Date: Fri, 10 Feb 2006 19:48:05 +1100 From: Michael Vince <mv@roq.com> To: Subhro <subhro.kar@gmail.com> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: VPN not working Message-ID: <43EC5345.7040404@roq.com> In-Reply-To: <b2807d040602031416k65b3d46dj2ed318013a4b18ce@mail.gmail.com> References: <b2807d040602031416k65b3d46dj2ed318013a4b18ce@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
You can try out this script if you like, it may or may not help. I created it so I could more easily remember all the VPN knobs that need to be touched when creating a VPN. http://www.roq.com/projects/vpnsetup/vpnsetup.pl Mike Subhro wrote: >Hello, > >I am trying to connect to my workplace which uses a Cisco IW600. I am >putting the connect log from the router below. > >------ >terminal monitor >IW600# >*Feb 3 22:00:44.051: IPSEC(sa_request): , > (key eng. msg.) OUTBOUND local= 64.191.227.249, remote= 220.225.82.250, > local_proxy= 172.16.3.151/255.255.255.255/0/0 (type=1), > remote_proxy= 192.168.100.0/255.255.255.0/0/0 (type=4), > protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), > lifedur= 3600s and 4608000kb, > spi= 0x5A88B8A1(1518909601), conn_id= 0, keysize= 0, flags= 0x400B >*Feb 3 22:00:44.051: ISAKMP: received ke message (1/1) >*Feb 3 22:00:44.051: ISAKMP:(0:0:N/A:0): SA request profile is (NULL) >*Feb 3 22:00:44.051: ISAKMP: Created a peer struct for >220.225.82.250, peer port 500 >*Feb 3 22:00:44.051: ISAKMP: New peer created peer = 0x447C2CF4 >peer_handle = 0x80000286 >*Feb 3 22:00:44.051: ISAKMP: Locking peer struct 0x447C2CF4, IKE >refcount 1 for isakmp_initiator >*Feb 3 22:00:44.051: ISAKMP:(0:0:N/A:0):Setting client config settings 448F7964 >*Feb 3 22:00:44.051: ISAKMP: local port 500, remote port 500 >*Feb 3 22:00:44.051: ISAKMP: set new node 0 to QM_IDLE >*Feb 3 22:00:44.051: ISAKMP: Find a dup sa in the avl tree during >calling isadb_insert sa = 447DC520 >*Feb 3 22:00:44.051: ISAKMP:(0:0:N/A:0):Can not start Aggressive >mode, trying Main mode. >*Feb 3 22:00:44.051: ISAKMP:(0:0:N/A:0):Looking for a matching key >for 220.225.82.250 in default >*Feb 3 22:00:44.051: ISAKMP:(0:0:N/A:0): : success >*Feb 3 22:00:44.051: ISAKMP:(0:0:N/A:0):found peer pre-shared key >matching 220.225.82.250 >*Feb 3 22:00:44.051: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-07 ID >*Feb 3 22:00:44.051: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-03 ID >*Feb 3 22:00:44.051: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-02 ID >*Feb 3 22:00:44.051: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_IPSEC, >IKE_SA_REQ_MM >*Feb 3 22:00:44.051: ISAKMP:(0:0:N/A:0):Old State = IKE_READY New >State = IKE_I_MM1 > >*Feb 3 22:00:44.051: ISAKMP:(0:0:N/A:0): beginning Main Mode exchange >*Feb 3 22:00:44.051: ISAKMP:(0:0:N/A:0): sending packet to >220.225.82.250 my_port 500 peer_port 500 (I) MM_NO_STATE >*Feb 3 22:00:54.051: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STATE... >*Feb 3 22:00:54.051: ISAKMP:(0:0:N/A:0):incrementing error counter on >sa: retransmit phase 1 >*Feb 3 22:00:54.051: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STATE >*Feb 3 22:00:54.051: ISAKMP:(0:0:N/A:0): sending packet to >220.225.82.250 my_port 500 peer_port 500 (I) MM_NO_STATE >*Feb 3 22:01:03.043: ISAKMP:(0:0:N/A:0):purging node 1798766697 >*Feb 3 22:01:03.043: ISAKMP:(0:0:N/A:0):purging node 756905305 >*Feb 3 22:01:04.051: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STATE... >*Feb 3 22:01:04.051: ISAKMP:(0:0:N/A:0):incrementing error counter on >sa: retransmit phase 1 >*Feb 3 22:01:04.051: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STATE >*Feb 3 22:01:04.051: ISAKMP:(0:0:N/A:0): sending packet to >220.225.82.250 my_port 500 peer_port 500 (I) MM_NO_STATE >*Feb 3 22:01:13.043: ISAKMP:(0:0:N/A:0):purging SA., sa=44872764, >delme=44872764 >*Feb 3 22:01:13.727: %SYS-2-CHUNKBADMAGIC: Bad magic number in chunk >header, chunk 0 data 446BFA58 chunkmagic 400B97A8 chunk_freemagic >43EDF9F4 >-Process= "IP Input", ipl= 4, pid= 74 >-Traceback= 0x40ABDEE8 0x400BC510 0x402FF6B4 0x40ED1738 0x40ED48EC >0x40ED2F8C 0x40ED325C 0x40ED3318 0x40ED34BC >*Feb 3 22:01:14.051: IPSEC(key_engine): request timer fired: count = 1, > (identity) local= 64.191.227.249, remote= 220.225.82.250, > local_proxy= 172.16.3.151/255.255.255.255/0/0 (type=1), > remote_proxy= 192.168.100.0/255.255.255.0/0/0 (type=4) >*Feb 3 22:01:14.051: IPSEC(sa_request): , > (key eng. msg.) OUTBOUND local= 64.191.227.249, remote= 220.225.82.250, > local_proxy= 172.16.3.151/255.255.255.255/0/0 (type=1), > remote_proxy= 192.168.100.0/255.255.255.0/0/0 (type=4), > protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), > lifedur= 3600s and 4608000kb, > spi= 0x385ACC06(945474566), conn_id= 0, keysize= 0, flags= 0x400B >*Feb 3 22:01:14.051: ISAKMP: received ke message (1/1) >*Feb 3 22:01:14.051: ISAKMP: set new node 0 to QM_IDLE >*Feb 3 22:01:14.051: ISAKMP:(0:0:N/A:0):SA is still budding. Attached >new ipsec request to it. (local 64.191.227.249, remote 220.225.82.250) >*Feb 3 22:01:14.051: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STATE... >*Feb 3 22:01:14.051: ISAKMP:(0:0:N/A:0):incrementing error counter on >sa: retransmit phase 1 >*Feb 3 22:01:14.051: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STATE >*Feb 3 22:01:14.051: ISAKMP:(0:0:N/A:0): sending packet to >220.225.82.250 my_port 500 peer_port 500 (I) MM_NO_STATE >*Feb 3 22:01:24.051: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STATE... >*Feb 3 22:01:24.051: ISAKMP:(0:0:N/A:0):incrementing error counter on >sa: retransmit phase 1 >*Feb 3 22:01:24.051: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STATE >*Feb 3 22:01:24.051: ISAKMP:(0:0:N/A:0): sending packet to >220.225.82.250 my_port 500 peer_port 500 (I) MM_NO_STATE >*Feb 3 22:01:28.147: %SYS-2-CHUNKBADMAGIC: Bad magic number in chunk >header, chunk 0 data 446BFA58 chunkmagic 400B97A8 chunk_freemagic >43EDF2FC >-Process= "IP Input", ipl= 4, pid= 74 >-Traceback= 0x40ABDEE8 0x400BC510 0x402FF6B4 0x40ED1738 0x40ED48EC >0x40ED2F8C 0x40ED325C 0x40ED3318 0x40ED34BC >----- > > >I am using the method mentioned in the freebsd handbook. Please help >me out by telling me what exactly is wrong. > >Thanks and Best Regards >Subhro >_______________________________________________ >freebsd-questions@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-questions >To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43EC5345.7040404>