Jump to content

Cisco - Easy VPN Remote Client


Der letzte Beitrag zu diesem Thema ist mehr als 180 Tage alt. Bitte erstelle einen neuen Beitrag zu Deiner Anfrage!

Recommended Posts

Hallo.

 

Systeminformationen:

Ausland: Cisco DSL Router (4.3.2.1)

Gegenstelle: Cisco 2800er Router (1.2.3.4)

 

Ursache:

Wir haben in Dänemark einen Cisco Router der eine Internet Verbindung aufbaut und sich darüber dann eine Easy VPN Sitzung aufbaut.

Das hat bis vor 15 Stunden einwandfrei funktioniert. Nun kommt der Router nur noch bis zur Phase 2. Ich habe schon eine neue Gruppe hinterlegt, genau das selbe Problem.

 

Bei anderen Standorten funktioniert dies Einwandfrei mit dem selben "muster".

 

 

 

Vielen Dank.

 

Grüße

 

Rolf

Link to comment

Anbei ein paar debugs vom "Client":

Jul  5 16:29:03: EZVPN(phvpn): Current State: READY
Jul  5 16:29:03: EZVPN(phvpn): Event: CONN_DOWN
Jul  5 16:29:03: EZVPN(phvpn): New State: CONNECT_REQUIRED
Jul  5 16:29:03: EZVPN(phvpn): Current State: CONNECT_REQUIRED
Jul  5 16:29:03: EZVPN(phvpn): Event: CONNECT
Jul  5 16:29:03: EZVPN(phvpn): ezvpn_connect_request
Jul  5 16:29:03: ISAKMP: Looking for a matching key for 1.2.3.4 in defau
lt : success
Jul  5 16:29:03: EZVPN(phvpn): New State: READY
Jul  5 16:29:03: ISAKMP: received ke message (1/1)
Jul  5 16:29:03: ISAKMP (0:0): SA request profile is (NULL)
Jul  5 16:29:03: ISAKMP: Found a peer struct for 1.2.3.4, peer port 500
Jul  5 16:29:03: ISAKMP: Locking peer struct 0x8143A380, IKE refcount 1 for cryp
to_ikmp_config_initialize_sa
Jul  5 16:29:03: ISAKMP: local port 500, remote port 500
Jul  5 16:29:03: ISAKMP: Find a dup sa in the avl tree during calling isadb_inse
rt sa = 814A526C
Jul  5 16:29:03: ISAKMP (0:115): client mode configured.
Jul  5 16:29:03: ISAKMP (0:115): constructed NAT-T vendor-07 ID
Jul  5 16:29:03: ISAKMP (0:115): constructed NAT-T vendor-03 ID
Jul  5 16:29:03: ISAKMP (0:115): constructed NAT-T vendor-02 ID
Jul  5 16:29:04: ISKAMP: growing send buffer from 1024 to 3072
Jul  5 16:29:04: ISAKMP (0:115): SA is doing pre-shared key authentication plus
XAUTH using id type ID_KEY_ID
Jul  5 16:29:04: ISAKMP (0:115): ID payload
       next-payload : 13
       type         : 11
       group id     : PHVPNDEN
       protocol     : 17
       port         : 0
       length       : 16
Jul  5 16:29:04: ISAKMP (115): Total payload length: 16
Jul  5 16:29:04: ISAKMP (0:115): Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_AM
Jul  5 16:29:04: ISAKMP (0:115): Old State = IKE_READY  New State = IKE_I_AM1

Jul  5 16:29:04: ISAKMP (0:115): beginning Aggressive Mode exchange
Jul  5 16:29:04: ISAKMP (0:115): sending packet to 1.2.3.4 my_port 500 p
eer_port 500 (I) AG_INIT_EXCH
Jul  5 16:29:14: ISAKMP (0:115): retransmitting phase 1 AG_INIT_EXCH...
Jul  5 16:29:14: ISAKMP (0:115): incrementing error counter on sa, attempt 1 of
5: retransmit phase 1
Jul  5 16:29:14: ISAKMP (0:115): retransmitting phase 1 AG_INIT_EXCH
Jul  5 16:29:14: ISAKMP (0:115): sending packet to 1.2.3.4 my_port 500 p
eer_port 500 (I) AG_INIT_EXCH
Jul  5 16:29:24: ISAKMP (0:115): retransmitting phase 1 AG_INIT_EXCH...
Jul  5 16:29:24: ISAKMP (0:115): incrementing error counter on sa, attempt 2 of
5: retransmit phase 1
Jul  5 16:29:24: ISAKMP (0:115): retransmitting phase 1 AG_INIT_EXCH
Jul  5 16:29:24: ISAKMP (0:115): sending packet to 1.2.3.4 my_port 500 p
eer_port 500 (I) AG_INIT_EXCH
Jul  5 16:29:34: ISAKMP (0:115): retransmitting phase 1 AG_INIT_EXCH...
....
Jul  5 16:29:44: ISAKMP (0:115): retransmitting phase 1 AG_INIT_EXCH
Jul  5 16:29:44: ISAKMP (0:115): sending packet to 1.2.3.4 my_port 500 p
eer_port 500 (I) AG_INIT_EXCH
Jul  5 16:29:54: ISAKMP (0:115): retransmitting phase 1 AG_INIT_EXCH...
Jul  5 16:29:54: ISAKMP (0:115): incrementing error counter on sa, attempt 5 of
5: retransmit phase 1
Jul  5 16:29:54: ISAKMP (0:115): retransmitting phase 1 AG_INIT_EXCH
Jul  5 16:29:54: ISAKMP (0:115): sending packet to 1.2.3.4 my_port 500 p
eer_port 500 (I) AG_INIT_EXCH
Jul  5 16:30:03: ISAKMP (0:114): purging SA., sa=814DAC8C, delme=814DAC8C
Jul  5 16:30:04: ISAKMP (0:115): retransmitting phase 1 AG_INIT_EXCH...
Jul  5 16:30:04: ISAKMP (0:115): peer does not do paranoid keepalives.

Jul  5 16:30:04: ISAKMP (0:115): deleting SA reason "death by retransmission P1"
state (I) AG_INIT_EXCH (peer 1.2.3.4) input queue 0
Jul  5 16:30:04: ISAKMP (0:115): deleting SA reason "death by retransmission P1"
state (I) AG_INIT_EXCH (peer 1.2.3.4) input queue 0
Jul  5 16:30:04: ISAKMP: Unlocking IKE struct 0x8143A380 for isadb_mark_sa_delet
ed(), count 0

Link to comment
Der letzte Beitrag zu diesem Thema ist mehr als 180 Tage alt. Bitte erstelle einen neuen Beitrag zu Deiner Anfrage!

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...