exchange
7w4d: ISAKMP (30): sending packet to 200.223.26.155 (I)
MM_NO_STATE
7w4d: ISAKMP (30): received packet from 200.223.26.155 (I)
MM_NO_STATE
7w4d: ISAKMP (0:30): processing SA payload. message ID = 0
7w4d: ISAKMP (0:30): Checking ISAKMP transform 1 against
priority 1 policy
7w4d: ISAKMP: encryption DES-CBC
7w4d: ISAKMP: hash SHA
7w4d: ISAKMP: default group 2
7w4d: ISAKMP: auth pre-share
7w4d: ISAKMP (0:30): atts are acceptable. Next payload is
0
7w4d: CryptoEngine0: generate alg parameter
7w4d: CRYPTO_ENGINE: Dh phase 1 status: 0
7w4d: CRYPTO_ENGINE: Dh phase 1 status: 0
7w4d: ISAKMP (0:30): SA is doing pre-shared key
authentication
7w4d: ISAKMP (30): SA is doing pre-shared key
authentication using id type
ID_IP
V4_ADDR
7w4d: ISAKMP (30): sending packet to 200.223.26.155 (I)
MM_SA_SETUP
7w4d: ISAKMP (30): received packet from 200.223.26.155 (I)
MM_SA_SETUP
7w4d: ISAKMP (0:30): processing KE payload. message ID = 0
7w4d: CryptoEngine0: generate alg parameter
7w4d: ISAKMP (0:30): processing NONCE payload. message ID
= 0
7w4d: CryptoEngine0: create ISAKMP SKEYID for conn id 30
7w4d: ISAKMP (0:30): SKEYID state generated
7w4d: ISAKMP (30): ID payload
next-payload : 8
type : 1
protocol : 17
port : 500
length : 8
7w4d: ISAKMP (30): Total payload length: 12
7w4d: CryptoEngine0: generate hmac context for conn id 30
7w4d: ISAKMP (30): sending packet to 200.223.26.155 (I)
MM_KEY_EXCH
7w4d: ISAKMP (30): received packet from 200.223.26.155 (I)
MM_KEY_EXCH
7w4d: ISAKMP (0:30): phase 1 packet is a duplicate of a
previous packet.
7w4d: ISAKMP (0:30): retransmitting due to retransmit
phase 1
7w4d: ISAKMP (0:30): time remaining never
7w4d: ISAKMP (0:30): current time 00:00:00
7w4d: ISAKMP (0:30): retransmitting phase 1...
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Wed Jan 15 2003 - 20:11:39 CET